Security Affairs

JUNE 11, 2023

Gox exchange and operating BTC-e Japanese Pharmaceutical giant Eisai hit by a ransomware attack Clop ransomware gang was testing MOVEit Transfer bug since 2021 Stealth Soldier backdoor used is targeted espionage attacks in Libya Researchers published PoC exploit code for actively exploited Windows elevation of privilege issue Experts detail a new Kimsuky (..)

Social Engineering 93

Social Engineering Data breaches Ransomware Cybercrime 93

Security Affairs

MAY 18, 2022

Microsoft researchers warn of the rising threat of cryware targeting non-custodial cryptocurrency wallets, also known as hot wallets. Microsoft warns of the rise of cryware, malicious software used to steal info an dfunds from non-custodial cryptocurrency wallets, also known as hot wallets. Password and info stealers.

Cryptocurrency 96

Cryptocurrency Social Engineering Malware Cybercrime 96

Malwarebytes

MARCH 1, 2024

Cybercriminals are targeting Mac users interested in cryptocurrency opportunities with fake calendar invites. Scammers, impersonating cryptocurrency investors, are active on Telegram channels to get interested people to attend a meeting about a future partnership. Topics are cryptocurrency investment opportunities.

Cryptocurrency 99

Cryptocurrency Malware Authentication Banking 99

SecureWorld News

AUGUST 29, 2023

An advisory from the company states that a "highly sophisticated" SIM swapping attack targeted one of Kroll's employees, resulting in unauthorized access to personal information related to bankruptcy claimants associated with cryptocurrency firms FTX, BlockFi, and Genesis.

Cryptocurrency 77

Cryptocurrency Phishing Social Engineering Accountability 77

Approachable Cyber Threats

JULY 7, 2022

The booming market on the Dark Web for passwords and other personal information make it a lucrative business for any cybercriminal - and Raccoon Stealer’s Malware-as-a-Service model makes it even easier for anyone to steal your information to make a profit. DropBox and social engineering. Wait, what is Malware-as-a-Service?”

Social Engineering 105

Social Engineering Cryptocurrency Malware Antivirus 105

Security Boulevard

FEBRUARY 12, 2021

This allowed them to access many apps and ask for password resets, which often confirm the request is intended for the correct user by sending a "Two Factor Authentication" request in the form of an SMS message. Some crypto currency exchanges use an even stronger method, of requiring confirmation both by an SMS to the phone and by email.

Cryptocurrency 119

Cryptocurrency Accountability Scams Social Engineering 119

SecureList

JULY 5, 2023

The higher the global popularity of cryptocurrencies and the more new ways of storing them, the wider the arsenal of tools used by malicious actors who are after digital money. This story covers two fundamentally different methods of email attacks on the two most popular ways of storing cryptocurrency: hot and cold wallets.

Scams 94

Scams Phishing Cryptocurrency Social Engineering 94

Security Affairs

APRIL 4, 2022

During the weekend, multiple owners of Trezor hardware cryptocurrency wallets reported having received fake data breach notifications from Trezor, BleepingComputer first reported. The company was the victim of a social engineering attack aimed at its employees. Trezor WARNING: Elaborate Phishing attack. Pierluigi Paganini.

Phishing 118

Phishing Data breaches Cryptocurrency Social Engineering 118

Krebs on Security

AUGUST 30, 2022

Those who submitted credentials were then prompted to provide the one-time password needed for multi-factor authentication. 4 it became aware of unauthorized access to information related to a limited number of Twilio customer accounts through a sophisticated social engineering attack designed to steal employee credentials.

Mobile 276

Mobile Phishing Authentication Accountability 276

Malwarebytes

MAY 15, 2022

Things become even worse when social engineering combines with publicly available data to make it even more convincing. We see criminals gravitating to digital payment systems, cryptocurrencies, and even gift cards across most realms of attack. 2 factor authentication and password managers are good places to start.

Scams 126

Scams Social Engineering Password Management Engineering 126

Security Affairs

NOVEMBER 6, 2018

Group-IB and Swiss insurance broker ASPIS that owns CryptoIns project, have developed the world’s first scoring model for assessing cryptocurrency exchanges. Based on the risk score, CryptoIns experts have calculated insurance rates for cryptocurrency exchange users who can now insure their accounts against cyber threats.

Insurance 63

Insurance Cryptocurrency Cyber threats Marketing 63

Malwarebytes

MARCH 5, 2024

Separately, in September 2023, Malwarebytes discovered a cybercriminal campaign that tricked Mac users into accidentally installing a type of malware that can steal passwords, browser data, cookies, files, and cryptocurrency. Replace “magic” with Malwarebytes Cyberthreats on Mac aren’t non-existent, they’re just different.

Malware 139

Malware Adware Ransomware Social Engineering 139

Malwarebytes

JULY 19, 2022

Hundreds—if not thousands—of WordPress sites remain vulnerable and easily exploited by scammers because of their poor security and the use of weak passwords. However, Akamai researchers believe that socially engineering PayPal users to let them keep giving away their data is what makes this phishing kit successful.

Phishing 107

Phishing Social Engineering Accountability Engineering 107

SecureWorld News

AUGUST 2, 2021

Robinhood is an increasingly popular trading app where you can buy and sell stocks, as well as cryptocurrency. Phishing attempts come via email where scammers use different social engineering tactics to pose as a reputable sender like the IRS, your bank or brokerage firm.

Phishing 81

Phishing Social Engineering Scams Identity Theft 81

Krebs on Security

AUGUST 19, 2020

Allen said a typical voice phishing or “vishing” attack by this group involves at least two perpetrators: One who is social engineering the target over the phone, and another co-conspirator who takes any credentials entered at the phishing page and quickly uses them to log in to the target company’s VPN platform in real-time.

Phishing 353

Phishing VPN Social Engineering Media 353

Security Affairs

AUGUST 6, 2023

” Since at least December 17, 2022, the group has used a new naming pattern for its domains containing keywords related to information technology and cryptocurrency. Some examples are cloudrootstorage[.]com, com, directexpressgateway[.]com, com, storagecryptogate[.]com, com, and pdfsecxcloudroute[.]com.

Phishing 83

Phishing Social Engineering Authentication Cryptocurrency 83

SC Magazine

MAY 12, 2021

Researchers found 167 counterfeit Android and iOS apps that attackers used to steal money from victims who believed they installed a financial trading, banking or cryptocurrency app. Make sure passwords are not the company’s only security control,” Carson said. Photo by Justin Sullivan/Getty Images). Do not make it easy for them.

Scams 62

Scams Cryptocurrency Social Engineering Banking 62

Security Affairs

OCTOBER 20, 2021

Once hijacked the channel, attackers either sell it to the highest bidder or employ it in cryptocurrency scam scheme. “Most of the observed malware was capable of stealing both user passwords and cookies. The hackers used fake collaboration opportunities (i.e.

Accountability 129

Accountability Malware Phishing Social Engineering 129

eSecurity Planet

SEPTEMBER 30, 2021

Underground services are cropping up that are designed to enable bad actors to intercept one-time passwords (OTPs), which are widely used in two-factor authentication programs whose purpose is to better protect customers’ online accounts. Phishing, Social Engineering are Still Problems.

Authentication 101

Authentication Social Engineering Phishing Banking 101

SecureWorld News

JULY 3, 2023

This means that most cyberattacks could be prevented by following simple cybersecurity best practices, such as using strong passwords, updating software, and avoiding phishing emails. According to PurpleSec, 98% of cybercrime relies on social engineering to accomplish it. Phishing emails are more common than you know.

Cybercrime 81

Cybercrime Social Engineering Data breaches Cyber threats 81

eSecurity Planet

SEPTEMBER 14, 2022

Often, a scammer will simply target the people in a company and fool them into giving up their personal details, account passwords, and other sensitive information and gain access that way. Then, we’ll go over the basic, foundational techniques most scammers find themselves using, such as social engineering and phishing.

Social Engineering 115

Social Engineering Energy and Utilities Phishing Scams 115

CyberSecurity Insiders

AUGUST 24, 2022

And security researchers from ESET have discovered that the malware was uploaded to the VirusTotal operated system in Brazil and was targeted by a social engineering attack. North Korea’s Lazarus Group has reportedly designed new ransomware that is being targeted at M1 processors popularly running on Macs and Intel systems.

Ransomware 107

Ransomware Digital transformation Encryption Social Engineering 107

Krebs on Security

APRIL 20, 2023

The decrypted icon files revealed the location of the malware’s control server, which was then queried for a third stage of the malware compromise — a password stealing program dubbed ICONICSTEALER. Researchers at ESET say this job offer from a phony HSBC recruiter on LinkedIn was North Korean malware masquerading as a PDF file.

Malware 266

Malware Software Technology Accountability 266

Security Affairs

AUGUST 6, 2023

Reptile Rootkit employed in attacks against Linux systems in South Korea New PaperCut flaw in print management software exposes servers to RCE attacks A cyberattack impacted operations of multiple hospitals in several US states Married couple pleaded guilty to laundering billions in cryptocurrency stolen from Bitfinex in 2016 Malicious packages in (..)

Malware 82

Malware Cybercrime Cryptocurrency Social Engineering 82

Security Affairs

JUNE 4, 2023

Xplain hack impacted the Swiss cantonal police and Fedpol Zyxel published guidance for protecting devices from ongoing attacks Kimsuky APT poses as journalists and broadcast writers in its attacks New Linux Ransomware BlackSuit is similar to Royal ransomware CISA adds Progress MOVEit Transfer zero-day to its Known Exploited Vulnerabilities catalog (..)

Spyware 91

Spyware Hacking Malware Social Engineering 91

Malwarebytes

APRIL 28, 2021

Trust Wallet is an app used to send, receive, and store Bitcoin along with other cryptocurrencies, including NFTs. With cryptocurrency being so very mainstream at the moment, it’s only natural lots of people are jumping on the bandwagon. No company worth bothering with will ever ask for your password so don’t give them out.

Phishing 123

Phishing Cryptocurrency Accountability Scams 123

CyberSecurity Insiders

NOVEMBER 26, 2021

Ransomware, a piece of code that locks the user out of their machine until a ‘ransom’ (usually a sum of money in cryptocurrency) is paid, looks set to continue to rise in 2022 also. 2) Create strong passwords. SMEs should foster a culture of changing passwords at regular intervals to prevent email accounts from becoming compromised.

Digital transformation 119

Digital transformation Phishing Social Engineering Passwords 119

SecureWorld News

OCTOBER 12, 2021

SecureWorld News just analyzed dozens of pages of court documents to understand this story of the Naval Engineer—an insider—who is accused of going rogue in a high-tech and high-stakes operation. Tools involved digital media, encrypted communication, cryptocurrency, and secret data handoffs. But this took time.

Social Engineering 80

Social Engineering Engineering Encryption Cryptocurrency 80

Security Affairs

SEPTEMBER 2, 2018

The Loki Bot attacks started in July and aimed at stealing passwords from browsers, messaging applications, mail and FTP clients, and cryptocurrency wallets. Loki Bot operators employ various social engineering technique to trick victims into opening weaponized attachments that would deploy the Loki Bot stealer.

Social Engineering 58

Social Engineering Cryptocurrency Advertising Malware 58

SecureWorld News

AUGUST 2, 2022

Sending passwords with each request to the API is not an efficient and secure method. OAuth ('Open Authorization') is an open standard for access delegation, commonly used as a means to grant API access without using the password each time. To understand it intuitively, suppose that you have the color red as your password.

Mobile 76

Mobile Accountability Identity Theft Cryptocurrency 76

Security Affairs

FEBRUARY 27, 2021

Once hijacked a SIM, the attackers can steal money, cryptocurrencies and personal information, including contacts synced with online accounts. The criminals could hijack social media accounts and bypass 2FA services based on SMS used by online services, including financial ones. .

Mobile 93

Mobile Telecommunications Data breaches Identity Theft 93

Identity IQ

FEBRUARY 8, 2024

Transactions on the dark web are typically conducted using cryptocurrencies such as Bitcoin to maintain anonymity. Transactions on the dark web are often carried out with Bitcoin or other cryptocurrencies, which are unregulated and difficult to trace back to the user. Turn on multifactor authentication for all online accounts.

Identity Theft 98

Identity Theft Cryptocurrency Government Engineering 98

Security Affairs

JANUARY 3, 2024

Victims are tricked into installing this fake app under the guise of confirming their OTP (One-Time Password), which is then intercepted and transmitted to a command-and-control (C2C) server managed by the attacker. Utilizing AI-driven bots for advanced social engineering techniques.

Artificial Intelligence 119

Artificial Intelligence Banking Scams Cybercrime 119

CyberSecurity Insiders

APRIL 4, 2023

One method is to directly purchase cryptocurrency or gift cards through websites using stolen credit card information, which is popular for U.S. Nowadays, man-in-the-middle attack phishing techniques have become the mainstream, and one-time-password (OTP) authentication is insufficient to defend against these attacks anymore.

Phishing 67

Phishing Social Engineering Authentication eCommerce 67

SecureList

SEPTEMBER 6, 2022

When downloading the games from untrustworthy sources, players may receive malicious software that can gather sensitive data like login information or passwords from the victim’s device; and in an attempt to download a desired game for free, find a cool mod or cheat, gamers can actually lose their accounts or even money.

Mobile 96

Mobile Passwords Software Accountability 96

SecureList

AUGUST 10, 2022

VileRAT is a Python implant, part of an evasive and highly intricate attack campaign against foreign exchange and cryptocurrency trading companies. Malicious DOCX social engineering message. Meanwhile, in August 2020, we also released a private report on VileRAT to our threat intelligence customers for the first time.

Cryptocurrency 87

Cryptocurrency Encryption Social Engineering Passwords 87

Security Affairs

NOVEMBER 19, 2019

The first half of 2019 saw a 10-fold increase in the number of password-protected objects, such as documents and archive files, being used to deliver malware. In 2017, password-protected archives accounted for only 0.08% of all malicious objects. In 2018, their number grew to 3.6%, while in H1 2019 saw an unusual rise of up to 27.8%.

Ransomware 70

Ransomware Antivirus Malware Banking 70