Security Affairs

JUNE 9, 2024

New York Times source code compromised via exposed GitHub token SolarWinds fixed multiple flaws in Serv-U and SolarWinds Platform Pandabuy was extorted twice by the same threat actor UAC-0020 threat actor used the SPECTR Malware to target Ukraine’s defense forces Chinese threat actor exploits old ThinkPHP flaws since October 2023 A new Linux (..)

Data breaches 127

Data breaches Banking Hacking Malware 127

Security Affairs

MAY 2, 2021

The Threat Report Portugal: Q1 2021 compiles data collected on the malicious campaigns that occurred from January to March, Q1, of 2021. Threat Report Portugal Q1 2021: Phishing and malware by numbers. The submissions were classified as either phishing or malware. Phishing and Malware Q1 2021. Threats by Sector.

Threat Reports 108

Threat Reports Phishing Malware Data collection 108

CyberSecurity Insiders

APRIL 12, 2021

billion in losses, according to data collected by the FBI’s The Internet Complaint Center (IC3). Cybercriminals employed all manner of schemes to target businesses and individuals, including phishing, spoofing and tech support fraud, the FBI reported. The FBI and local agencies put a lot of effort into combatting cybercrime.

Cybercrime 52

Cybercrime Internet Internet Small Business 52

Security Affairs

OCTOBER 15, 2018

Group-IB: The online market for counterfeit goods in Russia has reached $1,5 billion, while the number of phishing attacks has surpassed 1,200 daily. Fraudsters use various ways to deceive users: phishing websites, fake mobile apps, accounts and groups on social media. Phishing remains one of the most common online fraud.

Marketing 104

Marketing Media Phishing Engineering 104

Security Affairs

NOVEMBER 15, 2018

Of course, the CBR does not have anything to do with the phishing campaign – the hackers faked the sender’s address. A spear-phishing campaign set up to look like it was carried out by the Central Bank is a relatively widespread vector of attack among cyber criminals; it has been used by groups such as Buhtrap, Anunak , Cobalt , and Lurk.

Banking 111

Banking Computers and Electronics Phishing Cybercrime 111

Security Affairs

FEBRUARY 20, 2022

The Threat Report Portugal: Q4 2021 compiles data collected on the malicious campaigns that occurred from July to September, Q4, of 2021. The Portuguese Abuse Open Feed 0xSI_f33d is an open sharing database with the ability to collect indicators from multiple sources, developed and maintained by Segurança-Informática.

Threat Reports 98

Threat Reports Phishing Malware Banking 98

Security Affairs

JULY 4, 2022

The Threat Report Portugal: Q2 2022 compiles data collected on the malicious campaigns that occurred from March to June, Q2, 2022. The Portuguese Abuse Open Feed 0xSI_f33d is an open sharing database with the ability to collect indicators from multiple sources, developed and maintained by Segurança-Informática. in Q1 2022.

Threat Reports 98

Threat Reports Phishing Malware Banking 98

Security Affairs

APRIL 6, 2023

The experts pointed out that crooks engaged in phishing activities have started to rely on the popular instant messaging platform more in recent months. On Telegram is possible to find channels that offer: Free phishing kits that can be used to target users of a large number of global and local brands. User personal data for sale.

Phishing 98

Phishing Scams Social Engineering Accountability 98

Security Affairs

APRIL 6, 2023

The Threat Report Portugal: H2 2022 compiles data collected on the malicious campaigns that occurred from July to December, H2, 2022. The Portuguese Abuse Open Feed 0xSI_f33d is an open-sharing database with the ability to collect indicators from multiple sources, developed and maintained by Segurança-Informática. in Q2 2022.

Threat Reports 98

Threat Reports Phishing Malware Banking 98

Security Affairs

OCTOBER 10, 2018

Attacks on bank customers: The decline of Android Trojans and the triumph of phishing. There has been a significant rise in the number of crimes committed using web phishing and fake websites of banks, payment systems, telecoms operators, online stores and famous brands. Using web phishing, criminals have managed to steal $3.7

Cyber Attacks 108

Cyber Attacks Banking Cyber threats Phishing 108

Security Affairs

OCTOBER 27, 2022

Data collected by Microsoft Defender for Endpoint shows that nearly 3,000 devices in almost 1,000 organizations have seen at least one RaspberryRobin payload-related alert in the last 30 days. DEV-0950 group used Clop ransomware to encrypt the network of organizations previously infected with the Raspberry Robin worm.

Ransomware 109

Ransomware Malware Encryption Data collection 109

Security Affairs

NOVEMBER 17, 2018

link ) was posted on Pastebin , the hacker claims to have compromised user’s email and also accused ProtonMail of sending user’s decrypted data to American servers. AmFearLiathMor also wrote that ProtonMail hasn’t configured the mandatory Subresource Integrity ( SRI ) allowing tampering and data collection.

Scams 111

Scams Hacking Data collection Advertising 111

The Last Watchdog

JULY 30, 2018

And the cost of damage directly related to cybercrime is adding up, expected to reach $6 trillion by 2021. The painful impact of cyber attacks on businesses is worsening despite advances in technology aimed at protecting enterprises from malicious network traffic, insider threats, malware, denial of service attacks and phishing campaigns.

CISO 140

CISO Cyber Attacks Data collection Cybersecurity 140

SecureList

SEPTEMBER 6, 2022

Additionally, we looked at the phishing activity around gaming, specifically that related to cybersports tournaments, bookmakers, gaming marketplaces, and gaming platforms, and found numerous examples of scams that target gamers and esports fans. Beware of phishing campaigns and unfamiliar gamers. Do not open files from strangers.

Mobile 133

Mobile Passwords Software Accountability 133

Malwarebytes

APRIL 10, 2024

As we know, a lot of this data is valuable to advertisers—this is what pundits focus on when they invoke the value of “oil” in discussing modern data collection—but this data is also valuable to an entirely separate group that has learned to abuse private information in novel and frightening ways: Cybercriminals.

Data breaches 91

Data breaches Passwords Banking Malware 91

eSecurity Planet

SEPTEMBER 21, 2024

The act also covers various forms of cybercrime, including malware distribution and data theft. Recent amendments to the CFAA may include updates to address new cybercrime techniques and technological advancements. The act aims to balance privacy rights with the needs of law enforcement in investigating cybercrimes.

Cybersecurity 120

Cybersecurity Computers and Electronics Cyber threats Healthcare 120

Security Affairs

OCTOBER 9, 2024

Bots can collect valuable data from user interactions, which can be analyzed to gain insights into customer preferences and behaviors. At the same time, it creates a major risk in terms of data protection, as the data collected from users may reveal sensitive information due to personalized interactions.

Social Engineering 123

Social Engineering Risk Identity Theft Technology 123

Security Affairs

OCTOBER 27, 2022

Either way, even if all of the data was essential, that doesn’t make it less sensitive if leaked. Cases like these raise questions about corporate data collection practices. The ramifications of a data leak of such scale are worrying to say the least,” Sasnauskas explained.

IoT 128

IoT Engineering Passwords Media 128

IT Security Guru

JULY 28, 2023

On the other hand, small-sized companies are also vulnerable to increasing cybercrime and the rapidly evolving threat landscape since they need more resources to hire security professionals and need more expertise. Employee Education and Awareness : Human error remains a leading cause of data breaches.

Data breaches 95

Data breaches Risk Education Telecommunications 95

SecureList

NOVEMBER 14, 2023

Solutions like XDR, SIEM, and MDM platforms, apart from traditional anti-virus products, enable centralized data collection, accelerate analysis, and correlate security events from various sources, facilitating swift response to complex incidents.

Hacking 141

Hacking Energy and Utilities Media Malware 141

SC Magazine

MARCH 10, 2021

Viewing these videos, adversaries can begin to compile metadata about an individual’s behaviors preferences – intel that could be applied toward targeting phishing campaigns, according to Setu Kulkarni, vice president of Strategy at WhiteHat Security. “It is deeply invasive for anyone who’s captured on film.”.

Surveillance 129

Surveillance IoT Accountability Passwords 129

SecureList

JULY 27, 2023

We now have better visibility into the group’s tactics, particularly in the areas of lateral movement, data collection and exfiltration. Our analysis delved into BlindEagle’s most recent espionage campaign, covering the entire infection flow from the initial spear-phishing emails to the deployment of the njRAT implant.

Malware 98

Malware Government Phishing Social Engineering 98

BH Consulting

AUGUST 31, 2023

Those risks include: Fraud, spam or virus attacks Falling prey to online scams, resulting in data or identity theft Potential for negative comments from employees about the organisation Legal consequences if employees use these sites to view or distribute objectionable, illicit or offensive material. billion dollars in annual global revenue.

Media 52

Media Accountability Passwords Authentication 52

Krebs on Security

JANUARY 11, 2022

This post examines some of the clues left behind by “ Wazawaka ,” the hacker handle chosen by a major access broker in the Russian-speaking cybercrime scene. Wazawaka has been a highly active member of multiple cybercrime forums over the past decade, but his favorite is the Russian-language community Exploit.

DDOS 324

DDOS Accountability Cybercrime Ransomware 324

SecureList

MARCH 29, 2023

However, traditional financial threats – such as banking malware and financial phishing, continue to take up a significant share of such financially-motivated cyberattacks. BlueNoroff developed an elaborate phishing campaign that targeted startups and distributed malware for stealing all crypto in the account tied to the device.

Banking 114

Banking Phishing Cryptocurrency Mobile 114

SecureWorld News

AUGUST 16, 2022

Seaborgium's campaigns typically involve phishing and credential theft, which lead to intrusions and data breaches. Once successful, it slowly infiltrates targeted organizations' social networks through constant impersonation, rapport building, and phishing to deepen their intrusion.

Phishing 97

Phishing Data collection Accountability Data breaches 97

ForAllSecure

OCTOBER 25, 2022

It’s pretty devastating in that it arrives through phishing or some other common attack vector, sits on your network for a period of time, and then encrypts your data such that the system is inoperable until you pay a ransom for the decryption key. Vamosi: Ransomware is the latest trend in malware. It's from a technical level.

Ransomware 40

Ransomware Encryption Cybercrime Government 40

Thales Cloud Protection & Licensing

JANUARY 4, 2023

Data sovereignty hits the road. The concept of "data sovereignty" refers to both the legality of data collection and storage in accordance with local laws. Data is always in motion due to the global nature of most businesses, whose customers and partners may be situated anywhere in the world.

Cybersecurity 87

Cybersecurity Risk Ransomware Marketing 87

Malwarebytes

JUNE 30, 2022

Once data is located on the target system, it is eventually placed into a.zip file and sent to the malware Command and Control (C&C) server. The stealer sends data every single time it adds to its exfiltrated data collection. Here, Racoon Stealer seems to be throwing a little caution to the wind.

Cryptocurrency 100

Cryptocurrency Malware Data collection Passwords 100

SecureList

AUGUST 13, 2024

The CloudSorcerer malware is a sophisticated cyber-espionage tool used for stealth monitoring, data collection and exfiltration via Microsoft, Yandex and Dropbox cloud infrastructures. In May 2024, we discovered a new APT targeting Russian government entities.

Social Engineering 141

Social Engineering Malware Government Engineering 141

Security Affairs

MARCH 2, 2025

from Bybit, it is the largest cryptocurrency heist ever International Press Newsletter Cybercrime Mining Company NioCorp Loses $500,000 in BEC Hack Inside Black Bastas Exposed Internal Chat Logs: A Firsthand Look The Bleeding Edge of Phishing: darcula-suite 3.0

Cybercrime 61

Cybercrime Hacking Ransomware Cryptocurrency 61

Security Affairs

JANUARY 4, 2023

The vulnerability was exploited by multiple threat actors to scrape Twitter user profiles containing both private (phone numbers and email addresses) and public data. Then the scraped data were offered on various online cybercrime marketplaces. The database is a cleaned version of the one published in December.

Data breaches 98

Data breaches Accountability Hacking Data collection 98

Krebs on Security

JANUARY 30, 2025

In October 2024, the security firm Silent Push published a lengthy analysis of how Amazon AWS and Microsoft Azure were providing services to Funnull, a two-year-old Chinese content delivery network that hosts a wide variety of fake trading apps, pig butchering scams , gambling websites, and retail phishing pages. cloud providers.

Accountability 238

Accountability Scams Passwords Retail 238