SecureWorld News

JANUARY 28, 2021

2020 was a wake-up call for more than healthcare pandemic preparedness. It also exposed some huge security and privacy vulnerabilities, which many cybercrooks have exploited thousands of times throughout 2020 for remote workers. Training must be more frequent and go beyond covering phishing and passwords.

IoT 54

IoT Phishing Mobile Passwords 54

eSecurity Planet

AUGUST 16, 2021

A phishing campaign that Microsoft security researchers have been tracking for about a year highlights not only the ongoing success of social engineering efforts by hackers to compromise systems, but also the extent to which the bad actors will go to cover their tracks while stealing user credentials. Invoice-Themed Lures.

Phishing 109

Phishing Social Engineering Passwords Engineering 109

Malwarebytes

JUNE 15, 2022

This included resetting the employee’s password for the email account where unauthorized activity was detected. Maybe they dredged up specific background information on the affected employee via social networking, LinkedIn, or even the company website. This attack may reveal itself to be something as basic as an easy to guess password.

Healthcare 82

Healthcare Data breaches Social Engineering Identity Theft 82

CyberSecurity Insiders

APRIL 16, 2021

The emails pose as company updates and are often socially engineered to look like they have been personally tailored to the recipient. According to the FBI, phishing was the most common type of cybercrime last year—nearly doubling in frequency between 2019 and 2020.

Phishing 113

Phishing Security Awareness Social Engineering Scams 113

eSecurity Planet

SEPTEMBER 14, 2022

Cybercrime is a growth industry like no other. billion in reported losses, up from 2020’s 791,790 complaints and $4.2 Often, a scammer will simply target the people in a company and fool them into giving up their personal details, account passwords, and other sensitive information and gain access that way. Social Tactics.

Social Engineering 118

Social Engineering Energy and Utilities Phishing Scams 118

Security Boulevard

APRIL 23, 2021

Google noted a more than 600% spike in phishing attacks in 2020 compared to 2019 with a total of 2,145,013 phishing sites registered as of January 17, 2021, up from 1,690,000 on Jan 19, 2020. So did the 2020 Twitter hack. Two in five small and medium businesses were impacted by ransomware in 2020. Spear Phishing.

Phishing 101

Phishing Scams Media Backups 101

Security Affairs

AUGUST 21, 2020

Voice phishing is a form of criminal phone fraud, using social engineering over the telephone system to gain access to private personal and financial information for the purpose of financial reward. . Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Social Engineering 118

Social Engineering VPN Phishing Authentication 118

SC Magazine

JUNE 24, 2021

A new blog post report has shone a light on the malicious practice known as voice phishing or vishing – a social engineering tactic that some cyber experts say has only grown in prominence since COVID-19 forced employees to work from home. (Ser Amantio di Nicolao, CC BY-SA 3.0 , via Wikimedia Commons).

Phishing 81

Phishing Social Engineering Scams Engineering 81

Security Affairs

NOVEMBER 25, 2022

“The services of the website allowed those who sign up and pay for the service to anonymously make spoofed calls, send recorded messages, and intercept one-time passwords.” The iSpoof was launched in December 2020 and authorities estimated it had 59,000 users. ” reads the announcement published by Europol.

Retail 92

Retail Cybercrime Banking Passwords 92

The Last Watchdog

JUNE 21, 2020

The epidemic went truly mainstream with the release of CryptoLocker back in 2013, and it has since transformed into a major dark web economy spawning the likes of Sodinokibi, Ryuk, and Maze lineages that are targeting the enterprise on a huge scale in 2020. In early 2020, several cybercriminals groups followed suit.

Ransomware 243

Ransomware Hacking Encryption Penetration Testing 243

Security Through Education

APRIL 7, 2021

In fact, the FBI’s (Federal Bureau of Investigation) 2020 Internet Crime Report , refers to what is happening as an “ Internet crime spree.” billion people were active internet users as of October 2020. “Mobile phishing increases more than 300% as 2020 chaos continues.” COVID-19 Scams.

Scams 92

Scams Computers and Electronics Insurance Social Engineering 92

SC Magazine

JANUARY 26, 2021

Cybercriminals have been using a phishing kit featuring fake Office 365 password alerts as a lure to target the credentials of chief executives, business owners and other high-level corporate leaders. Additional information on the malicious operation can be found in this October 2020 Odix report. Mark Wilson/Getty Images).

Phishing 118

Phishing Passwords Security Awareness Social Engineering 118

Security Affairs

MARCH 30, 2020

The document is password-protected, likely to prevent analysis before it is received by the potential victim, the password is included in the content of the email. Spam emails include a form, in an MS Word format, that must be filled out to receive funds to help people that now are at home due to the COVID 19 pandemic.

Banking 102

Banking Malware Social Engineering Advertising 102

The Last Watchdog

MAY 11, 2020

These developments would have, over the next decade or so, steadily and materially reduced society’s general exposure to cybercrime and online privacy abuses. Add to that widespread warnings to use social media circumspectly. Then COVID-19 came along and obliterated societal norms and standard business practices.

Computers and Electronics 113

Computers and Electronics Data privacy Encryption Media 113

CyberSecurity Insiders

JUNE 20, 2023

Executives have access to some of the company’s most sensitive information, and they’re increasingly being targeted by hackers looking to steal company secrets or to perpetrate cybercrimes. Like the general public, executives can avoid oversharing personal information on social media. Personal data provides fuel for these crimes.

Data privacy 119

Data privacy Media Phishing Cyber Attacks 119

SecureList

SEPTEMBER 27, 2021

Earlier this year, we covered the threats related to gaming , and looked at the changes from 2020 and the first half of 2021 in mobile and PC games as well as various phishing schemes that capitalize on video games. A person is offering thousands of usernames and passwords for various game platforms for just $4000. 40) for lifetime.

Accountability 94

Accountability Marketing Phishing Malware 94

SecureList

NOVEMBER 17, 2021

Last year, we foresaw the APT and cybercrime worlds becoming more porous on an operational level. In 2020, we predicted that governments would adopt a “name and shame” strategy to draw attention to the activities of hostile APT groups, a trend that has evolved even more in the last year.

Mobile 128

Mobile Surveillance Ransomware Government 128

Krebs on Security

MARCH 23, 2022

Microsoft and identity management platform Okta both this week disclosed breaches involving LAPSUS$ , a relatively new cybercrime group that specializes in stealing data from big companies and threatening to publish it unless a ransom demand is paid. “The world is full of targets that are not used to being targeted this way.”

Social Engineering 288

Social Engineering Accountability Mobile Passwords 288

Security Affairs

AUGUST 13, 2020

The group was first mentioned in Group-IB’s annual report “Hi-Tech Crime Trends 2019/2020.”. To do so, RedCurl uses the LaZagne tool, which extracts passwords from memory and from files saved in the victim’s web browser. Group-IB’s new research contains the first ever description of RedCurl’s tactics, tools, and infrastructure.

Phishing 139

Phishing Social Engineering Banking Advertising 139

Herjavec Group

DECEMBER 15, 2021

Threat actors have developed social engineering approaches that leverage the uncertainty and chaos of the pandemic in order to deliver their malicious software. They found that the average cost of recovery and ransom associated with a ransomware attack has been 2 times more than the 2020 average global ransom demand !

Cybersecurity 52

Cybersecurity Digital transformation Ransomware Cyber Risk 52

SecureList

NOVEMBER 1, 2022

Based on our telemetry, the January 2021 indicators do not necessarily represent new intrusions or new malware samples, as the detections were relatively old (between 2018 and 2020), and the Explosive RAT samples did not contain significant modifications. We discovered a previously unknown backdoor in active use since at least December 2020.

Malware 139

Malware Ransomware Spyware Encryption 139

Jane Frankland

AUGUST 18, 2020

That could be through common hacking techniques like phishing, bait and switch, cookie theft, deep fake , password cracking , social engineering , and so on. They make guarantees, offer support contracts, and will find a way into your organisation. It could be through your organisation, directly, or through your supply chain.

Cyber Risk 100

Cyber Risk Risk Cybersecurity Technology 100

eSecurity Planet

DECEMBER 3, 2021

Brian Krebs is an independent investigative reporter known for his coverage of technology, malware , data breaches , and cybercrime developments. Normally account take overs are due to insecure passwords or recovery options, this is definitely something different. — Dave Kennedy (@HackingDave) July 15, 2020.

Accountability 134

Accountability Cybersecurity Penetration Testing InfoSec 134

Krebs on Security

JANUARY 19, 2021

The release was granted in part due to Ferizi’s 2018 diagnosis if asthma, as well as a COVID outbreak at the facility where he was housed in 2020. In the years leading up to his arrest, Ferizi was the administrator of a cybercrime forum called Pentagon Crew.

Identity Theft 311

Identity Theft Government Social Engineering Accountability 311

SecureList

NOVEMBER 23, 2022

The email body employs social engineering techniques, for instance, to convince the user that they need to update their payment data, or that a lucrative deal awaits them on the phishing site. However, there are other ways of delivering phishing links, such as instant messages, social media, or SMS. Phishing distribution.

Phishing 99

Phishing Banking Scams Retail 99

SecureList

SEPTEMBER 11, 2023

Introduction Knowledge is our best weapon in the fight against cybercrime. Cuba ransomware gang Cuba data leak site The group’s offensives first got on our radar in late 2020. Samples often have a forged compilation timestamp: those found in 2020 were stamped with June 4, 2020, and more recent ones, June 19th, 1992.

Ransomware 132

Ransomware Encryption Malware DDOS 132

Krebs on Security

JULY 22, 2020

According to 4iq.com , a service that indexes account details like usernames and passwords exposed in Web site data breaches, the jperry94526 email address was used to register accounts at several other sites over the years, including one at the apparel store Stockx.com under the profile name Josh Perry. ” “Are you still swimping?”

Hacking 292

Hacking Accountability Scams Media 292

Krebs on Security

APRIL 22, 2022

KrebsOnSecurity recently reviewed a copy of the private chat messages between members of the LAPSUS$ cybercrime group in the week leading up to the arrest of its most active members last month. White was a founding member of a cybercriminal group called “ Recursion Team, ” which existed between 2020 and 2021.

Mobile 352

Mobile Computers and Electronics VPN Marketing 352

SecureList

NOVEMBER 10, 2021

In fact, time spent streaming increased by almost 75% in 2020. In 2021, demand for video streaming has remained strong, and the global video streaming market is still growing, albeit slower than in 2020, and is expected to continue growing for the next few years.

Phishing 93

Phishing Accountability Malware Adware 93

SecureList

APRIL 27, 2022

We have previously seen DustSquad use third-party post-exploitation tools, such as the password dumping utility fgdump; but we have now observed new custom C modules, a first for DustSquad, and Delphi downloaders acting as post-exploitation facilitators, able to gather documents of interest for the actor. in June 2021. Final thoughts.

Malware 130

Malware Firmware Government Phishing 130

SecureList

JULY 27, 2023

The implant allows attackers to browse and modify device files, get passwords and credentials stored in the keychain, retrieve geo-location information, as well as execute additional modules, further extending their control over the compromised devices. ScoutEngine has several numbered versions from 2.1

Malware 84

Malware Government Phishing Social Engineering 84

SecureList

OCTOBER 17, 2023

This email contained a link leading to a password-protected archive hosted on Google Drive, which represented the first stage of the infection – a.NET binary that was obfuscated and trying to pass itself off as an OpenVPN binary, when in fact it was a malware loader.

Government 101

Government Malware VPN Manufacturing 101

Adam Levin

DECEMBER 7, 2020

The cybersecurity industry faced a challenging combination of new and familiar challenges in 2020. In 2020, hackers actively exploited the Covid-19 pandemic as well as the resulting unemployment. 2020 saw a record number of ransomware attacks, and we can expect more of the same in 2021. At the beginning of 2020, U.S.

IoT 130

IoT Artificial Intelligence Technology Scams 130

SecureList

JULY 29, 2021

There are indications of previous activity from this threat actor dating back to at least October 2020, based on other Cobalt Strike payloads and loaders bearing similar toolmarks. Previous activity also connected with this group relied heavily on spear-phishing and Cobalt Strike throughout 2020. Chinese-speaking activity.

Malware 140

Malware Phishing Password Management Social Engineering 140

Herjavec Group

AUGUST 26, 2021

We can learn a lot from the cybercrime of the past…the history of cybercrime is a glimpse into what we can expect in the future. In the past 18 months, we’ve experienced the beginning of an era that has seen cybersecurity and cybercrime at the center of it all. Dateline Cybercrime . Robert Herjavec.

Cybercrime 135

Cybercrime Computers and Electronics Banking Hacking 135

eSecurity Planet

NOVEMBER 2, 2022

A 2020 study of pentesting projects from Positive Technologies revealed that external attackers could breach 93% of company networks , with 71% being vulnerable even to novice-level hackers. Social engineering attacks soon found use in the digital space. According to a recent Statista report, there have been 2.8

Malware 138

Malware Ransomware Antivirus Internet 138

Security Affairs

JUNE 4, 2021

2020 is a case in point. Hacked social media accounts’ prices are decreasing across all platforms. Use good password practices. Do not use the same password for several accounts. Use a reliable password manager. It was one of the worst years (if not the worst) for cyber attacks. Use anti-malware software.

Accountability 114

Accountability Marketing Hacking Cryptocurrency 114