Security Affairs

JANUARY 31, 2024

Direct Trading Technologies, an international fintech company, jeopardized over 300K traders by leaking their sensitive data and trading activity, thereby putting them at risk of an account takeover. The leak poses a variety of risks, expanding from identity theft to takeover and cashing-out accounts of traders. Account data.

Technology 122

Technology Identity Theft Backups Passwords 122

Security Affairs

DECEMBER 29, 2023

On Christmas Eve, Resecurity’s HUNTER unit spotted the author of perspective password stealer Meduza has released a new version (2.2). Altogether, Meduza makes a great competitor to Azorult , Redline , Racoon , and Vidar Stealer used by cybercriminals for account takeover (ATO), online-banking theft, and financial fraud.

Password Management 131

Password Management Cryptocurrency Passwords Authentication 131

Security Affairs

JANUARY 2, 2020

The Poloniex cryptocurrency exchange is forcing users to reset their passwords following a data leak. . Another bad news for the community of the virtual currencies communities, the Poloniex cryptocurrency exchange has forced its users to reset their passwords following a data leak. . This is a real email!

Passwords 62

Passwords Cryptocurrency Data breaches Advertising 62

Security Affairs

APRIL 15, 2020

Google has removed 49 new Chrome browser extensions from its official Web Store that hide the code to hijack cryptocurrency wallets. Google has removed 49 new Chrome browser extensions from its official Web Store that contain the code to steal sensitive information and hijack cryptocurrency wallets. Pierluigi Paganini.

Cryptocurrency 95

Cryptocurrency Advertising Phishing Passwords 95

Security Affairs

OCTOBER 2, 2021

Threat actors stole funds from the accounts of more than 6,000 users of the crypto exchange Coinbase exploiting a flaw to bypass 2FA authentication. At least 6,000 Coinbase customers had funds removed from their accounts, including you.” Once discovered the campaign, the company updated its SMS Account Recovery protocols.

Cryptocurrency 122

Cryptocurrency Data breaches Authentication Accountability 122

Security Affairs

FEBRUARY 4, 2024

AnyDesk remarked that its systems don’t store private keys, security tokens or passwords that could be exploited by threat actors to target end-user devices. Notably, per additional context acquired from the actor, the majority of exposed accounts on the Dark Web didn’t have 2FA enabled. ” reported Resecurity.

Software 117

Software Passwords Ransomware Cryptocurrency 117

Security Affairs

APRIL 14, 2024

When informed that the target had significant cryptocurrency and project files, Chakhmakhchyan agreed to sell the Hive RAT. ” reported the DoJ. “ According to the indictment, Chakhmakhchyan engaged in electronic communication with buyers after advertising the Hive RAT. . ” continues DoJ.

Computers and Electronics 115

Computers and Electronics Advertising Cryptocurrency Malware 115

Security Affairs

AUGUST 7, 2018

Group-IB researchers have investigated user data leaks from cryptocurrency exchanges and has analyzed the nature of these incidents. In 2017, when cryptocurrencies were gaining momentum, their record-breaking capitalization and a spike in Bitcoin’s exchange rate led to dozens of attacks on cryptocurrency services.

Cryptocurrency 51

Cryptocurrency Passwords Authentication Accountability 51

Security Affairs

FEBRUARY 10, 2022

. “The Federal Bureau of Investigation is issuing this announcement to inform mobile carriers and the public of the increasing use of Subscriber Identity Module (SIM) swapping by criminals to steal money from fiat and virtual currency accounts.” Use a variation of unique passwords to access online accounts.

Mobile 96

Mobile Cryptocurrency Authentication Accountability 96

Security Affairs

APRIL 4, 2022

During the weekend, multiple owners of Trezor hardware cryptocurrency wallets reported having received fake data breach notifications from Trezor, BleepingComputer first reported. A threat actor gained access to a tool used by the company’s customer support and account administration teams. Trezor WARNING: Elaborate Phishing attack.

Phishing 121

Phishing Data breaches Cryptocurrency Social Engineering 121

Security Affairs

JANUARY 2, 2024

The content of the messages attempted to trick the recipients into opening a password-protected RAR archive. Altogether, Meduza makes a great competitor to Azorult , Redline , Racoon , and Vidar Stealer used by cybercriminals for account takeover (ATO), online-banking theft, and financial fraud. net on 2023-04-30.

Malware 120

Malware Passwords Cryptocurrency Hacking 120

Security Affairs

DECEMBER 15, 2023

Businesses employ MongoDB to organize and store large swaths of document-oriented information, and in GokuMarket’s case, the details of over a million customers and admin users. GokuMarket, a cryptocurrency exchange, was recently acquired by Canada-based crypto exchange ByteX.

Passwords 96

Passwords Cryptocurrency Scams Mobile 96

Security Affairs

JANUARY 21, 2021

QNAP is warning customers of a new piece of malware dubbed Dovecat that is targeting NAS devices to mine cryptocurrency. Taiwanese vendor QNAP has published a security advisory to warn customers of a new piece of malware named Dovecat that is targeting NAS devices. ” reads the security advisory published by the vendor.

Cryptocurrency 114

Cryptocurrency Firmware Malware Passwords 114

Security Affairs

SEPTEMBER 16, 2020

According to security firm Tencent, the team of hackers has been active over the past few months by hacking into Microsoft SQL Servers (MSSQL) to install a crypto-miner. “Tencent Security Threat Intelligence Center detected a new type of mining Trojan family MrbMiner. Pierluigi Paganini. SecurityAffairs – hacking, MrbMiner).

Malware 138

Malware Cryptocurrency Advertising Accountability 138

Krebs on Security

APRIL 20, 2023

The decrypted icon files revealed the location of the malware’s control server, which was then queried for a third stage of the malware compromise — a password stealing program dubbed ICONICSTEALER. Researchers at ESET say this job offer from a phony HSBC recruiter on LinkedIn was North Korean malware masquerading as a PDF file.

Malware 278

Malware Software Technology Accountability 278

Security Affairs

JANUARY 7, 2024

Experts spotted a new macOS Backdoor named SpectralBlur linked to North Korea Merck settles with insurers regarding a $1.4

Artificial Intelligence 98

Artificial Intelligence Data breaches Scams Insurance 98

Security Affairs

JANUARY 4, 2023

Researchers discovered a new Linux malware developed with the shell script compiler ( shc ) that was used to deliver a cryptocurrency miner. “Typical attacks that target Linux SSH servers include brute force attacks and dictionary attacks on systems where account credentials are poorly managed. ” concludes the report.

Malware 97

Malware DDOS Cryptocurrency Firewall 97

Security Affairs

FEBRUARY 10, 2021

Europol investigators revealed that the cybercrime organization stole more than $100 million worth of cryptocurrency using SIM Swapping attacks. “This enabled them to steal money, bitcoin and personal information, including contacts synced with online accounts. . ” reads the announcement published by the NCA.

Cybercrime 86

Cybercrime Cryptocurrency Accountability Authentication 86

Security Boulevard

MARCH 17, 2022

The estimated value of greater Decentralized Finance and cryptocurrencies surpassed half a trillion dollars in market capitalization in 2018, and then one trillion for the first time in 2021 ( 1 ). Since then, cryptocurrency values reached new records during the pandemic. Cryptocurrencies Are Established Via Blockchain Security.

Cyber Attacks 98

Cyber Attacks Cryptocurrency Marketing Software 98

Security Boulevard

MAY 3, 2021

roundup of UK focused Cyber and Information Security News, Blog Posts, Reports and general Threat Intelligence from the previous calendar month, April 2021. The UK Security Service MI5 said 10,000 staff from every UK government department and from important UK industries have been lured by fake LinkedIn profiles.

Ransomware 124

Ransomware Passwords Scams Government 124

Security Affairs

DECEMBER 7, 2021

Taiwanese vendor QNAP warns customers of ongoing attacks targeting their NAS devices with cryptocurrency miners. Taiwanese vendor QNAP warns customers of threat actors targeting their NAS devices with cryptocurrency miners. Use stronger passwords for your administrator and other user accounts.

Cryptocurrency 103

Cryptocurrency Ransomware Malware Passwords 103

Security Affairs

JANUARY 14, 2022

The North Korea-linked APT group BlueNoroff has been spotted targeting cryptocurrency startups with fake MetaMask browser extensions. The North Korea-linked APT group BlueNoroff has been spotted targeting cryptocurrency startups with fake MetaMask browser extensions.

Cryptocurrency 99

Cryptocurrency Banking Passwords Malware 99

Security Affairs

SEPTEMBER 16, 2022

The RedLine malware allows operators to steal several pieces of information, including credentials, credit card data, cookies, autocomplete information stored in browsers, cryptocurrency wallets, credentials stored in VPN clients and FTP clients. The malicious code can also act as first-stage malware.

Malware 91

Malware Cryptocurrency Hacking Passwords 91

Security Affairs

AUGUST 6, 2023

Reptile Rootkit employed in attacks against Linux systems in South Korea New PaperCut flaw in print management software exposes servers to RCE attacks A cyberattack impacted operations of multiple hospitals in several US states Married couple pleaded guilty to laundering billions in cryptocurrency stolen from Bitfinex in 2016 Malicious packages in (..)

Malware 83

Malware Cybercrime Cryptocurrency Social Engineering 83

Security Affairs

APRIL 29, 2023

ViperSoftX is a JavaScript-based Remote Access Trojan (RAT) and cryptocurrency stealer that was first analyzed by Fortinet in February 2020. The script launches the main routine of the malware that installs malicious browser extensions to exfiltrate passwords and crypto wallet data. ” concludes the report.

Encryption 92

Encryption Malware Cryptocurrency Software 92

Security Affairs

SEPTEMBER 27, 2022

Threat actors behind the new ‘Erbium’ information-stealing malware are distributing it as fake cracks and cheats for popular video games to steal victims’ credentials and cryptocurrency wallets. Collecting user credentials, such as passwords, from a range of popular chat and email programs, as well as web browsers.

Malware 88

Malware Password Management Authentication Passwords 88

Security Affairs

MARCH 17, 2020

The website was distributing a file named WSHSetup.exe, it is the downloader for both the CoronaVirus Ransomware and the Kpot password-stealer. exe,’ which is the Kpot password-stealing Trojan. One of these files is, ‘file1.exe,’ The second file downloaded by the initial dropper is ‘file2.exe’,

Ransomware 102

Ransomware Cryptocurrency Advertising Passwords 102

SecureWorld News

JULY 3, 2023

Human error accounts for 95% of all data breaches. This means that most cyberattacks could be prevented by following simple cybersecurity best practices, such as using strong passwords, updating software, and avoiding phishing emails. Cryptocurrency and the Metaverse pose new cybersecurity threats. million by 2022.

Cybercrime 87

Cybercrime Social Engineering Data breaches Cyber threats 87

Security Affairs

APRIL 6, 2022

customer information. Cash App is an app that allows users to easily send money, spend money, save money, and buy cryptocurrency. customer information. Securities and Exchange Commission (SEC). “On April 4, 2022, Block, Inc. million current and former customers.

Data breaches 117

Data breaches Cryptocurrency Accountability Banking 117

Security Affairs

FEBRUARY 27, 2021

Once hijacked a SIM, the attackers can steal money, cryptocurrencies and personal information, including contacts synced with online accounts. The criminals could hijack social media accounts and bypass 2FA services based on SMS used by online services, including financial ones. .

Mobile 96

Mobile Telecommunications Data breaches Identity Theft 96

Security Affairs

MARCH 6, 2021

The attackers also managed to transfer $150,000 worth of cryptocurrency from Verified’s wallet to a wallet under his control. In February, the administrator of the cybercrime forum Crdclub discloses a cyber attack that resulted in the hack of the administrator’s account. The database was offered for sale for US $100,000.

Cybercrime 145

Cybercrime DDOS Hacking Passwords 145

Security Affairs

MAY 6, 2023

Twitter confirmed that a security incident publicly exposed Circle tweets FBI seized other domains used by the shadow eBook library Z-Library WordPress Advanced Custom Fields plugin XSS exposes +2M sites to attacks Fortinet fixed two severe issues in FortiADC and FortiOS Pro-Russia group NoName took down multiple France sites, including the French (..)

Data breaches 97

Data breaches Malware Mobile Spyware 97

Security Affairs

MARCH 26, 2020

which is a Shopify-like platform that has been hosting hundreds of online shops used for the sale of hacked accounts and stolen user data. platform, an automated set-up wizard allowed the owner to upload the products and services offered through the shop and configure the payment process via cryptocurrency wallets. ” “Deer.io

Cybercrime 119

Cybercrime Advertising Hacking Accountability 119

Security Affairs

JANUARY 3, 2024

For the tool to function, the operator must input a list of compromised email accounts to be scanned. It’s noteworthy that most of the victim accounts identified were predominantly from the U.K. and various EU countries, including but not limited to Spain, France, Poland, Italy, Germany, Switzerland, among others.

Artificial Intelligence 122

Artificial Intelligence Banking Scams Cybercrime 122

Security Affairs

JUNE 4, 2023

Xplain hack impacted the Swiss cantonal police and Fedpol Zyxel published guidance for protecting devices from ongoing attacks Kimsuky APT poses as journalists and broadcast writers in its attacks New Linux Ransomware BlackSuit is similar to Royal ransomware CISA adds Progress MOVEit Transfer zero-day to its Known Exploited Vulnerabilities catalog (..)

Spyware 92

Spyware Hacking Malware Social Engineering 92

Security Affairs

JANUARY 11, 2024

The X account of cybersecurity firm Mandiant was likely hacked through a brute-force password attack, the company revealed. Last week, threat actors hacked the X account of cybersecurity firm Mandiant and used it to impersonate the Phantom crypto platform and share a cryptocurrency scam. Sorry, change password please.”

Accountability 123

Accountability Hacking Cryptocurrency Cybersecurity 123

Security Affairs

SEPTEMBER 21, 2019

US authorities have indicted two men, Elliot Gunton and Anthony Tyler Nashatka, for hacking the cryptocurrency exchange EtherDelta in 2017. Clearly the access to the CEO account allowed the hacker to breach the company. Gunton tricked a mobile telco’s operator into adding a call forwarding number to Coburn’s mobile account.

Hacking 81

Hacking DNS Cryptocurrency Accountability 81