Krebs on Security

JANUARY 30, 2024

authorities arrested a 19-year-old Florida man charged with wire fraud, aggravated identity theft, and conspiring with others to use SIM-swapping to steal cryptocurrency. stole at least $800,000 from at least five victims between August 2022 and March 2023. 9, 2024, U.S. technology companies during the summer of 2022.

Social Engineering 358

Social Engineering Mobile Passwords Cybercrime 358

Digital Shadows

JANUARY 22, 2025

In this blog, well preview the reports highlights and give insights into social engineering campaigns leveraging impersonating domains and our predictions for the threats shaping 2025. Organizations should implement domain monitoring, enforce DMARC policies, and train employees to recognize social engineering methods.

Insurance 64

Insurance Phishing Social Engineering Engineering 64

SecureList

NOVEMBER 9, 2022

What cyberthreats for business will be the greatest in 2023? The ongoing geopolitical storm brings not only classical cyberthreats for business, but also unpredictable risks and ‘black swans’ The main problem for 2023 will be supply-chain stability and cybersecurity. Threat modeling approaches will be changed in 2023.

Cybersecurity 145

Cybersecurity Cyber Insurance Cybercrime IoT 145

Security Affairs

NOVEMBER 13, 2023

The APT group’s campaigns focus on cryptocurrency exchanges, venture capital firms, and banks. Microsoft researchers warn of a new social engineering campaign aimed at IT job seekers that relied on a new cluster of bogus skills assessment portals. ” warns Microsoft through a series of posts on X.

Social Engineering 142

Social Engineering Cryptocurrency Engineering Malware 142

SecureList

NOVEMBER 22, 2022

A look back on the year 2022 and what to expect in 2023. This report assesses how accurately we predicted the developments in the financial threats landscape in 2022 and ponder at what to expect in 2023. Cryptocurrency targeted attacks. Analysis of forecasts for 2022. Rise and consolidation of information stealers.

Cryptocurrency 107

Cryptocurrency Mobile Ransomware Banking 107

Security Affairs

NOVEMBER 6, 2018

Group-IB and Swiss insurance broker ASPIS that owns CryptoIns project, have developed the world’s first scoring model for assessing cryptocurrency exchanges. According to CryptoIns analysts, the crypto assets insurance market is expected to reach $7 billion by 2023. Why do crypto exchanges’ users need insurance?

Insurance 96

Insurance Cryptocurrency Cyber threats Marketing 96

Krebs on Security

DECEMBER 29, 2022

I will also continue to post on LinkedIn about new stories in 2023. You just knew 2022 was going to be The Year of Crypto Grift when two of the world’s most popular antivirus makers — Norton and Avira — kicked things off by installing cryptocurrency mining programs on customer computers.

Cryptocurrency 294

Cryptocurrency Cybercrime Computers and Electronics Scams 294

Krebs on Security

APRIL 20, 2023

In late March 2023, 3CX disclosed that its desktop applications for both Windows and macOS were compromised with malicious code that gave attackers the ability to download and run code on all machines where the app was installed. Microsoft Corp.

Malware 333

Malware Software Technology Accountability 333

Security Affairs

SEPTEMBER 17, 2023

The North Korea-linked APT group Lazarus has stolen more than $240 million worth of cryptocurrency since June 2023, researchers warn. The group is also suspected to have recently stolen $31 million from the professional global cryptocurrency exchange CoinEx. ” states Elliptic.

Cryptocurrency 141

Cryptocurrency Social Engineering Hacking Engineering 141

Malwarebytes

OCTOBER 27, 2023

Octo Tempest is believed to be a group of native English speaking cybercriminals that uses social engineering campaigns to compromise organizations all over the world. This can be done in a number of ways, but the most common ones involve social engineering attacks on the victim's carrier.

Social Engineering 114

Social Engineering Engineering Ransomware Backups 114

SecureList

JULY 5, 2023

The higher the global popularity of cryptocurrencies and the more new ways of storing them, the wider the arsenal of tools used by malicious actors who are after digital money. This story covers two fundamentally different methods of email attacks on the two most popular ways of storing cryptocurrency: hot and cold wallets.

Scams 132

Scams Phishing Cryptocurrency Social Engineering 132

Security Affairs

JUNE 11, 2023

Gox exchange and operating BTC-e Japanese Pharmaceutical giant Eisai hit by a ransomware attack Clop ransomware gang was testing MOVEit Transfer bug since 2021 Stealth Soldier backdoor used is targeted espionage attacks in Libya Researchers published PoC exploit code for actively exploited Windows elevation of privilege issue Experts detail a new Kimsuky (..)

Social Engineering 98

Social Engineering Data breaches Ransomware Cybercrime 98

SecureList

JUNE 7, 2023

Mobile statistics Targeted attacks BlueNoroff introduces new methods bypassing MotW At the close of 2022, we reported the recent activities of BlueNoroff , a financially motivated threat actor known for stealing cryptocurrency. The threat actor uses social engineering to infect a PoS terminal.

DNS 105

DNS Malware Cryptocurrency Retail 105

Krebs on Security

SEPTEMBER 13, 2024

A cyberattack that shut down two of the top casinos in Las Vegas last year quickly became one of the most riveting security stories of 2023: It was the first known case of native English-speaking hackers in the United States and Britain teaming up with ransomware gangs based in Russia. Image: Shutterstock.

Cybercrime 325

Cybercrime Accountability Mobile Hacking 325

Webroot

OCTOBER 31, 2024

The rise of AI-driven phishing and social engineering, increased targeting of critical infrastructure, and the emergence of more sophisticated fileless malware are all trends that have shaped the cybersecurity battlefield this year. Let’s take a look at what the payment numbers look like so far in 2024.

Malware 108

Malware Ransomware Passwords Healthcare 108

SecureWorld News

AUGUST 29, 2023

An advisory from the company states that a "highly sophisticated" SIM swapping attack targeted one of Kroll's employees, resulting in unauthorized access to personal information related to bankruptcy claimants associated with cryptocurrency firms FTX, BlockFi, and Genesis.

Cryptocurrency 103

Cryptocurrency Phishing Social Engineering Accountability 103

Malwarebytes

SEPTEMBER 11, 2023

A cybercriminal who goes by the handle RastaFarEye has been advertising DarkGate Loader on cybercrime forums since June 16, 2023. Once active, the malware can be used for several malicious activities like remote access, cryptocurrency mining, keylogging, clipboard stealing, and information stealing.

Malware 130

Malware Social Engineering Cryptocurrency Cybercrime 130

Malwarebytes

MARCH 5, 2024

As revealed in our 2024 ThreatDown State of Malware report, a full 11% of all detections recorded by Malwarebytes on Mac computers in 2023 were for different variants of malware—the catch-all term that cybersecurity researchers use to refer to ransomware, trojans, info stealers, worms, viruses, and more. There pretty much always has been.

Malware 141

Malware Adware Ransomware Social Engineering 141

SecureWorld News

JUNE 15, 2023

Verizon has released its 2023 Data Breach Investigations Report (DBIR), the 16th annual publication providing an analysis of real-world data breaches and security incidents. Seventy-four percent of breaches included the human element, which should be expected given the frequency of social engineering, stolen credentials, and privilege misuse.

Data breaches 98

Data breaches Social Engineering Engineering Cryptocurrency 98

Security Affairs

JUNE 17, 2024

He is accused of stealing at least $800,000 from five victims between August 2022 and March 2023. “One of the more popular SIM-swapping channels on Telegram maintains a frequently updated leaderboard of the most accomplished SIM-swappers, indexed by their supposed conquests in stealing cryptocurrency. In January 2024, U.S.

Cybercrime 130

Cybercrime Hacking Social Engineering Cryptocurrency 130

Security Affairs

AUGUST 6, 2023

Reptile Rootkit employed in attacks against Linux systems in South Korea New PaperCut flaw in print management software exposes servers to RCE attacks A cyberattack impacted operations of multiple hospitals in several US states Married couple pleaded guilty to laundering billions in cryptocurrency stolen from Bitfinex in 2016 Malicious packages in (..)

Malware 98

Malware Cybercrime Cryptocurrency Social Engineering 98

Digital Shadows

JANUARY 27, 2025

Our research reveals 2024 saw a 22% increase in attack speed compared to 2023, with the fastest incident achieving lateral movement in just 27 minutes. We found that the average breakout time was 48 minutes22% faster than in 2023, based on comparisons with external industry reporting.

Scams 75

Scams Ransomware Accountability Social Engineering 75

CyberSecurity Insiders

AUGUST 24, 2022

And security researchers from ESET have discovered that the malware was uploaded to the VirusTotal operated system in Brazil and was targeted by a social engineering attack. North Korea’s Lazarus Group has reportedly designed new ransomware that is being targeted at M1 processors popularly running on Macs and Intel systems.

Ransomware 107

Ransomware Digital transformation Encryption Social Engineering 107

CyberSecurity Insiders

JANUARY 19, 2023

MailChimp, the automation based marketing company, is the third to hit the news headlines on Google as its servers have become a victim of a social engineering attack that led to a data leak.

Cyber Attacks 106

Cyber Attacks Social Engineering Financial Services Encryption 106

Security Affairs

AUGUST 6, 2023

The new attack infrastructure was created starting from March 2023 and consists of 94 new domains. ” Since at least December 17, 2022, the group has used a new naming pattern for its domains containing keywords related to information technology and cryptocurrency. Some examples are cloudrootstorage[.]com, com, storagecryptogate[.]com,

Phishing 98

Phishing Social Engineering Authentication Cryptocurrency 98

SecureWorld News

MAY 11, 2023

[RELATED: Famous Twitter Accounts Hacked: Insider Threat or Social Engineering Attack? ] O'Connor, also known as "PlugwalkJoe," was extradited from Spain on April 26, 2023, after his arrest in August 2022. Now, the U.S. Department of Justice has announced that Joseph James O'Connor, a 23-year-old U.K.

Accountability 98

Accountability Social Engineering Media Hacking 98

Security Affairs

AUGUST 16, 2023

Starting from May 2023, researchers from Cofense discovered a large-scale phishing campaign using QR codes in attacks aimed at stealing the Microsoft credentials of users from multiple industries One of the organizations targeted by hackers is a notable energy company in the US. ” reads Cofense’s report.

Phishing 98

Phishing Energy and Utilities Insurance Manufacturing 98

Security Affairs

SEPTEMBER 29, 2024

CISA adds new Ivanti Cloud Services Appliance Vulnerability to its Known Exploited Vulnerabilities catalog Ivanti warns of a new actively exploited Cloud Services Appliance (CSA) flaw International law enforcement operation dismantled criminal communication platform Ghost U.S.

Hacking 117

Hacking Ransomware Antivirus Cybercrime 117

CyberSecurity Insiders

MAY 3, 2023

By: Daron Hartvigsen , Managing Director, StoneTurn and Luke Tenery , Partner, StoneTurn When insider threat or insider risk is discussed in a corporate context, often the relevant topics include misconduct , fraud, misuse, or even the idea that insiders can be unwitting accomplices to social engineering exploitation.

Risk 120

Risk Cyber threats Marketing Engineering 120

Security Affairs

JANUARY 3, 2024

Around November 11th, 2023, the group’s leader, operating under the alias “ googleXcoder “, made multiple announcements on the Dark Web. Utilizing AI-driven bots for advanced social engineering techniques. Recognition of specific objects and targets through text processing and document analysis.

Artificial Intelligence 136

Artificial Intelligence Banking Scams Cybercrime 136

Security Affairs

MARCH 27, 2023

Introduction During March 2023, we obtained information and data regarding an ongoing malware operation hitting more than 8.000 targets within a few weeks, with a particular emphasis on North American, Italian, and French targets. After this, it downloads the payload and executes it through the “Process.Start”.NET

Malware 98

Malware Social Engineering Encryption Marketing 98

SecureList

APRIL 10, 2023

The offers presented in this report were published between 2019 and 2023 and were collected from the nine most popular forums for the purchase and sale of goods and services related to malware and unwanted software. Cybercriminals accept three main kinds of payment: a percentage of the final profit, subscription or rent, and one-time payment.

Malware 136

Malware Encryption Mobile Accountability 136

Digital Shadows

NOVEMBER 26, 2024

This underscores the importance of having additional compensating controls and educating employees on the risks associated with phishing and other social engineering attacks. ” APLHV disbanded in late December 2023 after conducting an exit scam against its affiliates.

Cyber Attacks 59

Cyber Attacks Phishing Ransomware Cyber Insurance 59

SecureList

SEPTEMBER 3, 2024

The attackers used social engineering to gain long-term access to the development environment and extended it with fake human interactions in plain sight. The exploitation process described in this document was identical to that used in the previously mentioned zero-day exploit for CVE-2023-36033 – but the vulnerability was different.

Malware 107

Malware Passwords Ransomware Encryption 107

Digital Shadows

FEBRUARY 2, 2023

Whether you’re a crypto-skeptic or a crypto-maximalist, it cannot be denied that the mostly unregulated cryptocurrency ecosystem is no stranger to fraud. To conduct attacks specifically linked to cryptocurrency, threat actors must usually cooperate within a web of associates—just like any other area of cyber crime.

Scams 40

Scams Cryptocurrency Marketing Advertising 40

SecureList

FEBRUARY 16, 2023

These sites referenced public figures and humanitarian groups, offering to accept cash in cryptocurrency, something that should have raised a red flag in itself. By getting the user’s secret phrase, cybercriminals could get access to their cryptocurrency balance. Now, attackers have started collecting Bitcoin for charity.

Phishing 118

Phishing Scams Accountability Energy and Utilities 118

eSecurity Planet

SEPTEMBER 2, 2024

The problem: CVE-2023-22527 , a severe RCE vulnerability in Atlassian Confluence Data Center and Server, enables unauthenticated remote code execution. The fix: To fix CVE-2023-22527, immediately update the Atlassian Confluence Data Center and Server to the newest versions. This resulted in the deployment of the FudModule rootkit.

Risk 58

Risk Firewall Firmware Engineering 58