SecureList

NOVEMBER 29, 2024

CloudSorcerer is a sophisticated cyber-espionage tool used for stealth monitoring, data collection and exfiltration via Microsoft, Yandex and Dropbox cloud infrastructures. The campaign, which we dubbed EastWind , used phishing emails with malicious shortcuts attached to deliver malware to target computers.

Energy and Utilities 103

Energy and Utilities Ransomware Malware Government 103

Adam Levin

DECEMBER 3, 2018

The data is thought to have originated from Data&Leads, Inc. A cached version of the company’s website shows that it promised “access to our massive in-house data collection, as well as one of the largest data supplier networks of any data or lead company.”. The takeaway?

Identity Theft 194

Identity Theft Data collection IoT Engineering 194

Security Affairs

SEPTEMBER 5, 2022

Resecurity researchers discovered a new Phishing-as-a-Service (PhaaS) called EvilProxy advertised on the Dark Web. Following the recent Twilio hack leading to the leakage of 2FA (OTP) codes, cybercriminals continue to upgrade their attack arsenal to orchestrate advanced phishing campaigns targeting users worldwide. How It Works?

Phishing 100

Phishing Accountability Hacking Advertising 100

Krebs on Security

DECEMBER 29, 2022

Internal Revenue Service website for months: Anyone seeking to create an account to view their tax records online would soon be required to provide biometric data to a private company in Virginia — ID.me. A single bitcoin is trading at around $45,000. It emerges that email marketing giant Mailchimp got hacked.

Cryptocurrency 309

Cryptocurrency Cybercrime Computers and Electronics Scams 309

Zero Day

JUNE 22, 2025

Close Home Tech Security 16 billion passwords leaked across Apple, Google, more: What to know and how to protect yourself Wondering if your information is posted online from a data breach? Here's how to check if your accounts are at risk and what to do next. In this scenario, there is not much you can do. 

Passwords 100

Passwords Data breaches Password Management Accountability 100

Security Boulevard

MARCH 24, 2025

While MFA is primarily a security feature, its primary privacy benefit is adding another layer of security to prevent unauthorized access to information contained in particular important or sensitive accounts. These apps also frequently use Bluetooth data to gather location information and proximity to nearby devices.

Surveillance 75

Surveillance Telecommunications Data breaches Spyware 75

Zero Day

JUNE 20, 2025

Here are the facts and how to protect yourself Wondering if your information is posted online from a data breach? Here's how to check if your accounts are at risk and what to do next. PT Moor Studio/Getty With so much news about data breaches, you have to be careful not to panic each time you hear of a new one.

Passwords 106

Passwords Data breaches Password Management Identity Theft 106

Security Affairs

JULY 12, 2021

For the third time in the past four months, LinkedIn seems to have experienced another massive data scrape conducted by a malicious actor. Once again, an archive of data collected from hundreds of millions of LinkedIn user profiles surfaced on a hacker forum, where it’s currently being sold for an undisclosed sum.

Social Engineering 144

Social Engineering Data collection Media Passwords 144

SecureList

DECEMBER 23, 2024

Victims get infected via phishing emails containing a malicious document that exploits a vulnerability in the formula editor ( CVE-2018-0802 ) to download and execute malware code. All data collected this way is saved in a TMP alternate data stream and forwarded to the C2 server by the VBShower::Backdoor component.

Encryption 133

Encryption Penetration Testing Malware Phishing 133

Security Affairs

APRIL 6, 2023

The experts pointed out that crooks engaged in phishing activities have started to rely on the popular instant messaging platform more in recent months. On Telegram is possible to find channels that offer: Free phishing kits that can be used to target users of a large number of global and local brands. User personal data for sale.

Phishing 98

Phishing Scams Social Engineering Banking 98

Security Affairs

OCTOBER 15, 2018

Group-IB: The online market for counterfeit goods in Russia has reached $1,5 billion, while the number of phishing attacks has surpassed 1,200 daily. Scammers create fake websites of known brands, fraudulent promotional campaigns, and fake accounts on social media. Phishing remains one of the most common online fraud.

Marketing 104

Marketing Phishing Media Engineering 104

Security Affairs

JUNE 9, 2024

New York Times source code compromised via exposed GitHub token SolarWinds fixed multiple flaws in Serv-U and SolarWinds Platform Pandabuy was extorted twice by the same threat actor UAC-0020 threat actor used the SPECTR Malware to target Ukraine’s defense forces Chinese threat actor exploits old ThinkPHP flaws since October 2023 A new Linux (..)

Data breaches 127

Data breaches Banking Hacking Malware 127

The Last Watchdog

JUNE 2, 2021

The amount of data in the world topped an astounding 59 zetabytes in 2020, much of it pooling in data lakes. We’ve barely scratched the surface of applying artificial intelligence and advanced data analytics to the raw data collecting in these gargantuan cloud-storage structures erected by Amazon, Microsoft and Google.

Encryption 176

Encryption Artificial Intelligence IoT Data collection 176

SecureWorld News

AUGUST 15, 2024

NPD, which provides background check services to employers, investigators, and other businesses, reportedly obtains this information by scraping data from various sources, often without the direct consent of the individuals involved. Use complex, unique passwords for all accounts and consider using a password manager.

Data breaches 109

Data breaches Identity Theft Password Management Data collection 109

The Last Watchdog

APRIL 22, 2020

PAM governs a hierarchy of privileged accounts all tied together in a Windows Active Directory ( AD ) environment. It didn’t take cyber criminals too long to figure out how to subvert PAM and AD – mainly by stealing or spoofing credentials to log on to privileged accounts. But SSO proved to be a boon for intruders, as well.

Accountability 138

Accountability Authentication Digital transformation Passwords 138

SecureList

NOVEMBER 19, 2024

These include financial malware, phishing sites impersonating major global retailers, banks and payment systems, and spam emails that may lead to fraudulent websites or spread malware. This year, we also specifically analyzed the rise of fake mobile applications designed to steal shopping data. attempted to impersonate e-shops.

Banking 102

Banking Phishing Scams Retail 102

Security Affairs

APRIL 6, 2023

The Threat Report Portugal: H2 2022 compiles data collected on the malicious campaigns that occurred from July to December, H2, 2022. The Portuguese Abuse Open Feed 0xSI_f33d is an open-sharing database with the ability to collect indicators from multiple sources, developed and maintained by Segurança-Informática. in Q2 2022.

Threat Reports 98

Threat Reports Phishing Malware Banking 98

SecureList

MARCH 13, 2025

Initial Access While previous Head Mare attacks relied solely on phishing emails with malicious attachments, they now also infiltrate victims’ infrastructure through compromised contractors with access to business automation platforms and RDP connections. Persistence The method of establishing persistence has changed.

Energy and Utilities 76

Energy and Utilities Software Accountability Phishing 76

eSecurity Planet

AUGUST 20, 2024

The company allegedly obtained this information from non-public sources without the consent of the person filing the complaint or the potentially billions of others affected by the data collection. Activate multi-factor authentication on all accounts where it’s available, especially on email, banking, and social media platforms.

Identity Theft 130

Identity Theft Data breaches Passwords Encryption 130

Hot for Security

MARCH 17, 2021

If you were a victim of the Zynga data breach, you’ve probably changed the password for your account already. But have you considered resetting the passwords for any online accounts with similar login credentials? These data sets may include IP addresses, operating systems, browser type, game time and web page interactions.

Data breaches 105

Data breaches Passwords Accountability Media 105

SC Magazine

JULY 13, 2021

The company’s investigation determined that social security numbers, driver’s license numbers, passport numbers and/or financial account numbers may have been accessed or acquired. For this reason – unlike [how] it appears in this case – organizations are wise to limit the amount of data kept and stored in systems,” Kron said.

Ransomware 102

Ransomware Retail Hacking Digital transformation 102

Security Affairs

MAY 23, 2024

However, the researchers determined that one of methods used by the threat actors to regaining access to the target organizations are spear-phishing emails. The experts observed multiple spear-phishing attempts between March and May 2023. The messages use specially crafted archives containing LNK files disguised as regular documents.

Malware 133

Malware Accountability Phishing Data collection 133

Google Security

MAY 5, 2023

Because they are based on the public key cryptographic protocols that underpin security keys, they are resistant to phishing and other online attacks, making them more secure than SMS, app based one-time passwords and other forms of multi-factor authentication (MFA). They are designed to enhance online security for users.

Authentication 125

Authentication Passwords Technology Password Management 125

SecureList

OCTOBER 18, 2023

As we were collecting and analyzing the relevant telemetry data, we realized the campaign had been launched in mid-August 2022 and targeted over a dozen corporations in Eastern Europe from the oil and gas sector and defense industry. The attackers continued to send malicious documents via email until the end of September 2022.

Malware 141

Malware Phishing Internet Internet 141

SecureList

SEPTEMBER 6, 2022

One of the most outstanding examples involves $2 million ‘s worth of CS:GO skins stolen from a user’s account , which means that losses can get truly grave. Game over: cybercriminals targeting gamers’ accounts and money.

Mobile 132

Mobile Passwords Software Accountability 132

Security Affairs

NOVEMBER 17, 2018

link ) was posted on Pastebin , the hacker claims to have compromised user’s email and also accused ProtonMail of sending user’s decrypted data to American servers. AmFearLiathMor also wrote that ProtonMail hasn’t configured the mandatory Subresource Integrity ( SRI ) allowing tampering and data collection.

Scams 111

Scams Hacking Data collection Advertising 111

Security Affairs

NOVEMBER 16, 2018

To infiltrate critical infrastructure networks hackers will continue to use phishing as one of their main tools, but the focus of attacks might shift to vulnerable network equipment connecting the network to the Internet. Web phishing, which is another popular attack vector, has grown globally. About the author Group-IB.

Cybercrime 108

Cybercrime Hacking Banking Phishing 108

BH Consulting

AUGUST 31, 2023

Having policies and procedures to secure social media accounts and minimise the potential for incidents can help. Recently, a client with several different social media accounts and a large team of people working on them approached BH Consulting to review its security and policies around them. More than 4.7

Media 52

Media Accountability Authentication Passwords 52

The Last Watchdog

MAY 11, 2021

However, one possible scenario is that they obtained a targeted employee’s login credentials and then used that employee’s account to pivot to and take control of the build system, Pericin says. It is undisclosed how the Russia-sponsored attackers got control of the SolarWinds build machine.

Software 202

Software Hacking Malware Engineering 202

Malwarebytes

AUGUST 3, 2021

In theory, the company could access the data but said they don’t directly access it. Sharing data with social media companies even if you don’t have an account with them. Zoom used Facebook’s Software Development Kit for app features, which resulted in data being sent to Facebook. The numbers game. Well, it’s complicated.

Encryption 103

Encryption Data collection Accountability Media 103

SecureList

OCTOBER 13, 2023

This article delves deep into the settings and privacy policies of LLM-based chatbots to find out how they collect and store conversation histories, and how office workers who use them can protect or compromise company and customer data. The user creates an account and gains access to the bot. Account hacking.

Accountability 138

Accountability B2B Risk Hacking 138

Security Affairs

OCTOBER 10, 2018

Attacks on bank customers: The decline of Android Trojans and the triumph of phishing. At present, only three criminal groups— Buhtrap2 , RTM , and Toplel —steal money from the accounts of legal entities in Russia. Using web phishing, criminals have managed to steal $3.7 They account for 80% of all financial phishing sites.

Cyber Attacks 108

Cyber Attacks Banking Cyber threats Phishing 108

Security Boulevard

MARCH 31, 2022

RedLine is a malware service available for purchase on underground forums that specifically targets the theft of sensitive information: passwords, credit cards, execution environment data, computer name, installed software, and more recently, cryptocurrency wallets and related files. Data collection from FTP clients, IM clients.

Cybersecurity 98

Cybersecurity Social Engineering Passwords Malware 98

Security Affairs

OCTOBER 27, 2022

Data collected by Microsoft Defender for Endpoint shows that nearly 3,000 devices in almost 1,000 organizations have seen at least one RaspberryRobin payload-related alert in the last 30 days. DEV-0950 group used Clop ransomware to encrypt the network of organizations previously infected with the Raspberry Robin worm.

Ransomware 109

Ransomware Malware Encryption Data collection 109

Security Affairs

JULY 1, 2021

While not highly sensitive, the data could still be used by threat actors to stage attacks against US business owners who the threat actors might see as being more affluent and potentially vulnerable to phishing and ransomware attacks. Our teams have investigated a set of alleged LinkedIn data that has been posted for sale. “Our

Data breaches 104

Data breaches Social Engineering Data collection Media 104

The Last Watchdog

FEBRUARY 27, 2019

One example is the so-called PayLeak caper , a large-scale phishing and redirect campaign targeting those using their smartphones to visit the websites of premium newspapers and magazines. We’re talking about things like consumer data collection, data management platforms and retargeting enablement systems. Smart attacks.

Retail 138

Retail Digital transformation Advertising Software 138

Approachable Cyber Threats

AUGUST 2, 2021

Users must be better protected from the outset, and the only way to ensure that is to impose significant restrictions on data collection and usage by companies seeking to monetize or use it to their asymmetric benefit in any way. social engineer a mobile provider employee to facilitate a SIM swap).

Data collection 98

Data collection Media Mobile Identity Theft 98