Security Affairs

MAY 6, 2023

Twitter confirmed that a security incident publicly exposed Circle tweets FBI seized other domains used by the shadow eBook library Z-Library WordPress Advanced Custom Fields plugin XSS exposes +2M sites to attacks Fortinet fixed two severe issues in FortiADC and FortiOS Pro-Russia group NoName took down multiple France sites, including the French (..)

Data breaches 94

Data breaches Malware Mobile Spyware 94

Security Affairs

SEPTEMBER 3, 2022

Google rolled out emergency fixes to address actively exploited Chrome zero-day Samsung discloses a second data breach this year The Prynt Stealer malware contains a secret backdoor. users China-linked APT40 used ScanBox Framework in a long-running espionage campaign Russian streaming platform Start discloses a data breach impacting 7.5M

Data breaches 67

Data breaches Malware Surveillance Ransomware 67

Security Affairs

APRIL 19, 2020

PaloAlto Networks experts warn of malicious Coronavirus themed phishing campaigns targeting government and medical organizations. April 17 – Gmail blocked 18 Million phishing and malware emails using COVID-19 lures in a week. Below a list of attacks detected this week.

Scams 104

Scams Malware Phishing Surveillance 104

SiteLock

AUGUST 27, 2021

Protect your website from hackers and cybercrime. There will be no #DigitalIndia until and unless government of India stops their surveillance projects & make their systems secure.”. This latest WikiLeaks disclosure was followed by the website’s recent releases about the surveillance of U.S.

Cybersecurity 52

Cybersecurity Surveillance Cyber Attacks Government 52

Krebs on Security

AUGUST 5, 2019

This story is about how crooks increasingly are abusing third-party financial aggregation services like Mint , Plaid , Yodlee , YNAB and others to surveil and drain consumer accounts online. “If the account is active, hackers then can go to the next stage for 2FA phishing or social engineering, or linking the accounts with another.”

Banking 257

Banking Passwords Risk Password Management 257

Malwarebytes

SEPTEMBER 14, 2022

These messages run the usual range of phishing and fraudulent transaction attempts. This is enough to have Senators calling for “tougher measures” on cybercrime. More than 1 billion suspicious messages and spam texts have been sent in the Philippines in 2022 so far.

Media 67

Media Surveillance Cybercrime Accountability 67

Security Affairs

APRIL 23, 2023

Abandoned Eval PHP WordPress plugin abused to backdoor websites CISA adds MinIO, PaperCut, and Chrome bugs to its Known Exploited Vulnerabilities catalog At least 2 critical infrastructure orgs breached by North Korea-linked hackers behind 3CX attack American Bar Association (ABA) suffered a data breach,1.4

Spyware 73

Spyware Ransomware Malware Data breaches 73

SC Magazine

MARCH 10, 2021

A hacking collective compromised roughly 150,000 internet-connected surveillance cameras from Verkada, Inc., Hacktivist Tillie Kottmann is reportedly among those asserting responsibility for the incident, telling Bloomberg that their act helped expose the security holes of modern-day surveillance platforms.

Surveillance 129

Surveillance IoT Accountability Passwords 129

SecureWorld News

AUGUST 8, 2022

Remcos, short for Remote Control and Surveillance, was leveraged by malicious cyber actors conducting mass phishing campaigns during the COVID-19 pandemic to steal personal data and credentials. Remcos Remcos is marketed as a legitimate software tool for remote management and penetration testing.

Malware 85

Malware Banking Healthcare Penetration Testing 85

Security Affairs

AUGUST 4, 2018

Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. . · Google introduced G Suite alerts for state-sponsored attacks. · Hundreds of thousands MikroTik Routers involved in massive Coinhive cryptomining campaign. · Industrial Sector targeted in surgical spear-phishing attacks. Pierluigi Paganini.

Cryptocurrency 41

Cryptocurrency Data breaches Spyware Surveillance 41

SecureList

NOVEMBER 26, 2021

The attackers obtain initial access to a system by sending a spear-phishing email to the victim containing a Dropbox download link. In July, the Spanish Ministry of the Interior announced the arrest of 16 people connected to the Grandoreiro and Melcoz (aka Mekotio) cybercrime groups. FinSpy: analysis of current capabilities.

Malware 101

Malware Banking Energy and Utilities Accountability 101

eSecurity Planet

DECEMBER 19, 2023

Cybercrime will go to the next level: Cyberattackers will implement improved skills, “shift left” attacks, and shifting strategies to adjust to evolving cyberdefense. AI-Powered Cybercrime Despite the advancements in using AI to improve security, cybercriminals also have access to AI and LLMs.

Cybersecurity 140

Cybersecurity CISO Government Technology 140

Krebs on Security

NOVEMBER 15, 2022

Wanted Ukrainian cybercrime suspect Vyacheslav “Tank” Penchukov (right) was arrested in Geneva, Switzerland. Ultimately, Penchukov’s political connections helped him evade prosecution by Ukrainian cybercrime investigators for many years. This was enough to positively identify Tank as Penchukov, Warner said.

Banking 276

Banking Small Business Accountability Cybercrime 276

Security Affairs

APRIL 2, 2023

LockBit leaks data stolen from the South Korean National Tax Service Italy’s Data Protection Authority temporarily blocks ChatGPT over privacy concerns CISA adds bugs exploited by commercial surveillance spyware to Known Exploited Vulnerabilities catalog Hackers are actively exploiting a flaw in the Elementor Pro WordPress plugin Cyber Police of Ukraine (..)

Spyware 86

Spyware Surveillance Artificial Intelligence Data breaches 86

SecureList

NOVEMBER 29, 2021

The victim was infected by PowerShell malware and we discovered evidence that the actor had already stolen data from the victim and had been surveilling this victim for several months. Spear-phishing document. After a Facebook conversation, the potential target received a spear-phishing email from the actor. Modified time.

Surveillance 131

Surveillance Malware Phishing Encryption 131

Security Affairs

NOVEMBER 29, 2019

The group’s distinctive features are the high quality of their phishing attacks and the use of legitimate services, which makes it very difficult to detect its malicious activity in companies’ infrastructures. Silence reduced the use of phishing mail-outs, instead purchasing access to targeted banks from other groups (in particular TA505).

Banking 84

Banking Telecommunications Marketing Internet 84

SecureList

APRIL 27, 2022

We found overlaps in the infrastructure used by a tunneling tool used by the actor and several possible phishing websites set up within the above time frame. The attack targets victims with spear-phishing emails containing malicious OOXML files.

Malware 137

Malware Firmware Government Phishing 137

Security Affairs

FEBRUARY 20, 2022

Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini. SecurityAffairs – hacking, newsletter). The post Security Affairs newsletter Round 354 appeared first on Security Affairs.

Banking 85

Banking Spyware Surveillance Ransomware 85

SecureList

OCTOBER 17, 2023

This strategic shift signals its intent to intensify its surveillance capabilities and expand its range of targets. The initial attack vector was a phishing email disguised as an email from a government entity or service. The group targets its victims by sending spear-phishing emails with Microsoft Office documents attached.

Government 118

Government Malware VPN Manufacturing 118

Krebs on Security

NOVEMBER 6, 2018

The force was originally created to tackle a range of cybercrimes, but Tarazi says SIM swappers are a primary target now for two reasons. In this case, the victim didn’t download malware or fall for some stupid phishing email. Samy Tarazi is a sergeant with the Santa Clara County Sheriff’s office and a REACT supervisor.

Mobile 243

Mobile Cryptocurrency Accountability Passwords 243

eSecurity Planet

OCTOBER 26, 2021

The Russian-based cybercrime group responsible for the high-profile attack on software maker SolarWinds last year is continuing to take aim at the global supply chain, according to a warning issued by Microsoft this week. 19 that they had been attacked a total of 22,868 times. See also: Best Third-Party Risk Management (TPRM) Tools of 2021.

Government 120

Government Cybercrime Accountability Software 120

eSecurity Planet

OCTOBER 21, 2022

The method of infection can vary from attack to attack and can include social engineering strategies, such as phishing and email spoofing , or a fraudulent website masquerading as legitimate, among others.

Malware 75

Malware Adware Spyware Antivirus 75

SecureList

JULY 29, 2021

We have designated it as a new threat actor and named it “HotCousin” The attacks began with a spear-phishing email which led to an ISO file container being stored on disk and mounted. Previous activity also connected with this group relied heavily on spear-phishing and Cobalt Strike throughout 2020.

Malware 144

Malware Phishing Password Management Social Engineering 144

SecureList

NOVEMBER 14, 2023

A creative avenue for threat actors is to expand their surveillance efforts to include devices such as smart home cameras, connected car systems and beyond. Spear-phishing to expand with accessible generative AI Chatbots and generative AI tools are now widespread and easily accessible.

Hacking 119

Hacking Energy and Utilities Media Malware 119

Security Affairs

DECEMBER 10, 2023

Will Enable Mass Spying Reddit Says Leaked U.S.-U.K. billion personal records compromised by data breaches in past two years — underscoring need for end‑to‑end encryption Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, newsletter)

Data breaches 88

Data breaches Ransomware Hacking Financial Services 88