Security Affairs

JUNE 4, 2020

Hackers hijacked one of the domains of the Japanese cryptocurrency exchange Coincheck and used it for spear-phishing attacks. The Japanese cryptocurrency exchange Coincheck announced that threat actors have accessed their account at the Oname.com domain registrar and hijacked one of its domain names. Pierluigi Paganini.

Accountability 95

Accountability Phishing DNS Cryptocurrency 95

Security Affairs

MAY 10, 2022

“Frappo” acts as a Phishing-as-a-Service and enables cybercriminals the ability to host and generate high-quality phishing pages which impersonate major online banking, e-commerce, popular retailers, and online-services to steal customer data. Detailed analysis of the Phishing-As-A-Service Frappo is available here: [link].

Phishing 75

Phishing Banking Retail Financial Services 75

Security Affairs

APRIL 15, 2020

Google has removed 49 new Chrome browser extensions from its official Web Store that hide the code to hijack cryptocurrency wallets. Google has removed 49 new Chrome browser extensions from its official Web Store that contain the code to steal sensitive information and hijack cryptocurrency wallets. Pierluigi Paganini.

Cryptocurrency 94

Cryptocurrency Advertising Phishing Passwords 94

Security Affairs

NOVEMBER 26, 2021

Morphisec researchers spread cryptocurrency malware dubbed Babadeda in attacks aimed at crypto and NFT communities. Morphisec researchers spotted a new crypto-malware strain, tracked as Babadeda, targeting cryptocurrency, non-fungible token (NFT), and DeFi passionates through Discord channels. ” concludes the report.

Cryptocurrency 125

Cryptocurrency Malware Antivirus Phishing 125

Security Affairs

MARCH 23, 2024

The law enforcement confiscated about 94,000 euros worth of cryptocurrencies. The Nemesis Market has been active since 2021, its offerings included illegal drugs and narcotics, stolen data and credit cards, as well as a selection of cybercrime services such as ransomware , phishing or DDoS attacks.

Marketing 102

Marketing Cybercrime DDOS Internet 102

Security Affairs

OCTOBER 2, 2021

Threat actors stole funds from the accounts of more than 6,000 users of the crypto exchange Coinbase exploiting a flaw to bypass 2FA authentication. At least 6,000 Coinbase customers had funds removed from their accounts, including you.” Once discovered the campaign, the company updated its SMS Account Recovery protocols.

Cryptocurrency 119

Cryptocurrency Data breaches Authentication Accountability 119

Security Affairs

AUGUST 26, 2023

Security consulting giant Kroll disclosed a data breach resulting from a SIM-swapping attack against one of its employees. Security consulting firm Kroll revealed that a SIM-swapping attack against one of its employees caused the theft of user information for multiple cryptocurrency platforms.

Data breaches 92

Data breaches Mobile Accountability Phishing 92

Security Affairs

AUGUST 7, 2018

Group-IB researchers have investigated user data leaks from cryptocurrency exchanges and has analyzed the nature of these incidents. In 2017, when cryptocurrencies were gaining momentum, their record-breaking capitalization and a spike in Bitcoin’s exchange rate led to dozens of attacks on cryptocurrency services.

Cryptocurrency 50

Cryptocurrency Passwords Authentication Accountability 50

Security Affairs

JANUARY 2, 2024

The attack spotted by the researchers used phishing messages posing as Abu Dhabi National Oil Company (ADNOC). Altogether, Meduza makes a great competitor to Azorult , Redline , Racoon , and Vidar Stealer used by cybercriminals for account takeover (ATO), online-banking theft, and financial fraud. net on 2023-04-30.

Malware 117

Malware Passwords Cryptocurrency Hacking 117

Security Affairs

DECEMBER 15, 2023

Businesses employ MongoDB to organize and store large swaths of document-oriented information, and in GokuMarket’s case, the details of over a million customers and admin users. GokuMarket, a cryptocurrency exchange, was recently acquired by Canada-based crypto exchange ByteX.

Passwords 94

Passwords Cryptocurrency Scams Mobile 94

Security Affairs

SEPTEMBER 17, 2023

The North Korea-linked APT group Lazarus has stolen more than $240 million worth of cryptocurrency since June 2023, researchers warn. The group is also suspected to have recently stolen $31 million from the professional global cryptocurrency exchange CoinEx. The Stake.com and CoinEx exploits account for 78% of September’s total.”

Social Engineering 119

Social Engineering Cryptocurrency Hacking Engineering 119

Security Affairs

AUGUST 6, 2023

Reptile Rootkit employed in attacks against Linux systems in South Korea New PaperCut flaw in print management software exposes servers to RCE attacks A cyberattack impacted operations of multiple hospitals in several US states Married couple pleaded guilty to laundering billions in cryptocurrency stolen from Bitfinex in 2016 Malicious packages in (..)

Malware 80

Malware Cybercrime Cryptocurrency Social Engineering 80

Security Affairs

JANUARY 10, 2024

He stole people’s cryptocurrency. Then they sent phishing emails to company employees that were designed to look like they came from legitimate businesses and included links to the fake login pages. Raoult’s motive was pure greed. He sold hacked data.

Identity Theft 107

Identity Theft Hacking Cryptocurrency Advertising 107

SecureWorld News

JULY 3, 2023

Human error accounts for 95% of all data breaches. This means that most cyberattacks could be prevented by following simple cybersecurity best practices, such as using strong passwords, updating software, and avoiding phishing emails. Phishing emails are more common than you know. The global average data breach cost is $4.24

Cybercrime 87

Cybercrime Social Engineering Data breaches Cyber threats 87

Security Affairs

FEBRUARY 10, 2023

. “This advisory highlights TTPs and IOCs DPRK cyber actors used to gain access to and conduct ransomware attacks against Healthcare and Public Health (HPH) Sector organizations and other critical infrastructure sector entities, as well as DPRK cyber actors’ use of cryptocurrency to demand ransoms.” Obfuscate Identity.

Ransomware 83

Ransomware Healthcare Cryptocurrency Government 83

Security Affairs

MARCH 19, 2023

Much ado about nothing Cisco fixed CVE-2023-20049 DoS flaw affecting enterprise routers Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, newsletter) The post Security Affairs newsletter Round 411 by Pierluigi Paganini appeared first on Security Affairs.

DDOS 83

DDOS Ransomware Phishing Cryptocurrency 83

Security Affairs

JUNE 4, 2023

Xplain hack impacted the Swiss cantonal police and Fedpol Zyxel published guidance for protecting devices from ongoing attacks Kimsuky APT poses as journalists and broadcast writers in its attacks New Linux Ransomware BlackSuit is similar to Royal ransomware CISA adds Progress MOVEit Transfer zero-day to its Known Exploited Vulnerabilities catalog (..)

Spyware 89

Spyware Hacking Malware Social Engineering 89

Security Affairs

MARCH 18, 2021

According to the 2020 Internet Crime Report , the top three crimes reported by victims in 2020 were phishing scams, non-payment/non-delivery scams, and extortion. In 2020, the IC3 received 19,369 Business Email Compromise (BEC)/Email Account Compromise (EAC) complaints, these crimes caused $1.8 billion in losses.

Internet 109

Internet Internet Scams Identity Theft 109

Security Affairs

SEPTEMBER 26, 2023

“In addition, the samples identified by ThreatFabric featured configurations with Target lists made of more than 400 banking and financial institutions , including several cryptocurrency wallets , with an increase of more than 6 times with comparison to its previous variants, including financial institutions from all continents.”

Malware 113

Malware Banking Phishing Engineering 113

Security Affairs

DECEMBER 13, 2023

Microsoft warns that threat actors are using OAuth applications cryptocurrency mining campaigns and phishing attacks. Threat actors are using OAuth applications such as an automation tool in cryptocurrency mining campaigns and other financially motivated attacks. ” states Microsoft. . ” states Microsoft.

Cryptocurrency 102

Cryptocurrency Phishing Accountability VPN 102

Security Affairs

JANUARY 3, 2024

For the tool to function, the operator must input a list of compromised email accounts to be scanned. It’s noteworthy that most of the victim accounts identified were predominantly from the U.K. The necessary login credentials for online banking systems are previously harvested through a phishing kit.

Artificial Intelligence 120

Artificial Intelligence Banking Scams Cybercrime 120

Security Affairs

OCTOBER 26, 2022

The Raccoon stealer was first spotted in April 2019, it was designed to steal victims’ credit card data, email credentials, cryptocurrency wallets, and other sensitive data. FBI identified more than 50 million unique credentials and forms of identification (email addresses, bank accounts, cryptocurrency addresses, credit card numbers, etc.)

Identity Theft 84

Identity Theft Cryptocurrency Cyber threats Cybercrime 84

Security Affairs

APRIL 19, 2020

Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Scams 85

Scams Phishing Advertising DDOS 85

Security Affairs

APRIL 12, 2021

LinkedIn has formally denied that the recently disclosed data leak was caused by a security breach, data were obtained via web scraping. LinkedIn has issued a formal statement to deny that the recent leak that exposed the account details of more than 500 million of its registered users was caused by a security breach.

Data breaches 96

Data breaches Phishing Accountability Cryptocurrency 96

Security Affairs

JANUARY 2, 2020

The Poloniex cryptocurrency exchange is forcing users to reset their passwords following a data leak. . Another bad news for the community of the virtual currencies communities, the Poloniex cryptocurrency exchange has forced its users to reset their passwords following a data leak. . This is a real email!

Passwords 60

Passwords Cryptocurrency Data breaches Advertising 60

Security Affairs

FEBRUARY 17, 2021

billion of money and cryptocurrency from financial institutions and companies, to create and deploy multiple malicious cryptocurrency applications, and to develop and fraudulently market a blockchain platform.” Creating a fake cryptocurrency company and releasing the Marine Chain Token. sanctions. . Pierluigi Paganini.

Cryptocurrency 74

Cryptocurrency Banking Hacking Ransomware 74

Security Affairs

MAY 6, 2023

Twitter confirmed that a security incident publicly exposed Circle tweets FBI seized other domains used by the shadow eBook library Z-Library WordPress Advanced Custom Fields plugin XSS exposes +2M sites to attacks Fortinet fixed two severe issues in FortiADC and FortiOS Pro-Russia group NoName took down multiple France sites, including the French (..)

Data breaches 95

Data breaches Malware Mobile Spyware 95

Security Affairs

MAY 27, 2022

can target an increasing number of applications, passing from 378 to 467 target applications to steal account credentials and crypto-wallets. is able to steal credentials for financial and cryptocurrency apps included in the list of targeted apps that are sent by the C2. The ERMAC Android banking trojan version 2.0 116, 193.106.191[.]148,

Banking 142

Banking Malware Cybercrime Phishing 142

Security Affairs

NOVEMBER 15, 2020

Every week the best security articles from Security Affairs free for you in your email box. million Texas drivers Biotech research firm Miltenyi Biotec hit by Mount Locker ransomware CISA Chief Chris Krebs expects to be fired by the White House Schneider Electric published a security advisory on Drovorub Linux Malware.

Data breaches 103

Data breaches Hacking Ransomware Malware 103

Security Affairs

APRIL 9, 2023

Nominate here: [link] Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, newsletter newsletter) The post Security Affairs newsletter Round 414 by Pierluigi Paganini – International edition appeared first on Security Affairs. billion rubles.

Computers and Electronics 84

Computers and Electronics Backups Cybercrime Marketing 84

Security Affairs

JANUARY 9, 2022

million accounts were compromised in the FlexBooker data breach Night Sky, a new ransomware operation in the threat landscape North Korea-linked Konni APT targets Russian diplomatic bodies Threat actors stole 1.1 billion from cryptocurrency exchanges Crypto security breaches cause $4.25 billion losses worth of cryptos in 2021.

Data breaches 68

Data breaches Media Hacking Accountability 68

Security Affairs

JANUARY 11, 2024

The X account of cybersecurity firm Mandiant was likely hacked through a brute-force password attack, the company revealed. Last week, threat actors hacked the X account of cybersecurity firm Mandiant and used it to impersonate the Phantom crypto platform and share a cryptocurrency scam. ” the company said on X.

Accountability 121

Accountability Hacking Cryptocurrency Cybersecurity 121

Security Affairs

DECEMBER 3, 2021

Threat actors stole $120 million in cryptocurrencies from multiple wallets connected to the decentralized finance platform BadgerDAO. million in crypto funds, blockchain security firm PeckShield reported. Multi-factor authentication systems protect our accounts against many phishing schemes or bulk credential stuffing attacks.

Hacking 99

Hacking Phishing Authentication Cryptocurrency 99

Security Affairs

SEPTEMBER 3, 2022

users China-linked APT40 used ScanBox Framework in a long-running espionage campaign Russian streaming platform Start discloses a data breach impacting 7.5M users China-linked APT40 used ScanBox Framework in a long-running espionage campaign Russian streaming platform Start discloses a data breach impacting 7.5M Pierluigi Paganini.

Data breaches 68

Data breaches Malware Surveillance Ransomware 68

SecureWorld News

AUGUST 5, 2020

After Twitter recently confirmed that its cyberattack occurred through phone spear phishing , the world waited for the names of the hackers involved in the incident. Together, the trio used phone spear phishing to gain access to a number of Twitter employees. Just a few hours after the revelation, we got three. Who hacked Twitter?

Accountability 52

Accountability Phishing Cryptocurrency Scams 52

Security Affairs

DECEMBER 1, 2019

Facebook and Twitter warn of malicious SDK harvesting personal data from its accounts. Full(z) House Magecart group mix phishing and MiTM in its attacks. Upbit cryptocurrency exchange hacked, crooks stole $48.5 Kaspersky addressed multiple issues in online protection solutions. million worth of ETH.

Advertising 94

Advertising Ransomware Cryptocurrency Government 94

Security Affairs

FEBRUARY 25, 2021

The attack chain starts with COVID19-themed spear-phishing messages that contain either a malicious Word attachment or a link to one hosted on company servers. . Next, the attackers logged in to the web interface using a privileged root account. ” reads the press release published by Kaspersky.

Malware 96

Malware Cryptocurrency Password Management Encryption 96