SecureWorld News

OCTOBER 5, 2020

They gained access to the social media accounts of some of the biggest names in sports. This included account takeovers of both NFL and NBA players. NFL and NBA social media takeover attack started with phishing. Washington then sold access to the compromised accounts to others for amounts ranging from $500 to $1,000.".

Accountability 92

Accountability Phishing Media Cybercrime 92

Security Affairs

AUGUST 9, 2023

Cloud account takeover scheme utilizing EvilProxy hit over 100 top-level executives of global organizations EvilProxy was observed sending 120,000 phishing emails to over a hundred organizations to steal Microsoft 365 accounts. Proofpoint noticed a worrisome surge of successful cloud account compromises in the past five months.

Accountability 87

Accountability Phishing Authentication Architecture 87

Malwarebytes

JUNE 23, 2022

Europol has coordinated a joint operation to arrest members of a cybercrime gang and effectively dismantle their campaigns that netted million in Euros. The group was involved in fraud, money laundering, phishing, and scams. Money mules then used these credentials to cash out millions in Euros from victim accounts.

Phishing 107

Phishing Banking Cryptocurrency Scams 107

Krebs on Security

JANUARY 30, 2024

Sources close to the investigation tell KrebsOnSecurity the accused was a key member of a criminal hacking group blamed for a string of cyber intrusions at major U.S. Multiple security firms soon assigned the hacking group the nickname “ Scattered Spider.” 9, 2024, U.S. technology companies during the summer of 2022.

Social Engineering 318

Social Engineering Mobile Cybercrime Passwords 318

Security Affairs

JANUARY 18, 2020

I’m preparing the slides for my next speech and I decided to create this post while searching for interesting cybercrime statistics in 2020. Cybercrime will cost as much as $6 trillion annually by 2021. The global expense for organizations to protect their systems from cybercrime attacks will continue to grow.

Cybercrime 125

Cybercrime Small Business Data breaches Mobile 125

The Last Watchdog

SEPTEMBER 28, 2022

Phishing attacks are nothing new, but scammers are getting savvier with their tactics. Related: The threat of ‘business logic’ hacks. Other Iranian-based cyberattacks have included hackers targeting Albanian government systems and spear phishing scams. Spear phishing. Phishing via texting.

Phishing 124

Phishing Scams Cybercrime Passwords 124

Security Affairs

FEBRUARY 16, 2021

Researchers from threat intelligence Cyble have discovered threat actors abusing the Ngrok platform in a fresh phishing campaign. Researchers at the threat intelligence firm Cyble discovered a new wave of phishing attacks targeting multiple organizations that are abusing the ngrok platform, a secure and introspectable tunnel to the localhost.

Phishing 127

Phishing Cybercrime Mobile Internet 127

Security Affairs

OCTOBER 4, 2023

Threat actors exploited an open redirection vulnerability in the job search platform Indeed to carry out phishing attacks. Researchers from the cybersecurity firm Menlo Security reported that threat actors exploited an open redirection vulnerability in the job search platform Indeed in phishing attacks. ” continues the report.

Phishing 114

Phishing Insurance Manufacturing Banking 114

Security Affairs

OCTOBER 12, 2023

This post analyzed the numerous phishing campaigns targeting users and organizations in Italy. Phishing is a ploy to trick users into revealing personal or financial information through an e-mail, Web site, and even through instant messaging. Phishing can also be used as a precursor attack to drop malware. Just to name a few.

Phishing 115

Phishing Scams Education Passwords 115

Krebs on Security

JULY 18, 2023

[This is Part III in a series on research conducted for a recent Hulu documentary on the 2015 hack of marital infidelity website AshleyMadison.com.] LeakedSource was advertised on a number of popular cybercrime forums as a service that could help hackers break into valuable or high-profile accounts. Abusewith[.]us

Hacking 192

Hacking Accountability Data breaches Marketing 192

Security Affairs

OCTOBER 11, 2022

Researchers warn of a new phishing-as-a-service (PhaaS) toolkit, called Caffeine, which is being used by cybercriminals. In March 2022, Mandiant researchers discovered threat actors using a shared Phishing-as-a-Service (PhaaS) platform called Caffeine. ” reads the report published by Mandiant.

Phishing 88

Phishing Cybercrime Accountability Advertising 88

Security Affairs

JUNE 21, 2022

Experts identified a spike in phishing content delivered via Azure Front Door (AFD), a cloud CDN service provided by Microsoft. USA) has identified a spike in phishing content delivered via Azure Front Door (AFD), a cloud CDN service provided by Microsoft. 1 – Example of Phishing Page Delivered by Azure Front Door (AFD).

Phishing 120

Phishing Accountability Hacking Scams 120

Security Affairs

MARCH 23, 2024

An operation conducted by the Federal Criminal Police Office in Germany (BKA) and the Frankfurt cybercrime combating unit (ZIT) led to the seizure of the infrastructure of the darknet marketplace Nemesis Market in Germany and Lithuania. The Nemesis Market recently reached over 150,000 users and over 1,100 seller accounts registered worldwide.

Marketing 99

Marketing Cybercrime DDOS Internet 99

Security Affairs

AUGUST 18, 2023

ESET researchers uncovered a mass-spreading phishing campaign targeting users of the Zimbra Collaboration email server since April 2023. The phishing messages include a phishing page in the attached HTML file, they warn the recipient of an email server update, account deactivation, or similar issue.

Phishing 81

Phishing Social Engineering Accountability Engineering 81

Identity IQ

JANUARY 24, 2021

As many Americans’ personally identifiable information goes digital, it’s becoming increasingly vulnerable to hacks and theft by cybercriminals who profit from access to online accounts. During the pandemic, for instance, Google has reported a 350% increase in phishing sites. Cybercrime annual revenue currently totals $1.5

Cybercrime 105

Cybercrime Identity Theft Scams Data breaches 105

Security Affairs

MAY 29, 2023

Experts warn of phishing attacks that are combining the use of compromised Microsoft 365 accounts and.rpmsg encrypted emails. Trustwave researchers have observed threat actors using encrypted RPMSG attachments sent via compromised Microsoft 365 accounts in a phishing campaign aimed at stealing Microsoft credentials.

Encryption 89

Encryption Phishing Accountability Authentication 89

Security Affairs

APRIL 4, 2022

Threat actors gained access to internal tools of the email marketing giant MailChimp to conduct phishing attacks against crypto customers. Trezor WARNING: Elaborate Phishing attack. Trazor also took the phishing domain used by threat actors offline and launched an investigation to determine how many users have been impacted.

Phishing 116

Phishing Data breaches Cryptocurrency Social Engineering 116

Security Affairs

JULY 12, 2022

A large-scale phishing campaign used adversary-in-the-middle (AiTM) phishing sites to hit more than 10,000 organizations. In AiTM phishing, threat actors set up a proxy server between a target user and the website the user wishes to visit, which is the phishing site under the control of the attackers.

Phishing 129

Phishing Authentication Social Engineering Passwords 129

Security Affairs

FEBRUARY 22, 2022

The Ukrainian police arrested a gang specialized in the sale of stolen payment card data through phishing attacks. The cybercrime unit of the Ukrainian police has arrested a group of cybercriminals who managed to steal payment card data from at least 70,000 people by setting up mobile fake top-up services. Pierluigi Paganini.

Phishing 81

Phishing Banking Mobile Telecommunications 81

Security Affairs

SEPTEMBER 5, 2022

Cybersecurity firm Armorblox discovered a new phishing campaign aimed at American Express customers. Armorblox researchers uncovered a new phishing campaign that is targeting American Express customers. The subject of the emails reads “Important Notification About Your Account” in an attempt to urge recipients to open it.

Phishing 97

Phishing Scams Social Engineering Password Management 97

Security Affairs

AUGUST 1, 2023

Researchers spotted a Python variant of the NodeStealer that was designed to take over Facebook business accounts and cryptocurrency wallets. Palo Alto Network Unit 42 discovered a previously unreported phishing campaign that distributed a Python variant of the NodeStealer. ” reads the analysis published by Palo Alto Networks.

Accountability 87

Accountability Cryptocurrency Malware Phishing 87

Security Affairs

AUGUST 2, 2023

Experts spotted a spear-phishing Facebook campaign exploiting a zero-day vulnerability in Salesforce email services. Researchers from Guardio Labs uncovered a sophisticated phishing campaign exploiting a zero-day vulnerability in Salesforce email services and SMTP servers. 8e-sefdea4.um9. ” concludes the experts.

Phishing 84

Phishing Accountability Authentication Hacking 84

Security Affairs

JULY 6, 2021

The alleged perpetrator, who turned out to be a citizen of Morocco, was arrested in May by the Moroccan police based on the data about his cybercrimes that was provided by Group-IB. Almost each of the scripts contained in the phishing kit had its creator’s nickname, Dr HeX, and contact email address.

Cybercrime 94

Cybercrime Phishing Banking Telecommunications 94

Security Affairs

NOVEMBER 7, 2021

The phishing messages use mortgage payments as a lure, they have the subject “Re: Payoff Request.”. The phishing message was sent from a legitimate individual’s compromised email account. The phishing pages were hosted on the “greenleafproperties[.]co[.]uk” SecurityAffairs – hacking, phishing).

Phishing 124

Phishing Social Engineering Accountability Engineering 124

Security Affairs

DECEMBER 16, 2022

Gemini crypto exchange warns users of an ongoing phishing campaign after a third-party vendor suffered a security breach. Gemini crypto exchange is warning of phishing campaigns targeting its users after a threat actor obtained their data by breaching a third-party vendor. SecurityAffairs – hacking, phishing).

Hacking 80

Hacking Phishing Accountability Authentication 80

Security Affairs

APRIL 16, 2023

Microsoft warns of a new Remcos RAT campaign targeting US accounting and tax return preparation firms ahead of Tax Day. Tax Day, Microsoft has observed a new Remcos RAT campaign targeting US accounting and tax return preparation firms. The phishing attacks began in February 2023, the IT giant reported. Ahead of the U.S.

Accountability 88

Accountability Phishing Financial Services Surveillance 88

Security Affairs

DECEMBER 18, 2023

. “Cashout bank logs” typically refer to a type of cybercrime where individuals gain unauthorized access to banking information, often through phishing attacks or hacking, and then use that information to withdraw money or make unauthorized transactions.

Banking 115

Banking Cybercrime Malware Accountability 115

Security Affairs

AUGUST 10, 2022

The investigation conducted by Cisco Security Incident Response (CSIRT) and Cisco Talos revealed that threat actors compromised a Cisco employee’s credentials after they gained control of a personal Google account where credentials saved in the victim’s browser were being synchronized. SecurityAffairs – hacking, Yanluowang ransomware).

Ransomware 126

Ransomware Hacking VPN Phishing 126

SecureList

OCTOBER 20, 2021

Having been in the field for so long, we have witnessed some major changes in the cybercrime world’s modus operandi. This report shares our insights into the Russian-speaking cybercrime world and the changes in how it operates that have happened in the past five years. These services, too, have been outsourced.

Cybercrime 138

Cybercrime Banking Malware Ransomware 138

Security Affairs

AUGUST 16, 2023

A phishing campaign employing QR codes targeted a leading energy company in the US, cybersecurity firm Cofense reported. “Beginning in May 2023, Cofense has observed a large phishing campaign utilizing QR codes targeting the Microsoft credentials of users from a wide array of industries.” com (Cloudflare’s Web3 services).

Phishing 84

Phishing Energy and Utilities Insurance Manufacturing 84

SecureWorld News

DECEMBER 15, 2022

Security researchers at Checkmarx and Illustria recently discovered a campaign in which a threat actor(s) managed to post over 144,000 phishing packages to popular open source platforms, including NPM, PyPi, and NuGet. The descriptions for these packages contained links to phishing campaigns.

Phishing 67

Phishing Accountability Retail Hacking 67

Security Affairs

OCTOBER 2, 2022

German police arrested one individual suspected of having stolen €4 million from users via large-scale phishing campaigns. Germany’s Bundeskriminalamt (BKA) arrested an individual (24) suspected of having stolen €4,000,000 from internet users via phishing attacks along with a two accomplices who are suspected. Pierluigi Paganini.

Phishing 90

Phishing Banking DDOS Accountability 90

SecureList

MARCH 24, 2022

What are phishing kits? One of the most common tricks scammers use in phishing attacks is to create a fake official page of a famous brand. Even phishing page domain name can often look like the real web address of a certain brand, as cybercriminals include the name of the company or service they are posing as in the URL.

Phishing 106

Phishing Marketing Banking Technology 106

Krebs on Security

FEBRUARY 10, 2020

Justice Department today unsealed indictments against four Chinese officers of the People’s Liberation Army (PLA) accused of perpetrating the 2017 hack against consumer credit bureau Equifax that led to the theft of personal data on nearly 150 million Americans. ” A copy of the indictment is available here.

Hacking 246

Hacking Identity Theft Government Phishing 246

Security Boulevard

APRIL 23, 2021

Phishing is today’s most dangerous cyberattack. Google noted a more than 600% spike in phishing attacks in 2020 compared to 2019 with a total of 2,145,013 phishing sites registered as of January 17, 2021, up from 1,690,000 on Jan 19, 2020. Phishing doesn’t discriminate. So did the 2020 Twitter hack.

Phishing 101

Phishing Scams Media Backups 101

The Last Watchdog

JULY 18, 2023

July 18, 2022 – Around 30,000 websites get hacked every day , with the majority of those cyberattacks due to human error. This has projected costs associated with cybercrimes to hit the tens of trillions by 2025, highlighting the vital need for web hosts to implement staunch security. Gainesville, Fla.,

Hacking 100

Hacking DDOS Small Business Spyware 100

Security Affairs

OCTOBER 22, 2021

FIN7 hacking group created fake cybersecurity companies to hire experts and involve them in ransomware attacks tricking them of conducting a pentest. The FIN7 hacking group is attempting to enter in the ransomware business and is doing it with an interesting technique. SecurityAffairs – hacking, cyber security).

Cybercrime 107

Cybercrime Ransomware Cybersecurity Backups 107