Information - Cyber Security Informer

DeepSeek database exposed highly sensitive information

Security Affairs

JANUARY 30, 2025

“This database contained a significant volume of chat history, backend data and sensitive information, including log streams, API Secrets, and operational details.” It was hosted at oauth2callback.deepseek.com:9000 and dev.deepseek.com:9000.” ” reads the report published by Wiz. ” concludes the report.

Authentication

Authentication Passwords Hacking Risk

“Can you try a game I made?” Fake game sites lead to information stealers

Malwarebytes

JANUARY 3, 2025

What the target will actually download and install is in reality an information stealing Trojan. There are also various information stealers being spread through these channels like the Nova Stealer, Ageo Stealer, or the Hexon Stealer. There are several variations going around. IOCs Download sites: dualcorps[.]fr fr leyamor[.]com

Scams

Scams Identity Theft Media Accountability

Fake Etsy invoice scam tricks sellers into sharing credit card information

Malwarebytes

FEBRUARY 12, 2025

The site may ask for more information than Etsy would normally request for verification – like your full name, address, and even your credit card details. In the final step, the counterfeit page will prompt you to enter your credit card details , supposedly to confirm your billing information or validate your seller account.

Scams

Scams Accountability Marketing Account Security

Fake CAPTCHA websites hijack your clipboard to install information stealers

Malwarebytes

MARCH 10, 2025

While these instructions may seem harmless enough, if you follow the steps you will actually be infecting yourself with malwaremost likely an information stealer. You will observe and agree: Im not a robot reCAPTCHA Verification ID: 8253 Perform the steps above to finish verification.

Social Engineering

Social Engineering Media Scams Malware

The Power of Storytelling in Risk Management

Speaker: Dr. Karen Hardy, CEO and Chief Risk Officer of Strategic Leadership Advisors LLC

However, risk communication involves more than just reporting information and populating dashboards, and we may be limiting our skillset. When done effectively, it can help interpret complex risk environments for leaders and inform their decision-making.

Risk

PLAYFULGHOST backdoor supports multiple information stealing features

Security Affairs

JANUARY 5, 2025

PLAYFULGHOST is a new malware family with capabilities including keylogging, screen and audio capture, remote shell access, and file transfer/execution. Google researchers analyzed a new malware family called PLAYFULGHOST that supports multiple features, including keylogging, screen and audio capture, remote shell, and file transfer/execution.

Malware

Malware Encryption Phishing Hacking

New Information Supplement: Payment Page Security and Preventing E-Skimming

PCI perspectives

MARCH 10, 2025

The PCI Security Standards Council (PCI SSC) has introduced a new information supplement: Payment Page Security and Preventing E-Skimming Guidance for PCI DSS Requirements 6.4.3 and 11.6.1.

eCommerce

Criminals Exploiting FBI Emergency Data Requests

Schneier on Security

NOVEMBER 12, 2024

In some cases, the requests cited false threats, like claims of human trafficking and, in one case, that an individual would “suffer greatly or die” unless the company in question returns the requested information.

Encryption

Encryption Accountability Cybersecurity

NSO Group Spies on People on Behalf of Governments

Schneier on Security

NOVEMBER 27, 2024

Legal documents released in ongoing US litigation between NSO Group and WhatsApp have revealed for the first time that the Israeli cyberweapons maker and not its government customers is the party that “installs and extracts” information from mobile phones targeted by the company’s hacking software.

Government

Government Spyware Mobile Hacking

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization. It is the tangents of this data that are vital to a successful change management process.

Risk

What Graykey Can and Can’t Unlock

Schneier on Security

NOVEMBER 26, 2024

The documents do not appear to contain information about what Graykey can access from the public release of iOS 18.1, More information : Meanwhile, Graykey’s performance with Android phones varies, largely due to the diversity of devices and manufacturers. which was released on October 28.

Media

Media Manufacturing Mobile Hacking

FBI: Spike in Hacked Police Emails, Fake Subpoenas

Krebs on Security

NOVEMBER 9, 2024

. “Cybercriminals are likely gaining access to compromised US and foreign government email addresses and using them to conduct fraudulent emergency data requests to US based companies, exposing the personal information of customers to further use for criminal purposes,” the FBI warned. Don’t be discouraged.

Hacking

Hacking Accountability Government Social Engineering

AI Data Poisoning

Schneier on Security

MARCH 26, 2025

It’s basically an AI-generated honeypot.

EDR-as-a-Service makes the headlines in the cybercrime landscape

Security Affairs

APRIL 7, 2025

These falsely obtained credentials enable cyber criminals to successfully mimic a real-world investigation by inducing platform operators to provide extremely sensitive information. FROM ACCOUNT THEFT TO A FULL-FLEDGED SERVICE: THE EVOLUTION OF THE MODEL The phenomenon has rapidly upgraded complexity, as detailed in the Meridian Group report.

Cybercrime

Cybercrime Social Engineering Accountability Government

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers.

Healthcare

Fintech Giant Finastra Investigating Data Breach

Krebs on Security

NOVEMBER 19, 2024

The financial technology firm Finastra is investigating the alleged large-scale theft of information from its internal file transfer platform, KrebsOnSecurity has learned. If you have any additional information about this incident, please reach out to krebsonsecurity @ gmail.com or at protonmail.com. This is a developing story.

Data breaches

Data breaches Banking Cybercrime Advertising

Social Engineering to Disable iMessage Protections

Schneier on Security

JANUARY 17, 2025

They were standard messages about delayed packages or somesuch, with the goal of getting me to click on a link and entering some personal information into a website. A few days ago I started getting phishing SMS messages with a new twist. But because they came from unknown phone numbers, the links did not work.

Social Engineering

Social Engineering Engineering Phishing

LW ROUNDTABLE: Wrist slap or cultural shift? SEC fines cyber firms for disclosure violations

The Last Watchdog

NOVEMBER 12, 2024

But the SEC’s latest actions underscore that failing to inform stakeholders about material risks and breaches is not an option. This could dovetail with a national information privacy law. The last thing we need is a patchwork of 50 different laws across the States.

CISO

CISO CSO Risk Cyber threats

Microsoft Can Fix Ransomware Tomorrow

Adam Shostack

JANUARY 2, 2025

I explained that Microsoft could fix ransomware tomorrow, and was surprised that the otherwise well-informed people I was speaking to hadn't heard about this approach. My latest article at Dark Reading is Microsoft Can Fix Ransomware Tomorrow. It starts: Recently, I was at a private event on security by design.

Ransomware

Ransomware Encryption Software

The Importance of User Roles and Permissions in Cybersecurity Software

You should restrict access to sensitive information and systems the same way you restrict access to your house. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing. The same principle should apply to your most precious data assets.

Cybersecurity

Change Healthcare Breach Hits 100M Americans

Krebs on Security

OCTOBER 30, 2024

Change Healthcare says it has notified approximately 100 million Americans that their personal, financial and healthcare records may have been stolen in a February 2024 ransomware attack that caused the largest ever known data breach of protected health information. Image: Tamer Tuncay, Shutterstock.com. Image: Darkbeast, ke-la.com.

Healthcare

Healthcare Insurance Computers and Electronics Data breaches

Inside the DemandScience by Pure Incubation Data Breach

Troy Hunt

NOVEMBER 13, 2024

I am interested in finding how my information ended up in your database. That last one seems perfectly reasonable, and fortunately, DemandScience does have a link on their website to Do Not Sell My Information : Dammit! So, he asked them: I seem to have found my email in your data breach. If, like me, you're part of the 99.5%

Data breaches

Data breaches Passwords B2B Technology

DOGE as a National Cyberattack

Schneier on Security

FEBRUARY 13, 2025

For example, the Treasury Department systems contain the technical blueprints for how the federal government moves money, while the Office of Personnel Management (OPM) network contains information on who and what organizations the government employs and contracts with.

Government

Government Artificial Intelligence Banking Software

FBI Deletes PlugX Malware from Thousands of Computers

Schneier on Security

JANUARY 16, 2025

” Details : To retrieve information from and send commands to the hacked machines, the malware connects to a command-and-control server that is operated by the hacking group. According to a DOJ press release , the FBI was able to delete the Chinese-used PlugX malware from “approximately 4,258 U.S.-based

Malware

Malware Hacking Software

How Preparation and Strategy Can Be Used to Fight and Defeat Any Ransomware Attack

Speaker: Karl Camilleri, Cloud Services Product Manager at phoenixNAP

As a result, data protection needs to be a concern for most banks, businesses, and information technology specialists. million attacks, the threat marked a 148% increase compared to 2020 and was the most expensive year on record! It’s mindboggling, but right now for 49% of respondents, cybersecurity is their primary business concern.

Ransomware

AI Industry is Trying to Subvert the Definition of “Open Source AI”

Schneier on Security

NOVEMBER 8, 2024

Privacy rules also give a person the rightful ability to control their most sensitive information like decisions about their health. Laws that permit training on data often limit the resharing of that same data to protect copyright or other interests.

Artificial Intelligence

Election season raises fears for nearly a third of people who worry their vote could be leaked

Malwarebytes

OCTOBER 15, 2024

Broadly, Malwarebytes found that: 74% of people “consider US election season a risky time for personal information.” Distrust in political ads is broad—62% said they “disagree” or “strongly disagree” that the information they receive in US election-related ads is trustworthy. The reasons could be obvious.

Scams

Scams Identity Theft Cybercrime Accountability

Scammer robs homebuyers of life savings in $20 million theft spree

Malwarebytes

NOVEMBER 14, 2024

Employees of these companies were tricked into clicking malicious attachments and links and filling in their email account login information on fake sites. The entered information went straight to the phishers and allowed the criminals to monitor the emails of those employees.

Accountability

Accountability Banking Internet Internet

When Getting Phished Puts You in Mortal Danger

Krebs on Security

MARCH 27, 2025

“All observed campaigns had similar traits and shared a common objective: collecting personal information from site-visiting victims. com), and uses a similar Google Forms page to collect information from would-be members. ” Further reading: Silent Push report, Russian Intelligence Targeting its Citizens and Informants.

Phishing

Phishing Government Engineering Internet

News alert: SpyCloud accelerates supply chain risk analysis with new ‘IDLink’ correlation capability

The Last Watchdog

OCTOBER 10, 2024

There is a vast amount of personal information in criminals’ hands,” said Jason. For more information about SpyCloud Investigations or to schedule a complimentary demo to explore your data, users can contact us here. billion identity records – including hundreds of millions of Americans’ Social Security numbers.

Risk

Risk Cybercrime Identity Theft Phishing

AI chatbot provider exposes 346,000 customer files, including ID documents, resumes, and medical records

Malwarebytes

DECEMBER 3, 2024

Researchers have discovered a huge Google Cloud Storage bucket, found freely accessible on the internet and containing a treasure trove of personal information. Medical records including diagnoses, treatment history, test results and other medical information that should be private.

Identity Theft

Identity Theft Education Risk Phishing

“Cybersecurity For Dummies” Third Edition Now Available

Joseph Steinberg

APRIL 7, 2025

And, of course, all versions of Cybersecurity For Dummies also help guide people to recovering in the event that their computers, phones, or information has already been compromised.

Cybersecurity

Cybersecurity Artificial Intelligence Backups Encryption

Japanese telecom giant NTT suffered a data breach that impacted 18,000 companies

Security Affairs

MARCH 8, 2025

A data breach suffered by the Japanese telecom giant NTT exposed information of nearly 18,000 corporate customers. Japanese telecom giant NTT suffered a data breach that exposed information of nearly 18,000 corporate customers. Please note that information about services for individual customers was not included.”

Data breaches

Data breaches Mobile Hacking Malware

“Urgent reminder” tax scam wants to phish your Microsoft credentials

Malwarebytes

APRIL 1, 2025

Once logged in, follow the prompts to review and confirm your tax information. The IRS’s annual Dirty Dozen list of tax scams shows common schemes that threaten your tax and financial information. And when it does, it is only to send general information and in an ongoing case with an assigned IRS employee.

Scams

Scams Phishing Artificial Intelligence Social Engineering

Vidar Stealer Hides in Legitimate BGInfo Tool

Penetration Testing

APRIL 8, 2025

Vidar Stealer, a notorious information-stealing malware that first emerged in 2018, continues to pose a significant threat by employing new distribution methods and evasion techniques. G DATA Security Lab’s analysis has uncovered a recent instance where Vidar Stealer was disguised within a legitimate system information tool.

Malware

Malware Cybersecurity

Warning over free online file converters that actually install malware

Malwarebytes

MARCH 17, 2025

But in the background, their system has hidden malware in the file the victim has downloaded, which is capable of gathering information from the affected device such as: Personal identifying information (PII) including Social Security Numbers (SSN). Financial information, like your banking credentials and crypto wallets.

Malware

Malware Adware Education Phishing

DNA testing company vanishes along with its customers’ genetic data

Malwarebytes

NOVEMBER 12, 2024

In 2023, cybercriminals put up information belonging to as many as seven million 23andMe customers for sale on criminal forums following a credential stuffing attack against the genomics company. This makes the information a treasure trove for advertisers, insurance companies, and Big Pharma.

Insurance

Insurance Accountability Risk Data breaches

Predatory app downloaded 100,000 times from Google Play Store steals data, uses it for blackmail

Malwarebytes

FEBRUARY 25, 2025

But when the apps are installed, they steal information from the victims device that can be used to blackmail the victim. Among the stolen information are listed contacts, call logs, text messages, photos, and the devices location. The apps in the SpyLoan family offer attractive loan terms with virtually no background checks.

Passwords

Passwords Password Management Phishing Authentication

DoJ seized credit card marketplace PopeyeTools and charges its administrators

Security Affairs

NOVEMBER 24, 2024

Stolen information offered for sale on the carding website included bank account, credit card, and debit card numbers and associated information for conducting transactions. million in revenue.

Cybercrime

Cybercrime Cryptocurrency Banking Accountability

Warning: Hackers could take over your email account by stealing cookies, even if you have MFA

Malwarebytes

NOVEMBER 5, 2024

With access to your email account, a cybercriminal can find a lot of useful information about you, such as where you bank, your account numbers, your favorite shops, and more. This information could then be used for targeted cyberattacks that mention information that’s relevant to you only, leaving you more likely to fall for them.

Accountability

Accountability Authentication Malware Banking

AI Mistakes Are Very Different from Human Mistakes

Schneier on Security

JANUARY 21, 2025

There is already progress on improving this error mode, as researchers have found that LLMs trained on more examples of retrieving information from long texts seem to do better at retrieving information uniformly. In some cases, what’s bizarre about LLMs is that they act more like humans than we think they should.

Social Engineering

Social Engineering Engineering Technology Risk

UnitedHealth almost doubles victim numbers from massive Change Healthcare data breach

Malwarebytes

JANUARY 27, 2025

Stolen information The data breach at Change Healthcare is the largest healthcare data breach in US history. However, the exposed information may include: Contact information: Names, addresses, dates of birth, phone numbers, and email addresses. Set up identity monitoring.

Data breaches

Data breaches Healthcare Passwords Insurance

Port of Seattle ‘s August data breach impacted 90,000 people

Security Affairs

APRIL 5, 2025

The ransomware gang hit organizations in multiple industries, including education, healthcare, manufacturing, information technology, and government sectors. The Port started notifying impacted individuals after their personal information was compromised. Please visit our cyberattack webpage for additional information.”

Data breaches

Data breaches Ransomware Cyber Attacks Manufacturing

California Cryobank, the largest US sperm bank, disclosed a data breach

Security Affairs

MARCH 19, 2025

California Cryobank, the largest US sperm bank, suffered a data breach exposing customer information. The company disclosed a data breach that exposed customers’ personal information. At this time, it is unclear if the exposed information includes any donor data.

Data breaches

Data breaches Banking Insurance Hacking

DeepSeek database exposed highly sensitive information

“Can you try a game I made?” Fake game sites lead to information stealers

Trending Sources

Fake Etsy invoice scam tricks sellers into sharing credit card information

Fake CAPTCHA websites hijack your clipboard to install information stealers

The Power of Storytelling in Risk Management

PLAYFULGHOST backdoor supports multiple information stealing features

New Information Supplement: Payment Page Security and Preventing E-Skimming

Criminals Exploiting FBI Emergency Data Requests

NSO Group Spies on People on Behalf of Governments

Successful Change Management with Enterprise Risk Management

What Graykey Can and Can’t Unlock

FBI: Spike in Hacked Police Emails, Fake Subpoenas

AI Data Poisoning

EDR-as-a-Service makes the headlines in the cybercrime landscape

Beware of Pixels & Trackers on U.S. Healthcare Websites

Fintech Giant Finastra Investigating Data Breach

Social Engineering to Disable iMessage Protections

LW ROUNDTABLE: Wrist slap or cultural shift? SEC fines cyber firms for disclosure violations

Microsoft Can Fix Ransomware Tomorrow

The Importance of User Roles and Permissions in Cybersecurity Software

Change Healthcare Breach Hits 100M Americans

Inside the DemandScience by Pure Incubation Data Breach

DOGE as a National Cyberattack

FBI Deletes PlugX Malware from Thousands of Computers

How Preparation and Strategy Can Be Used to Fight and Defeat Any Ransomware Attack

AI Industry is Trying to Subvert the Definition of “Open Source AI”

Election season raises fears for nearly a third of people who worry their vote could be leaked

Scammer robs homebuyers of life savings in $20 million theft spree

When Getting Phished Puts You in Mortal Danger

News alert: SpyCloud accelerates supply chain risk analysis with new ‘IDLink’ correlation capability

AI chatbot provider exposes 346,000 customer files, including ID documents, resumes, and medical records

“Cybersecurity For Dummies” Third Edition Now Available

Japanese telecom giant NTT suffered a data breach that impacted 18,000 companies

“Urgent reminder” tax scam wants to phish your Microsoft credentials

Vidar Stealer Hides in Legitimate BGInfo Tool

Warning over free online file converters that actually install malware

DNA testing company vanishes along with its customers’ genetic data

Predatory app downloaded 100,000 times from Google Play Store steals data, uses it for blackmail

DoJ seized credit card marketplace PopeyeTools and charges its administrators

Warning: Hackers could take over your email account by stealing cookies, even if you have MFA

AI Mistakes Are Very Different from Human Mistakes

UnitedHealth almost doubles victim numbers from massive Change Healthcare data breach

Port of Seattle ‘s August data breach impacted 90,000 people

California Cryobank, the largest US sperm bank, disclosed a data breach

Stay Connected