Security Affairs

NOVEMBER 19, 2019

The first half of 2019 saw a 10-fold increase in the number of password-protected objects, such as documents and archive files, being used to deliver malware. In 2017, password-protected archives accounted for only 0.08% of all malicious objects. Financial departments at high risk.

Ransomware 70

Ransomware Antivirus Malware Banking 70

SecureList

NOVEMBER 1, 2022

Lazarus Group delivered additional malware such as a keylogger and password-dumping tool to collect more information. Where CVE-2017-0261 was used before, CVE-2017-11228 replaces it. Also, we observed how they attempted to find valuable hosts with high privileges, such as file servers or Active Directory servers. Final thoughts.

Malware 138

Malware Ransomware Spyware Encryption 138

Security Affairs

NOVEMBER 6, 2018

According to Group-IB’s annual “ 2018 H i-Tech Crime Trends ” report, the estimated damage caused by targeted attacks on cryptocurrency exchanges in 2017 and the first three quarters of 2018 amounted to $877 million. From 2016 to 2017, the number of such incidents increased by 369 percent.

Insurance 62

Insurance Cryptocurrency Cyber threats Marketing 62

SecureList

NOVEMBER 17, 2021

Last year, we foresaw the APT and cybercrime worlds becoming more porous on an operational level. On September 24, the EU issued a statement regarding a disinformation campaign called “Ghostwriter”, ongoing since March 2017, intended to discredit NATO. Let’s start by looking at the predictions we made for 2021.

Mobile 127

Mobile Surveillance Ransomware Government 127

eSecurity Planet

DECEMBER 3, 2021

Brian Krebs is an independent investigative reporter known for his coverage of technology, malware , data breaches , and cybercrime developments. ICYMI, Equifax forced to pull offline a huge database of consumer data guarded only by credentials "admin/admin" [link] — briankrebs (@briankrebs) September 13, 2017.

Accountability 139

Accountability Cybersecurity Penetration Testing InfoSec 139

Security Affairs

JUNE 20, 2020

The crooks exploited online tools and technology along with social engineering tactics to target the victims and steal usernames, passwords, and bank accounts. From September 2015 to June 2017, Olorunyomi and an accomplice engaged in a romance fraud scheme that resulted in losses of more than $1 million. The post U.S.

Social Engineering 78

Social Engineering Scams Small Business Banking 78

Security Affairs

AUGUST 1, 2022

The Australian Federal Police (AFP) launched an investigation into the case, codenamed Cepheus, in 2017 after it received information about a “suspicious RAT” from cybersecurity firm Palo Alto Networks and the U.S. The Imminent Monitor RAT is a hacking tool that allows threat actors to remotely control the victim’s computers.

Spyware 103

Spyware Malware Cybercrime Hacking 103

Security Affairs

NOVEMBER 21, 2019

” According to Microsoft, ransomware attacks continue to target enterprise environments through social engineering, for this reason, the adoption of best practices is the best way to protect them. Use a safe and password-protected internet connection. ” continues Microsoft. Use two factor authentication. •

Ransomware 81

Ransomware Social Engineering Malware Advertising 81

SecureList

APRIL 27, 2022

We have previously seen DustSquad use third-party post-exploitation tools, such as the password dumping utility fgdump; but we have now observed new custom C modules, a first for DustSquad, and Delphi downloaders acting as post-exploitation facilitators, able to gather documents of interest for the actor. Final thoughts.

Malware 129

Malware Firmware Government Phishing 129

SecureList

JULY 27, 2023

The implant allows attackers to browse and modify device files, get passwords and credentials stored in the keychain, retrieve geo-location information, as well as execute additional modules, further extending their control over the compromised devices.

Malware 82

Malware Government Phishing Social Engineering 82

Herjavec Group

AUGUST 26, 2021

We can learn a lot from the cybercrime of the past…the history of cybercrime is a glimpse into what we can expect in the future. In the past 18 months, we’ve experienced the beginning of an era that has seen cybersecurity and cybercrime at the center of it all. Dateline Cybercrime . Robert Herjavec.

Cybercrime 135

Cybercrime Computers and Electronics Banking Hacking 135

ForAllSecure

APRIL 21, 2023

The first computer password was created in 1961, when Fernando Corbató and his team at MIT created the Compatible Time-Sharing System (CTSS). To ensure that users could access only their own files and programs, the team created a system of passwords that allowed users to log in and access their personal data.

Hacking 75

Hacking Cybersecurity Internet Internet 75

Adam Levin

DECEMBER 7, 2020

Many of the contact tracing scams of 2020 similarly followed social engineering scripts that have been used in taxpayer identity theft schemes since the 1990s as well. As with any potential cybercrime, deterrence here will be aided by an awareness of what deepfakes are, how they work, and what they can and can’t do.

IoT 130

IoT Artificial Intelligence Technology Scams 130

eSecurity Planet

NOVEMBER 2, 2022

The document contained a list of pornographic sites, along with passwords for access to said sites and would then spread itself and its NSFW content by emailing the first 50 people in the victim’s contact list. Social engineering attacks soon found use in the digital space. It later evolved to also include file encryption.

Malware 140

Malware Ransomware Antivirus Internet 140

SecureList

JULY 29, 2021

In this campaign, BlueNoroff used a malicious Word document exploiting CVE-2017-0199, a remote template injection vulnerability. Passwordstate is a password management tool for enterprises, and on 20 April, for a period of about 28 hours, a malicious DLL was included in the software updates. Final thoughts.

Malware 139

Malware Phishing Password Management Social Engineering 139