SecureList

NOVEMBER 6, 2024

It spreads via forums posts, torrent trackers and blogs, imitating popular software like Foxit PDF Editor and AutoCAD. During our investigation, we found out that the campaign started in February 2023. These posts refer to the SteelFox dropper as an efficient way to activate a legitimate software product for free.

Software 124

Software Cryptocurrency Malware DNS 124

The Last Watchdog

DECEMBER 12, 2023

A look back at the cybersecurity landscape in 2023 rings all-too familiar: cyber threats rapidly evolved and scaled up , just as they have, year-to-year, for the past 20 years. Eyal Benishti , CEO, IRONSCALES Benishti Generative AI (GenAI) reshaped cybersecurity in 2023. What should I be most concerned about – and focus on – in 2024?

Cybersecurity 258

Cybersecurity Social Engineering Cyber threats Software 258

Krebs on Security

SEPTEMBER 13, 2023

11, 2023, USDoD resurfaced after a lengthy absence to leak sensitive employee data stolen from the aerospace giant Airbus , while promising to visit the same treatment on top U.S. By stealing these tokens, attackers can often reuse them in their own web browser, and bypass any authentication normally required for that account.

Cybercrime 344

Cybercrime Passwords Authentication Malware 344

Krebs on Security

DECEMBER 4, 2024

Russia’s interior ministry last week issued a statement saying a 32-year-old hacker had been charged with violating domestic laws against the creation and use of malicious software. At several points throughout his career, Wazawaka claimed he made good money stealing accounts from drug dealers on darknet narcotics bazaars.

Cybercrime 251

Cybercrime Ransomware Cryptocurrency Government 251

Malwarebytes

APRIL 16, 2025

Bots (software programs that interact with web sites) have been ubiquitous for years. Good bots accounted for just 14% of the internet’s traffic. An increasing number try to hijack peoples’ online accounts, which they often do by credential stuffing. These account takeover attacks have skyrocketed lately.

Internet 143

Internet Internet Passwords Artificial Intelligence 143

Zero Day

JUNE 6, 2025

Collectively, they could easily put affected customers at risk for account takeovers and identity theft. Affecting "nearly all AT&T cellular customers," the company said at the time that the data included phone numbers and certain phone call data stemming from May 1, 2022, to October 31, 2022, and on January 2, 2023.

Password Management 128

Password Management Passwords Artificial Intelligence Software 128

Security Affairs

NOVEMBER 9, 2024

In mid-October, Sophos researchers warned that ransomware operators are exploiting the critical vulnerability CVE-2024-40711 in Veeam Backup & Replication to create rogue accounts and deploy malware. Veeam Backup & Replication is a comprehensive data protection and disaster recovery software developed by Veeam.

Backups 133

Backups Ransomware VPN Accountability 133

The Last Watchdog

APRIL 18, 2023

One of the nascent security disciplines already getting a lot of buzz as RSA Conference 2023 gets ready to open next week at San Francisco’s Moscone Center is “software supply chain security,” or SSCS. True software supply chain security is about looking at the application in a holistic way just prior to deployment,” Rose observes.

Software 200

Software CISO Internet Internet 200

The Last Watchdog

DECEMBER 16, 2024

Gen AI threats and quantum computing exposures must be accounted for. Attacks targeting identities rose 71% last year, with valid accounts as the top entry point. Ransomware targeting critical services highlights the need for secure software lifecycles and vendor verification. The drivers are intensifying.

Cyber threats 264

Cyber threats CISO IoT Phishing 264

Security Affairs

OCTOBER 4, 2023

Atlassian fixed a critical zero-day flaw in its Confluence Data Center and Server software, which has been exploited in the wild. Software giant Atlassian released emergency security updates to address a critical zero-day vulnerability, tracked as CVE-2023-22515 (CVSS score 10), in its Confluence Data Center and Server software.

Software 143

Software Accountability Authentication Internet 143

Malwarebytes

JANUARY 6, 2025

Westend Dental agreed to settle several violations of the Health Insurance Portability and Accountability Act (HIPAA) in a penalty of $350,000. In January 2023 a witness confirmed there had been a data breach, which prompted the Indiana OIG to initiate a wider investigation to assess compliance with the HIPAA rules and state laws.

Data breaches 145

Data breaches Ransomware Passwords Insurance 145

Schneier on Security

JULY 20, 2023

The Atlantic Council released a detailed commentary on the White House’s new “Implementation Plan for the 2023 US National Cybersecurity Strategy.” ” Lots of interesting bits. But there are missed opportunities as well.

Cybersecurity 184

Cybersecurity Software Risk Accountability 184

Zero Day

JUNE 17, 2025

PT kontekbrothers/Getty We've probably all received confirmation codes sent via text message when trying to sign into an account. Those codes are supposed to serve as two-factor authentication to confirm our identity and prevent scammers from accessing our accounts through a password alone.

Authentication 107

Authentication Password Management Small Business Passwords 107

Security Affairs

DECEMBER 17, 2024

In March 2023, Lumen Black Lotus Labs researchers uncovered a sophisticated campaign called HiatusRAT that infected over 100 edge networking devices globally. Starting in mid-June through August 2023, Black Lotus Labs observed multiple newly compiled versions of the HiatusRAT malware discovered in the wild.

Architecture 109

Architecture Internet Internet Malware 109

Malwarebytes

FEBRUARY 19, 2025

With stolen passwords, the impact is even broader; hackers could wire funds from a breached online banking account into their own, or masquerade as someone on social media to ask friends and family for money. Some info stealers dont even require an additional stepthey can take cryptocurrency directly from a victims online accounts.

Malware 128

Malware Software Passwords Cryptocurrency 128

Krebs on Security

APRIL 20, 2023

We learned some remarkable new details this week about the recent supply-chain attack on VoIP software provider 3CX. “This is the first time Mandiant has seen a software supply chain attack lead to another software supply chain attack,” reads the April 20 Mandiant report. Microsoft Corp.

Malware 331

Malware Software Technology Accountability 331

Security Affairs

NOVEMBER 15, 2024

In August 2023 the married couple from New York pleaded guilty to money laundering charges in connection with the hack of the cryptocurrency stock exchange Bitfinex in 2016. In February 2022, Ilya Lichtenstein (35) and his wife, Heather Morgan (32), were arrested for alleged conspiracy to launder $4.5 Law enforcement also seized over $3.6

Cryptocurrency 106

Cryptocurrency Hacking Government Accountability 106

Security Affairs

OCTOBER 31, 2023

Researchers publicly released the exploit code for the critical Cisco IOS XE vulnerability tracked as CVE-2023-20198. ai publicly released the exploit code for the critical Cisco IOS XE vulnerability tracked as CVE-2023-20198. The attacker can then use that account to gain control of the affected system.”

Internet 140

Internet Internet Software Accountability 140

Krebs on Security

APRIL 4, 2023

Several domain names tied to Genesis Market , a bustling cybercrime store that sold access to passwords and other data stolen from millions of computers infected with malicious software, were seized by the Federal Bureau of Investigation (FBI) today. ” a cybercrime forum ad for Genesis enthused. Image: KrebsOnSecurity.

Marketing 363

Marketing Cybercrime Passwords Banking 363

SecureList

MARCH 3, 2025

million attacks involving malware, adware or unwanted mobile software were prevented. Adware, the most common mobile threat, accounted for 35% of total detections. million malware, adware or unwanted software attacks targeting mobile devices. This was below the 2023 figure, but the difference was smaller than the year before.

Mobile 116

Mobile Malware Adware Banking 116

Adam Shostack

JANUARY 2, 2025

External changes will be driving appsec in 2023. 2023 brings new challenges and new opportunities for software companies, and all companies are now software companies. Over the next few years, you should expect regulation to cover more software more stringently. Its the measure twice, cut once of software.

Engineering 130

Engineering Software Architecture Manufacturing 130

SecureList

MAY 6, 2024

With trillions of dollars of digital payments made every year, it is no wonder that attackers target electronic wallets, online shopping accounts and other financial assets, inventing new techniques and reusing good old ones. Online shopping brands were the most popular lure, accounting for 41.65% of financial phishing attempts.

Phishing 134

Phishing Banking Mobile Scams 134

Security Affairs

JUNE 9, 2025

“The funds were initially restrained in connection with an April 2023 indictment against Sim Hyon Sop (Sim), a North Korean Foreign Trade Bank (FTB) representative who was allegedly conspiring with the IT workers. accounts to hide their origins. His operations were raided in August 2023. sanctions placed on North Korea.”

Scams 97

Scams Identity Theft Cryptocurrency Accountability 97

Krebs on Security

FEBRUARY 28, 2024

The profile also linked to Mr. Lee’s Twitter/X account , which features the same profile image. Doug then messaged the Mr. Lee account on Telegram, who said there was some kind of technology issue with the video platform, and that their IT people suggested using a different meeting link.

Malware 334

Malware Cryptocurrency Software Phishing 334

Thales Cloud Protection & Licensing

NOVEMBER 1, 2023

Thales Wins Big in 2023 madhav Thu, 11/02/2023 - 05:09 Here at Thales, we are incredibly proud of what we do. 2023 has been a particularly good year for us; keep reading for a run-through of our most recent successes. Here at Thales, we believe that our research can transform the cybersecurity landscape for the better.

Marketing 143

Marketing Cybersecurity Technology CISO 143

SecureList

NOVEMBER 6, 2023

The Newzoo report for 2023 reveals that two in five — more than three billion — across the globe are gamers, which is 6.3 In this report, we provide our insights into the gaming-related threat landscape in 2023. Most of these files were unwanted software called “Downloaders” (89.70%). percent more than last year.

Mobile 139

Mobile Phishing Accountability Scams 139

Security Affairs

SEPTEMBER 27, 2023

Google assigned a maximum score to a critical security flaw, tracked as CVE-2023-5129, in the libwebp image library for rendering images in the WebP format. Google assigned a new CVE identifier for a critical vulnerability, tracked as CVE-2023-5129 (CVSS score 10,0), in the libwebp image library for rendering images in the WebP format.

Spyware 134

Spyware Surveillance Software Hacking 134

SecureList

OCTOBER 29, 2024

Patch management issues The vulnerability patching process typically takes time for a variety of reasons: from actual patch release all the way to identifying vulnerable assets and “properly” patching them, considering any pre-existing asset inventory and whether the accountable personnel will learn about the vulnerability in time.

Risk 111

Risk Antivirus Accountability Malware 111

Malwarebytes

OCTOBER 11, 2023

In other news, both LockBit and the Akira ransomware gang, the latter of which has tallied 125 victims since we first began tracking them in April 2023, were confirmed last month to be exploiting a specific zero-day flaw ( CVE-2023-20269 ) in Cisco VPN appliances. In September, they had a staggering 53 victims. Detect intrusions.

Ransomware 137

Ransomware Social Engineering Backups Engineering 137

Krebs on Security

JUNE 15, 2024

. “He stands accused of hacking into corporate accounts and stealing critical information, which allegedly enabled the group to access multi-million-dollar funds,” Murcia Today wrote. ” The cybercrime-focused Twitter/X account vx-underground said the U.K. In January 2024, U.S.

Hacking 344

Hacking Cybercrime Phishing Passwords 344

Thales Cloud Protection & Licensing

OCTOBER 2, 2023

Cybersecurity Awareness Month 2023 – What it is and why we should be aware madhav Tue, 10/03/2023 - 05:33 The inception of Cybersecurity Awareness Month in 2004 came at a critical juncture in our technological history. emphasized collective action and individual accountability. Protect IT."

Cybersecurity 148

Cybersecurity Cyber threats Authentication Phishing 148

Security Affairs

JANUARY 19, 2024

Ransomware groups claimed that they successfully targeted 4191 victims in 2023, Cybernews researchers report. of attacks in 2023), while summer was the most active for ransomware attacks (30.4%). The top 10 groups, based on the number of victims, collectively account for 59% of the total victims in 2023.

Ransomware 142

Ransomware Manufacturing Retail Insurance 142

Malwarebytes

MAY 1, 2025

Phishing In phishing scams, cybercriminals trick people and businesses into handing over sensitive information like credit card numbers or login details for vital online accounts. Lured in by similar color schemes, company logos, and familiar layouts, victims log in to their account by entering their username and password.

Small Business 88

Small Business Cybersecurity Scams Passwords 88

SecureList

MARCH 12, 2024

Profile of participants and applications We collected the data from a sample of the application security assessment projects our team completed in 2021–2023. SQL Injection Most high-risk vulnerabilities in 2021–2023 were associated with SQL Injection. More than a third (39%) used the microservice architecture.

Passwords 140

Passwords Authentication Architecture Risk 140

Security Affairs

OCTOBER 11, 2024

OpenAI disrupted 20 cyber and influence operations in 2023, revealing Iran and China-linked actors used ChatGPT for planning ICS attacks. OpenAI announced the disruption of over 20 cyber and influence operations this year, involving Iranian and Chinese state-sponsored hackers. ” reads the OpenAI’s report.

Malware 137

Malware Social Engineering Engineering Hacking 137

Security Affairs

OCTOBER 20, 2023

More than 40,000 Cisco IOS XE devices have been compromised in attacks exploiting recently disclosed critical vulnerability CVE-2023-20198. Whatever you were thinking about CVE-2023-20198 ( #Cisco IOS EX) it's 100x worst. The attacker can then use that account to gain control of the affected system.”

Hacking 136

Hacking Internet Internet Accountability 136

Krebs on Security

APRIL 18, 2023

In January 2023, the Faceless service website said it was willing to pay for information about previously undocumented security vulnerabilities in IoT devices. MrMurza also told the admin that his account number at the now-defunct virtual currency Liberty Reserve was U1018928. 2012, from an Internet address in Magnitogorsk, RU.

Malware 305

Malware Passwords Accountability Advertising 305