Accountability, Cybercrime, Education and Information Security

FBI: Compromised US academic credentials available on various cybercrime forums

Security Affairs

MAY 27, 2022

The FBI warns organizations in the higher education sector of credentials sold on cybercrime forums that can allow threat actors to access their networks. Crooks obtain the information by conducting spear-phishing and ransomware attacks, or other means. ” reads the alert published by the FBI.

Cybercrime

Cybercrime Education Accountability Phishing

Law enforcement seized the Genesis Market cybercrime marketplace

Security Affairs

APRIL 5, 2023

The price for a stolen account was very cheap, paying a few dollars crooks were able to use it for a specific period. Genesis Market provided access to accounts of the most popular services, including Amazon, eBay, Facebook, Gmail, Netflix, PayPal, Spotify, and Zoom.

Marketing

Marketing Cybercrime Accountability Education

Cybercrime group exploits Windows zero-day in ransomware attacks

Security Affairs

APRIL 11, 2023

The experts pointed out that while the majority of zero-days they have discovered in the past were used by APT groups, this zero-day was exploited by a sophisticated cybercrime group. This group is known to have used similar CLFS driver exploits in the past that were likely developed by the same author.

Cybercrime

Cybercrime Ransomware Education Media

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

GUEST ESSAY: Preparing for the dire cybersecurity consequences of Russia’s invasion of Ukraine

The Last Watchdog

APRIL 13, 2022

Additionally, there are also Russian cybercrime organizations that are not state-sponsored but are allowed to operate. Although there’s no one magic solution to eliminating cyberattacks and cybercrime risks, there are steps you can take to reduce the chances of becoming a victim. Accounting for humans.

Cybersecurity

Cybersecurity Cybercrime Education Passwords

Crooks broke into AT&T email accounts to empty their cryptocurrency wallets

Security Affairs

APRIL 30, 2023

Threat actors are gaining access to AT&T email accounts in an attempt to hack into the victim’s cryptocurrency exchange accounts. Hackers are breaking into the AT&T email accounts and then using the access they are logging into the victim’s cryptocurrency exchange accounts to drain their crypto funds, TechCrunch reported.

Cryptocurrency

Cryptocurrency Accountability Passwords Hacking

FBI warns of PYSA Ransomware attacks against Education Institutions in US and UK

Security Affairs

MARCH 17, 2021

The FBI has issued an alert to warn about an increase in PYSA ransomware attacks on education institutions in the US and UK. The FBI has issued Tuesday an alert to warn about an increase in PYSA ransomware attacks against education institutions in the United States and the United Kingdom. Pierluigi Paganini.

Education

Education Ransomware Encryption Antivirus

Remcos RAT campaign targets US accounting and tax return preparation firms

Security Affairs

APRIL 16, 2023

Microsoft warns of a new Remcos RAT campaign targeting US accounting and tax return preparation firms ahead of Tax Day. Tax Day, Microsoft has observed a new Remcos RAT campaign targeting US accounting and tax return preparation firms. Ahead of the U.S. The phishing attacks began in February 2023, the IT giant reported. LNK) files.

Accountability

Accountability Phishing Financial Services Surveillance

Russian cybercrime group likely behind ongoing exploitation of PaperCut flaws

Security Affairs

APRIL 24, 2023

Nominate here: [link] Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, PaperCut ) The post Russian cybercrime group likely behind ongoing exploitation of PaperCut flaws appeared first on Security Affairs.

Cybercrime

Cybercrime Software Education Ransomware

Defending Against the Threats to Our Security

SecureWorld News

JULY 3, 2023

As we rely increasingly on digital technologies for our work, communication, entertainment, and education, we also expose ourselves to more and more cyber risks. Cyberattacks can devastate individuals, businesses, and even nations, affecting our privacy, security, and economy. Human error accounts for 95% of all data breaches.

Cybercrime

Cybercrime Social Engineering Data breaches Education

Spanish police dismantled SIM swapping gang who stole money from victims’ bank accounts

Security Affairs

FEBRUARY 10, 2022

Spanish National Police has arrested eight alleged members of a crime organization who were able to steal money from the bank accounts of the victims through SIM swapping attacks. Once hijacked a SIM, the attackers can steal money, cryptocurrencies and personal information, including contacts synced with online accounts.

Banking

Banking Accountability Mobile Cryptocurrency

Database of the FBI’s InfraGard US Critical Infrastructure Intelligence portal available for sale

Security Affairs

DECEMBER 15, 2022

The portal of the FBI’s InfraGard US Critical Infrastructure Intelligence was hacked, and data is available for sale on a cybercrime forum. ” The seller, who is a forum member that goes online with moniker USDoD, is demanding $50,000 for the full user database containing names and contact information. .”

Cybercrime

Cybercrime Accountability Hacking Education

EvilExtractor, a new All-in-One info stealer appeared on the Dark Web

Security Affairs

APRIL 24, 2023

EvilExtractor is a new “all-in-one” info stealer for Windows that is being advertised for sale on dark web cybercrime forums. The tool was developed by a company named Kodex, which claims that the tool was developed for an educational purpose. EvilExtractor is a modular info-stealer, it exfiltrates data via an FTP service.

Cybercrime

Cybercrime Malware Education Phishing

“My Slice”, an Italian adaptive phishing campaign

Security Affairs

JANUARY 22, 2024

“My slice”, the details of the Italian campaign Last year, a highly targeted phishing campaign that I renamed “My slice” (derived from the name of a variable in the javascript code of the landing page) targeted e-mail account holders of Italian organisations. Education improves awareness” is his slogan.

Phishing

Phishing Education Social Engineering Media

“Beyond the border scam”, pay attention to the instance of the new Nigerian fraud

Security Affairs

FEBRUARY 22, 2024

barely and cannot afford to leave the camp, nor to operate his own bank account but only to survive miserably. “ Do you ensure that you do not run away with the money once it is received in your bank account? ”. “ The 419 scam is very widespread and dangerous, and can cause serious economic and psychological damage to victims.

Scams

Scams Banking Computers and Electronics Accountability

STYX Marketplace emerged in Dark Web focused on Financial Fraud

Security Affairs

APRIL 5, 2023

The discovery of STYX coincides with Resecurity financial crime risk analysts observing a significant increase in threat actors offering money-laundering services that exploit digital banking and cryptocurrency accounts. Resecurity’s investigation of STYX also yielded the discovery of 100 mules accounts.

Banking

Banking Cybercrime Accountability Risk

Security Affairs newsletter Round 417 by Pierluigi Paganini – International edition

Security Affairs

APRIL 30, 2023

Nominate here: [link] Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, newsletter ) The post Security Affairs newsletter Round 417 by Pierluigi Paganini – International edition appeared first on Security Affairs.

Cybercrime

Cybercrime Malware Hacking Accountability

FBI and Ukrainian police seized 9 crypto exchanges used by cybercriminals

Security Affairs

MAY 2, 2023

. “Noncompliant virtual currency exchanges, which have a lax anti-money laundering program or collect minimal Know Your Customer information or none at all, serve as important hubs in the cybercrime ecosystem and are operating in violation of Title 18 United States Code, Sections 1960 and 1956.”

Cybercrime

Cybercrime Cryptocurrency Advertising Education

Kodi discloses data breach after its forum was compromised

Security Affairs

APRIL 14, 2023

The threat actors also attempted to sell the stolen data on the BreachForums cybercrime forum that was recently shut down by law enforcement. The account was used to create database backups which were then downloaded and deleted. The account owner has confirmed they did not access the admin console to perform these actions.”

Data breaches

Data breaches Backups Passwords Accountability

Social engineering, deception becomes increasingly sophisticated

Security Affairs

FEBRUARY 20, 2023

This is done through deep learning methodologies such as the Generative Adversarial Network (GAN) i.e., a group of neural network models for machine learning, deputed to teach computers how to process information by emulating the human brain. He is also the author of the book “La Gestione della Cyber Security nella Pubblica Amministrazione”.

Social Engineering

Social Engineering Engineering Artificial Intelligence Computers and Electronics

Hackers are taking advantage of the interest in generative AI to install Malware

Security Affairs

MAY 3, 2023

In March, security experts at Meta found multiple malware posing as ChatGPT or similar AI tools. “Since March alone, our security analysts have found around 10 malware families posing as ChatGPT and similar tools to compromise accounts across the internet. ” reads the Meta’s Q1 2023 Security Reports.

Malware

Malware Education Accountability Media

Security Affairs newsletter Round 432 by Pierluigi Paganini – International edition

Security Affairs

AUGUST 13, 2023

Police dismantled bulletproof hosting service provider Lolek Hosted Python URL parsing function flaw can enable command execution UK govt contractor MPD FM leaks employee passport data Power Generator in South Africa hit with DroxiDat and Cobalt Strike The Evolution of API: From Commerce to Cloud Gafgyt botnet is targeting EoL Zyxel routers Charming (..)

Data breaches

Data breaches Artificial Intelligence Cybercrime Adware

Automotive parts giant AutoZone disclosed data breach after MOVEit hack

Security Affairs

NOVEMBER 23, 2023

based organizations account for 83.9 The most heavily impacted sectors are finance and professional services and education, which account for 24.3 The most impacted sectors are finance, professional services, and education, which collectively account for over 48% of reported victims.” million Genworth 2.5

Data breaches

Data breaches Hacking Retail Identity Theft

GUEST ESSAY: Sure steps to achieve a robust employee cybersecurity awareness training regimen

The Last Watchdog

OCTOBER 24, 2022

. • Create security awareness for employees. One of the most important ways to protect against data breaches is to increase employee security awareness. Employees are the first line of defense against cybercrime and should understand how to recognize phishing emails and what to do if they suspect them.

Passwords

Passwords Security Awareness Data breaches Cybersecurity

Google obtained a temporary court order against CryptBot distributors

Security Affairs

APRIL 28, 2023

The malware allows operators to steal login credentials from popular services such as social media platforms and cryptocurrency wallets, then stolen data is sold on cybercrime forums by the operators. To prevent infections from malware like Cryptbot, Cybercrime Support Network recommends users to Download from well-known and trusted sources.

Malware

Malware Cybercrime Cryptocurrency Media

Security Affairs newsletter Round 414 by Pierluigi Paganini – International edition

Security Affairs

APRIL 9, 2023

Nominate here: [link] Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, newsletter newsletter) The post Security Affairs newsletter Round 414 by Pierluigi Paganini – International edition appeared first on Security Affairs. billion rubles.

Computers and Electronics

Computers and Electronics Backups Cybercrime Marketing

Akira ransomware received $42M in ransom payments from over 250 victims

Security Affairs

APRIL 21, 2024

The Akira ransomware has been active since March 2023, the threat actors behind the malware claim to have already hacked multiple organizations in multiple industries, including education, finance, and real estate. In some attacks, threat actors created an administrative account named itadm.

Ransomware

Ransomware Encryption Antivirus VPN

US citizens lost more than $68M to SIM swap attacks in 2021, FBI warns

Security Affairs

FEBRUARY 10, 2022

. “The Federal Bureau of Investigation is issuing this announcement to inform mobile carriers and the public of the increasing use of Subscriber Identity Module (SIM) swapping by criminals to steal money from fiat and virtual currency accounts.” Use a variation of unique passwords to access online accounts.

Mobile

Mobile Cryptocurrency Authentication Accountability

A Russian national charged for committing LockBit Ransomware attacks

Security Affairs

JUNE 16, 2023

Astamirov controlled multiple email addresses, and IP addresses, and other online provider accounts that were employed in LockBit ransomware attacks. This LockBit-related arrest, the second in six months, underscores the Justice Department’s unwavering commitment to hold ransomware actors accountable,” said Deputy Attorney General Lisa O. “In

Ransomware

Ransomware Healthcare Education Government

Microsoft Defender thwarted Akira ransomware attack on an industrial engineering firm

Security Affairs

OCTOBER 16, 2023

The Akira ransomware has been active since March 2023, the threat actors behind the malware claim to have already hacked multiple organizations in multiple industries, including education, finance, and real estate. Like other ransomware gangs, the group has developed a Linux encryptor to target VMware ESXi servers.

Engineering

Engineering Ransomware Hacking Education

Authorities dismantled the card-checking platform Try2Check

Security Affairs

MAY 3, 2023

Today’s indictment and global takedown of the Try2Check website demonstrates that the Office, together with our partners, will disrupt cybercrime operations no matter where they are based.” The DoJ pointed out that Try2Check also victimized a major U.S.-based

Cybercrime

Cybercrime Education Media Hacking

Iran-linked MERCURY APT behind destructive attacks on hybrid environments

Security Affairs

APRIL 10, 2023

. “DEV-1084 was then later observed leveraging highly privileged compromised credentials to perform en masse destruction of resources, including server farms, virtual machines, storage accounts, and virtual networks, and send emails to internal and external recipients.”

Ransomware

Ransomware Cybercrime VPN Education

SpecTor operation: 288 individuals arrested in the seizure of marketplace Monopoly Market

Security Affairs

MAY 2, 2023

“A number of investigations to identify additional individuals behind dark web accounts are still ongoing. The seizure of the Hydra Market is the result of an international investigation conducted by the Central Office for Combating Cybercrime (ZIT) in partnership with U.S. ” continues the press release.

Marketing

Marketing Accountability Cybercrime Education

Massive MOVEit campaign already impacted at least 1,000 organizations and 60 million individuals

Security Affairs

AUGUST 28, 2023

based organizations account for 83.9 “The most heavily impacted sectors are finance and professional services and education, which account for 24.3 ” The experts explained that is impossible to accurately calculate the cost of the MOVEit security breaches. million Genworth 2.5 million PH Tech 1.7

Insurance

Insurance Data breaches Education Ransomware

The State of Maine disclosed a data breach that impacted 1.3M people

Security Affairs

NOVEMBER 12, 2023

based organizations account for 83.9 The most heavily impacted sectors are finance and professional services and education, which account for 24.3 The most impacted sectors are finance, professional services, and education, which collectively account for over 48% of reported victims.” million Genworth 2.5

Data breaches

Data breaches Insurance Identity Theft Education

FBI chief says China is preparing to attack US critical infrastructure

Security Affairs

APRIL 19, 2024

In the most recent campaign, the group targeted organizations in the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors. The APT group is using almost exclusively living-off-the-land techniques and hands-on-keyboard activity to evade detection.

Energy and Utilities

Energy and Utilities Telecommunications Technology VPN

MSI confirms security breach after Money Message ransomware attack

Security Affairs

APRIL 7, 2023

.” The company reported the security breach to the relevant authorities, and it downplayed the incident, saying that the attack had no significant financial and operational impact. In response to the incident, the company announced it is enhancing the information security control measures of its network and infrastructure.

Ransomware

Ransomware Firmware Hacking Manufacturing

Health insurer Point32Health suffered a ransomware attack

Security Affairs

APRIL 23, 2023

“On April 17, Point32Health identified a cybersecurity ransomware incident that impacted systems we use to service members, accounts, brokers and providers. At this time, most systems impacted are on the Harvard Pilgrim Health Care side of our business. ” reads the statement published by the insurer.

Insurance

Insurance Ransomware Education Accountability

FBI and CISA warn of attacks by Rhysida ransomware gang

Security Affairs

NOVEMBER 15, 2023

The ransomware gang hit organizations in multiple industries, including the education, healthcare, manufacturing, information technology, and government sectors. PuTTY.exe Rhysida actors have been observed creating Secure Shell (SSH) PuTTy connections for lateral movement. The victims of the group are “targets of opportunity.”

Ransomware

Ransomware Manufacturing Healthcare Education

New Lobshot hVNC malware spreads via Google ads

Security Affairs

MAY 1, 2023

While investigating the malware distribution, the researchers noticed the use of an infrastructure known to belong to cybercrime group TA505. com, which is a domain associated with the operations of the TA505 cybercrime gang. Upon executing the MSI file, a PowerShell command is launched.

Malware

Malware Cybercrime Banking Software

Google TAG warns of Russia-linked APT groups targeting Ukraine

Security Affairs

APRIL 20, 2023

In Q1 2023, threat actors linked to Russia’s military intelligence service focused their phishing campaigns on Ukraine, with the country accounting for over 60% of observed Russian targeting. The group targeted multiple sectors, including government, defense, energy, transportation/logistics, education, and humanitarian organizations.

Phishing

Phishing Education Accountability Telecommunications

Phishing, the campaigns that are targeting Italy

Security Affairs

OCTOBER 12, 2023

Posteinfo, confirm your identity Using spoofing techniques, a text message ostensibly from Posteinfo collected in the history of legitimate messages invites identity confirmation to avoid bank account suspension. He is also the author of the book “La Gestione della Cyber Security nella Pubblica Amministrazione”.

Phishing

Phishing Scams Education Passwords

Challenges of User Authentication: What You Need to Know

Security Affairs

SEPTEMBER 7, 2022

It is the process of validating end users to ensure secure access to networks, applications, and accounts. Each of these approaches adds a layer of security to user access. However, cybercrime would not be such a lucrative business if things were that simple. User Authentication. SMS Spoofing.

Authentication

Authentication Passwords Risk Education

MEET THE RECIPIENTS OF THE 2021 (ISC)² GOVERNMENT PROFESSIONAL AWARD

CyberSecurity Insiders

OCTOBER 25, 2021

The (ISC)² Government Professional Award recognizes government cybersecurity leaders whose commitment to excellence has helped to improve government information security and advance an in-demand workforce. in Information Systems Management (2010), C.A.S. in Information Security Management (2010), and Ph.D.

Government

Government Education Cybersecurity Technology

American Bar Association (ABA) suffered a data breach,1.4 million members impacted

Security Affairs

APRIL 21, 2023

.” The investigation launched into the incident revealed that that an unauthorized third party obtained usernames and hashed and salted passwords for members’ online accounts on the ABA website prior to 2018 or the ABA Career Center since 2018. million members impacted appeared first on Security Affairs.

Data breaches

Data breaches Passwords Education Accountability

FBI: Compromised US academic credentials available on various cybercrime forums

Law enforcement seized the Genesis Market cybercrime marketplace

Webinars

Trending Sources

Cybercrime group exploits Windows zero-day in ransomware attacks

Webinars

GUEST ESSAY: Preparing for the dire cybersecurity consequences of Russia’s invasion of Ukraine

Crooks broke into AT&T email accounts to empty their cryptocurrency wallets

FBI warns of PYSA Ransomware attacks against Education Institutions in US and UK

Remcos RAT campaign targets US accounting and tax return preparation firms

Russian cybercrime group likely behind ongoing exploitation of PaperCut flaws

Defending Against the Threats to Our Security

Spanish police dismantled SIM swapping gang who stole money from victims’ bank accounts

Database of the FBI’s InfraGard US Critical Infrastructure Intelligence portal available for sale

EvilExtractor, a new All-in-One info stealer appeared on the Dark Web

“My Slice”, an Italian adaptive phishing campaign

“Beyond the border scam”, pay attention to the instance of the new Nigerian fraud

STYX Marketplace emerged in Dark Web focused on Financial Fraud

Security Affairs newsletter Round 417 by Pierluigi Paganini – International edition

FBI and Ukrainian police seized 9 crypto exchanges used by cybercriminals

Kodi discloses data breach after its forum was compromised

Social engineering, deception becomes increasingly sophisticated

Hackers are taking advantage of the interest in generative AI to install Malware

Security Affairs newsletter Round 432 by Pierluigi Paganini – International edition

Automotive parts giant AutoZone disclosed data breach after MOVEit hack

GUEST ESSAY: Sure steps to achieve a robust employee cybersecurity awareness training regimen

Google obtained a temporary court order against CryptBot distributors

Security Affairs newsletter Round 414 by Pierluigi Paganini – International edition

Akira ransomware received $42M in ransom payments from over 250 victims

US citizens lost more than $68M to SIM swap attacks in 2021, FBI warns

A Russian national charged for committing LockBit Ransomware attacks

Microsoft Defender thwarted Akira ransomware attack on an industrial engineering firm

Authorities dismantled the card-checking platform Try2Check

Iran-linked MERCURY APT behind destructive attacks on hybrid environments

SpecTor operation: 288 individuals arrested in the seizure of marketplace Monopoly Market

Massive MOVEit campaign already impacted at least 1,000 organizations and 60 million individuals

The State of Maine disclosed a data breach that impacted 1.3M people

FBI chief says China is preparing to attack US critical infrastructure

MSI confirms security breach after Money Message ransomware attack

Health insurer Point32Health suffered a ransomware attack

FBI and CISA warn of attacks by Rhysida ransomware gang

New Lobshot hVNC malware spreads via Google ads

Google TAG warns of Russia-linked APT groups targeting Ukraine

Phishing, the campaigns that are targeting Italy

Challenges of User Authentication: What You Need to Know

MEET THE RECIPIENTS OF THE 2021 (ISC)² GOVERNMENT PROFESSIONAL AWARD

American Bar Association (ABA) suffered a data breach,1.4 million members impacted

Stay Connected