eSecurity Planet

JANUARY 6, 2022

About the only consensus on cybersecurity in 2022 is that things will get uglier, but in what ways? Here are some of the more interesting predictions for 2022 we’ve seen from cybersecurity researchers. Here are some of the more interesting predictions for 2022 we’ve seen from cybersecurity researchers.

Ransomware 135

Ransomware Cybersecurity Artificial Intelligence CISO 135

SecureList

NOVEMBER 18, 2022

IT threat evolution in Q3 2022. IT threat evolution in Q3 2022. IT threat evolution in Q3 2022. Nevertheless, in our APT predictions for 2022 , we noted that more attackers would reach the sophistication level required to develop such tools. The group delivers its malware using social engineering.

Malware 105

Malware Computers and Electronics Adware Cryptocurrency 105

Webroot

FEBRUARY 13, 2024

Understanding Romance Scams Romance scams involve fraudsters creating fake profiles on dating sites, social media platforms, or apps to establish relationships with victims, gain their trust, and eventually, scam them out of money. In 2022, nearly 70,000 people reported such scams, with losses totaling a staggering $1.3

Scams 80

Scams Cryptocurrency Media Education 80

Security Affairs

APRIL 4, 2022

During the weekend, multiple owners of Trezor hardware cryptocurrency wallets reported having received fake data breach notifications from Trezor, BleepingComputer first reported. pic.twitter.com/BQSB2uV1JW — Life in DeFi (@lifeindefi) April 3, 2022. 1/ — Trezor (@Trezor) April 3, 2022. You may want to warn everyone.

Phishing 108

Phishing Data breaches Cryptocurrency Social Engineering 108

Security Affairs

MAY 18, 2022

Microsoft researchers warn of the rising threat of cryware targeting non-custodial cryptocurrency wallets, also known as hot wallets. Microsoft warns of the rise of cryware, malicious software used to steal info an dfunds from non-custodial cryptocurrency wallets, also known as hot wallets. Ransomware. Password and info stealers.

Cryptocurrency 86

Cryptocurrency Social Engineering Malware Cybercrime 86

SecureList

JULY 28, 2022

This is our latest installment, focusing on activities that we observed during Q2 2022. We discovered a highly active campaign, starting in March 2022, targeting stock and cryptocurrency investors in South Korea. The actor used cryptocurrency-related contents or complaints from law enforcement as lure themes.

Malware 136

Malware Firmware Phishing Cryptocurrency 136

SecureList

SEPTEMBER 6, 2022

The gaming industry went into full gear during the pandemic, as many people took up online gaming as their new hobby to escape the socially-distanced reality. According to the analytical agency Newzoo, in 2022, the global gaming market will exceed $ 200 billion , with 3 billion players globally.

Mobile 103

Mobile Passwords Software Accountability 103

Krebs on Security

DECEMBER 29, 2022

Thanks to your readership and support, I was able to spend more time in 2022 on some deep, meaty investigative stories — the really satisfying kind with the potential to affect positive change. Some of that work is highlighted in the 2022 Year in Review review below. agencies].

Cryptocurrency 239

Cryptocurrency Cybercrime Computers and Electronics Scams 239

Security Affairs

AUGUST 6, 2023

Since Insikt Group’s initial tracking of the group in September 2022, we have observed BlueCharlie engage in several TTP shifts.” ” Since at least December 17, 2022, the group has used a new naming pattern for its domains containing keywords related to information technology and cryptocurrency. .

Phishing 73

Phishing Social Engineering Authentication Cryptocurrency 73

Appknox

JUNE 23, 2022

Navigating the internet in 2022 is more dangerous than ever for Australian netizens. Australian Mobile Cybersecurity in 2022. Thus, these Australian attacks significantly contribute to the rising trend in socially engineered attacks. How Can Social Engineering Affect the Current State of Security in Australia?

Social Engineering 92

Social Engineering Mobile Scams Engineering 92

Security Affairs

AUGUST 6, 2023

Reptile Rootkit employed in attacks against Linux systems in South Korea New PaperCut flaw in print management software exposes servers to RCE attacks A cyberattack impacted operations of multiple hospitals in several US states Married couple pleaded guilty to laundering billions in cryptocurrency stolen from Bitfinex in 2016 Malicious packages in (..)

Malware 72

Malware Cybercrime Cryptocurrency Social Engineering 72

eSecurity Planet

MARCH 24, 2022

In a blog post detailing its efforts to track and contain the breach, Microsoft described LAPSUS$ as a “large scale social engineering and extortion campaign.” LAPSUS$ doesn’t appear to be using overtly sophisticated intrusion methods but instead relying on social engineering and purchased accounts.

Social Engineering 107

Social Engineering Engineering Data breaches Hacking 107

Security Affairs

JUNE 4, 2023

Xplain hack impacted the Swiss cantonal police and Fedpol Zyxel published guidance for protecting devices from ongoing attacks Kimsuky APT poses as journalists and broadcast writers in its attacks New Linux Ransomware BlackSuit is similar to Royal ransomware CISA adds Progress MOVEit Transfer zero-day to its Known Exploited Vulnerabilities catalog (..)

Spyware 82

Spyware Hacking Malware Social Engineering 82

eSecurity Planet

SEPTEMBER 14, 2022

As a matter of fact, the most-reported crime in the 2021 Internet Crime Report report was phishing , a social engineering scam wherein the victim receives a deceptive message from someone in an attempt to get the victim to reveal personal information or account credentials or to trick them into downloading malware. Social Tactics.

Social Engineering 117

Social Engineering Energy and Utilities Phishing Scams 117

Security Boulevard

AUGUST 3, 2022

Wed, 08/03/2022 - 10:48. 230 apps were leaking all four 0Auth authentication credentials and could be used to fully take over Twitter accounts to perform critical/sensitive actions. The Twitter API provides direct access to a Twitter account and OAuth tokens are used by the Twitter API for authentication. brooke.crothers.

Mobile 98

Mobile Authentication Accountability Identity Theft 98

Security Boulevard

MARCH 31, 2022

RedLine is a malware service available for purchase on underground forums that specifically targets the theft of sensitive information: passwords, credit cards, execution environment data, computer name, installed software, and more recently, cryptocurrency wallets and related files. The Compromises. Regular employee training.

Cybersecurity 98

Cybersecurity Social Engineering Passwords Malware 98

Security Affairs

AUGUST 16, 2023

” In January 2022, the Federal Bureau of Investigation (FBI) published a public service announcement (PSA) to warn that cybercriminals are using QR codes to steal their credentials and financial info. Especially if it’s embedded into a PNG or PDF file.

Phishing 81

Phishing Energy and Utilities Insurance Manufacturing 81

CyberSecurity Insiders

APRIL 4, 2023

According to the community leader, more than 500 students enrolled in the first half of 2022 alone. Although the “911” service was shut down in July 2022, many new residential proxy providers have emerged, which are now used by Chinese fraudsters. More information about the research can be found at [link].

Phishing 67

Phishing Social Engineering Authentication eCommerce 67

SecureList

MARCH 7, 2024

Cryptocurrency scams Phishing aimed at stealing crypto wallet credentials remained a common money-making tool. Fake pages mimicking popular cryptocurrency sites invited users to sign in with their wallet credentials. Scam sites also used cryptocurrency as bait. The required amount is most likely unattainable.

Phishing 102

Phishing Scams Cryptocurrency Accountability 102

Malwarebytes

MAY 21, 2023

Upon its launch in November 2022, tech enthusiasts quickly jumped at the shiny new disruptor, and for good reason: ChatGPT has the potential to democratize AI, personalize and simplify digital research, and assist in both creative problem-solving and tackling “busywork.” Enter: ChatGPT.

Cybersecurity 77

Cybersecurity Artificial Intelligence Social Engineering Engineering 77

eSecurity Planet

DECEMBER 7, 2023

Phishing and social engineering are common ways threat actors can obtain a symmetric key, but cryptanalysis and brute force attempts can also break symmetric key ciphers. The NIST and the US National Security Agency (NSA) started to release algorithms and resources in 2022 against quantum threats.

Encryption 107

Encryption Authentication Passwords Password Management 107

Security Boulevard

MAY 19, 2022

In April 2022, ThreatLabz discovered several newly registered domains, which were created by a threat actor to spoof the official Microsoft Windows 11 OS download portal. These variants of Vidar malware fetch the C2 configuration from attacker-controlled social media channels hosted on Telegram and Mastodon network. vcruntime140.dll

Media 64

Media Social Engineering Backups Passwords 64