Security Affairs

JANUARY 19, 2025

CISA adds BeyondTrust PRA and RS and Qlik Sense flaws to its Known Exploited Vulnerabilities catalog Inexperienced actors developed the FunkSec ransomware using AI tools Credit Card Skimmer campaign targets WordPress via database injection Microsoft took legal action against crooks who developed a tool to abuse its AI-based services Pro-Russia hackers (..)

Spyware 70

Spyware Data breaches DNS Artificial Intelligence 70

Security Affairs

SEPTEMBER 1, 2024

Under Meredith Whittaker, It’s Out to Prove Surveillance Capitalism Wrong EU investigating Telegram over user numbers Cryptojacking via CVE-2023-22527: Dissecting a Full-Scale Cryptomining Ecosystem Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, newsletter)

Malware 120

Malware Surveillance Firewall Phishing 120

Hot for Security

APRIL 5, 2021

But regular consumers are equally affected by cybercrime, directly or indirectly. A key stat: cybercrime in 2020 was marked by a visible and aggressive targeting of the human layer. A key stat: cybercrime in 2020 was marked by a visible and aggressive targeting of the human layer. Aligned efforts to capitalize on COVID-19.

Cybercrime 116

Cybercrime Ransomware Cyber threats Malware 116

Security Affairs

APRIL 19, 2020

PaloAlto Networks experts warn of malicious Coronavirus themed phishing campaigns targeting government and medical organizations. April 17 – Gmail blocked 18 Million phishing and malware emails using COVID-19 lures in a week. Below a list of attacks detected this week.

Scams 138

Scams Malware Phishing Surveillance 138

Security Affairs

SEPTEMBER 3, 2023

ransomware builder used by multiple threat actors Cisco fixes 3 high-severity DoS flaws in NX-OS and FXOS software Cybercrime Unpacking the MOVEit Breach: Statistics and Analysis Cl0p Ups The Ante With Massive MOVEit Transfer Supply-Chain Exploit FBI, Partners Dismantle Qakbot Infrastructure in Multinational Cyber Takedown U.S.

Social Engineering 126

Social Engineering Data breaches Spyware Malware 126

Security Affairs

NOVEMBER 25, 2021

The PowerShortShell stealer is also used for Telegram surveillance and gathering system information from infected systems. “The adversary might be tied to Iran’s Islamic regime since the Telegram surveillance usage is typical of Iran’s threat actors like Infy, Ferocious Kitten, and Rampant Kitten. fn= hxxp://hr.dedyn.io/upload2.aspx

Surveillance 112

Surveillance Social Engineering Ransomware Cybercrime 112

Security Boulevard

DECEMBER 22, 2021

While well intentioned, you may have inadvertently created a security breach for the recipient or opened your family up to unwanted surveillance. Did you give or receive a toy or new parental control or security app for the holidays? The Internet of security breaches The Internet of Things (IoT) is not just for your smart.

IoT 143

IoT Surveillance Internet Internet 143

Security Affairs

DECEMBER 10, 2023

Will Enable Mass Spying Reddit Says Leaked U.S.-U.K. billion personal records compromised by data breaches in past two years — underscoring need for end‑to‑end encryption Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, newsletter)

Ransomware 127

Ransomware Data breaches Hacking Financial Services 127

Malwarebytes

SEPTEMBER 27, 2021

Insecure Hikvision security cameras can be taken over remotely MSHTML attack targets Russian state rocket centre and interior ministry Italian mafia cybercrime sting leads to 100+ arrests How to clear your cache Microsoft exchange autodiscover flaw reveals users’ passwords Parents and teachers believe digital surveillance of kids outweighs risks SonicWall (..)

Phishing 70

Phishing Surveillance Malware Backups 70

Security Affairs

SEPTEMBER 3, 2022

Google rolled out emergency fixes to address actively exploited Chrome zero-day Samsung discloses a second data breach this year The Prynt Stealer malware contains a secret backdoor. users China-linked APT40 used ScanBox Framework in a long-running espionage campaign Russian streaming platform Start discloses a data breach impacting 7.5M

Data breaches 96

Data breaches Malware Ransomware Surveillance 96

SecureWorld News

FEBRUARY 8, 2024

The Super Bowl stadium and its vendors will connect everything from digital ticketing and payments to lighting, scoreboards, and surveillance cameras—exponentially expanding the attack surface. Large venues increasingly utilize sophisticated networks to conduct commerce, manage operations, engage fans, and gather data.

Penetration Testing 117

Penetration Testing Surveillance Cyber Risk Malware 117

Security Affairs

APRIL 16, 2023

The phishing attacks began in February 2023, the IT giant reported. Remcos is a legitimate remote monitoring and surveillance software developed by the company BreakingSecurity. “What we have observed is that the link in the phishing email points to Amazon Web Services click tracking service at awstrack[.]me.

Accountability 98

Accountability Phishing Financial Services Surveillance 98

Security Affairs

MAY 6, 2023

Twitter confirmed that a security incident publicly exposed Circle tweets FBI seized other domains used by the shadow eBook library Z-Library WordPress Advanced Custom Fields plugin XSS exposes +2M sites to attacks Fortinet fixed two severe issues in FortiADC and FortiOS Pro-Russia group NoName took down multiple France sites, including the French (..)

Data breaches 98

Data breaches Malware Mobile Spyware 98

Malwarebytes

SEPTEMBER 14, 2022

These messages run the usual range of phishing and fraudulent transaction attempts. This is enough to have Senators calling for “tougher measures” on cybercrime. More than 1 billion suspicious messages and spam texts have been sent in the Philippines in 2022 so far.

Media 85

Media Surveillance Cybercrime Accountability 85

Security Affairs

APRIL 23, 2023

Abandoned Eval PHP WordPress plugin abused to backdoor websites CISA adds MinIO, PaperCut, and Chrome bugs to its Known Exploited Vulnerabilities catalog At least 2 critical infrastructure orgs breached by North Korea-linked hackers behind 3CX attack American Bar Association (ABA) suffered a data breach,1.4

Spyware 98

Spyware Ransomware Malware Data breaches 98

Security Affairs

NOVEMBER 29, 2019

The group’s distinctive features are the high quality of their phishing attacks and the use of legitimate services, which makes it very difficult to detect its malicious activity in companies’ infrastructures. Silence reduced the use of phishing mail-outs, instead purchasing access to targeted banks from other groups (in particular TA505).

Banking 114

Banking Telecommunications Marketing Internet 114

SiteLock

AUGUST 27, 2021

Protect your website from hackers and cybercrime. There will be no #DigitalIndia until and unless government of India stops their surveillance projects & make their systems secure.”. This latest WikiLeaks disclosure was followed by the website’s recent releases about the surveillance of U.S.

Cybersecurity 52

Cybersecurity Surveillance Cyber Attacks Government 52

Krebs on Security

NOVEMBER 6, 2018

The force was originally created to tackle a range of cybercrimes, but Tarazi says SIM swappers are a primary target now for two reasons. In this case, the victim didn’t download malware or fall for some stupid phishing email. Samy Tarazi is a sergeant with the Santa Clara County Sheriff’s office and a REACT supervisor.

Mobile 267

Mobile Cryptocurrency Accountability Passwords 267

SecureList

NOVEMBER 26, 2021

The attackers obtain initial access to a system by sending a spear-phishing email to the victim containing a Dropbox download link. In July, the Spanish Ministry of the Interior announced the arrest of 16 people connected to the Grandoreiro and Melcoz (aka Mekotio) cybercrime groups. FinSpy: analysis of current capabilities.

Malware 135

Malware Banking Energy and Utilities Accountability 135

SecureWorld News

AUGUST 8, 2022

Remcos, short for Remote Control and Surveillance, was leveraged by malicious cyber actors conducting mass phishing campaigns during the COVID-19 pandemic to steal personal data and credentials. Remcos Remcos is marketed as a legitimate software tool for remote management and penetration testing.

Malware 98

Malware Banking Penetration Testing Healthcare 98

SecureList

NOVEMBER 14, 2023

A creative avenue for threat actors is to expand their surveillance efforts to include devices such as smart home cameras, connected car systems and beyond. Spear-phishing to expand with accessible generative AI Chatbots and generative AI tools are now widespread and easily accessible.

Hacking 141

Hacking Energy and Utilities Media Malware 141

Security Affairs

AUGUST 4, 2018

Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. . · Google introduced G Suite alerts for state-sponsored attacks. · Hundreds of thousands MikroTik Routers involved in massive Coinhive cryptomining campaign. · Industrial Sector targeted in surgical spear-phishing attacks. Pierluigi Paganini.

Cryptocurrency 49

Cryptocurrency Data breaches Spyware Advertising 49

Krebs on Security

NOVEMBER 5, 2024

Judische would repeat that claim in Star Chat on May 13 — the day before Santander publicly disclosed a data breach — and would periodically blurt out the names of other Snowflake victims before their data even went up for sale on the cybercrime forums. prosecutors and federal law enforcement agencies. “Negotiate a deal in Telegram.”

Cybercrime 275

Cybercrime Mobile Media Hacking 275

Krebs on Security

SEPTEMBER 30, 2024

A California man accused of failing to pay taxes on tens of millions of dollars allegedly earned from cybercrime also paid local police officers hundreds of thousands of dollars to help him extort, intimidate and silence rivals and former business partners, the government alleges. had some personal problems and checked himself into rehab.

Cryptocurrency 311

Cryptocurrency Government Internet Internet 311

Krebs on Security

NOVEMBER 15, 2022

Wanted Ukrainian cybercrime suspect Vyacheslav “Tank” Penchukov (right) was arrested in Geneva, Switzerland. Ultimately, Penchukov’s political connections helped him evade prosecution by Ukrainian cybercrime investigators for many years. This was enough to positively identify Tank as Penchukov, Warner said.

Banking 324

Banking Small Business Accountability Malware 324

Security Affairs

SEPTEMBER 29, 2024

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Hacking 117

Hacking Ransomware Antivirus Cybercrime 117

SecureList

JULY 29, 2021

We have designated it as a new threat actor and named it “HotCousin” The attacks began with a spear-phishing email which led to an ISO file container being stored on disk and mounted. Previous activity also connected with this group relied heavily on spear-phishing and Cobalt Strike throughout 2020.

Malware 145

Malware Phishing Password Management Social Engineering 145

SecureList

APRIL 27, 2022

We found overlaps in the infrastructure used by a tunneling tool used by the actor and several possible phishing websites set up within the above time frame. The attack targets victims with spear-phishing emails containing malicious OOXML files.

Malware 145

Malware Firmware Government Phishing 145

SecureList

OCTOBER 17, 2023

This strategic shift signals its intent to intensify its surveillance capabilities and expand its range of targets. The initial attack vector was a phishing email disguised as an email from a government entity or service. The group targets its victims by sending spear-phishing emails with Microsoft Office documents attached.

Malware 140

Malware Government VPN Manufacturing 140

Security Affairs

FEBRUARY 20, 2022

Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini. SecurityAffairs – hacking, newsletter). The post Security Affairs newsletter Round 354 appeared first on Security Affairs.

Banking 98

Banking Ransomware Spyware Surveillance 98

eSecurity Planet

OCTOBER 21, 2022

The method of infection can vary from attack to attack and can include social engineering strategies, such as phishing and email spoofing , or a fraudulent website masquerading as legitimate, among others.

Malware 75

Malware Adware Spyware Antivirus 75

eSecurity Planet

DECEMBER 19, 2023

Cybercrime will go to the next level: Cyberattackers will implement improved skills, “shift left” attacks, and shifting strategies to adjust to evolving cyberdefense. AI-Powered Cybercrime Despite the advancements in using AI to improve security, cybercriminals also have access to AI and LLMs.

Cybersecurity 140

Cybersecurity CISO Government Technology 140

eSecurity Planet

OCTOBER 26, 2021

The Russian-based cybercrime group responsible for the high-profile attack on software maker SolarWinds last year is continuing to take aim at the global supply chain, according to a warning issued by Microsoft this week. 19 that they had been attacked a total of 22,868 times. See also: Best Third-Party Risk Management (TPRM) Tools of 2021.

Government 120

Government Cybercrime Accountability Software 120

Security Affairs

APRIL 2, 2023

LockBit leaks data stolen from the South Korean National Tax Service Italy’s Data Protection Authority temporarily blocks ChatGPT over privacy concerns CISA adds bugs exploited by commercial surveillance spyware to Known Exploited Vulnerabilities catalog Hackers are actively exploiting a flaw in the Elementor Pro WordPress plugin Cyber Police of Ukraine (..)

Spyware 98

Spyware Surveillance Artificial Intelligence Data breaches 98

Jane Frankland

JANUARY 12, 2025

Threat Actors Cybersecurity threats are growing more complex and persistent, driven by the heightened activities of nation-state actors and increasingly sophisticated cybercrime groups. Organised Cybercrime Groups Up Their Game Cybercriminals arent resting on old tactics with cybercrime expected to hit $12 trillion in 2025.

Cybersecurity 130

Cybersecurity CISO Insurance IoT 130

Security Affairs

OCTOBER 27, 2024

CISA adds ScienceLogic SL1 flaw to its Known Exploited Vulnerabilities catalog VMware failed to fully address vCenter Server RCE flaw CVE-2024-38812 Cisco states that data published on cybercrime forum was taken from public-facing DevHub environment Internet Archive was breached twice in a month Unknown threat actors exploit Roundcube Webmail flaw (..)

Data breaches 121

Data breaches Healthcare Cybercrime Social Engineering 121

Security Affairs

MARCH 2, 2025

from Bybit, it is the largest cryptocurrency heist ever International Press Newsletter Cybercrime Mining Company NioCorp Loses $500,000 in BEC Hack Inside Black Bastas Exposed Internal Chat Logs: A Firsthand Look The Bleeding Edge of Phishing: darcula-suite 3.0

Cybercrime 61

Cybercrime Hacking Ransomware Cryptocurrency 61