Security Affairs

DECEMBER 8, 2024

An ongoing RedLine information-stealing campaign is targeting Russian businesses using pirated corporate software. Since January 2024, Russian businesses using unlicensed software have been targeted by an ongoing RedLine info-stealer campaign. This method exploits user trust rather than vulnerabilities in the corporate software.

Software 80

Software Malware Accountability Encryption 80

Krebs on Security

JANUARY 31, 2025

The “fud” bit stands for “Fully Un-Detectable,” and it refers to cybercrime resources that will evade detection by security tools like antivirus software or anti-spam appliances. “These tools were also used to acquire victim user credentials and utilize those credentials to further these fraudulent schemes.

Phishing 272

Phishing Cybercrime Advertising Malware 272

Krebs on Security

DECEMBER 10, 2024

Microsoft today released updates to plug at least 70 security holes in Windows and Windows software, including one vulnerability that is already being exploited in active attacks.

Engineering 254

Engineering Authentication Software Accountability 254

Malwarebytes

APRIL 9, 2025

This software monitors what a user types on a keyboard without their knowledge, relaying it back to the keylogger’s owner. Keep your software up to date. Malware droppers frequently take advantage of known vulnerabilities in older versions of operating system and application software. Here are some tips.

Accountability 90

Accountability Spyware Passwords Password Management 90

Security Affairs

JANUARY 28, 2025

Threat actors exploit recently fixed SimpleHelp RMM software vulnerabilities to breach targeted networks, experts warn. “On 22 January 2025, Arctic Wolf began observing a campaign involving unauthorised access to devices running SimpleHelp RMM software as an initial access vector. ” reads the report published by Artic Wolf.

Software 70

Software Passwords Accountability Encryption 70

Troy Hunt

FEBRUARY 25, 2025

It's those credentials that are then sold in the stealer logs and later used to access the victim's accounts, which is the second exploitation. An info stealer was disguised as the installer for the Notepad++ software. You get the idea.

Passwords 362

Passwords Accountability VPN Malware 362

eSecurity Planet

MAY 27, 2025

Bitdefender performs vulnerability scans on your devices and protects your email accounts. Small Business Premium adds 24/7 support for customers and social media account monitoring. McAfee McAfee Business Protection is a software solution available on Dell computers. 5 Pricing: 4.4/5 5 Features: 3.4/5 5 Customer support: 3.7/5

Antivirus 90

Antivirus Software Small Business VPN 90

Malwarebytes

APRIL 14, 2025

Horn tooting time: We’re excited to say we’ve earned a coveted spot in PCMags Best Antivirus Software for 2025 list, and been recognized as the Best Malware Removal Service 2025 by CNET. All Rights Reserved.

Antivirus 91

Antivirus Software Malware Accountability 91

Malwarebytes

JUNE 19, 2025

Take the 184 million logins for social media accounts we reported about recently. Infostealers are malicious software designed specifically to gather sensitive information from infected devices. Enable two-factor authentication (2FA) for every account you can. Now try to imagine 16 billion! billion records each.

Identity Theft 135

Identity Theft Passwords Phishing Accountability 135

Security Affairs

NOVEMBER 9, 2024

In mid-October, Sophos researchers warned that ransomware operators are exploiting the critical vulnerability CVE-2024-40711 in Veeam Backup & Replication to create rogue accounts and deploy malware. Veeam Backup & Replication is a comprehensive data protection and disaster recovery software developed by Veeam.

Backups 132

Backups Ransomware VPN Accountability 132

Zero Day

JUNE 6, 2025

Collectively, they could easily put affected customers at risk for account takeovers and identity theft. million former account holders. This leak reportedly included full names, dates of birth email addresses, mailing addresses, phone numbers, social security numbers, and AT&T account numbers.

Password Management 128

Password Management Passwords Artificial Intelligence Software 128

Security Affairs

OCTOBER 19, 2024

This week, Sophos researchers warned that ransomware operators are exploiting the critical vulnerability CVE-2024-40711 in Veeam Backup & Replication to create rogue accounts and deploy malware. Veeam Backup & Replication is a comprehensive data protection and disaster recovery software developed by Veeam. reads the advisory.

Backups 130

Backups VPN Ransomware Authentication 130

Security Affairs

OCTOBER 29, 2024

. “Investigations into RedLine and Meta started after victims came forward and a security company notified authorities about possible servers in the Netherlands linked to the software. Change passwords : After malware removal, update passwords for key accounts (email, banking, work, social media) and enable two-factor authentication.

Identity Theft 125

Identity Theft Malware Passwords Banking 125

Security Affairs

APRIL 23, 2025

“Alpine Quest is topographic software that allows different maps to be used both in online and offline mode. The malicious code was hidden in a trojanized Alpine Quest app and spread via Russian Android catalogs. ” reads the report published by Doctor Web. .” ” Android.Spy.1292.origin

Spyware 83

Spyware Software Malware Hacking 83

eSecurity Planet

NOVEMBER 6, 2024

Transcript Cookie theft is a cyberattack where hackers exploit session data stored in cookies, like login credentials, to gain unauthorized access to your accounts. With stolen cookies, bad actors can commit identity theft, cause financial loss, and access your accounts. In this video, we’ll show you how to stay safe.

Identity Theft 109

Identity Theft Passwords Phishing Accountability 109

Malwarebytes

APRIL 16, 2025

Bots (software programs that interact with web sites) have been ubiquitous for years. Good bots accounted for just 14% of the internet’s traffic. An increasing number try to hijack peoples’ online accounts, which they often do by credential stuffing. These account takeover attacks have skyrocketed lately.

Internet 143

Internet Internet Passwords Artificial Intelligence 143

Malwarebytes

MAY 27, 2025

More likely, it was amassed by infostealersmalicious software (malware) that are designed specifically to gather sensitive information from infected devices. They often arrive via phishing emails, malicious websites, or bundled with cracked software. This makes it harder for criminals to take over your account.

Identity Theft 145

Identity Theft Passwords Accountability Phishing 145

Security Affairs

APRIL 22, 2025

Japan s Financial Services Agency (FSA) warns of hundreds of millions in unauthorized trades linked to hacked brokerage accounts. billion yen Typically, attackers hijack victim accounts, sell held stocks, and use the proceeds to buy assets like Chinese stocks, which remain in the account post-attack.

Financial Services 120

Financial Services Passwords Antivirus Accountability 120

Krebs on Security

APRIL 20, 2023

We learned some remarkable new details this week about the recent supply-chain attack on VoIP software provider 3CX. “This is the first time Mandiant has seen a software supply chain attack lead to another software supply chain attack,” reads the April 20 Mandiant report. Microsoft Corp.

Malware 331

Malware Software Technology Accountability 331

Zero Day

JUNE 17, 2025

PT kontekbrothers/Getty We've probably all received confirmation codes sent via text message when trying to sign into an account. Those codes are supposed to serve as two-factor authentication to confirm our identity and prevent scammers from accessing our accounts through a password alone.

Authentication 107

Authentication Password Management Small Business Passwords 107

Krebs on Security

SEPTEMBER 13, 2023

” Airbus has apparently confirmed the cybercriminal’s account to the threat intelligence firm Hudson Rock , which determined that the Airbus credentials were stolen after a Turkish airline employee infected their computer with a prevalent and powerful info-stealing trojan called RedLine. .” Microsoft Corp.

Cybercrime 344

Cybercrime Passwords Authentication Malware 344

The Last Watchdog

DECEMBER 16, 2024

Gen AI threats and quantum computing exposures must be accounted for. Attacks targeting identities rose 71% last year, with valid accounts as the top entry point. Ransomware targeting critical services highlights the need for secure software lifecycles and vendor verification. The drivers are intensifying.

Cyber threats 264

Cyber threats CISO IoT Phishing 264

Krebs on Security

DECEMBER 4, 2024

Russia’s interior ministry last week issued a statement saying a 32-year-old hacker had been charged with violating domestic laws against the creation and use of malicious software. At several points throughout his career, Wazawaka claimed he made good money stealing accounts from drug dealers on darknet narcotics bazaars.

Cybercrime 251

Cybercrime Ransomware Cryptocurrency Government 251

SecureList

OCTOBER 29, 2024

Patch management issues The vulnerability patching process typically takes time for a variety of reasons: from actual patch release all the way to identifying vulnerable assets and “properly” patching them, considering any pre-existing asset inventory and whether the accountable personnel will learn about the vulnerability in time.

Risk 111

Risk Antivirus Accountability Malware 111

Security Affairs

FEBRUARY 13, 2025

Valve removed the game PirateFi from the Steam video game platform because it contained a Windows malicious code to steal browser cookies and hijack accounts. PCMag cited the case of a gamer who downloaded the game and reported that his accounts were hijacked using stolen cookies. A few days later, Valve notified impacted users.

Malware 110

Malware Antivirus Accountability Software 110

Krebs on Security

JULY 18, 2022

911 says its network is made up entirely of users who voluntarily install its “free VPN” software. re network uses at least two free VPN services to lure its users to install a malware-like software that achieves persistence on the user’s computer,” the researchers wrote. “The 911[.]re

VPN 358

VPN Computers and Electronics Antivirus Software 358

Krebs on Security

AUGUST 7, 2024

A partial selfie posted by Puchmade Dev to his Twitter account. That story showed how Punchmade’s social media profiles promoted Punchmade-themed online stores selling bank account and payment card data. Incredibly, Turner acknowledges that PNC told him his account was flagged for attention from law enforcement officials.

Banking 307

Banking Cybercrime Accountability Retail 307

Krebs on Security

AUGUST 18, 2022

The missives — which come from Paypal.com and include a link at Paypal.com that displays an invoice for the supposed transaction — state that the user’s account is about to be charged hundreds of dollars. Both the email and the invoice state that “there is evidence that your PayPal account has been accessed unlawfully.”

Scams 342

Scams Phishing Accountability Software 342

Krebs on Security

APRIL 8, 2025

Microsoft today released updates to plug at least 121 security holes in its Windows operating systems and software, including one vulnerability that is already being exploited in the wild. As ever, please consider backing up your data and or devices prior to updating, which makes it far less complicated to undo a software update gone awry.

Software 179

Software Media Internet Internet 179

Schneier on Security

NOVEMBER 16, 2023

Examples included: Azure Active Directory API Keys GitHub OAuth App Keys Database credentials for providers such as MongoDB, MySQL, and PostgreSQL Dropbox Key Auth0 Keys SSH Credentials Coinbase Credentials Twilio Master Credentials.

Authentication 335

Authentication Cryptocurrency Accountability Software 335

Krebs on Security

JUNE 1, 2023

Code-signing certificates are supposed to help authenticate the identity of software publishers, and provide cryptographic assurance that a signed piece of software has not been altered or tampered with. “Antivirus software trusts signed programs more. For some types of software, a digital signature is mandatory.”

Malware 314

Malware Cybercrime Software Accountability 314

The Last Watchdog

MAY 15, 2025

Small businesses make up 90% of all companies worldwide and account for half of global GDP. Cybercrime industrialized The dark web has become a marketplace where bad actors can buy tools and access with the ease of shopping for software.

Small Business 113

Small Business Cybercrime Cyber Insurance Phishing 113

eSecurity Planet

OCTOBER 22, 2024

ClickFix campaigns represent a new wave of phishing tactics that emerged in May 2024, aimed at exploiting users of popular software applications. These messages can range from vague prompts to elaborate narratives about connectivity issues or software failures. What Are ClickFix Campaigns?

Scams 123

Scams Malware Phishing Social Engineering 123

Security Affairs

DECEMBER 4, 2024

that could be exploited to leak an NTLM hash of the VSPC server service account and delete files on the VSPC server machine. Organizations are recommended to upgrade to the latest version of the software. Veeam also addressed a vulnerability, tracked as CVE-2024-42449 (CVSS score 7.1) ” reads the advisory. .”

Backups 113

Backups Ransomware Accountability Hacking 113

Malwarebytes

FEBRUARY 13, 2025

These often start with a call to users, claiming their Gmail account has been compromised. The goal is to convince the target to provide the criminals with the users Gmail recovery code, claiming its needed to restore the account. Monitor your accounts for signs of unauthorized access or data leaks.

Phishing 108

Phishing Artificial Intelligence Identity Theft Accountability 108

Malwarebytes

FEBRUARY 11, 2025

Once the passwords are sold, the new, malicious owners will attempt to use individual passwords for a variety of common online accountstesting whether, say, an email account password is the same one used for a victims online banking system, their mortgage payment platform, or their Social Security portal.

Phishing 128

Phishing Passwords Mobile Authentication 128

Malwarebytes

APRIL 1, 2025

This update must be completed by 2025-03-16 to avoid any potential penalties or disruptions to your account. Perhaps they’ll sell the details on the dark web, or use them for themselves to get access to your Microsoft accounts. Instead use a secure method such as your online account or another application on IRS.gov.

Scams 138

Scams Phishing Artificial Intelligence Social Engineering 138