Krebs on Security

OCTOBER 17, 2024

Image: FBI Active since at least January 2023, AnonSudan has been described in media reports as a “hacktivist” group motivated by ideological causes. companies, causing a multi-day outage for Microsoft’s cloud services in June 2023. 2023), and OpenAI (Nov. 7, 2023, a wave of rockets was launched into Israel.

DDOS 270

DDOS Government Internet Internet 270

Security Affairs

OCTOBER 17, 2024

Russia-linked threat actor RomCom targeted Ukrainian government agencies and Polish entities in cyber attacks since late 2023. In the recent attacks, RomCom deployed an updated variant of the RomCom RAT dubbed ‘SingleCamper.’

Government 123

Government Malware Cyber Attacks Ransomware 123

Security Boulevard

NOVEMBER 15, 2024

The post Zero-Day Exploits Surge in 2023, Cisco, Fortinet Vulnerabilities Targeted appeared first on Security Boulevard.

Cybersecurity 129

Cybersecurity Cyber threats 129

Malwarebytes

MARCH 25, 2025

In 2023, not only did the company suffer a major data breach , it also placed some of the blame on the victims who, according to 23andMe, negligently recycled and failed to update their passwords. Discover whether your data was included in the 2023 breach. For some customers, thats exactly the problem.

Passwords 117

Passwords Accountability Data breaches Phishing 117

Krebs on Security

NOVEMBER 1, 2024

In November 2023, the security firm SecureWorks detailed how scammers targeted booking.com hospitality partners with data-stealing malware. SecureWorks said these attacks had been going on since at least March 2023. million phishing attempts in 2023.” A scan of social media networks showed this is not an uncommon scam.

Phishing 276

Phishing Accountability Artificial Intelligence Cybercrime 276

Krebs on Security

DECEMBER 19, 2024

Rumors of a cracked version of Acunetix being used by attackers surfaced in June 2023 on Twitter/X , when researchers first posited a connection between observed scanning activity and Araneida. According to an August 2023 report (PDF) from the U.S. co — first came online in February 2023. 2023 on the forum Cracked.

Hacking 249

Hacking Cybercrime Advertising Data breaches 249

Schneier on Security

JANUARY 16, 2025

According to the FBI , at least 45,000 IP addresses in the US had back-and-forths with the command-and-control server since September 2023. .” Details : To retrieve information from and send commands to the hacked machines, the malware connects to a command-and-control server that is operated by the hacking group.

Malware 238

Malware Hacking Software 238

Krebs on Security

NOVEMBER 21, 2024

technology companies between 2021 and 2023, including LastPass , MailChimp , Okta , T-Mobile and Twilio. According to several SIM-swapping channels on Telegram where Tylerb was known to frequent, rival SIM-swappers hired thugs to invade his home in February 2023. Image: Amitai Cohen twitter.com/amitaico.

Identity Theft 269

Identity Theft Phishing Cryptocurrency Accountability 269

Krebs on Security

DECEMBER 11, 2024

Sanders spent most of 2023 in Ukraine, traveling with Ukrainian soldiers while mapping the shifting landscape of Russian crypto exchanges that are laundering money for narcotics networks operating in the region. — shows an entity by that name incorporated at a mail drop in London in December 2023.

Cryptocurrency 288

Cryptocurrency Banking Cybercrime Advertising 288

The Hacker News

MAY 23, 2025

The threat actor has been observed exploiting a critical security flaw impacting Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers (CVE-2023-20118) to corral them into

Small Business 132

Small Business Cybersecurity 132

Krebs on Security

OCTOBER 18, 2024

In a lengthy September 2023 interview with databreaches.net , USDoD told the publication he was a man in his mid-30s who was born in South America and who holds dual citizenship in Brazil and Portugal. After that, USDoD said he used a simple program to collect all of the contact information shared by more than 80,000 InfraGard members.

Social Engineering 278

Social Engineering Passwords Cybercrime Mobile 278

Security Affairs

JANUARY 21, 2025

.” Below is the list of flaws discovered by the researchers: CVE-2024-37602 CVE-2024-37600 CVE-2024-37603 CVE-2024-37601 CVE-2023-34406 CVE-2023-34397 CVE-2023-34398 CVE-2023-34399 CVE-2023-34400 CVE-2023-34401 CVE-2023-34402 CVE-2023-34403 CVE-2023-34404 The details for each of the above flaws will be published here: [link].

Software 134

Software Architecture Media Engineering 134

Krebs on Security

APRIL 30, 2025

“tylerb”) fled the United Kingdom in February 2023, after a rival cybercrime gang hired thugs to invade his home, assault his mother, and threaten to burn him with a blowtorch unless he gave up the keys to his cryptocurrency wallet. Tyler Buchanan, being escorted by Spanish police at the airport in Palma de Mallorca in June 2024.

Identity Theft 195

Identity Theft Phishing Cryptocurrency Cybercrime 195

Krebs on Security

MAY 29, 2025

The FBI has released a technical writeup (PDF) of the infrastructure used to manage the malicious Funnull domains between October 2023 and April 2025. -based cloud providers before redirecting to malicious or phishous websites. cloud providers.

Scams 224

Scams Internet Internet Cybercrime 224

Schneier on Security

OCTOBER 14, 2024

It can also exploit CVE-2023-33246, a vulnerability with a severity rating of 10 out of 10 that was patched last year in Apache RocketMQ, a messaging and streaming platform that’s found on many Linux machines.

Malware 259

Malware Cryptocurrency Internet Internet 259

Krebs on Security

MAY 15, 2025

In what experts are calling a novel legal outcome, the 22-year-old former administrator of the cybercrime community Breachforums will forfeit nearly $700,000 to settle a civil lawsuit from a health insurance company whose customer data was posted for sale on the forum in 2023. Conor Brian Fitzpatrick , a.k.a. Image: Ke-la.com.

Healthcare 218

Healthcare Insurance Data breaches Government 218

Krebs on Security

NOVEMBER 14, 2024

In December 2023, KrebsOnSecurity revealed the real-life identity of Rescator , the nickname used by a Russian cybercriminal who sold more than 100 million payment cards stolen from Target and Home Depot between 2013 and 2014. Mr. Shefel did not respond to requests for comment in advance of that December 2023 profile.

Retail 275

Retail Advertising Cryptocurrency Cybercrime 275

Krebs on Security

DECEMBER 3, 2024

A study on phishing data released by Interisle Consulting finds that new gTLDs introduced in the last few years command just 11 percent of the market for new domains, but accounted for roughly 37 percent of cybercrime domains reported between September 2023 and August 2024.

Cybercrime 300

Cybercrime Phishing Accountability Internet 300

SecureList

DECEMBER 20, 2024

It surfaced for the first time in late April 2023 and has since been publicly attributed to the APT actor Charming Kitten. Introduction BellaCiao is a.NET-based malware family that adds a unique twist to an intrusion, combining the stealthy persistence of a webshell with the power to establish covert tunnels.

Malware 129

Malware DNS Encryption Passwords 129

Security Affairs

MAY 3, 2025

The Rhysida ransomware group has been active since May 2023. In December 2023, FBI and CISA published a joint Cybersecurity Advisory (CSA) to warn of Rhysida ransomware attacks. The report includes IOCs and TTPs identified through investigations as recently as September 2023. The victims of the group are targets of opportunity.

Government 127

Government Ransomware Hacking Manufacturing 127

Penetration Testing

APRIL 6, 2025

This flaw, identified as CVE-2023-6931, carries a CVSS score of 7.8, A security researcher has recently disclosed technical details and proof-of-concept (PoC) exploit code for a vulnerability in the Linux kernel’s Performance Events system component. indicating a high severity risk.

Risk 111

Risk Cybersecurity 111

Krebs on Security

DECEMBER 10, 2024

.” Tyler Reguly at the security firm Fortra had a slightly different 2024 patch tally for Microsoft, at 1,088 vulnerabilities, which he said was surprisingly similar to the 1,063 vulnerabilities resolved in 2023 and the 1,119 vulnerabilities resolved in 2022.

Engineering 254

Engineering Authentication Software Ransomware 254

Security Affairs

JANUARY 25, 2025

In February 2023, Cisco fixed a critical flaw, tracked as CVE-2023-20032(CVSS score: 9.8), in ClamAV product. Tracked as CVE-2023-20032 (CVSS score: 9.8), the issue relates to a case of remote code execution residing in the HFS+ file parser. Google OSS-Fuzz reported this vulnerability.

Antivirus 135

Antivirus Software Engineering Malware 135

The Hacker News

MAY 30, 2025

The China-linked threat actor behind the recent in-the-wild exploitation of a critical security flaw in SAP NetWeaver has been attributed to a broader set of attacks targeting organizations in Brazil, India, and Southeast Asia since 2023.

116

116

Security Affairs

OCTOBER 16, 2024

. “Finnish customs has closed the web servers of the Sipulitie marketplace, which has been operating on the Tor network since 2023, in cooperation with the Swedish police, and confiscated their contents. The darknet market has been active since February 2023, it was used by criminals to sell narcotics anonymously.

Marketing 122

Marketing Cybercrime Scams Hacking 122

Troy Hunt

JANUARY 22, 2025

That's a local Aussie bookseller (so it would have a lot of Aussie-looking email addresses in it, just like JB Hi-Fi would), and their breach dated back to mid-2023. Must be legit, unless. what if I compared it to the actual full breach of Dymocks ? What are the chances?! He's going to be so interested when he hears about this!

Data breaches 352

Data breaches Scams Retail 352

Security Affairs

MARCH 10, 2025

In 2023, Loretto Hospital experienced another data security incident. On January 19, 2023, a former employee misappropriated security camera footage of a limited number of patients and posted it on Facebook. The footage was removed after the incident was discovered. The footage was removed after the incident was discovered.

Hacking 118

Hacking Healthcare Backups Ransomware 118

Security Affairs

APRIL 29, 2025

Google tracked 75 zero-day flaws exploited in 2024, down from 98 in 2023, according to its Threat Intelligence Group’s latest analysis. In 2024, Google tracked 75 exploited zero-day vulnerabilities, down from 98 in 2023 but up from 63 in 2022. In 2023, 37% of zero-day vulnerabilities targeted enterprise products.”

Surveillance 110

Surveillance Mobile Software Hacking 110

Security Affairs

DECEMBER 19, 2024

Fortinet warned of a now-patched Wireless LAN Manager (FortiWLM) vulnerability, tracked as CVE-2023-34990 (CVSS score of 9.6), that could lead to admin access and sensitive information disclosure. The researcher also noticed that the vulnerability CVE-2023-34990 can be chained with CVE-2023-48782 (CVSS score of 8.8) through 8.6.5

Wireless 106

Wireless Authentication Healthcare Education 106

Security Affairs

APRIL 13, 2025

In 2023, Loretto Hospital experienced another data security incident. On January 19, 2023, a former employee misappropriated security camera footage of a limited number of patients and posted it on Facebook. The footage was removed after the incident was discovered. The footage was removed after the incident was discovered.

Data breaches 130

Data breaches Unstructured Data Identity Theft Healthcare 130