Security Affairs

JULY 22, 2019

Last week, hackers published a list of Discord credentials (email addresses/passwords) that were allegedly phished from the users of the gaming chat platform. Last week, a group of hackers published a list of Discord login credentials (email addresses and passwords) that were allegedly phished from the users of the gaming chat platform.

Phishing 80

Phishing Data breaches Passwords Advertising 80

Security Affairs

DECEMBER 26, 2023

The Carbanak malware has been active since at least 2014 and has been used by ransomware gangs to infiltrate financial systems. The threat actors used sophisticated phishing techniques against bank employees. Imposters in November included the CRM platform HubSpot, data management software Veeam, and account tool Xero.”

Malware 119

Malware Ransomware Banking Healthcare 119

Security Affairs

FEBRUARY 24, 2020

Slickwraps has disclosed a data breach that impacted over 850,000 user accounts, data were accidentally exposed due to security vulnerabilities. Lynx0x00’s Medium and Twitter accounts have mysteriously vanished but, fortunately, the Internet never truly forgets. ” reported Slashgear. Pierluigi Paganini.

Accountability 95

Accountability Data breaches Passwords Advertising 95

Security Affairs

OCTOBER 5, 2020

“According to our information, several universities in Switzerland have been affected,” explained Martina Weiss, Secretary General of the Rectors’ Conference of the Swiss Universities. The hackers carried out spear-phishing attacks against the Swiss universities in an attempt of tricking its employees into providing their access data.

Advertising 144

Advertising Phishing Cybercrime Hacking 144

Security Affairs

MARCH 20, 2020

The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. It is unclear why APT28 is using compromised email accounts of (mostly) defense companies in the Middle East.

Phishing 140

Phishing Accountability Advertising DNS 140

Security Affairs

APRIL 12, 2020

The archive included credentials for Zoom accounts belonging to organizations in various industries, including banking, consultancy, healthcare software companies. ” reads the report published by security firm IntSights. ” reads the report published by security firm IntSights. Pierluigi Paganini.

Healthcare 145

Healthcare Phishing Accountability Banking 145

Security Affairs

MARCH 23, 2020

The University of Utah Health disclosed a security breach, it has discovered malware on its systems and revealed unauthorized access to some employee email accounts. Attackers breached the organization with a phishing attack, the intrusion took place between January 7 and February 21, 2020. ” continues the alert.

Accountability 102

Accountability Advertising Malware Phishing 102

Krebs on Security

JULY 18, 2023

KrebsOnSecurity has learned that the owner of Defiant Tech, a 32-year-old Ontario man named Jordan Evan Bloom , was hired in late 2014 as a developer for the marital infidelity site AshleyMadison.com. LeakedSource also tried to pass itself off as a legal, legitimate business that was marketing to security firms and professionals.

Hacking 190

Hacking Accountability Data breaches Marketing 190

Security Affairs

SEPTEMBER 18, 2020

Security researchers from Check Point discovered an Android malware, developed by an Iran-linked group dubbed Rampant Kitten, that is able to bypass 2FA. Rampant Kitten has been active at least since 2014 and was involved in ongoing surveillance operations against Iranian minorities, anti-regime organizations, and resistance movements.

Malware 104

Malware Phishing Accountability Advertising 104

Security Affairs

OCTOBER 25, 2019

Experts have uncovered an ongoing phishing campaign targeting the United Nations and NGOs, including UNICEF and UN World Food. Security firm Lookout uncovered an ongoing spear-phishing campaign aimed at NGOs, including human rights organizations such as the Red Cross, UNICEF, the UN World Food and the UN Development programs.

Phishing 44

Phishing Mobile Advertising Scams 44

Security Affairs

SEPTEMBER 5, 2020

Experts spotted a phishing campaign that employees overlay screens and email ‘quarantine’ policies to steal Microsoft Outlook credentials from the victims. Researchers from Cofense discovered a phishing campaign that uses overlay screens and email ‘quarantine’ policies to steal Microsoft Outlook credentials from the targets.

Social Engineering 126

Social Engineering Phishing Engineering Advertising 126

Security Affairs

JANUARY 6, 2022

Security researchers at Cluster25 uncovered a recent campaign carried out by the North Korea-linked Konni APT group aimed at Russian diplomatic entities that used new versions of malware implants. The APT group carried out spear-phishing attacks using New Year’s Eve festivities as a lure. The spoofed messages used a *@mid.ru

Phishing 138

Phishing Malware Hacking Accountability 138

Security Affairs

MAY 2, 2020

billion records containing personally identifiable information (PII) of employees, reporters, and at least 42,000 users. Logs sensitive data related to the company’s data infrastructure included SQL query errors, Traffic between different servers, Communication protocols, Potential access to admin accounts. billion records.”

Identity Theft 116

Identity Theft Passwords Advertising Accountability 116

Security Affairs

OCTOBER 17, 2020

Google delivered 33,015 alerts to its users during the first three quarters of 2020 to warn them of phishing attacks, launched by nation-state actors, targeting their accounts. Google sent 11,856 government-backed phishing warnings during Q1 2020, 11,023 in Q2 2020, and 10,136 in Q3 2020. of all Gmail accounts.

DDOS 89

DDOS Phishing Advertising Accountability 89

Security Affairs

OCTOBER 4, 2020

The attackers targeted the employees at the merchant with a phishing campaign to obtain credentials for user accounts and were able to take over an administrator account. The recent attacks demonstrate that the threat actors continue to target merchant POS systems to harvest card present payment account data.

Malware 141

Malware Advertising Accountability Hacking 141

Security Affairs

SEPTEMBER 27, 2020

GADOLINIUM abuses Microsoft cloud services as command and control infrastructure, the experts uncovered a spear-phishing campaign using messages with weaponized attachments. “ Microsoft also took down a GitHub account that was used by the Gadolinium group as part of a 2018 campaign. ” states Microsoft’s report.

Advertising 139

Advertising Malware Phishing Hacking 139

Security Affairs

JUNE 9, 2020

Researchers from the IBM X-Force Incident Response and Intelligence Services (IRIS) reported that attackers launched a COVID-19-themed spear-phishing campaign to steal the user credentials of over 100 senior executives. Once the attackers have obtained the login credentials they are sent to via email to several Yandex email accounts.

Phishing 81

Phishing Manufacturing Government Advertising 81

Security Affairs

APRIL 29, 2020

State-sponsored hackers have compromised a small number of accounts of the Estonian email provider Mail.ee Alleged state-sponsored hackers have hijacked a small number of accounts at the Estonian email provider Mail.ee, they exploited a zero-day vulnerability in the attack. belonging to high-profile people.

Accountability 112

Accountability Advertising Hacking Phishing 112

Security Affairs

AUGUST 7, 2019

Accessing an online account, users could make several actions, such as manage insurance claims and pay bills. Credential stuffing attacks involve botnets to try stolen login credentials usually obtained through phishing attacks and data breaches. In response to the attacks, State Farm reset the passwords for impacted accounts.

Insurance 89

Insurance Data breaches Financial Services Passwords 89

Security Affairs

APRIL 19, 2020

Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Scams 84

Scams Phishing Advertising DDOS 84

Security Affairs

SEPTEMBER 23, 2020

.” reads the report published by Comparitech, “Comparitech security researcher Bob Diachenko received a tip from cybersecurity expert Sami Toivonen about the exposure on September 21, 2020.” ” The expert confirmed that the database did not contain financial data or account passwords. Pierluigi Paganini.

Data breaches 96

Data breaches Phishing Passwords Advertising 96

Security Affairs

MARCH 15, 2020

The researchers received a coronavirus-themed scam email that attempted to trick victims into using a different bank account for the payment due to the COVID-19 outbreak. The Ancient Tortoise’s BEC message includes details of a Hong Kong mule account and instructs victims to send the money to it. A change of the bank account).

Scams 109

Scams Banking Cybercrime Advertising 109

Security Affairs

AUGUST 10, 2019

The Naples Daily News reported that the threat actors carried out a sophisticated “spear phishing” campaign against a specific person or department. “The City of Naples says the cyber attack that resulted in the loss of $700,000 was a “sophisticated” spear phishing strategy.” Pierluigi Paganini.

Banking 101

Banking Cyber Attacks Advertising Phishing 101

Security Affairs

MARCH 16, 2020

In response to the incident, Open Exchange Rates has forced a password reset for all accounts created before March 2, 2020. Open Exchange Rates recommends users to generate new API IDs using the account dashboard to access the service. Stolen data could be used by threat actors to target organizations with spear- phishing campaigns.

Data breaches 107

Data breaches Passwords Advertising Accountability 107

Security Affairs

MAY 21, 2020

The Chafer APT group has distributed data stealer malware since at least mid-2014, it was focused on surveillance operations and the tracking of individuals. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Government 115

Government Social Engineering Telecommunications Hacking 115

Security Affairs

AUGUST 27, 2020

Here are some examples of how potential attackers can use the data found in the unsecured Amazon S3 bucket against the owners of the exposed email addresses: Spamming 350 million email IDs Carrying out phishing attacks Brute-forcing the passwords of the email accounts. Watch out for potential spam messages and phishing emails.

Social Engineering 127

Social Engineering Passwords Marketing Phishing 127

Security Affairs

OCTOBER 13, 2019

Iran-linked APT group Charming Kitten employed new spear-phishing methods in attacks carried out between August and September. Security experts at ClearSky analyzed attacks recently uncovered by Microsoft that targeted a US presidential candidate, government officials, journalists, and prominent expatriate Iranians. Pierluigi Paganini.

Media 70

Media Social Engineering Phishing Advertising 70

Security Affairs

JULY 24, 2019

The crooks also carried out a phishing campaign that reached thousands of victims and tricked them into providing social security numbers and bank account information. . At the time of the arrest, Costea possessed 36,050 fraudulently obtained financial account numbers , Draghici had 3,465 and Dumitrescu had 3,278.

Hacking 84

Hacking Banking Identity Theft Phishing 84

Security Affairs

AUGUST 30, 2019

Foxit Software, the PDF software provider behind the Foxit PDF reader app disclosed a security breach that took place recently exposing customers’ information. Foxit pointed out that it does not maintain customer payment card information in its systems. ” continues the advisory. ” concludes the advisory.

Data breaches 82

Data breaches Passwords Software Identity Theft 82

Security Affairs

JULY 15, 2023

Gamaredon has been active since 2014 and its activity focus on Ukraine, the group was observed using the multistage backdoor Pteranodon / Pterodo. The Gamaredon APT group continues to carry out attacks against entities in Ukraine, including security services, military, and government organizations.

Social Engineering 98

Social Engineering DNS Accountability Malware 98

Security Affairs

MAY 24, 2019

Getting your paycheck deposited directly into your bank account seems like a handy solution but in some cases. Getting your paycheck deposited directly into your bank account seems like a handy solution because you don’t have to pick up the check from your workplace and take it to the bank to deposit it. hackers can access them.

Phishing 94

Phishing Accountability Banking Social Engineering 94

Security Affairs

SEPTEMBER 20, 2020

Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. . Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

DDOS 95

DDOS Ransomware Data breaches Advertising 95

Security Affairs

JULY 14, 2020

In response to the incident, the bidding portal has forced a password reset for all users’ accounts, both bidder and auctioneer ones. Unfortunately stolen data are already available for sale on the dark web, security researchers at CloudSEK reported. The experts found a post advertising information of roughly 3.4

Hacking 103

Hacking Data breaches Identity Theft Advertising 103

Security Affairs

NOVEMBER 22, 2019

The US branch of the telecommunications giant T -Mobile disclosed a security breach that according to the company impacted a small number of customers of its prepaid service. The cybersecurity team at T-Mobile discovered an unauthorized access to information associated with a limited number of its prepaid wireless account customers.

Wireless 99

Wireless Data breaches Mobile Telecommunications 99

Security Affairs

DECEMBER 30, 2019

Microsoft sued Thallium North Korea-linked APT for hacking into its customers’ accounts and networks via spear-phishing attacks. Microsoft sued a North Korea-linked cyber espionage group tracked as Thallium for hacking into its customers’ accounts and networks via spear-phishing attacks. 27 in the U.S.

Computers and Electronics 69

Computers and Electronics Phishing Accountability Malware 69

Security Affairs

JUNE 12, 2020

The attackers first disable protections for running macro scripts in Outlook then deploy the code to send phishing messages to the victim’s contacts. “One tool, a VBA macro targeting Microsoft Outlook, uses the target’s email account to send spearphishing emails to contacts in the victim’s Microsoft Office address book.”

Malware 108

Malware Phishing Advertising Government 108

Security Affairs

NOVEMBER 28, 2021

North Korea-linked threat actors posed as Samsung recruiters in a spear-phishing campaign aimed at employees at South Korean security firms. According to the Google Threat Horizons report, the state-sponsored hackers sent fake job offers to employees at the security companies. . ” reads the Google Threat Horizons report.

Malware 128

Malware Phishing Antivirus Hacking 128