Security Affairs

APRIL 4, 2022

Threat actors gained access to internal tools of the email marketing giant MailChimp to conduct phishing attacks against crypto customers. During the weekend, multiple owners of Trezor hardware cryptocurrency wallets reported having received fake data breach notifications from Trezor, BleepingComputer first reported.

Phishing 124

Phishing Data breaches Cryptocurrency Social Engineering 124

Krebs on Security

JANUARY 30, 2024

authorities arrested a 19-year-old Florida man charged with wire fraud, aggravated identity theft, and conspiring with others to use SIM-swapping to steal cryptocurrency. ” Group-IB dubbed the gang by a different name — 0ktapus — which was a nod to how the criminal group phished employees for credentials.

Social Engineering 322

Social Engineering Mobile Cybercrime Passwords 322

eSecurity Planet

SEPTEMBER 30, 2021

Underground services are cropping up that are designed to enable bad actors to intercept one-time passwords (OTPs), which are widely used in two-factor authentication programs whose purpose is to better protect customers’ online accounts. Phishing, Social Engineering are Still Problems. OTP Interception Services Emerge.

Authentication 113

Authentication Social Engineering Phishing Banking 113

SecureList

MAY 6, 2024

A significant share of scam, phishing and malware attacks is about money. Methodology In this report, we present an analysis of financial cyberthreats in 2023, focusing on banking Trojans and phishing pages that target online banking, shopping accounts, cryptocurrency wallets and other financial assets. million in 2022.

Phishing 109

Phishing Banking Mobile Scams 109

Krebs on Security

AUGUST 30, 2022

A recent spate of SMS phishing attacks from one cybercriminal group has spawned a flurry of breach disclosures from affected companies, which are all struggling to combat the same lingering security threat: The ability of scammers to interact directly with employees through their mobile devices.

Mobile 294

Mobile Phishing Authentication Accountability 294

Krebs on Security

MARCH 26, 2024

Several Apple customers recently reported being targeted in elaborate phishing attacks that involve what appears to be a bug in Apple’s password reset feature. Parth Patel is an entrepreneur who is trying to build a startup in the cryptocurrency space. They can also then remotely wipe all of the user’s Apple devices.

Passwords 343

Passwords Accountability Engineering Phishing 343

Identity IQ

JUNE 1, 2023

The Rise of AI Social Engineering Scams IdentityIQ In today’s digital age, social engineering scams have become an increasingly prevalent threat. Social engineering scams leverage psychological manipulation to deceive individuals and exploit the victims’ trust. Phishing attacks. Spear phishing attacks.

Social Engineering 52

Social Engineering Scams Engineering Identity Theft 52

SecureList

FEBRUARY 16, 2023

Short-lived phishing sites often offered to see the premieres before the eagerly awaited movie or television show was scheduled to hit the screen. These sites referenced public figures and humanitarian groups, offering to accept cash in cryptocurrency, something that should have raised a red flag in itself.

Phishing 102

Phishing Scams Accountability Energy and Utilities 102

Security Affairs

AUGUST 16, 2023

A phishing campaign employing QR codes targeted a leading energy company in the US, cybersecurity firm Cofense reported. “Beginning in May 2023, Cofense has observed a large phishing campaign utilizing QR codes targeting the Microsoft credentials of users from a wide array of industries.” com (Cloudflare’s Web3 services).

Phishing 88

Phishing Energy and Utilities Insurance Manufacturing 88

Krebs on Security

AUGUST 19, 2020

The COVID-19 epidemic has brought a wave of email phishing attacks that try to trick work-at-home employees into giving away credentials needed to remotely access their employers’ networks. The employee phishing page bofaticket[.]com. Image: urlscan.io.

Phishing 359

Phishing VPN Social Engineering Media 359

The Last Watchdog

APRIL 14, 2022

This type of targeted phishing or whaling (executive-level) attack tricks email recipients into believing someone they know and trust is asking them to carry out a specific financial task. Today’s BEC attempts aren’t the easy-to-spot, typo-laden phishing campaigns of the past. The short answer: Not always. Scenario 3.

Phishing 247

Phishing Accountability Scams Social Engineering 247

Malwarebytes

APRIL 19, 2022

A new advisory issued by the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the US Treasury Department (Treasury), highlights the cyberthreats associated with cryptocurrency thefts and tactics used by a North Korean state-sponsored advanced persistent threat (APT) group since at least 2020.

Social Engineering 121

Social Engineering Cryptocurrency Computers and Electronics Engineering 121

SecureWorld News

AUGUST 29, 2023

An advisory from the company states that a "highly sophisticated" SIM swapping attack targeted one of Kroll's employees, resulting in unauthorized access to personal information related to bankruptcy claimants associated with cryptocurrency firms FTX, BlockFi, and Genesis.

Cryptocurrency 81

Cryptocurrency Phishing Social Engineering Accountability 81

Security Affairs

OCTOBER 20, 2021

A Cookie Theft malware was employed in phishing attacks against YouTube creators, Google’s Threat Analysis Group (TAG) warns. Financially motivated threat actors are using Cookie Theft malware in phishing attacks against YouTube creators since late 2019.

Accountability 132

Accountability Malware Phishing Social Engineering 132

Security Affairs

MAY 18, 2022

Microsoft researchers warn of the rising threat of cryware targeting non-custodial cryptocurrency wallets, also known as hot wallets. Microsoft warns of the rise of cryware, malicious software used to steal info an dfunds from non-custodial cryptocurrency wallets, also known as hot wallets. Ransomware. Password and info stealers.

Cryptocurrency 96

Cryptocurrency Social Engineering Malware Cybercrime 96

Security Affairs

AUGUST 6, 2023

The APT group has been active since at least 2017, its campaigns involve persistent phishing and credential theft campaigns leading to intrusions and data theft. Recently, Recorded Future Insikt Group observed BlueCharlie building a new infrastructure to launch phishing campaigns and/or credential harvesting. com, storagecryptogate[.]com,

Phishing 80

Phishing Social Engineering Authentication Cryptocurrency 80

SecureWorld News

AUGUST 2, 2021

Robinhood is an increasingly popular trading app where you can buy and sell stocks, as well as cryptocurrency. Earlier this year, Robinhood sent out a message to its users, warning of some phishing emails claiming to be a "Security Alert" with links to fake Robinhood websites. How to spot phishing emails.

Phishing 85

Phishing Social Engineering Scams Identity Theft 85

Webroot

FEBRUARY 13, 2024

Rise in Cryptocurrency Payments : Fraudsters are increasingly asking for payments in cryptocurrency, exploiting its semi-anonymous nature. In 2021, losses to romance scams involving cryptocurrency were reported at $139 million ​​. Expect this to avenue of fraud to consistently escalate as crypto prices and adoption increase.

Scams 80

Scams Cryptocurrency Media Education 80

Security Affairs

JUNE 4, 2023

Xplain hack impacted the Swiss cantonal police and Fedpol Zyxel published guidance for protecting devices from ongoing attacks Kimsuky APT poses as journalists and broadcast writers in its attacks New Linux Ransomware BlackSuit is similar to Royal ransomware CISA adds Progress MOVEit Transfer zero-day to its Known Exploited Vulnerabilities catalog (..)

Spyware 88

Spyware Hacking Malware Social Engineering 88

eSecurity Planet

SEPTEMBER 14, 2022

As a matter of fact, the most-reported crime in the 2021 Internet Crime Report report was phishing , a social engineering scam wherein the victim receives a deceptive message from someone in an attempt to get the victim to reveal personal information or account credentials or to trick them into downloading malware.

Social Engineering 120

Social Engineering Energy and Utilities Phishing Scams 120

Security Affairs

AUGUST 6, 2023

Reptile Rootkit employed in attacks against Linux systems in South Korea New PaperCut flaw in print management software exposes servers to RCE attacks A cyberattack impacted operations of multiple hospitals in several US states Married couple pleaded guilty to laundering billions in cryptocurrency stolen from Bitfinex in 2016 Malicious packages in (..)

Malware 79

Malware Cybercrime Cryptocurrency Social Engineering 79

SecureList

JUNE 10, 2024

Introduction Two-factor authentication (2FA) is a security feature we have come to expect as standard by 2024. An OTP bot is a piece of software programmed to intercept OTPs with the help of social engineering. The bot accepts payments in cryptocurrency only. Phishing is typically how they get the most up-to-date credentials.

Phishing 119

Phishing Banking Social Engineering Accountability 119

CyberSecurity Insiders

APRIL 4, 2023

Chinese fraudsters primarily target the United States for two reasons: the large population makes phishing attacks more effective, and credit card limits in the country are higher compared to other nations. The latter method involves using the server and templates included in the phishing kit to impersonate various companies and brands.

Phishing 67

Phishing Social Engineering Authentication eCommerce 67

The Last Watchdog

SEPTEMBER 7, 2022

Likewise, lookalike and spoofed web domains and well-crafted phishing emails now easily trick employees into thinking they’re dealing with trustworthy sources. Ransomware usually starts with a phishing email. Bolster your monitoring and email authentication capabilities. A typical attack. Incident response.

Ransomware 124

Ransomware Education Financial Services Phishing 124

Security Affairs

DECEMBER 3, 2021

Threat actors stole $120 million in cryptocurrencies from multiple wallets connected to the decentralized finance platform BadgerDAO. As Badger engineers investigate this, all smart contracts have been paused to prevent further withdrawals. million in crypto funds, blockchain security firm PeckShield reported.

Hacking 103

Hacking Phishing Authentication Cryptocurrency 103

Appknox

JUNE 23, 2022

Thus, these Australian attacks significantly contribute to the rising trend in socially engineered attacks. Cryptocurrency and NFT attacks are rising as decentralized finance, and digital art assets become sophisticated socially engineered threats. How Can Social Engineering Affect the Current State of Security in Australia?

Social Engineering 92

Social Engineering Mobile Scams Engineering 92

SecureWorld News

AUGUST 2, 2022

The report explains in more detail: "Since the Twitter API provides direct access to a Twitter account, there must be some form of authentication involved. Along with OAuth, Twitter API also uses controls such as app-based authentication and user-based authentication. Hence, OAuth tokens are used by the Twitter API.

Mobile 80

Mobile Accountability Identity Theft Cryptocurrency 80

Security Boulevard

AUGUST 3, 2022

230 apps were leaking all four 0Auth authentication credentials and could be used to fully take over Twitter accounts to perform critical/sensitive actions. The Twitter API provides direct access to a Twitter account and OAuth tokens are used by the Twitter API for authentication. Twitter API. Related Posts.

Mobile 98

Mobile Authentication Accountability Identity Theft 98

Security Affairs

JANUARY 3, 2024

According to the Hunter Unit from Resecurity, previously, the “GXC Team” gained notoriety for creating a wide array of online fraud tools, ranging from compromised payment data checkers to sophisticated phishing and smishing kits. Utilizing AI-driven bots for advanced social engineering techniques.

Artificial Intelligence 125

Artificial Intelligence Banking Scams Cybercrime 125

Security Affairs

OCTOBER 31, 2022

In the early afternoon of Friday 12 May 2017, the media broke the news of a global computer security attack carried out through a malicious code capable of encrypting data residing in information systems and demanding a ransom in cryptocurrency to restore them, the Wannacry ransomware. About the author: Salvatore Lombardo.

Malware 102

Malware Computers and Electronics Encryption Ransomware 102

Security Affairs

SEPTEMBER 2, 2018

The Loki Bot attacks started in July and aimed at stealing passwords from browsers, messaging applications, mail and FTP clients, and cryptocurrency wallets. Loki Bot operators employ various social engineering technique to trick victims into opening weaponized attachments that would deploy the Loki Bot stealer.

Social Engineering 55

Social Engineering Cryptocurrency Advertising Malware 55

SecureList

SEPTEMBER 6, 2022

Additionally, we looked at the phishing activity around gaming, specifically that related to cybersports tournaments, bookmakers, gaming marketplaces, and gaming platforms, and found numerous examples of scams that target gamers and esports fans. Launching the malware resulted in decryption and activation of a Trojan-stealer dubbed Taurus.

Mobile 112

Mobile Passwords Software Accountability 112

Security Boulevard

APRIL 1, 2024

Tighten User Controls: Strengthen user authentication processes and access controls to mitigate the risk of malicious activities originating from compromised user devices. It typically operates as a trojan horse, infiltrating systems through deceptive means such as email phishing campaigns or malicious downloads.

Malware 64

Malware Cybersecurity Risk Education 64

SecureWorld News

JUNE 8, 2021

After all, the conventional wisdom is that ransomware gangs demand cryptocurrency so they can move the funds anonymously and with impunity. Department of Justice (DOJ) made a surprise announcement this week: it was able to recover more than $2 million worth of ransom money Colonial Pipeline paid to a cybercrime gang. A ransomware attack that.

Ransomware 111

Ransomware Passwords VPN Accountability 111

SecureList

AUGUST 23, 2021

In this report, we cover PC and mobile threats as well as various phishing schemes that capitalize on popular games. Additionally, we checked our database for gaming-related spam campaigns and phishing schemes that are used in the wild. However, there is another common threat: phishing. Methodology. Cyberthreats for PC gamers.

Adware 127

Adware Mobile Phishing Malware 127

Krebs on Security

APRIL 6, 2022

“They would just keep jamming a few individuals to get [remote] access, read some onboarding documents, enroll a new 2FA [two-factor authentication method] and exfiltrate code or secrets, like a smash-and-grab,” the CXO said. “Someone was trying to phish employee credentials, and they were good at it,” Wired reported.

Social Engineering 247

Social Engineering Phishing Engineering Accountability 247

Security Affairs

JANUARY 27, 2022

Other affected businesses include Chip, a UK-based savings app boasting 400,000 users; Hoolah, a shopping app with over 100,000 installs ; Mode, a cryptocurrency app with over 50,000 installs ; and Greenwheels, a car-sharing service with over 50,000 installs. Threat actors can abuse PII to conduct phishing and social engineering attacks.

Identity Theft 88

Identity Theft Accountability Data breaches Social Engineering 88