Security Affairs

MAY 13, 2024

” To defend against ransomware campaign like this one, NJCCIC provided the following recommendations: Security Awareness Training : Engage in security awareness training to enhance defense mechanisms and recognize potential signs of malicious communications.

Phishing 103

Phishing Ransomware Security Awareness Authentication 103

Security Affairs

JULY 3, 2023

The malware also targets crypto wallet extensions, password managers, and 2FA extensions. The malware also collects a variety of data, including system info, browser info, password manager info, miner related registry info, and installed games info. The malware admin declared that their operations do not involve any ransom activities.

Password Management 81

Password Management Passwords Malware Antivirus 81

Security Affairs

DECEMBER 29, 2023

On Christmas Eve, Resecurity’s HUNTER unit spotted the author of perspective password stealer Meduza has released a new version (2.2). Presently, Meduza password stealer supports Windows Server 2012/2016/2019/2022 and Windows 10/11.

Password Management 124

Password Management Cryptocurrency Passwords Authentication 124

Security Affairs

FEBRUARY 24, 2020

The malware is cheap compared to similar threats, it is able to steal sensitive data from about 60 applications, including (browsers, cryptocurrency wallets, email and FTP clients). And this goes beyond usernames and passwords to information that can get them immediate financial gain like credit card information and cryptocurrency wallets.”

Cybercrime 90

Cybercrime Malware Cryptocurrency Advertising 90

Security Affairs

MAY 18, 2022

Microsoft researchers warn of the rising threat of cryware targeting non-custodial cryptocurrency wallets, also known as hot wallets. Microsoft warns of the rise of cryware, malicious software used to steal info an dfunds from non-custodial cryptocurrency wallets, also known as hot wallets. Password and info stealers.

Cryptocurrency 91

Cryptocurrency Social Engineering Malware Cybercrime 91

SecureWorld News

JULY 3, 2023

This means that most cyberattacks could be prevented by following simple cybersecurity best practices, such as using strong passwords, updating software, and avoiding phishing emails. According to PurpleSec, 98% of cybercrime relies on social engineering to accomplish it. Cryptocurrency and the Metaverse pose new cybersecurity threats.

Cybercrime 91

Cybercrime Social Engineering Data breaches Education 91

Security Affairs

JUNE 11, 2023

Gox exchange and operating BTC-e Japanese Pharmaceutical giant Eisai hit by a ransomware attack Clop ransomware gang was testing MOVEit Transfer bug since 2021 Stealth Soldier backdoor used is targeted espionage attacks in Libya Researchers published PoC exploit code for actively exploited Windows elevation of privilege issue Experts detail a new Kimsuky (..)

Social Engineering 88

Social Engineering Data breaches Ransomware Cybercrime 88

Security Affairs

AUGUST 7, 2018

Group-IB researchers have investigated user data leaks from cryptocurrency exchanges and has analyzed the nature of these incidents. In 2017, when cryptocurrencies were gaining momentum, their record-breaking capitalization and a spike in Bitcoin’s exchange rate led to dozens of attacks on cryptocurrency services.

Cryptocurrency 48

Cryptocurrency Passwords Authentication Accountability 48

Security Affairs

APRIL 14, 2024

When informed that the target had significant cryptocurrency and project files, Chakhmakhchyan agreed to sell the Hive RAT. ” reported the DoJ. “ According to the indictment, Chakhmakhchyan engaged in electronic communication with buyers after advertising the Hive RAT. . ” continues DoJ.

Computers and Electronics 108

Computers and Electronics Advertising Cryptocurrency Malware 108

Security Affairs

FEBRUARY 10, 2022

Once hijacked a SIM, the attackers can steal money, cryptocurrencies and personal information, including contacts synced with online accounts. Do not provide your mobile number account information over the phone to representatives that request your account password or pin.

Mobile 90

Mobile Cryptocurrency Authentication Accountability 90

Security Affairs

MARCH 21, 2023

Cryptocurrency ATM maker General Bytes suffered a security breach over the weekend, the hackers stole $1.5M worth of cryptocurrency. Cryptocurrency ATM manufacturers General Bytes suffered a security incident that resulted in the theft of $1.5M worth of cryptocurrency. ” continues the notice.

Cryptocurrency 78

Cryptocurrency VPN Manufacturing Firewall 78

Security Affairs

FEBRUARY 4, 2024

AnyDesk remarked that its systems don’t store private keys, security tokens or passwords that could be exploited by threat actors to target end-user devices. As a security measure, the threat actor sanitized some of the passwords. The threat actor offered 18,317 accounts for $15,000 to be paid in cryptocurrency.”

Software 111

Software Passwords Ransomware Cryptocurrency 111

Security Affairs

FEBRUARY 10, 2021

Europol investigators revealed that the cybercrime organization stole more than $100 million worth of cryptocurrency using SIM Swapping attacks. “This enabled them to steal money, bitcoin and personal information, including contacts synced with online accounts. . SecurityAffairs – hacking, cybercrime).

Cybercrime 80

Cybercrime Cryptocurrency Accountability Authentication 80

Security Affairs

AUGUST 6, 2023

Reptile Rootkit employed in attacks against Linux systems in South Korea New PaperCut flaw in print management software exposes servers to RCE attacks A cyberattack impacted operations of multiple hospitals in several US states Married couple pleaded guilty to laundering billions in cryptocurrency stolen from Bitfinex in 2016 Malicious packages in (..)

Malware 76

Malware Cybercrime Cryptocurrency Social Engineering 76

Security Affairs

MAY 15, 2022

The operators sell the Stealer module for $260 as an annual subscription, it allows to steal a lot of sensitive information from infected systems, including passwords, cookies, credit cards, and crypto-wallets. Eternity Stealer. Stolen data are exfiltrated via Telegram Bot.

Ransomware 76

Ransomware DDOS Cybercrime Malware 76

Security Affairs

AUGUST 4, 2023

60 using the username root and password TestX@!#33. The researchers speculate the packages are part of a highly-targeted attack on developers working in the cryptocurrency sector. “This seems to be another highly-targeted attack on developers involved in the cryptocurrency sphere. . ” concludes the report.

Cryptocurrency 82

Cryptocurrency Marketing Encryption Passwords 82

Security Affairs

DECEMBER 20, 2023

Writing to the clipboard:a common tactic for stealing cryptocurrency funds. Password encryption keys key4.db db – Stores the master key to decrypt all passwords stored in logins.json. Login information – “Login Data” folder. Executing shell commands. Displaying alert messages. Retrieving running process list.

Malware 110

Malware Passwords Cryptocurrency Software 110

Security Affairs

JANUARY 7, 2024

Experts spotted a new macOS Backdoor named SpectralBlur linked to North Korea Merck settles with insurers regarding a $1.4

Artificial Intelligence 91

Artificial Intelligence Data breaches Scams Insurance 91

Security Affairs

APRIL 4, 2022

During the weekend, multiple owners of Trezor hardware cryptocurrency wallets reported having received fake data breach notifications from Trezor, BleepingComputer first reported. We also recommend two-factor authentication and other account security measures for our users as added measures to keep accounts and passwords secure.”

Phishing 115

Phishing Data breaches Cryptocurrency Social Engineering 115

Security Affairs

MARCH 26, 2020

that is hosting various cybercrime products and services were being sold. companies for customers’ personal information.” platform, an automated set-up wizard allowed the owner to upload the products and services offered through the shop and configure the payment process via cryptocurrency wallets. Pierluigi Paganini.

Cybercrime 113

Cybercrime Advertising Hacking Accountability 113

Security Affairs

DECEMBER 31, 2021

The RedLine malware allows operators to steal several information, including credentials, credit card data, cookies, autocomplete information stored in browsers, cryptocurrency wallets, credentials stored in VPN clients and FTP clients. The data included usernames, email addresses and plain text passwords.”

Accountability 131

Accountability Malware Data breaches Passwords 131

Security Affairs

JANUARY 3, 2024

Victims are tricked into installing this fake app under the guise of confirming their OTP (One-Time Password), which is then intercepted and transmitted to a command-and-control (C2C) server managed by the attacker. This approach was used to deceive individuals into sharing sensitive information with malicious actors.

Artificial Intelligence 117

Artificial Intelligence Banking Scams Cybercrime 117

Security Affairs

JUNE 25, 2023

The researchers pointed out that attackers target gamers because they often use powerful hardware for gaming, which is excellent for mining cryptocurrencies. stream” to carry out cryptocurrency mining activities.” The threat actors bundled a legitimate installer file of super-mario-forever-v702e with the malicious codes.

Malware 95

Malware Cryptocurrency Passwords Hacking 95

Security Affairs

DECEMBER 7, 2021

Taiwanese vendor QNAP warns customers of ongoing attacks targeting their NAS devices with cryptocurrency miners. Taiwanese vendor QNAP warns customers of threat actors targeting their NAS devices with cryptocurrency miners. Use stronger passwords for your administrator and other user accounts.

Cryptocurrency 98

Cryptocurrency Ransomware Malware Passwords 98

Security Affairs

JUNE 4, 2023

Xplain hack impacted the Swiss cantonal police and Fedpol Zyxel published guidance for protecting devices from ongoing attacks Kimsuky APT poses as journalists and broadcast writers in its attacks New Linux Ransomware BlackSuit is similar to Royal ransomware CISA adds Progress MOVEit Transfer zero-day to its Known Exploited Vulnerabilities catalog (..)

Spyware 85

Spyware Hacking Malware Social Engineering 85

Security Affairs

MARCH 13, 2020

European authorities dismantled two cybercrime organizations responsible for stealing millions through SIM hijacking. European authorities managed to dismantle the operations of two cybercrime gangs responsible for stealing millions through SIM hijacking. SecurityAffairs – SIM Hijacking, cybercrime). ”continues Europol.

Banking 113

Banking Cybercrime Mobile Accountability 113

Security Affairs

MAY 6, 2023

Twitter confirmed that a security incident publicly exposed Circle tweets FBI seized other domains used by the shadow eBook library Z-Library WordPress Advanced Custom Fields plugin XSS exposes +2M sites to attacks Fortinet fixed two severe issues in FortiADC and FortiOS Pro-Russia group NoName took down multiple France sites, including the French (..)

Data breaches 93

Data breaches Malware Mobile Spyware 93

Security Affairs

FEBRUARY 5, 2022

PayBito is a bitcoin and cryptocurrency exchange for major cryptocurrencies including Bitcoin Cash, Bitcoin, Ethereum, HCX, Litecoin, Ethereum Classic. The group also claims to have stolen email and password hashes that can be easily decrypted due to the use of a “weak hash algorithm.”

Ransomware 86

Ransomware Cryptocurrency Hacking Advertising 86

Security Affairs

JANUARY 4, 2023

Researchers discovered a new Linux malware developed with the shell script compiler ( shc ) that was used to deliver a cryptocurrency miner. “Administrators should also use security programs such as firewalls for servers accessible from outside to restrict access by attackers. ” reads the report published by ASEC.

Malware 93

Malware DDOS Cryptocurrency Firewall 93

Security Affairs

APRIL 29, 2023

ViperSoftX is a JavaScript-based Remote Access Trojan (RAT) and cryptocurrency stealer that was first analyzed by Fortinet in February 2020. The script launches the main routine of the malware that installs malicious browser extensions to exfiltrate passwords and crypto wallet data. ” concludes the report.

Encryption 86

Encryption Malware Cryptocurrency Software 86

Security Affairs

SEPTEMBER 27, 2022

Threat actors behind the new ‘Erbium’ information-stealing malware are distributing it as fake cracks and cheats for popular video games to steal victims’ credentials and cryptocurrency wallets. Collecting user credentials, such as passwords, from a range of popular chat and email programs, as well as web browsers.

Malware 80

Malware Password Management Authentication Passwords 80

Security Affairs

FEBRUARY 10, 2022

Once hijacked a SIM, the attackers can steal money, cryptocurrencies and personal information, including contacts synced with online accounts. Do not provide your mobile number account information over the phone to representatives that request your account password or pin.

Banking 105

Banking Accountability Mobile Cryptocurrency 105

Security Affairs

MARCH 7, 2021

If you want to receive the weekly Security Affairs Newsletter for free subscribe here. Subscribing to the newsletter you will also receive the best of the international press on cybersecurity, intelligence, and cybercrime. The post Security Affairs newsletter Round 304 appeared first on Security Affairs.

Data breaches 69

Data breaches Data collection Ransomware Hacking 69

Security Affairs

AUGUST 10, 2023

The malware can steal sensitive information from various web browsers, including login data, cookies, web data, and preferences. The malicious code also targets cryptocurrency wallets and can capture credentials, passwords, and even data from messaging apps like Telegram.

Malware 84

Malware Encryption Advertising Cryptocurrency 84

Security Affairs

JANUARY 9, 2023

The crypto-miner Kinsing was first spotted by security firm Aqua Security in April 2020, at the time the experts spotted threat actors scanning the Internet for Docker servers running API ports exposed without a password. The Kinsing malware abuses the resources of the Docker installations to mine cryptocurrency.

Malware 90

Malware Authentication Cryptocurrency Internet 90

Security Affairs

NOVEMBER 13, 2021

The earliest versions of the malware were very simple, the latest versions (October 30, 2021) target common databases and WEB servers and implement worm-like propagation by leveraging weak passwords and N-day vulnerability. ” reads the analysis published by the researchers.

DDOS 105

DDOS Malware Passwords Cryptocurrency 105

Security Affairs

MAY 6, 2020

Europol announced another success in the fight against cybercrime, today it has arrested five Polish hackers who were members of the Infinity Black hacking group. The agents seized electronic equipment, external hard drives and hardware cryptocurrency wallets, all worth around €100 000.

Computers and Electronics 72

Computers and Electronics Hacking Cryptocurrency Accountability 72