Security Affairs

APRIL 13, 2020

Zoom accounts are flooding the dark web, over 500 hundred thousand Zoom accounts are being sold on hacker forums. Over 500 hundred thousand Zoom accounts are available for sale on the dark web and hacker forums. Cyble confirmed that the accounts’ credentials belonging to some of its clients were valid.

Accountability 145

Accountability Passwords Advertising Phishing 145

Security Affairs

AUGUST 9, 2020

Researchers detailed a new evasive phishing technique that leverages modified favicons to inject e-skimmers and steal payment card data covertly. Researchers from cybersecurity firm Malwarebytes have analyzed a new evasive phishing technique used by attackers in the wild in Magecart attacks. Pierluigi Paganini.

Phishing 141

Phishing Advertising Scams Accountability 141

Krebs on Security

AUGUST 2, 2018

A story published here on July 12 about a new sextortion-based phishing scheme that invokes a real password used by each recipient has become the most-read piece on KrebsOnSecurity since this site launched in 2009. And with good reason — sex sells (the second most-read piece here was my 2015 scoop about the Ashley Madison hack ).

Phishing 148

Phishing Scams Passwords Password Management 148

Security Affairs

JUNE 4, 2020

Hackers hijacked one of the domains of the Japanese cryptocurrency exchange Coincheck and used it for spear-phishing attacks. The Japanese cryptocurrency exchange Coincheck announced that threat actors have accessed their account at the Oname.com domain registrar and hijacked one of its domain names. Pierluigi Paganini.

Accountability 91

Accountability Phishing DNS Cryptocurrency 91

CyberSecurity Insiders

AUGUST 1, 2022

Security research carried out by CloudSEK has found that over 3000+ mobile applications were exposing Twitter’s API keys, thus providing access to twitter accounts fraudulently. Now, the employee is no more linked to the social media giant and will face the trial for indulging in fraudulent practices in 2015.

Mobile 120

Mobile Media Accountability Cryptocurrency 120

Security Affairs

DECEMBER 26, 2023

The Carbanak gang was first discovered by Kaspersky Lab in 2015, the group has stolen at least $300 million from 100 financial institutions. The threat actors used sophisticated phishing techniques against bank employees. Imposters in November included the CRM platform HubSpot, data management software Veeam, and account tool Xero.”

Malware 108

Malware Ransomware Banking Healthcare 108

Security Affairs

MARCH 17, 2019

Threat actors targeted Office 365 and G Suite cloud accounts using the IMAP protocol to bypass multi-factor authentication (MFA). Over the past months, threat actors have targeted Office 365 and G Suite cloud accounts using the IMAP protocol to bypass multi-factor authentication (MFA). ” reads the study published by Proofpoint.

Accountability 111

Accountability Phishing Authentication Passwords 111

Security Affairs

OCTOBER 10, 2020

In March, Google shared data on alerts related to state-sponsored attacks, the tech giant revealed that it issued almost 40,000 alerts of state-sponsored phishing or malware attacks to its users during 2019. The security key used during the registration process will be required anytime the users will sign into their accounts on new devices.

Accountability 68

Accountability Malware Phishing Advertising 68

Security Affairs

APRIL 11, 2020

Crooks are using a fake Cisco “critical security advisory” in a new phishing campaign aimed at stealing victims’ Webex credentials. The Cofense’s phishing defense center has uncovered an ongoing phishing campaign that uses a Cisco security advisory related to a critical vulnerability as a lure. ” concludes the experts.

Phishing 135

Phishing Advertising Healthcare Cyber Attacks 135

Security Affairs

DECEMBER 31, 2019

Special Olympics of New York, a nonprofit organization focused on competitive athletes with intellectual disabilities was hacked. Unfortunately, the nonprofit organization was hacked during the Christmas holiday and the attackers later used its email server to launch a phishing campaign against its donors. Iran, hacking).

Phishing 55

Phishing Hacking Data breaches Advertising 55

Security Affairs

AUGUST 19, 2019

Phishing is one of the oldest methods of cyberattacks. Types of Phishing Attacks. There are different types of phishing attacks and each is deceiving and manipulative in its own unique way. The most common type is phishing is carried out through fraudulent email receptionist. Another targeted phishing practice is Whaling.

Phishing 86

Phishing Accountability Authentication Passwords 86

Security Affairs

APRIL 17, 2020

Google says that the Gmail malware scanners have blocked around 18 million phishing and malware emails using COVID-19 lures in just one week. Google announced that its anti-malware solutions implemented to defend its Gmail users have blocked around 18 million phishing and malware emails using COVID-19 lures within the last seven days.

Phishing 113

Phishing Malware Government Small Business 113

Security Affairs

APRIL 19, 2021

Among the most clamorous attacks against industrial organizations, there is the 2015 attack against the electric grid in Ukraine and the 2017 Triton attack against a Saudi petrochemical plant. Mandiant launched a spear-phishing attack to gain a foothold in the target enterprise network. SecurityAffairs – hacking, smart meters).

Hacking 115

Hacking Phishing Accountability Internet 115

Security Affairs

OCTOBER 5, 2020

Threat actors have hacked at least three Swiss universities, including the University of Basel and managed to drain employee salary transfers. The hackers carried out spear-phishing attacks against the Swiss universities in an attempt of tricking its employees into providing their access data. SecurityAffairs – hacking, cybercrime).

Advertising 144

Advertising Phishing Cybercrime Hacking 144

SecureWorld News

FEBRUARY 18, 2021

It may be the most complete picture we've ever had of North Korean hacking campaigns. The unsealed documents highlight a number of attack targets and motives in an effort to hack, digitally intrude, and defraud. The hacking indictment filed in the U.S. North Korean hacking methods and attack vectors. global targets.

Hacking 97

Hacking Cryptocurrency Computers and Electronics Banking 97

Adam Levin

JULY 8, 2020

In 2015, Chinese hackers redirected the hijacked ShadesDaddy.com to a site selling counterfeit merchandise. ” Hacking campaigns exploiting poor domain name security can be more subtle. . ” Hacking campaigns exploiting poor domain name security can be more subtle. All of these can be extinction-level events.

Hacking 130

Hacking Retail Cyber Insurance Authentication 130

Security Affairs

NOVEMBER 25, 2018

Researchers at AppRiver uncovered a very trivial phishing campaign targeting the streaming service Spotify, anyway, it is important to share info about it. Security researchers at AppRiver uncovered a phishing campaign targeting the popular streaming service Spotify. giving the attacker the ability to hijack the account.”

Phishing 82

Phishing Accountability Advertising Passwords 82

Security Affairs

SEPTEMBER 18, 2020

Web-phishing targeting various online services almost doubled during the COVID-19 pandemic , it accounted for 46 percent of the total number of fake web pages. Secure web- phishing. In the light of global pandemic and the businesses’ dive into online world, the share of this phishing category increased to remarkable 46 percent.

Phishing 101

Phishing Ransomware Spyware Banking 101

Security Affairs

AUGUST 5, 2019

A crook involved in a spear phishing scheme and that was in Kenya is facing up to 20 years in the US federal prison for stealing thousands of dollars from US universities. Amil Hassan Raage, 48, pleaded guilty last week in a southern California court to fraudulently receiving almost $750,000 as part of a spear phishing scheme.

Phishing 94

Phishing Banking Advertising Accountability 94

Security Affairs

JUNE 11, 2020

A hack-for-hire group tracked as Dark Basin targeted thousands of journalists, advocacy groups, and politicians worldwide over 7 years. According to researchers at Citizen Lab, more than 10,000 victim email accounts were targeted. Department of Justice (DoJ) and is notifying additional targets of the hack-for-hire group.

Hacking 96

Hacking Phishing Accountability Media 96

Security Affairs

DECEMBER 25, 2018

Amnesty International warns of threat actors that are launching phishing attacks aimed at bypassing Gmail, Yahoo 2FA at scale. Attackers are using this tactic to break into Gmail and Yahoo accounts in large scale attacks. In one campaign, threat actors targeted accounts on popular secure email services, such as Tutanota and ProtonMail.

Phishing 92

Phishing Social Engineering Authentication Accountability 92

Security Affairs

JULY 14, 2020

The company confirmed that the an investigation into the hack is still ongoing. In response to the incident, the bidding portal has forced a password reset for all users’ accounts, both bidder and auctioneer ones. “Usually our mobile numbers and email IDs are linked to banking, mobile wallet, and other online accounts.

Hacking 95

Hacking Data breaches Identity Theft Advertising 95

Security Affairs

APRIL 30, 2020

Group-IB uncovered a new sophisticated phishing campaign, tracked as PerSwaysion, against high-level executives of more than 150 companies worldwide. . PerSwaysion is a highly-targeted phishing campaign. New round of phishing attempts leveraging current victim’s account usually takes less than 24 hours. Gone in 24 Hours.

Phishing 90

Phishing Accountability Financial Services Cloud Migration 90

Security Affairs

FEBRUARY 8, 2019

Crooks leverage Google Translate service as camouflage on mobile browsers in a phishing campaign aimed at stealing Google account and Facebook credentials. These phishing emails pose as alerts sent by Google that inform users that their accounts were accessed from a new Windows device. Pierluigi Paganini.

Phishing 82

Phishing Mobile Security Intelligence Advertising 82

Security Affairs

APRIL 25, 2019

Experts at Proofpoint discovered that free code repositories on GitHub have been abused since at least 2017 to host phishing websites. Researchers at Proofpoint reported that crooks are abusing free code repositories on GitHub to host phishing websites and bypass security defenses. ” reads the post published by Proofpoint.

Phishing 81

Phishing Advertising Accountability Cybercrime 81

Security Affairs

MAY 9, 2019

US DoJ indicted a member of sophisticated China-based hacking group for series of computer intrusions. The group is also responsible for the 2015 Health Insurer Anthem data breach. back in 2015. The indictment doesn’t link the Chinese hacking crew with China-linked APT groups.

Hacking 67

Hacking Insurance Data breaches Identity Theft 67

Security Affairs

DECEMBER 7, 2023

The nation-state actor is carrying out spear-phishing attacks for cyberespionage purposes. The Callisto APT group (aka “ Seaborgium “, “Star Blizzard”, “ ColdRiver” , “TA446”) targeted government officials, military personnel, journalists and think tanks since at least 2015.

DNS 86

DNS Government Accountability Phishing 86

Security Affairs

FEBRUARY 17, 2019

Security experts at Myki have recently discovered a new phishing campaign that could deceive even most tech-savvy users. Crooks are distributing links to blogs and services that display users “login using Facebook account” to read an exclusive article or purchase a discounted product. SecurityAffairs – phishing, Facebook).

Phishing 92

Phishing Advertising Accountability Authentication 92

Security Affairs

JANUARY 18, 2024

The ColdRiver APT (aka “ Seaborgium “, “Callisto”, “Star Blizzard”, “TA446”) is a Russian cyberespionage group that has been targeting government officials, military personnel, journalists and think tanks since at least 2015. In November 2022, TAG spotted COLDRIVER sending targets benign PDF documents from impersonation accounts.

Phishing 89

Phishing Malware Encryption Accountability 89

Security Affairs

APRIL 9, 2020

Group-IB’s CERT-GIB analyzed hundreds of coronavirus -related phishing emails and discovered top malware strains in COVID-19 campaigns. Group-IB’s Computer Emergency Response Team ( CERT-GIB ) analyzed hundreds of coronavirus-related phishing emails between February 13 and April 1, 2020. Spyware: the most likely COVID-19 payload.

Phishing 100

Phishing Malware Spyware DDOS 100

Security Affairs

APRIL 20, 2019

Google this week announced that it is going to block login attempts from embedded browser frameworks to prevent man-in-the-middle (MiTM) phishing attacks. “However, one form of phishing, known as “ man in the middle ” (MITM), is hard to detect when an embedded browser framework (e.g., Pierluigi Paganini.

Phishing 77

Phishing Authentication Advertising Hacking 77

Krebs on Security

JUNE 29, 2023

Nikita Kislitsin , formerly the head of network security for one of Russia’s top cybersecurity firms, was arrested last week in Kazakhstan in response to 10-year-old hacking charges from the U.S. Prosecutors in Northern California indicted Kislitsin in 2014 for his alleged role in stealing account data from Formspring.

Cybersecurity 258

Cybersecurity Cybercrime Hacking Technology 258

Security Affairs

FEBRUARY 24, 2020

Slickwraps has disclosed a data breach that impacted over 850,000 user accounts, data were accidentally exposed due to security vulnerabilities. Lynx0x00’s Medium and Twitter accounts have mysteriously vanished but, fortunately, the Internet never truly forgets. SecurityAffairs – hacking , Slickwraps ). Pierluigi Paganini.

Accountability 88

Accountability Data breaches Passwords Advertising 88

Security Affairs

JULY 22, 2019

Last week, hackers published a list of Discord credentials (email addresses/passwords) that were allegedly phished from the users of the gaming chat platform. Last week, a group of hackers published a list of Discord login credentials (email addresses and passwords) that were allegedly phished from the users of the gaming chat platform.

Phishing 74

Phishing Data breaches Passwords Advertising 74

Security Affairs

DECEMBER 1, 2019

Over 90 percent of the users identified by Google were targeted via “credential phishing emails” that attempt to trick victims into providing their password or other account credentials to hijack their Google account. It doesn’t mean that hackers successfully compromised their Google accounts. Pierluigi Paganini.

Phishing 123

Phishing Accountability Advertising Cyber Attacks 123

Security Affairs

JULY 11, 2020

A jury found Russian hacker Yevgeniy Nikulin guilty for the hack of LinkedIn, Dropbox, and Formspring back in 2012 and for the sale of the stolen data on cybercrime black marketplaces. Nikulin used data stolen from Linkedin to launch spear-phishing attacks against employees at other companies, including Dropbox. Pierluigi Paganini.

Hacking 73

Hacking Cybercrime Data breaches Advertising 73

Schneier on Security

MAY 5, 2020

At a remote virtual version of its annual Security Analyst Summit, researchers from the Russian security firm Kaspersky today plan to present research about a hacking campaign they call PhantomLance, in which spies hid malware in the Play Store to target users in Vietnam, Bangladesh, Indonesia, and India.

Malware 297

Malware Spyware Phishing Government 297