Krebs on Security

OCTOBER 1, 2022

In customer guidance released Thursday, Microsoft said it is investigating two reported zero-day flaws affecting Microsoft Exchange Server 2013, 2016, and 2019. ” These web-based backdoors offer attackers an easy-to-use, password-protected hacking tool that can be accessed over the Internet from any browser.

Hacking 186

Hacking Passwords Internet Internet 186

Security Affairs

APRIL 5, 2022

Ukraine CERT-UA spotted a spear-phishing campaign conducted by Russia-linked Armageddon APT targeting local state organizations. The phishing messages have been sent from “vadim_melnik88@i[.]ua,” The Gamaredon group was first discovered by Symantec and TrendMicro in 2015, but evidence of its activities has been dated back to 2013.

Phishing 117

Phishing Government Hacking Malware 117

Krebs on Security

FEBRUARY 14, 2020

In May 2013, the U.S. Federal officials charged that Liberty Reserve facilitated a “broad range of criminal activity, including credit card fraud, identity theft, investment fraud, computer hacking, child pornography, and narcotics trafficking.”

Identity Theft 221

Identity Theft Government Scams Cybercrime 221

CyberSecurity Insiders

JULY 30, 2021

Britain-based luxury clothing designer & lifestyle service offering company says that DarkTrace has thwarted most of the weekly cyber attacks that include 200 targeted hacks such as spear phishing emails targeting high-level executives and cyber campaigns that help steal critical data from companies.

Retail 144

Retail Artificial Intelligence Cyber Attacks Cyber threats 144

Security Affairs

SEPTEMBER 29, 2023

The WBSC, headquartered in Switzerland, was established in 2013 and currently has 141 countries as members located in Asia, Africa, the Americas, Europe, and Oceania. Another risk people whose passports were exposed have to deal with is spear phishing attacks.

Identity Theft 119

Identity Theft Social Engineering Banking Risk 119

Security Affairs

DECEMBER 1, 2022

In 2013, Yahoo suffered one of the worst data breaches in history, exposing over 3 billion user accounts. While no plaintext passwords or financial data was stolen, the hack did expose answers to security questions. Weak passwords are the easiest way hackers can hack into a system. SecurityAffairs – hacking, data breaches).

Data breaches 97

Data breaches Passwords Social Engineering Encryption 97

Security Affairs

JUNE 3, 2023

Kimsuky cyberespionage group (aka ARCHIPELAGO, Black Banshee, Thallium , Velvet Chollima, APT43 ) was first spotted by Kaspersky researcher in 2013. The APT group has persistently refined its social engineering tactics, making its spear-phishing campaigns progressively harder to detect.

Social Engineering 92

Social Engineering Phishing System Administration Engineering 92

Security Affairs

OCTOBER 28, 2018

Belgian newspaper reported that investigators had found proof that the Belgacom hack was the work of the UK GCHQ intelligence agency. Back to September 2013, Belgacom (now Proximus), the largest telecommunications company in Belgium and primarily state-owned, announced its IT infrastructure had suffered a malware-based attack.

Hacking 84

Hacking Spyware Telecommunications Malware 84

Security Affairs

MAY 8, 2023

Ukraine’s CERT-UA warns of an ongoing phishing campaign aimed at distributing the SmokeLoader malware in the form of a polyglot file. CERT-UA warns of an ongoing phishing campaign that is distributing the SmokeLoader malware in the form of a polyglot file.

Malware 94

Malware Phishing VPN Accountability 94

Security Affairs

MARCH 21, 2022

Ukraine CERT (CERT-UA) warns of spear-phishing ??attacks The Government Team for Response to Computer Emergencies of Ukraine (CERT-UA) warns of spear-phishing messages conducted by UAC-0035 group (aka InvisiMole) against Ukrainian state bodies. SecurityAffairs – hacking, InvisiMole). Pierluigi Paganini.

Spyware 88

Spyware DNS Phishing Government 88

Security Affairs

JANUARY 18, 2022

Trend Micro researchers spotted an elusive threat actor, called Earth Lusca, that targets organizations worldwide via spear-phishing and watering hole attacks. . The Winnti group was first spotted by Kaspersky in 2013, but according to the researchers the gang has been active since 2007. SecurityAffairs – hacking, Earth Lusca ).

Cryptocurrency 113

Cryptocurrency Social Engineering Media Phishing 113

Security Affairs

AUGUST 16, 2022

Symantec and TrendMicro first discovered the Gamaredon group in 2015, but evidence of its activities has been dated back to 2013. The attack chain starts with spear-phishing messages using a self-extracting 7-Zip file, which was downloaded via the system’s default browser. SecurityAffairs – hacking, Gamaredon).

Malware 86

Malware Phishing Hacking Government 86

Security Affairs

SEPTEMBER 18, 2021

Security researchers from the Cisco Talos team uncovered a spear-phishing campaign targeting the aviation industry for two years avoiding detection. Security researchers from Cisco Talos uncovered a spear-phishing campaign targeting, dubbed Operation Layover, that targeted the aviation industry for two years without being detected.

Malware 100

Malware Phishing DNS Cybercrime 100

Security Affairs

FEBRUARY 6, 2022

Russia-linked APT group Gamaredon is behind spear-phishing attacks against Ukrainian entities and organizations since October 2021. Palo Alto Network experts mapped out three large clusters of the infrastructure used by the nation-state APT group used to support different phishing and malware campaigns. Pierluigi Paganini.

Government 85

Government Phishing Malware Hacking 85

Spinone

MARCH 11, 2018

The Internet blew up with the latest news about Gmail phishing attack. What Was the Goal of Gmail Phishing Attack? The most intriguing part of the Google Docs phishing attack is that a victim received the email with a phishing link from a person who was familiar to him /her. What can we expect? What should we do next?

Phishing 40

Phishing Accountability Media Data breaches 40

Krebs on Security

MARCH 2, 2020

A large number of French critical infrastructure firms were hacked as part of an extended malware campaign that appears to have been orchestrated by at least one attacker based in Morocco, KrebsOnSecurity has learned. com , an Arabic-language computer hacking forum. But he denied ever participating in illegal hacking activities.

DNS 262

DNS Penetration Testing Malware Hacking 262

Security Affairs

MAY 16, 2021

At that time, the researchers tracked the sources IP in Pakistan, the attacks were part of a wider operation that relies on multi-vector such as watering hole websites and phishing email campaigns delivering custom RATs dubbed Crimson and Peppy. SecurityAffairs – hacking, APT). ” continues the report. Pierluigi Paganini.

Malware 106

Malware Phishing Hacking Information Security 106

Security Affairs

NOVEMBER 19, 2021

The TA406 cyber espionage group was first spotted by Kaspersky researchers in 2013. SecurityAffairs – hacking, North Korea). A report published by Proofpoint revealed that the North Korea-linked TA406 APT group ( Kimsuky , Thallium , and Konni , Black Banshee, Velvet Chollima) has intensified its operations in 2021.

Cryptocurrency 88

Cryptocurrency Malware Government Education 88

Security Affairs

AUGUST 14, 2020

The CactusPete cyber-espionage group has been active since at least 2013, it has been mainly focused on military, diplomatic, and infrastructure targets in Asia and Eastern Europe. Since the malware contains mostly information gathering functionality, most likely they hack into organizations to gain access to the victims’ sensitive data.

Malware 93

Malware Advertising Phishing Hacking 93

Security Affairs

FEBRUARY 10, 2020

Malaysia’s MyCERT issued a security alert to warn of a hacking campaign targeting government officials that was carried out by the China-linked APT40 group. The advisory doesn’t explicitly attribute the campaign to the Chinese APT, but references included in the alert p oint to the APT40 hacking group.

Government 126

Government Advertising Malware Hacking 126

Security Affairs

SEPTEMBER 12, 2019

Iran-linked Cobalt Dickens APT group carried out a spear-phishing campaign aimed at tens of universities worldwide. This operation is similar to the threat group’s August 2018 campaign , using compromised university resources to send library-themed phishing emails.” ” reads the analysis published by Secureworks.

Phishing 80

Phishing Advertising Hacking Accountability 80

CyberSecurity Insiders

AUGUST 26, 2022

A ransomware attack occurs when somebody hacks a person’s or company’s computer system and demands a ransom payment in return. CryptoLocker: Another cryptocurrency attack took place in 2013 at the hands of a piece of ransomware called CryptoLocker. Avoiding phishing scams can be the best way to prevent a ransomware attack.

Ransomware 123

Ransomware Education Software Malware 123

Security Affairs

AUGUST 26, 2022

Kimsuky cyberespiona group (aka Black Banshee, Thallium , Velvet Chollima) was first spotted by Kaspersky researcher in 2013. The GoldDragon campaign targets the media and a think-tank in South Korea, the attack chain starts sending a spear-phishing email with a weaponized Word document. SecurityAffairs – hacking, Kimsuky).

Malware 73

Malware Media Phishing Hacking 73

Security Affairs

DECEMBER 18, 2019

Threat actors launched spear-phishing attacks using emails with malicious attachments often disguised as PDF files. Attackers used a new variant of the Separ credential-stealing malware, a malicious code that was first spotted by Sonicwall in 2013. SecurityAffairs – Gangnam Industrial Style , hacking). Pierluigi Paganini.

Manufacturing 64

Manufacturing Advertising Phishing Malware 64

Security Affairs

JUNE 12, 2020

The group was first discovered by Symantec and TrendMicro in 2015 but evidence of its activities has been dated back to 2013. The attackers first disable protections for running macro scripts in Outlook then deploy the code to send phishing messages to the victim’s contacts. lnk formats. .

Malware 107

Malware Phishing Advertising Government 107

Security Boulevard

MARCH 31, 2021

How not to disclosure a Hack. UK fashion retailer FatFace angered customers in its handling of a customer data theft hack. conduct employee phishing tests. conduct employee phishing tests. The ransomware attack was said to be executed on 17th January 2021 and over 200Gb of data was exfiltrated.

Energy and Utilities 121

Energy and Utilities Ransomware Banking Hacking 121

Security Affairs

JUNE 8, 2023

Kimsuky cyberespionage group (aka ARCHIPELAGO, Black Banshee, Thallium , Velvet Chollima, APT43 ) was first spotted by Kaspersky researcher in 2013. ” The researchers observed Kimsuky sending an HTML-formatted spear phishing message which requests them to review a draft analysis of the nuclear threat posed by North Korea.

Social Engineering 73

Social Engineering Engineering Malware Risk 73

Security Affairs

MARCH 3, 2021

It was founded in 2013 and operates worldwide but mainly in Ukraine and Russia. Scams, Phishing, and Malware: It is common for unethical hackers and criminals on the Internet to use personal data to create trustworthy phishing emails. Phishing emails often use scare tactics to force users to open the attachment.

Data breaches 99

Data breaches Identity Theft B2B Phishing 99

Security Affairs

MARCH 7, 2019

Security experts at Microsoft are warning of economic damages caused by the activity of Iran-linked hacking groups that are working to penetrate systems, businesses, and governments worldwide. Researchers attributed the attacks to an Iran-linked group tracked by Microsoft as Holmium (aka APT33 ) that has been around since at least 2013.

Advertising 79

Advertising Government Hacking Phishing 79

Security Affairs

FEBRUARY 4, 2022

Palo Alto Network experts mapped out three large clusters of the infrastructure used by the nation-state APT group used to support different phishing and malware campaigns. The Gamaredon group was first discovered by Symantec and TrendMicro in 2015, but evidence of its activities has been dated back to 2013. 19, 2022. .”

Government 84

Government Malware Phishing Software 84

Security Affairs

AUGUST 27, 2020

Screenshot from the latest forum discussion about RepWatch in 2013: The CSV files appear to have included the same set of 350 million unique emails, separated into three groups: hashed, hashed and salted, and unencrypted files. Watch out for potential spam messages and phishing emails. SecurityAffairs – hacking, email addresses).

Social Engineering 125

Social Engineering Passwords Marketing Phishing 125

Security Affairs

DECEMBER 1, 2020

The OceanLotus APT group is a state-sponsored group that has been active since at least 2013. SecurityAffairs – hacking, BISMUTH). The hackers targeted organizations across multiple industries and have also hit foreign governments, dissidents, and journalists. Pierluigi Paganini.

Cryptocurrency 96

Cryptocurrency Antivirus Manufacturing Government 96

Security Affairs

OCTOBER 13, 2019

Iran-linked APT group Charming Kitten employed new spear-phishing methods in attacks carried out between August and September. Microsoft has been tracking the threat actors at least since 2013, but experts believe that the cyberespionage group has been active since at least 2011. . The link points to a malicious phishing website.

Media 70

Media Social Engineering Phishing Advertising 70

Malwarebytes

AUGUST 26, 2021

Slightly more than one week later, Japanese cryptocurrency exchange Liquid was hacked and lost $97 million worth of digital coins. These examples of recent news about hacked cryptocurrency exchanges left many investors wondering whether it was still smart to invest in cryptocurrencies and how to keep them safe. What is a cold wallet?

Cryptocurrency 110

Cryptocurrency Banking Hacking Engineering 110

SiteLock

AUGUST 27, 2021

For example, in a study just published by Russian security firm Kaspersky , the number two target for phishing attacks around the world in 2013 was the financial community. Any guess what the number one target for phishing was? That includes banks, credit card companies, and payment systems like PayPal and Western Union.

Data privacy 52

Data privacy Cybercrime Banking Marketing 52

Security Affairs

MARCH 5, 2019

The APT40 group has been active since at least 2013 and appears to be focused on supporting naval modernization efforts of the Government of Beijing. SecurityAffairs – China APT40, hacking). Threat actors target engineering, transportation, and defense sectors, experts observed a specific interest in maritime technologies. .”

Technology 83

Technology Advertising Government Phishing 83

Security Affairs

DECEMBER 7, 2019

The hacking campaign confirmed that the Gamaredon operations are still ongoing and the high interest of the Kremlin in infiltrating the East European ecosystem, especially the Ukranian one. The group was first discovered by Symantec and TrendMicro in 2015 but evidence of its activities has been dated back to 2013.

Government 58

Government Advertising Media DNS 58