Hot for Security

MARCH 2, 2021

Although email phishing and fraudulent websites are not a new threat to the digital community, the attack vectors deployed by scammers have become more diverse and sophisticated. While some may be harmless, consisting of ads from retailers, criminals also use emails in mass-market phishing campaigns. A daily dose of spam.

Scams 116

Scams Identity Theft Banking Phishing 116

Adam Levin

JULY 8, 2020

What would happen if you typed in “Amazon,” the corresponding domain popped up, and you clicked, but instead of finding the world’s largest online retailer, you landed on a 1980s WarGames-themed page with a laughing skull? A prospective client or customer types your company name and their browser does the rest.

Hacking 130

Hacking Retail Cyber Insurance Authentication 130

Malwarebytes

JANUARY 9, 2023

Digging further into the skimmer's infrastructure on Russian-based hosting provider DDoS-Guard, we came across a digital crime haven for cryptocurrency scams, Bitcoin mixers, malware distribution sites and much more. We should note that the sites we found injected with this skimmer had nothing to do with cryptocurrencies themselves.

DDOS 79

DDOS Scams Cryptocurrency Phishing 79

Krebs on Security

AUGUST 16, 2018

An entrepreneur and virtual currency investor is suing AT&T for $224 million, claiming the wireless provider was negligent when it failed to prevent thieves from hijacking his mobile account and stealing millions of dollars in cryptocurrencies. On June 11, 2017, Terpin’s phone went dead. A copy of his complaint is here (PDF).

Mobile 230

Mobile Cryptocurrency Accountability Authentication 230

Malwarebytes

OCTOBER 27, 2023

In a security blog about Octo Tempest Microsoft states: “Octo Tempest monetized their intrusions in 2022 by selling SIM swaps to other criminals and performing account takeovers of high-net-worth individuals to steal their cryptocurrency.”

Social Engineering 94

Social Engineering Engineering Ransomware Backups 94

Krebs on Security

AUGUST 7, 2018

Police in Florida have arrested a 25-year-old man accused of being part of a multi-state cyber fraud ring that hijacked mobile phone numbers in online attacks that siphoned hundreds of thousands of dollars worth of bitcoin and other cryptocurrencies from victims.

Mobile 207

Mobile Cryptocurrency Scams Computers and Electronics 207

SecureList

NOVEMBER 22, 2022

Cryptocurrency targeted attacks. The cryptocurrency business continues to grow, and people continue to invest their money in this market because it’s a digital asset and all transactions occur online. More cryptocurrency-related threats: fake hardware wallets, smart contract attacks, DeFi hacks, and more.

Cryptocurrency 92

Cryptocurrency Mobile Ransomware Banking 92

SecureList

NOVEMBER 23, 2021

We should expect more fraud, targeting mostly BTC , because this cryptocurrency is the most popular. In fact, from January through the end of October, Kaspersky detected more than 2,300 fraudulent global resources aimed at 85,000 potential crypto investors or users who are interested in cryptocurrency mining. Extortion on the rise.

Cryptocurrency 112

Cryptocurrency Banking Cybercrime Ransomware 112

Security Affairs

JULY 6, 2020

North Korea-linked Lazarus APT has been stealing payment card data from customers of large retailers in the U.S. Sansec researchers reported that North Korea-linked Lazarus APT group has been stealing payment card information from customers of large retailers in the U.S. and Europe for at least a year. and Europe for at least a year.

Retail 96

Retail Advertising Malware Cryptocurrency 96

Security Affairs

NOVEMBER 14, 2021

Hundreds of thousands of fake warnings of cyberattacks sent from a hacked FBI email server GravityRAT returns disguised as an end-to-end encrypted chat app Intel and AMD address high severity vulnerabilities in products and drivers New evolving Abcbot DDoS botnet targets Linux systems Retail giant Costco discloses data breach, payment card data exposed (..)

Spyware 53

Spyware Data breaches Ransomware Retail 53

Digital Shadows

FEBRUARY 2, 2023

Whether you’re a crypto-skeptic or a crypto-maximalist, it cannot be denied that the mostly unregulated cryptocurrency ecosystem is no stranger to fraud. It has links to multiple types of cyber crime, including ransomware, carding, phishing, and malware development.

Scams 40

Scams Cryptocurrency Marketing Advertising 40

Malwarebytes

DECEMBER 12, 2022

Insecure stores, whether compromised as part of an inside job or a phishing attack, are a big problem for both buyers and the store itself when the attack comes to light. From ATO Deputy Commissioner John Ford : These dodgy sales suppression tools allow retailers to keep a separate set of books and launder the money in one transaction.

Software 76

Software Retail Cryptocurrency Phishing 76

Security Affairs

JANUARY 13, 2019

Proofpoint analyzed two strains of malware tracked as ServHelper and FlawedGrace distributed through phishing campaigns by the TA505 crime gang. Security researchers at Proofpoint researchers discovered two strains of malware tracked as ServHelper and FlawedGrace distributed through phishing campaigns by the TA505 crime gang.

Malware 91

Malware DNS Financial Services Retail 91

Appknox

JUNE 23, 2022

The lockdowns have made on-demand retail and mCommerce a permanent fixture among Australian users who share their transaction details without any qualms. Cryptocurrency and NFT attacks are rising as decentralized finance, and digital art assets become sophisticated socially engineered threats.

Social Engineering 92

Social Engineering Mobile Scams Engineering 92

SiteLock

JANUARY 13, 2022

For premium components, you need to check with the retailer or developer to see if there are updates and then apply them if you are not able to update them from within the CMS. For basic CMS sites (like a WordPress blog), you can use built-in admin functions to identify any out-of-date components and upgrade them.

Cryptocurrency 52

Cryptocurrency Phishing Software System Administration 52

Krebs on Security

DECEMBER 29, 2022

You just knew 2022 was going to be The Year of Crypto Grift when two of the world’s most popular antivirus makers — Norton and Avira — kicked things off by installing cryptocurrency mining programs on customer computers. The now-defunct and always phony cryptocurrency trading platform xtb-market[.]com,

Cryptocurrency 233

Cryptocurrency Cybercrime Computers and Electronics Scams 233

Krebs on Security

JULY 29, 2021

TARGETED PHISHING. But the more insidious threat with hacked databases comes not from password re-use but from targeted phishing activity in the early days of a breach, when relatively few ne’er-do-wells have got their hands on a hot new hacked database. The targeted phishing message that went out to classicfootballshirts.co.uk

Passwords 356

Passwords Password Management Phishing Scams 356

SecureList

JUNE 7, 2023

Mobile statistics Targeted attacks BlueNoroff introduces new methods bypassing MotW At the close of 2022, we reported the recent activities of BlueNoroff , a financially motivated threat actor known for stealing cryptocurrency. However, in the recent campaign, the attackers used a Trojanized version of the Tor Browser to steal cryptocurrency.

DNS 101

DNS Malware Cryptocurrency Retail 101

SecureList

OCTOBER 20, 2021

The industries affected included everything from IT to retail, from oil and gas to healthcare. This way, with attackers switching to distributing malicious files via phishing emails, it has become more difficult to track the version of the user’s software, or how far the attack went. But our visibility showed otherwise.

Cybercrime 140

Cybercrime Banking Malware Ransomware 140

Krebs on Security

NOVEMBER 6, 2018

that has been tracking down individuals engaged in unauthorized “SIM swaps” — a complex form of mobile phone fraud that is often used to steal large amounts of cryptocurrencies and other items of value from victims. SIM swapping attacks primarily target individuals who are visibly active in the cryptocurrency space.

Mobile 238

Mobile Cryptocurrency Accountability Passwords 238

SecureList

DECEMBER 1, 2023

The attackers use the reverse shell to deploy a Bash stealer that collects data such as system information, browsing history, saved passwords, cryptocurrency wallet files and credentials for cloud services (AWS, Google Cloud, Oracle Cloud Infrastructure, Azure). Otherwise, the reverse shell is created by the crond backdoor itself.

Malware 98

Malware Ransomware Encryption Energy and Utilities 98

eSecurity Planet

FEBRUARY 16, 2021

Attackers often use botnets to send out spam or phishing campaigns to carry out distributed denial of service (DDoS) attacks. CISA reported that LokiBot “employs Trojan malware to steal sensitive information such as usernames, passwords, cryptocurrency wallets, and other credentials.” Phishing and Social Engineering.

Malware 104

Malware Adware Spyware Antivirus 104

Elie

MAY 30, 2018

A very recent example of such behavior is the rise of abusing cloud services such as Google Cloud to mine cryptocurrencies in response to the surge of bitcoin price late 2017. bought from very few retailers—created a host of anomalies that were detected by the lottery organization. bitcoin prices. Obviously, this.

Accountability 107

Accountability Artificial Intelligence Engineering Retail 107

Elie

MAY 30, 2018

A very recent example of such behavior is the rise of abusing cloud services such as Google Cloud to mine cryptocurrencies in response to the surge of bitcoin price late 2017. bought from very few retailers—created a host of anomalies that were detected by the lottery organization. bitcoin prices. Obviously, this.

Accountability 91

Accountability Artificial Intelligence Engineering Retail 91

Spinone

JANUARY 20, 2020

Key Information About Ransomware Ransomware is in the top-five threats in all fields and the second biggest cybersecurity threat in the retail business. The most preferred method of ransom payment is cryptocurrency because it is hard to track. Most antiviruses don’t protect against ransomware.

Ransomware 59

Ransomware Encryption Antivirus Backups 59