SecureWorld News

NOVEMBER 22, 2024

The United States Department of Justice (DOJ) has unsealed charges against five individuals accused of orchestrating sophisticated phishing campaigns tied to the notorious Scattered Spider cybercrime group. As this case shows, phishing and hacking has become increasingly sophisticated and can result in enormous losses.

Phishing 108

Phishing Identity Theft Cryptocurrency Cybercrime 108

Krebs on Security

NOVEMBER 9, 2024

For example, in its most recent transparency report (PDF) Verizon said it received more than 127,000 law enforcement demands for customer data in the second half of 2023 — including more than 36,000 EDRs — and that the company provided records in response to approximately 90 percent of requests. dot-gov emails get hacked.

Hacking 280

Hacking Accountability Government Social Engineering 280

Security Affairs

APRIL 14, 2025

The operators of the Phishing-as-a-Service (PhaaS) platform Tycoon2FA have rolled out significant updates to enhance its evasion capabilities. Tycoon2FA, a phishing kit discovered in 2023 by cybersecurity firm Sekoia, was recently updated to improve its evasion capabilities. ” reported Trustwave.

Phishing 79

Phishing Hacking Cybersecurity Cybercrime 79

Security Affairs

MARCH 31, 2025

Morphing Meerkat phishing kits exploit DNS MX records to deliver spoofed login pages, targeting over 100 brands. Threat actors are exploiting DNS techniques to enhance phishing attacks, using MX records to dynamically serve spoofed login pages. “We discovered cyber campaigns that used the phishing kits as early as January 2020.

DNS 84

DNS Phishing Banking Passwords 84

Security Affairs

MARCH 7, 2024

The FBI Internet Crime Complaint Center (IC3) 2023 report states that reported cybercrime losses reached $12.5 billion in 2023. The 2023 Internet Crime Report published the FBI’s Internet Crime Complaint Center (IC3) reveals that reported cybercrime losses reached $12.5 billion in 2023.

Cybercrime 139

Cybercrime Internet Internet Scams 139

Krebs on Security

APRIL 4, 2024

The disclosure revealed a profitable network of phishing sites that behave and look like the real Privnote, except that any messages containing cryptocurrency addresses will be automatically altered to include a different payment address controlled by the scammers. A screenshot of the phishing domain privatemessage dot net.

Phishing 274

Phishing Cryptocurrency DDOS Internet 274

Krebs on Security

JUNE 15, 2024

A 22-year-old man from the United Kingdom arrested this week in Spain is allegedly the ringleader of Scattered Spider , a cybercrime group suspected of hacking into Twilio , LastPass , DoorDash , Mailchimp , and nearly 130 other organizations over the past two years. man arrested was a SIM-swapper who went by the alias “ Tyler.”

Hacking 335

Hacking Cybercrime Phishing Passwords 335

The Hacker News

JULY 26, 2024

A Spanish-speaking cybercrime group named GXC Team has been observed bundling phishing kits with malicious Android applications, taking malware-as-a-service (MaaS) offerings to the next level.

Cybercrime 123

Cybercrime Phishing Malware Cybersecurity 123

Security Affairs

APRIL 7, 2025

A 20-year-old man linked to the Scattered Spider cybercrime group has pleaded guilty to charges filed in Florida and California. “In the Florida case, Urban was accused of stealing at least $800,000 in cryptocurrency from five different victims between August 2022 and March 2023.” ” reported News4Jax.

Cybercrime 65

Cybercrime Identity Theft Social Engineering Hacking 65

The Last Watchdog

DECEMBER 12, 2023

A look back at the cybersecurity landscape in 2023 rings all-too familiar: cyber threats rapidly evolved and scaled up , just as they have, year-to-year, for the past 20 years. Eyal Benishti , CEO, IRONSCALES Benishti Generative AI (GenAI) reshaped cybersecurity in 2023. What should I be most concerned about – and focus on – in 2024?

Cybersecurity 258

Cybersecurity Social Engineering Cyber threats Software 258

Security Affairs

DECEMBER 1, 2024

From generating deepfakes to enhancing phishing campaigns, GAI is evolving into a tool for large-scale cyber offenses GAI has captured the attention of researchers and investors for its transformative potential across industries. The automation of malware development is another worrying trend, as it lowers the barrier to entry for cybercrime.

Artificial Intelligence 132

Artificial Intelligence Phishing Media Cyber threats 132

CyberSecurity Insiders

JANUARY 3, 2023

Technology’s rapid and relentless progress promises to continue apace in 2023, to everyone’s benefit – including cybercriminals’. Already some have used the OpenAI platform to have ChatGPT write phishing emails and insert malicious links. By Brad Liggett, Technical Director, Americas for Cybersixgill.

Technology 135

Technology Cybercrime Artificial Intelligence Government 135

SecureList

JUNE 26, 2023

In this report, we have analyzed the key threats to small and medium-sized companies in 2022 and 2023, and provided advice on how to stay safe. Malware attacks Between January 1 and May 18, 2023, 2,392 SMB employees encountered malware or unwanted software disguised as business applications, with 2,478 unique files distributed this way.

Cybercrime 122

Cybercrime Phishing Banking Malware 122

Krebs on Security

OCTOBER 31, 2023

The top-level domain for the United States — US — is home to thousands of newly-registered domains tied to a malicious link shortening service that facilitates malware and phishing scams, new research suggests. domains as among the most prevalent in phishing attacks over the past year. US phishing domains.

Phishing 327

Phishing Telecommunications Malware Scams 327

The Last Watchdog

MARCH 19, 2025

Attackers now have access to extensive identity data from multiple sourcesincluding data breaches, infostealer malware infections, phishing campaigns, and combolistsposing a challenge for organizations whose security measures have not yet adapted to address the full scope of interconnected identity exposures holistically.

Cyber Risk 113

Cyber Risk Risk Phishing Cybercrime 113

Bleeping Computer

JANUARY 1, 2024

In 2023, we saw numerous law enforcement operations targeting cybercrime operations, including cryptocurrency scams, phishing attacks, credential theft, malware development, and ransomware attacks. [.]

Cybercrime 92

Cybercrime Cryptocurrency Scams Phishing 92

Security Affairs

APRIL 13, 2025

They continue to monitor for potential data misuse and urge vigilance against fraud, phishing, and identity theft. In 2023, Loretto Hospital experienced another data security incident. On January 19, 2023, a former employee misappropriated security camera footage of a limited number of patients and posted it on Facebook.

Data breaches 126

Data breaches Unstructured Data Identity Theft Healthcare 126

Krebs on Security

JANUARY 30, 2024

stole at least $800,000 from at least five victims between August 2022 and March 2023. ” Group-IB dubbed the gang by a different name — 0ktapus — which was a nod to how the criminal group phished employees for credentials. A graphic depicting how 0ktapus leveraged one victim to attack another. According to an Aug.

Social Engineering 356

Social Engineering Mobile Passwords Cybercrime 356

SecureList

MAY 6, 2024

A significant share of scam, phishing and malware attacks is about money. Methodology In this report, we present an analysis of financial cyberthreats in 2023, focusing on banking Trojans and phishing pages that target online banking, shopping accounts, cryptocurrency wallets and other financial assets. million in 2022.

Phishing 133

Phishing Banking Mobile Scams 133

SecureList

MARCH 25, 2025

Note that for mobile banking malware, we retrospectively revised the 2023 numbers to provide more accurate statistics. We also changed the methodology for PC banking malware by removing obsolete families that no longer use Trojan banker functionality, hence the sharp drop in numbers against 2023. million in 2023.

Phishing 83

Phishing Banking Scams Mobile 83

Malwarebytes

JANUARY 15, 2025

Table of contents Overview Criminals impersonate Google Ads Lures hosted on Google Sites Phishing for Google account credentials Victimology Who is behind these campaigns? This earned Google a whopping $175 billion in search-based ad revenues in 2023. First sponsorized google answer for “Google ads” is a phishing attempt !

Advertising 134

Advertising Accountability Phishing Scams 134

SecureList

NOVEMBER 9, 2022

What cyberthreats for business will be the greatest in 2023? The ongoing geopolitical storm brings not only classical cyberthreats for business, but also unpredictable risks and ‘black swans’ The main problem for 2023 will be supply-chain stability and cybersecurity. Vladimir Dashchenko , Security Evangelist, Kaspersky.

Cybersecurity 144

Cybersecurity Cyber Insurance Cybercrime IoT 144

SecureList

NOVEMBER 28, 2022

Although the main types of threats (phishing, scams, malware, etc.) Below, we present a number of key ideas about what the consumer-oriented threat landscape will look like in 2023, and describe how users could be lured into cybertraps with fake content and third-party apps. 2023 promises a wealth of new releases.

Education 136

Education Phishing Scams Social Engineering 136

Security Affairs

NOVEMBER 11, 2023

The Royal Malaysian Police announced the seizure of the notorious BulletProftLink phishing-as-a-service (PhaaS) platform. The Royal Malaysian Police announced to have dismantled the notorious BulletProftLink phishing-as-a-service (PhaaS) platform. “I do not think this is all they earned.

Phishing 142

Phishing Cybercrime Advertising Hacking 142

SecureList

APRIL 5, 2023

They have become adept at using Telegram both for automating their activities and for providing various services — from selling phishing kits to helping with setting up custom phishing campaigns — to all willing to pay. ” Links to the channels are spread via YouTube, GitHub and phishing kits they make.

Phishing 144

Phishing Marketing Scams Accountability 144

Malwarebytes

FEBRUARY 6, 2024

The report reveals that, awash with money, the number of known Big Game attacks surged by 68% in 2023, thanks to Ransomware-as-a-Service groups like LockBit and ALPHV. And like broader, law-abiding “Business” at large, cybercrime has settled on a collection of tools that work.

Ransomware 131

Ransomware Cybercrime Malware Social Engineering 131

Thales Cloud Protection & Licensing

OCTOBER 2, 2023

Cybersecurity Awareness Month 2023 – What it is and why we should be aware madhav Tue, 10/03/2023 - 05:33 The inception of Cybersecurity Awareness Month in 2004 came at a critical juncture in our technological history. Familiarize yourself with common phishing hallmarks and promptly report any suspicious activity.

Cybersecurity 148

Cybersecurity Cyber threats Authentication Phishing 148

Security Affairs

NOVEMBER 25, 2024

Thai authorities arrested members of two Chinese cybercrime organizations, one of these groups carried out SMS blaster attacks. Most directors, primarily Chinese nationals, lacked immigration records in Thailand, with one leaving in August 2023 and not returning. One suspect from the scheme has been arrested.

Mobile 123

Mobile Scams Technology Telecommunications 123

Anton on Security

APRIL 20, 2023

The famous Mandiant 2023 M-Trends (NOT G-Trends, mind you…) report is out, and here are some of the things that I found to be surprising and NOT surprising :-) Mandiant M-Trends 2023 Detection by Source SURPRISING “Mandiant experts note a decrease in the percentage of global intrusions involving ransomware between 2021 and 2022.

Social Engineering 130

Social Engineering Ransomware Cybercrime Cyber Attacks 130

Security Affairs

APRIL 30, 2025

Since mid-2022, theyve deployed RomCom via spear-phishing for espionage, lateral movement, and data theft. “The Nebulous Mantis team, which changes the domains they use every month, obtains these spear-phishing and C2 servers from LuxHost and AEZA bulletproof hosting (BPH) services.”

Encryption 98

Encryption Ransomware Malware Phishing 98

CyberSecurity Insiders

JANUARY 25, 2023

By Immanuel Chavoya, Emerging Threat Expert, SonicWall 2022 saw a shifting cybersecurity landscape as rising geopolitical conflicts brought new tactics, targets, and goals for cybercrime. In 2023, we should expect continued change as emerging tech and geopolitical conflicts meet to create an even more complicated and risky threat landscape.

Cyber threats 127

Cyber threats Cybercrime Malware IoT 127

Security Affairs

MARCH 14, 2023

Microsoft warns of large-scale phishing attacks orchestrated with an open-source adversary-in-the-middle (AiTM) phishing kit available in the cybercrime ecosystem Adversary-in-the-middle (AiTM) phishing kits are becoming an essential technology in the cybercrime ecosystem that is used by multiple threat actors to launch phishing attacks.

Phishing 98

Phishing Cybercrime Authentication Advertising 98

Security Affairs

JANUARY 25, 2024

The 2023 RedSense report covers long-term observations we have made regarding intel trends and interconnectivity. These observations were made by analyzing numerous 2023 threat findings and discoveries, and include references to case studies that were reported on by RedSense throughout the year.

Ransomware 125

Ransomware Cybercrime Malware Data breaches 125

Security Affairs

AUGUST 23, 2024

ESET researchers detailed a phishing campaign against mobile users that uses Progressive Web Applications (PWAs). The technique was first disclosed in Poland in July 2023 and later observed in Czechia and other countries like Hungary and Georgia. SMS campaigns sent phishing links indiscriminately to Czech phone numbers.

Phishing 131

Phishing Mobile Banking Social Engineering 131

Tech Republic Security

JUNE 29, 2023

A new report from Kaspersky reveals the top cyber threats for SMBs in 2023. The post Kaspersky’s New Report Reveals the Top Cyber Threats for SMBs in 2023 appeared first on TechRepublic. Read more about it and how to protect organizations from it.

Cyber threats 167

Cyber threats Scams Phishing Cybercrime 167

Krebs on Security

AUGUST 29, 2023

government today announced a coordinated crackdown against QakBot , a complex malware family used by multiple cybercrime groups to lay the groundwork for ransomware infections. QakBot is most commonly delivered via email phishing lures disguised as something legitimate and time-sensitive, such as invoices or work orders.

Hacking 307

Hacking Malware Ransomware Government 307

Krebs on Security

MAY 7, 2025

The authorities called it “the biggest money laundering case in the history of Pakistan,” and named a number of businesses based in Texas that allegedly helped move the proceeds of cybercrime. Moiz told KrebsOnSecurity he stopped working for 360 Digital Marketing in the summer of 2023.

Scams 189

Scams Marketing Advertising Technology 189