Cybercrime, Data collection and Social Engineering

Confessions of an ID Theft Kingpin, Part I

Krebs on Security

AUGUST 26, 2020

For several years beginning around 2010, a lone teenager in Vietnam named Hieu Minh Ngo ran one of the Internet’s most profitable and popular services for selling “ fullz ,” stolen identity records that included a consumer’s name, date of birth, Social Security number and email and physical address.

Identity Theft

Identity Theft Computers and Electronics Hacking Accountability

Happy 13th Birthday, KrebsOnSecurity!

Krebs on Security

DECEMBER 29, 2022

Here’s a look at some of the more notable cybercrime stories from the past year, as covered by KrebsOnSecurity and elsewhere. Internal Revenue Service website for months: Anyone seeking to create an account to view their tax records online would soon be required to provide biometric data to a private company in Virginia — ID.me.

Cryptocurrency

Cryptocurrency Cybercrime Computers and Electronics Scams

Cybercriminals Are Targeting AI Conversational Platforms

Security Affairs

OCTOBER 9, 2024

Bots can collect valuable data from user interactions, which can be analyzed to gain insights into customer preferences and behaviors. At the same time, it creates a major risk in terms of data protection, as the data collected from users may reveal sensitive information due to personalized interactions.

Social Engineering

Social Engineering Risk Identity Theft Technology

Threat Report Portugal: Q4 2021

Security Affairs

FEBRUARY 20, 2022

The Threat Report Portugal: Q4 2021 compiles data collected on the malicious campaigns that occurred from July to September, Q4, of 2021. The Portuguese Abuse Open Feed 0xSI_f33d is an open sharing database with the ability to collect indicators from multiple sources, developed and maintained by Segurança-Informática.

Threat Reports

Threat Reports Phishing Malware Banking

Threat Report Portugal: Q2 2022

Security Affairs

JULY 4, 2022

The Threat Report Portugal: Q2 2022 compiles data collected on the malicious campaigns that occurred from March to June, Q2, 2022. The Portuguese Abuse Open Feed 0xSI_f33d is an open sharing database with the ability to collect indicators from multiple sources, developed and maintained by Segurança-Informática.

Threat Reports

Threat Reports Phishing Malware Banking

Threat Report Portugal: Q3 & Q4 2022

Security Affairs

APRIL 6, 2023

The Threat Report Portugal: H2 2022 compiles data collected on the malicious campaigns that occurred from July to December, H2, 2022. The Portuguese Abuse Open Feed 0xSI_f33d is an open-sharing database with the ability to collect indicators from multiple sources, developed and maintained by Segurança-Informática.

Threat Reports

Threat Reports Phishing Malware Banking

Phishers migrate to Telegram

Security Affairs

APRIL 6, 2023

“For instance, a “premium” page may include elements of social engineering, such as an appealing design, promises of large earnings, an anti-detection system and so on.” User personal data for sale. Crooks offers data collected through phishing campaign to the subscribers. ” continues the report.

Phishing

Phishing Scams Social Engineering Accountability

Group-IB: $49.4 million of damage caused to Russia’s financial sector from cyber attacks

Security Affairs

OCTOBER 10, 2018

GIB Threat Intelligence cyber threats data collection system has been named one of the best in class by Gartner, Forrester, and IDC. Security Affairs – financial sector, cybercrime ). Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini. The post Group-IB: $49.4

Cyber Attacks

Cyber Attacks Banking Cyber threats Phishing

Thomson Reuters collected and leaked at least 3TB of sensitive data

Security Affairs

OCTOBER 27, 2022

The naming of ElasticSearch indices inside the Thomson Reuters server suggests that the open instance was used as a logging server to collect vast amounts of data gathered through user-client interaction. Either way, even if all of the data was essential, that doesn’t make it less sensitive if leaked. Media giant with $6.35

IoT

IoT Engineering Passwords Media

Ransomware Revival: Troldesh becomes a leader by the number of attacks

Security Affairs

NOVEMBER 19, 2019

CERT-GIB’s report is based on data collected and analyzed by the Threat Detection System (TDS) Polygon as part of operations to prevent and detect threats distributed online in H1 2019 in more than 60 countries. Cybercriminals use social engineering techniques to convince users to click on malicious links or extract archives.

Ransomware

Ransomware Antivirus Malware Banking

Camera tricks: Privacy concerns raised after massive surveillance cam breach

SC Magazine

MARCH 10, 2021

Making matters worse, the cameras employ facial recognition technology, which leads to questions as to whether an attacker could actually identify individuals caught on camera and then pursue them as targets for social engineering schemes or something even more nefarious. When surveillance leads to spying.

Surveillance

Surveillance IoT Accountability Passwords

Prilex: the pricey prickle credit card complex

SecureList

SEPTEMBER 28, 2022

It is highly targeted and is usually delivered through social engineering, e.g., a target business may receive a call from a “technician” who insists that the company needs to update its PoS software. Warning from a PoS vendor about Prilex social engineering attacks. Initial infection vector. START GHOST] _.

Malware

Malware Banking Software Encryption

The Telegram phishing market

SecureList

APRIL 5, 2023

As mentioned above, the creators of phishing bots and kits can get access to data collected with tools they made. For instance, a “premium” page may include elements of social engineering, such as an appealing design, promises of large earnings, an anti-detection system and so on.

Phishing

Phishing Marketing Scams Accountability

Holiday Shopping Readiness: How is Retail Data Security Holding Up?

Thales Cloud Protection & Licensing

NOVEMBER 5, 2024

Vendors’ attention is increasingly fragmented across various data-collecting and transactional platforms. As if things were not difficult enough, data collection in more states and countries is becoming stricter, with increased consumer protection laws leaving retailers applying tighter data privacy to their digital platforms.

Retail

Retail Data breaches Digital transformation Risk

Holiday Shopping Readiness: How is Retail Data Security Holding Up?

Security Boulevard

NOVEMBER 5, 2024

Vendors’ attention is increasingly fragmented across various data-collecting and transactional platforms. As if things were not difficult enough, data collection in more states and countries is becoming stricter, with increased consumer protection laws leaving retailers applying tighter data privacy to their digital platforms.

Retail

Retail Data breaches Digital transformation Risk

Good game, well played: an overview of gaming-related cyberthreats in 2022

SecureList

SEPTEMBER 6, 2022

The latter had a wide range of functions: it could steal cookies, saved passwords, autofill data for browser forms and cryptocurrency wallet data, collect system information, steal.txt files from the desktop and make screenshots. Launching the malware resulted in decryption and activation of a Trojan-stealer dubbed Taurus.

Mobile

Mobile Passwords Software Accountability

APT trends report Q2 2023

SecureList

JULY 27, 2023

We now have better visibility into the group’s tactics, particularly in the areas of lateral movement, data collection and exfiltration. In the past year, ToddyCat has updated its toolset to avoid detection and reduce the number of targets.

Malware

Malware Government Phishing Social Engineering

APT trends report Q2 2024

SecureList

AUGUST 13, 2024

The attackers used social engineering to gain prolonged access to the source/development environment, and extended that access by faking human interactions in plain sight to build credibility for introducing the malicious code. In May 2024, we discovered a new APT targeting Russian government entities.

Social Engineering

Social Engineering Malware Government Engineering

Advanced threat predictions for 2024

SecureList

NOVEMBER 14, 2023

Solutions like XDR, SIEM, and MDM platforms, apart from traditional anti-virus products, enable centralized data collection, accelerate analysis, and correlate security events from various sources, facilitating swift response to complex incidents.

Hacking

Hacking Energy and Utilities Media Malware

Cyber Security Informer

Confessions of an ID Theft Kingpin, Part I

Happy 13th Birthday, KrebsOnSecurity!

Trending Sources

Cybercriminals Are Targeting AI Conversational Platforms

Threat Report Portugal: Q4 2021

Threat Report Portugal: Q2 2022

Threat Report Portugal: Q3 & Q4 2022

Phishers migrate to Telegram

Group-IB: $49.4 million of damage caused to Russia’s financial sector from cyber attacks

Thomson Reuters collected and leaked at least 3TB of sensitive data

Ransomware Revival: Troldesh becomes a leader by the number of attacks

Camera tricks: Privacy concerns raised after massive surveillance cam breach

Prilex: the pricey prickle credit card complex

The Telegram phishing market

Holiday Shopping Readiness: How is Retail Data Security Holding Up?

Holiday Shopping Readiness: How is Retail Data Security Holding Up?

Good game, well played: an overview of gaming-related cyberthreats in 2022

APT trends report Q2 2023

APT trends report Q2 2024

Advanced threat predictions for 2024

Stay Connected