Security Affairs

APRIL 18, 2024

An international law enforcement operation led to the disruption of the prominent phishing-as-a-service platform LabHost. An international law enforcement operation, codenamed Nebulae and coordinated by Europol, led to the disruption of LabHost, which is one of the world’s largest phishing-as-a-service platforms.

Phishing 102

Phishing Cybercrime Passwords Banking 102

Security Affairs

MAY 12, 2024

Black Basta ransomware affiliates have breached over 500 organizations between April 2022 and May 2024, FBI and CISA reported. As of May 2024, Black Basta has impacted over 500 organizations worldwide. Black Basta has targeted at least 12 critical infrastructure sectors, including Healthcare and Public Health. ” reads the CSA.

Ransomware 116

Ransomware Hacking Healthcare Retail 116

NetSpi Technical

MARCH 11, 2024

In 2023 NetSPI discovered that Microsoft Outlook was vulnerable to authenticated remote code execution (RCE) via synced form objects. This blog will cover how we discovered CVE-2024-21378 and weaponized it by modifying Ruler , an Outlook penetration testing tool published by SensePost.

Authentication 145

Authentication Penetration Testing Technology Phishing 145

Identity IQ

JANUARY 11, 2024

New AI Scams to Look Out For in 2024 IdentityIQ Artificial intelligence (AI) has quickly reshaped many aspects of everyday life. Here are three new AI scams to look out for in 2024 as well as some tips to help protect yourself and stay prepared for the explosive development of AI.

Scams 98

Scams Artificial Intelligence Identity Theft Phishing 98

Security Boulevard

JANUARY 17, 2024

As AI becomes available and robust, malicious actors have already used it to develop more advanced attack methods; defenders must also leverage AI in 2024. The post AI’s Role in Cybersecurity for Attackers and Defenders in 2024 appeared first on Security Boulevard.

Cybersecurity 125

Cybersecurity Artificial Intelligence Threat Detection Data privacy 125

SecureList

NOVEMBER 23, 2023

As we look to 2024, we believe that the consumer threat landscape will be heavily influenced by political, cultural, and technological events and trends. Unfortunately, this ambiguity sets the stage for an anticipated increase in charity-related scams in 2024. Malicious clones of the banned apps may rise to fill the void in 2024.

VPN 105

VPN Scams Education Internet 105

Krebs on Security

APRIL 9, 2024

Ben McCarthy , lead cyber security engineer at Immersive Labs called attention to CVE-2024-20670 , an Outlook for Windows spoofing vulnerability described as being easy to exploit. “Microsoft has updated their backend and notified any customers who have been affected by the credential leakage.”

DNS 249

DNS Social Engineering Malware Media 249

Malwarebytes

OCTOBER 6, 2023

Recently, Amazon announced that it will require all privileged Amazon Web Services (AWS) accounts to use multi-factor authentication (MFA) , starting in mid-2024. Multi-factor authentication is so much more secure, and with that a lot more forgiving, than passwords alone. So we wholeheartedly agree with Amazon on this.

Authentication 121

Authentication Passwords Social Engineering Accountability 121

Security Affairs

APRIL 15, 2024

Cisco Duo warns that a data breach involving one of its telephony suppliers exposed multifactor authentication (MFA) messages sent by the company via SMS and VOIP to its customers. The security breach occurred on April 1, 2024, the threat actors used a Provider employee’s credentials that illicitly obtained through a phishing attack.

Data breaches 118

Data breaches Social Engineering Engineering Authentication 118

Malwarebytes

FEBRUARY 6, 2024

Released today, the Malwarebytes State of Malware 2024 report takes a deep dive into the latest developments in the world of cybercrime. Passwords Google and Microsoft made good on their promise to back passkeys , an encryption-based alternative to passwords that can’t be stolen, guessed, cracked, or phished.

Malware 75

Malware Passwords Identity Theft Banking 75

eSecurity Planet

FEBRUARY 26, 2024

February 19, 2024 Microsoft Exchange Servers Vulnerable to Privilege Escalation Attacks Type of vulnerability: Critical severity privilege escalation vulnerability. The problem: CVE-2024-21410 allows remote attackers to carry out NTLM relay attacks on Microsoft Exchange Servers, providing them with privileged access.

Risk 113

Risk Authentication System Administration Ransomware 113

Malwarebytes

MAY 22, 2024

Dates reportedly range from 2020 to 2024. Enable two-factor authentication (2FA). Some forms of two-factor authentication (2FA) can be phished just as easily as a password. 2FA that relies on a FIDO2 device can’t be phished. The exact source of the database is as yet unknown. Watch out for fake vendors.

Passwords 137

Passwords Data breaches Phishing Password Management 137

Malwarebytes

APRIL 16, 2024

million records to a hacker forum, claiming they originated from a March 2024 hack at Canadian retail chain Giant Tiger. The retailer first learned of the security incident on March 4, 2024, and concluded that customer information was involved by March 15, according to an email the company wrote to customers. Take your time.

Retail 115

Retail Data breaches Passwords Phishing 115

SecureWorld News

MAY 28, 2024

In the advisory , Check Point says the attackers are targeting security gateways with old local accounts using insecure password-only authentication, which should be used with certificate authentication to prevent breaches. "We Switching from weak authentication to stronger authentication has multiple benefits.

VPN 91

VPN Passwords Authentication Architecture 91

Krebs on Security

JANUARY 30, 2024

9, 2024, U.S. ” Group-IB dubbed the gang by a different name — 0ktapus — which was a nod to how the criminal group phished employees for credentials. The missives asked users to click a link and log in at a phishing page that mimicked their employer’s Okta authentication page. According to an Aug.

Social Engineering 326

Social Engineering Mobile Cybercrime Passwords 326

NetSpi Technical

MARCH 11, 2024

In 2023 NetSPI discovered that Microsoft Outlook was vulnerable to authenticated remote code execution (RCE) via synced form objects. This blog will cover how we discovered CVE-2024-21378 and weaponized it by modifying Ruler , an Outlook penetration testing tool published by SensePost.

Authentication 52

Authentication Penetration Testing Technology Phishing 52

Thales Cloud Protection & Licensing

APRIL 8, 2024

From Marco Polo to Modern Mayhem: Why Identity Management Matters madhav Tue, 04/09/2024 - 05:20 Imagine yourself as Marco Polo, the Venetian merchant traversing dangerous trade routes. Fort Knox : We crave frictionless experiences online, but strong security often means the opposite – think multi-factor authentication (MFA).

Identity Theft 138

Identity Theft Passwords Banking Password Management 138

Security Boulevard

APRIL 1, 2024

Tighten User Controls: Strengthen user authentication processes and access controls to mitigate the risk of malicious activities originating from compromised user devices. It typically operates as a trojan horse, infiltrating systems through deceptive means such as email phishing campaigns or malicious downloads.

Malware 62

Malware Cybersecurity Risk Education 62

Malwarebytes

JUNE 1, 2024

In the SEC filing, Live Nation also said: On May 27, 2024, a criminal threat actor offered what it alleged to be Company user data for sale via the dark web. Enable two-factor authentication (2FA). Some forms of two-factor authentication (2FA) can be phished just as easily as a password. Watch out for fake vendors.

Data breaches 140

Data breaches Passwords Phishing Password Management 140

Security Affairs

APRIL 28, 2024

From March 18, 2024, to April 16, 2024, Duo Security and Cisco Talos observed large-scale brute-force attacks against a variety of targets, including VPN services, web application authentication interfaces and SSH services. ” reads the advisory published by Okta.

VPN 112

VPN Accountability Firewall Data breaches 112

Security Affairs

JUNE 2, 2024

Ticketmaster confirms data breach impacting 560 million customers Critical Apache Log4j2 flaw still threatens global finance Crooks stole more than $300M worth of Bitcoin from the exchange DMM Bitcoin ShinyHunters is selling data of 30 million Santander customers Over 600,000 SOHO routers were destroyed by Chalubo malware in 72 hours LilacSquid APT (..)

Data breaches 97

Data breaches VPN Cloud Migration Cybercrime 97

eSecurity Planet

JUNE 10, 2024

June 3, 2024 Exploit Chain Enables RCE in Progress Telerik Report Servers Type of vulnerability: Chained remote code execution. The exploit combines an authentication bypass ( CVE-2024-4358 ) with a deserialization issue ( CVE-2024-1800 ). The fix: To fix both issues, update to version 10.1.24.514 or later.

Malware 79

Malware Authentication Software Telecommunications 79

Malwarebytes

MAY 10, 2024

A cybercriminal called Menelik posted the following message on the “Breach Forums” site: “The data includes 49 million customer and other information of systems purchased from Dell between 2017-2024. Enable two-factor authentication (2FA). Some forms of two-factor authentication (2FA) can be phished just as easily as a password.

Data breaches 133

Data breaches Passwords Phishing Big data 133

Security Affairs

MARCH 10, 2024

Judge ordered NSO Group to hand over the Pegasus spyware code to WhatsApp Cybercrime BlackCat Ransomware Affiliate TTPs American Express credit cards EXPOSED in third-party vendor data breach – account numbers and names among details accessed in hack LockBit 3.0’S

Spyware 89

Spyware Data breaches Hacking Ransomware 89

Malwarebytes

APRIL 23, 2024

On Wednesday February 21, 2024, Change Healthcare experienced serious system outages due to the cyberattack. Enable two-factor authentication (2FA). Some forms of two-factor authentication (2FA) can be phished just as easily as a password. 2FA that relies on a FIDO2 device can’t be phished. Take your time.

Healthcare 125

Healthcare Identity Theft Passwords Data breaches 125

Thales Cloud Protection & Licensing

MARCH 18, 2024

QR Code Scams: What You Need to Know About This Phishing Tactic madhav Tue, 03/19/2024 - 06:10 In a world where individuals and organizations alike are increasingly dependent on digital processes, cybercriminals are constantly looking for and developing new ways to exploit technology to take advantage of their targets.

Scams 71

Scams Phishing Identity Theft Risk 71

Malwarebytes

JUNE 14, 2024

On Wednesday June 12, 2024, a well-known dark web data broker and cybercriminal acting under the name “Sp1d3r” offered a significant amount of data allegedly stolen from Truist Bank for sale. Enable two-factor authentication (2FA). Some forms of two-factor authentication (2FA) can be phished just as easily as a password.

Data breaches 84

Data breaches Banking Passwords Phishing 84

SecureList

MAY 6, 2024

A significant share of scam, phishing and malware attacks is about money. Methodology In this report, we present an analysis of financial cyberthreats in 2023, focusing on banking Trojans and phishing pages that target online banking, shopping accounts, cryptocurrency wallets and other financial assets. million in 2022. of attacks.

Phishing 109

Phishing Banking Mobile Scams 109

eSecurity Planet

APRIL 1, 2024

March 22, 2024 Emergency Out-of-Band Windows Server Security Updates Type of vulnerability (or attack): Memory leak. When either on-premise or cloud-based Active Directory domain controllers process Kerberos authentication requests, the leak causes the LSASS process to stop responding and the domain controller will unexpectedly restart.

Authentication 109

Authentication Artificial Intelligence Software Cybersecurity 109

The Last Watchdog

NOVEMBER 12, 2023

Here are my takeaways: Matter picks up steam Frustration with smart home devices should be much reduced in 2024. Matter works much the way website authentication and website traffic encryption gets executed. DMARC is a robust email authentication protocol that has been around for more than a decade.

Manufacturing 276

Manufacturing Authentication Marketing Encryption 276

Security Affairs

MARCH 2, 2024

US CISA, the FBI, and MS-ISAC issued a joint CSA to warn of attacks involving Phobos ransomware variants observed as recently as February 2024 US CISA, the FBI, and MS-ISAC issued a joint cyber security advisory (CSA) to warn of attacks involving Phobos ransomware variants such as Backmydata , Devos, Eight, Elking, and Faust.

Ransomware 125

Ransomware Backups Healthcare Firewall 125

Security Affairs

JANUARY 28, 2024

Pro-Ukraine hackers wiped 2 petabytes of data from Russian research center Participants earned more than $1.3M

Artificial Intelligence 98

Artificial Intelligence Hacking Malware Cyber Attacks 98

Security Boulevard

APRIL 8, 2024

From Marco Polo to Modern Mayhem: Why Identity Management Matters madhav Tue, 04/09/2024 - 05:20 Imagine yourself as Marco Polo, the Venetian merchant traversing dangerous trade routes. Fort Knox : We crave frictionless experiences online, but strong security often means the opposite – think multi-factor authentication (MFA).

Identity Theft 62

Identity Theft Passwords Banking Password Management 62

The Last Watchdog

NOVEMBER 28, 2023

28, 2023 – AppDirect , the world’s leading B2B subscription commerce platform, today released key findings from its IT Business Leaders 2024 Outlook Report. In fact, all of their other concerns—malware, stolen data, phishing, ransomware and misconfiguration of cloud services—include an element of human error and/or malice.

Cyber Risk 113

Cyber Risk Risk B2B Social Engineering 113

SecureList

JUNE 10, 2024

Introduction Two-factor authentication (2FA) is a security feature we have come to expect as standard by 2024. Scammers may get this information in several ways: From personal data leaked online; From datasets purchased on the dark web; Through phishing websites. The message contains a link to a phishing website.

Phishing 107

Phishing Banking Social Engineering Accountability 107

Krebs on Security

MARCH 12, 2024

Last week, Apple pushed out an urgent software update to its flagship iOS platform, warning that there were at least two zero-day exploits for vulnerabilities being used in the wild (CVE-2024-23225 and CVE-2024-23296). 4, 2024, Google published Secure by Design , which lays out the company’s perspective on memory safety risks.

Authentication 246

Authentication Engineering Accountability Internet 246

The Last Watchdog

DECEMBER 12, 2023

What should I be most concerned about – and focus on – in 2024? In 2024, we will see more targeted, sophisticated business email compromise (BEC) attacks, including VIP impersonation, vendor email compromise (VEC), and autonomous agents used for malicious purposes. Phishing attacks driven by ChatGPT will be harder than ever to detect.

Cybersecurity 258

Cybersecurity Social Engineering Cyber threats Software 258