Security Affairs

AUGUST 6, 2023

Reptile Rootkit employed in attacks against Linux systems in South Korea New PaperCut flaw in print management software exposes servers to RCE attacks A cyberattack impacted operations of multiple hospitals in several US states Married couple pleaded guilty to laundering billions in cryptocurrency stolen from Bitfinex in 2016 Malicious packages in (..)

Malware 76

Malware Cybercrime Cryptocurrency Social Engineering 76

Malwarebytes

JULY 19, 2022

Hundreds—if not thousands—of WordPress sites remain vulnerable and easily exploited by scammers because of their poor security and the use of weak passwords. These could then be used to launder money, evade taxes, or provide anonymity for other cybercrimes. Akamai Security Research, Akamai.

Phishing 110

Phishing Social Engineering Accountability Engineering 110

Security Affairs

NOVEMBER 6, 2018

Group-IB and Swiss insurance broker ASPIS that owns CryptoIns project, have developed the world’s first scoring model for assessing cryptocurrency exchanges. Based on the risk score, CryptoIns experts have calculated insurance rates for cryptocurrency exchange users who can now insure their accounts against cyber threats.

Insurance 63

Insurance Cryptocurrency Cyber threats Marketing 63

SecureList

MAY 6, 2024

Methodology In this report, we present an analysis of financial cyberthreats in 2023, focusing on banking Trojans and phishing pages that target online banking, shopping accounts, cryptocurrency wallets and other financial assets. Cryptocurrency phishing saw a 16% year-on-year increase in 2023, with 5.84 million in 2022.

Phishing 80

Phishing Banking Mobile Scams 80

Security Affairs

JUNE 4, 2023

Xplain hack impacted the Swiss cantonal police and Fedpol Zyxel published guidance for protecting devices from ongoing attacks Kimsuky APT poses as journalists and broadcast writers in its attacks New Linux Ransomware BlackSuit is similar to Royal ransomware CISA adds Progress MOVEit Transfer zero-day to its Known Exploited Vulnerabilities catalog (..)

Spyware 85

Spyware Hacking Malware Social Engineering 85

Security Affairs

JANUARY 3, 2024

Victims are tricked into installing this fake app under the guise of confirming their OTP (One-Time Password), which is then intercepted and transmitted to a command-and-control (C2C) server managed by the attacker. The use of Artificial Intelligence in cybercrime is not a completely novel concept.

Artificial Intelligence 119

Artificial Intelligence Banking Scams Cybercrime 119

Krebs on Security

AUGUST 19, 2020

Allen said a typical voice phishing or “vishing” attack by this group involves at least two perpetrators: One who is social engineering the target over the phone, and another co-conspirator who takes any credentials entered at the phishing page and quickly uses them to log in to the target company’s VPN platform in real-time.

Phishing 357

Phishing VPN Social Engineering Media 357

eSecurity Planet

SEPTEMBER 14, 2022

Cybercrime is a growth industry like no other. Often, a scammer will simply target the people in a company and fool them into giving up their personal details, account passwords, and other sensitive information and gain access that way. Social Tactics. In 2021 alone, IC3 received 847,376 complaints which amounted to $6.9

Social Engineering 118

Social Engineering Energy and Utilities Phishing Scams 118

Identity IQ

FEBRUARY 8, 2024

But the dark web is also associated with illegal activities including the trafficking of drugs, weapons, and illegal pornography, hacking and cybercrime, terrorism, and the sale of stolen data or personal information. Transactions on the dark web are typically conducted using cryptocurrencies such as Bitcoin to maintain anonymity.

Identity Theft 98

Identity Theft Cryptocurrency Government Engineering 98

Security Affairs

SEPTEMBER 2, 2018

The Loki Bot attacks started in July and aimed at stealing passwords from browsers, messaging applications, mail and FTP clients, and cryptocurrency wallets. Loki Bot operators employ various social engineering technique to trick victims into opening weaponized attachments that would deploy the Loki Bot stealer.

Social Engineering 53

Social Engineering Cryptocurrency Advertising Malware 53

SecureList

SEPTEMBER 6, 2022

When downloading the games from untrustworthy sources, players may receive malicious software that can gather sensitive data like login information or passwords from the victim’s device; and in an attempt to download a desired game for free, find a cool mod or cheat, gamers can actually lose their accounts or even money.

Mobile 96

Mobile Passwords Software Accountability 96

Krebs on Security

DECEMBER 29, 2022

Here’s a look at some of the more notable cybercrime stories from the past year, as covered by KrebsOnSecurity and elsewhere. Super Bowl Sunday watchers are treated to no fewer than a half-dozen commercials for cryptocurrency investing. I will also continue to post on LinkedIn about new stories in 2023. agencies]. .”

Cryptocurrency 233

Cryptocurrency Cybercrime Computers and Electronics Scams 233

Security Affairs

NOVEMBER 19, 2019

The first half of 2019 saw a 10-fold increase in the number of password-protected objects, such as documents and archive files, being used to deliver malware. In 2017, password-protected archives accounted for only 0.08% of all malicious objects. In 2018, their number grew to 3.6%, while in H1 2019 saw an unusual rise of up to 27.8%.

Ransomware 72

Ransomware Antivirus Malware Banking 72

Krebs on Security

NOVEMBER 6, 2018

that has been tracking down individuals engaged in unauthorized “SIM swaps” — a complex form of mobile phone fraud that is often used to steal large amounts of cryptocurrencies and other items of value from victims. Samy Tarazi is a sergeant with the Santa Clara County Sheriff’s office and a REACT supervisor.

Mobile 236

Mobile Cryptocurrency Accountability Passwords 236

SecureList

AUGUST 23, 2021

Most threats uncovered on PC and mobile devices were adware, but dangerous malware was also present: from stealers to bankers, often leading to the loss of not just credentials but money, including cryptocurrency. These schemes generally result in logins and passwords being stolen as well. Conclusion and advice.

Adware 112

Adware Mobile Phishing Malware 112

SecureList

DECEMBER 6, 2022

Phishers primarily seek to extract confidential information from victims, such as credentials or bank card details, while scammers deploy social engineering to persuade targets to transfer money on their own accord. Recently, many channels have appeared on Telegram promising prizes or get-rich cryptocurrency investment schemes.

Scams 93

Scams Phishing Social Engineering Banking 93

Krebs on Security

JULY 22, 2020

According to 4iq.com , a service that indexes account details like usernames and passwords exposed in Web site data breaches, the jperry94526 email address was used to register accounts at several other sites over the years, including one at the apparel store Stockx.com under the profile name Josh Perry. CONSPIRACY.

Hacking 292

Hacking Accountability Scams Media 292

Security Affairs

MARCH 27, 2023

Such was related to a worldwide malware operation known as NullMixer, a controversial and widespread malware delivery maneuver based on SEO poisoning and social engineering technique to lure tech-savvy users, including IT personnel. The module also exfiltrates 2FA secrets from Twilio’s Authy local storage.

Malware 82

Malware Social Engineering Encryption Marketing 82

SecureList

APRIL 10, 2023

The most popular application categories to hide malware and unwanted software include cryptocurrency trackers, financial apps, QR-code scanners and even dating apps. Malware and unwanted software is frequently injected into cryptocurrency trackers, financial apps, QR-code scanners and even dating apps.

Malware 99

Malware Encryption Mobile Accountability 99

eSecurity Planet

OCTOBER 21, 2022

For example, once it infects your device, a keylogger will start tracking every keystroke you make and sending a log of those keystrokes to the hacker, allowing them to reconstruct any sensitive information you might have entered after infection, such as your PIN, password, or social security number.

Malware 69

Malware Adware Spyware Antivirus 69

SecureList

APRIL 27, 2022

We have previously seen DustSquad use third-party post-exploitation tools, such as the password dumping utility fgdump; but we have now observed new custom C modules, a first for DustSquad, and Delphi downloaders acting as post-exploitation facilitators, able to gather documents of interest for the actor. Final thoughts.

Malware 130

Malware Firmware Government Phishing 130

Adam Levin

DECEMBER 7, 2020

Many of the contact tracing scams of 2020 similarly followed social engineering scripts that have been used in taxpayer identity theft schemes since the 1990s as well. As with any potential cybercrime, deterrence here will be aided by an awareness of what deepfakes are, how they work, and what they can and can’t do.

IoT 130

IoT Artificial Intelligence Technology Scams 130

Security Affairs

JUNE 4, 2021

Cryptocurrencies are represented in hacked accounts to trading sites. Monero is the cryptocurrency of choice, instead, and all communications must be PGP encrypted. Cryptocurrency trading accounts. Other cryptocurrencies have increased in value as well. Use good password practices. Use a reliable password manager.

Accountability 114

Accountability Marketing Hacking Cryptocurrency 114

eSecurity Planet

NOVEMBER 2, 2022

The document contained a list of pornographic sites, along with passwords for access to said sites and would then spread itself and its NSFW content by emailing the first 50 people in the victim’s contact list. Social engineering attacks soon found use in the digital space. It later evolved to also include file encryption.

Malware 138

Malware Ransomware Antivirus Internet 138

SecureList

JULY 29, 2021

In recent operations, the group has focused on cryptocurrency businesses. BlueNoroff has notably set up fake blockchain, or cryptocurrency-related, company websites for this campaign, to lure potential victims and initiate the infection process. The purpose of the campaign was to steal passwords stored in the password manager.

Malware 140

Malware Phishing Password Management Social Engineering 140

Malwarebytes

MAY 21, 2023

ChatGPT can step in to offer insights on identifying the latest scams, avoiding social engineering pitfalls, and setting stronger passwords in concise, conversational text that may be more effective than a lecture or slide presentation.

Cybersecurity 77

Cybersecurity Artificial Intelligence Social Engineering Engineering 77