Krebs on Security

AUGUST 30, 2022

A recent spate of SMS phishing attacks from one cybercriminal group has spawned a flurry of breach disclosures from affected companies, which are all struggling to combat the same lingering security threat: The ability of scammers to interact directly with employees through their mobile devices. 2, and Aug.

Mobile 291

Mobile Phishing Authentication Accountability 291

SecureList

MAY 6, 2024

A significant share of scam, phishing and malware attacks is about money. Methodology In this report, we present an analysis of financial cyberthreats in 2023, focusing on banking Trojans and phishing pages that target online banking, shopping accounts, cryptocurrency wallets and other financial assets. million in 2022.

Phishing 80

Phishing Banking Mobile Scams 80

SecureList

FEBRUARY 16, 2023

Short-lived phishing sites often offered to see the premieres before the eagerly awaited movie or television show was scheduled to hit the screen. These sites referenced public figures and humanitarian groups, offering to accept cash in cryptocurrency, something that should have raised a red flag in itself.

Phishing 90

Phishing Scams Accountability Energy and Utilities 90

Malwarebytes

APRIL 28, 2021

The victim is typically sent to a phishing page where accounts, payment details, identities, or other things can be stolen. We first observed the technique used on gamers back in 2014, and it eventually branched out into bank phishing. No company worth bothering with will ever ask for your password so don’t give them out.

Phishing 125

Phishing Cryptocurrency Accountability Scams 125

SecureWorld News

AUGUST 29, 2023

An advisory from the company states that a "highly sophisticated" SIM swapping attack targeted one of Kroll's employees, resulting in unauthorized access to personal information related to bankruptcy claimants associated with cryptocurrency firms FTX, BlockFi, and Genesis.

Cryptocurrency 84

Cryptocurrency Phishing Social Engineering Accountability 84

Krebs on Security

AUGUST 19, 2020

The COVID-19 epidemic has brought a wave of email phishing attacks that try to trick work-at-home employees into giving away credentials needed to remotely access their employers’ networks. For now at least, they appear to be focusing primarily on companies in the financial, telecommunications and social media industries.

Phishing 357

Phishing VPN Social Engineering Media 357

CyberSecurity Insiders

APRIL 5, 2023

According to a study conducted by se-curity firm Mandiant, the group has been in operation since 2018 and has now been tasked with carrying out both espionage and financially motivated attacks such as credential harvesting and social engineering.

Hacking 105

Hacking Social Engineering Cryptocurrency Manufacturing 105

SecureList

JANUARY 13, 2022

Also, we have previously reported on cryptocurrency-focused BlueNoroff attacks. It appears that BlueNoroff shifted focus from hitting banks and SWIFT-connected servers to solely cryptocurrency businesses as the main source of the group’s illegal income. Note, this is no proof that the companies listed were compromised.

Cryptocurrency 126

Cryptocurrency Malware Accountability Banking 126

SecureWorld News

AUGUST 2, 2021

Robinhood is an increasingly popular trading app where you can buy and sell stocks, as well as cryptocurrency. Earlier this year, Robinhood sent out a message to its users, warning of some phishing emails claiming to be a "Security Alert" with links to fake Robinhood websites. How to spot phishing emails.

Phishing 90

Phishing Social Engineering Scams Identity Theft 90

Security Affairs

MAY 18, 2022

Microsoft researchers warn of the rising threat of cryware targeting non-custodial cryptocurrency wallets, also known as hot wallets. Microsoft warns of the rise of cryware, malicious software used to steal info an dfunds from non-custodial cryptocurrency wallets, also known as hot wallets. Password and info stealers.

Cryptocurrency 92

Cryptocurrency Social Engineering Malware Cybercrime 92

Security Affairs

OCTOBER 20, 2021

A Cookie Theft malware was employed in phishing attacks against YouTube creators, Google’s Threat Analysis Group (TAG) warns. Financially motivated threat actors are using Cookie Theft malware in phishing attacks against YouTube creators since late 2019.

Accountability 127

Accountability Malware Phishing Social Engineering 127

Approachable Cyber Threats

JULY 7, 2022

The booming market on the Dark Web for passwords and other personal information make it a lucrative business for any cybercriminal - and Raccoon Stealer’s Malware-as-a-Service model makes it even easier for anyone to steal your information to make a profit. DropBox and social engineering. Wait, what is Malware-as-a-Service?”

Social Engineering 105

Social Engineering Cryptocurrency Malware Antivirus 105

Security Affairs

AUGUST 6, 2023

The APT group has been active since at least 2017, its campaigns involve persistent phishing and credential theft campaigns leading to intrusions and data theft. Recently, Recorded Future Insikt Group observed BlueCharlie building a new infrastructure to launch phishing campaigns and/or credential harvesting. com, storagecryptogate[.]com,

Phishing 77

Phishing Social Engineering Authentication Cryptocurrency 77

eSecurity Planet

SEPTEMBER 14, 2022

Often, a scammer will simply target the people in a company and fool them into giving up their personal details, account passwords, and other sensitive information and gain access that way. Phishing complaints were reported over 300,000 times in 2021 to IC3, the only Internet crime to crack 100,000+ complaints. Social Tactics.

Social Engineering 118

Social Engineering Energy and Utilities Phishing Scams 118

eSecurity Planet

SEPTEMBER 30, 2021

Underground services are cropping up that are designed to enable bad actors to intercept one-time passwords (OTPs), which are widely used in two-factor authentication programs whose purpose is to better protect customers’ online accounts. Phishing, Social Engineering are Still Problems. OTP Interception Services Emerge.

Authentication 107

Authentication Social Engineering Phishing Banking 107

SecureWorld News

JULY 3, 2023

This means that most cyberattacks could be prevented by following simple cybersecurity best practices, such as using strong passwords, updating software, and avoiding phishing emails. Phishing emails are more common than you know. According to PurpleSec, 98% of cybercrime relies on social engineering to accomplish it.

Cybercrime 89

Cybercrime Social Engineering Data breaches Education 89

Security Affairs

JUNE 4, 2023

Xplain hack impacted the Swiss cantonal police and Fedpol Zyxel published guidance for protecting devices from ongoing attacks Kimsuky APT poses as journalists and broadcast writers in its attacks New Linux Ransomware BlackSuit is similar to Royal ransomware CISA adds Progress MOVEit Transfer zero-day to its Known Exploited Vulnerabilities catalog (..)

Spyware 86

Spyware Hacking Malware Social Engineering 86

Security Affairs

AUGUST 6, 2023

Reptile Rootkit employed in attacks against Linux systems in South Korea New PaperCut flaw in print management software exposes servers to RCE attacks A cyberattack impacted operations of multiple hospitals in several US states Married couple pleaded guilty to laundering billions in cryptocurrency stolen from Bitfinex in 2016 Malicious packages in (..)

Malware 76

Malware Cybercrime Cryptocurrency Social Engineering 76

CyberSecurity Insiders

NOVEMBER 26, 2021

Coronavirus-related phishing, which spiked by over 600% in 2020 , continued to be an issue in 2021 throughout the inboxes of workers. While phishing schemes may seem simple, they are perhaps given more validation when workers are at home and don’t have the advice of an IT technician at the other end of the office to rely on.

Digital transformation 119

Digital transformation Phishing Social Engineering Passwords 119

CyberSecurity Insiders

APRIL 4, 2023

Chinese fraudsters primarily target the United States for two reasons: the large population makes phishing attacks more effective, and credit card limits in the country are higher compared to other nations. The latter method involves using the server and templates included in the phishing kit to impersonate various companies and brands.

Phishing 67

Phishing Social Engineering Authentication eCommerce 67

SecureWorld News

AUGUST 2, 2022

Sending passwords with each request to the API is not an efficient and secure method. OAuth ('Open Authorization') is an open standard for access delegation, commonly used as a means to grant API access without using the password each time. To understand it intuitively, suppose that you have the color red as your password.

Mobile 85

Mobile Accountability Identity Theft Cryptocurrency 85

Security Affairs

JANUARY 3, 2024

According to the Hunter Unit from Resecurity, previously, the “GXC Team” gained notoriety for creating a wide array of online fraud tools, ranging from compromised payment data checkers to sophisticated phishing and smishing kits. Utilizing AI-driven bots for advanced social engineering techniques.

Artificial Intelligence 119

Artificial Intelligence Banking Scams Cybercrime 119

Security Affairs

SEPTEMBER 2, 2018

The Loki Bot attacks started in July and aimed at stealing passwords from browsers, messaging applications, mail and FTP clients, and cryptocurrency wallets. Loki Bot operators employ various social engineering technique to trick victims into opening weaponized attachments that would deploy the Loki Bot stealer.

Social Engineering 54

Social Engineering Cryptocurrency Advertising Malware 54

SecureList

SEPTEMBER 6, 2022

Additionally, we looked at the phishing activity around gaming, specifically that related to cybersports tournaments, bookmakers, gaming marketplaces, and gaming platforms, and found numerous examples of scams that target gamers and esports fans. Game over: cybercriminals targeting gamers’ accounts and money. Trojan-PSW.Win32.Convagent

Mobile 96

Mobile Passwords Software Accountability 96

SecureList

DECEMBER 6, 2022

There are two main types of online fraud aimed at stealing user data and money: phishing and scams. Phishers primarily seek to extract confidential information from victims, such as credentials or bank card details, while scammers deploy social engineering to persuade targets to transfer money on their own accord.

Scams 93

Scams Phishing Social Engineering Banking 93

Security Boulevard

APRIL 26, 2022

In 2021, the main attack vector used by this threat actor was credential phishing attacks through emails, posing as Naver, the popular South Korean search engine and web portal. Spear phishing emails distribution. This is done for the purpose of social engineering. Figure 3: Decoy content. Passive DNS data.

Phishing 52

Phishing DNS Cryptocurrency Accountability 52

Krebs on Security

APRIL 6, 2022

The smash-and-grab attacks by LAPSUS$ obscure some of the group’s less public activities, which according to Microsoft include targeting individual user accounts at cryptocurrency exchanges to drain crypto holdings. “Someone was trying to phish employee credentials, and they were good at it,” Wired reported.

Social Engineering 243

Social Engineering Phishing Engineering Accountability 243

SecureList

AUGUST 10, 2022

VileRAT is a Python implant, part of an evasive and highly intricate attack campaign against foreign exchange and cryptocurrency trading companies. Malicious DOCX social engineering message. Meanwhile, in August 2020, we also released a private report on VileRAT to our threat intelligence customers for the first time.

Cryptocurrency 87

Cryptocurrency Encryption Social Engineering Passwords 87

SecureList

AUGUST 23, 2021

In this report, we cover PC and mobile threats as well as various phishing schemes that capitalize on popular games. Additionally, we checked our database for gaming-related spam campaigns and phishing schemes that are used in the wild. Methodology. We examined malware and unwanted software disguised as popular PC and mobile games.

Adware 112

Adware Mobile Phishing Malware 112

Security Affairs

JANUARY 27, 2022

Other affected businesses include Chip, a UK-based savings app boasting 400,000 users; Hoolah, a shopping app with over 100,000 installs ; Mode, a cryptocurrency app with over 50,000 installs ; and Greenwheels, a car-sharing service with over 50,000 installs. Threat actors can abuse PII to conduct phishing and social engineering attacks.

Identity Theft 85

Identity Theft Accountability Data breaches Social Engineering 85

Krebs on Security

DECEMBER 29, 2022

You just knew 2022 was going to be The Year of Crypto Grift when two of the world’s most popular antivirus makers — Norton and Avira — kicked things off by installing cryptocurrency mining programs on customer computers. The now-defunct and always phony cryptocurrency trading platform xtb-market[.]com,

Cryptocurrency 233

Cryptocurrency Cybercrime Computers and Electronics Scams 233

Spinone

NOVEMBER 1, 2019

It can be a password, a fingerprint, a face scan. Identity check – a set of actions (a password, a fingerprint, or a face scan) designed for verification of someone’s identity. Hacking and Social Engineering Attack vector – a specific method used by a hacker to accomplish his malicious goal.

Passwords 40

Passwords Social Engineering Malware Encryption 40

Security Boulevard

MARCH 31, 2022

RedLine Password Theft Malware. The RedLine password theft malware is a hot topic this month with Microsoft’s employee compromise. Passwords: An Easy Target. Let’s not mince words: passwords are difficult for most organizations to manage. Let’s not mince words: passwords are difficult for most organizations to manage.

Cybersecurity 98

Cybersecurity Social Engineering Passwords Malware 98

SecureList

JUNE 7, 2023

Mobile statistics Targeted attacks BlueNoroff introduces new methods bypassing MotW At the close of 2022, we reported the recent activities of BlueNoroff , a financially motivated threat actor known for stealing cryptocurrency. The threat actor uses social engineering to infect a PoS terminal.

DNS 100

DNS Malware Cryptocurrency Retail 100

eSecurity Planet

FEBRUARY 16, 2021

Organizations can help prevent their computers from becoming part of a botnet by installing anti-malware software, using firewalls , keeping software up-to-date, and forcing users to use strong passwords. Always change the default passwords for any IoT devices you install before extended use. Phishing and Social Engineering.

Malware 105

Malware Adware Spyware Antivirus 105

Krebs on Security

NOVEMBER 6, 2018

that has been tracking down individuals engaged in unauthorized “SIM swaps” — a complex form of mobile phone fraud that is often used to steal large amounts of cryptocurrencies and other items of value from victims. SIM swapping attacks primarily target individuals who are visibly active in the cryptocurrency space.

Mobile 236

Mobile Cryptocurrency Accountability Passwords 236

IT Security Guru

SEPTEMBER 28, 2023

Perpetrators utilise ransomware as a means to extort funds from their targets, typically requesting payment in cryptocurrencies, in exchange for a decryption key or as a condition to prevent the exposure of sensitive information on the dark web or public internet. With that said…Password Attacks are honestly in the past.

Ransomware 118

Ransomware Encryption Backups Social Engineering 118