Cyber Security Informer

Promising Jobs at the U.S. Postal Service, ‘US Job Services’ Leaks Customer Data

Krebs on Security

MAY 2, 2023

A sprawling online company based in Georgia that has made tens of millions of dollars purporting to sell access to jobs at the United States Postal Service (USPS) has exposed its internal IT operations and database of nearly 900,000 customers. and $100 for USPS job coaching services, and receive little if anything in return.

Marketing

Marketing Advertising Scams Telecommunications

Russian Reshipping Service ‘SWAT USA Drop’ Exposed

Krebs on Security

NOVEMBER 2, 2023

The login page for the criminal reshipping service SWAT USA Drop. One of the largest cybercrime services for laundering stolen merchandise was hacked recently, exposing its internal operations, finances and organizational structure. Services like SWAT are known as “Drops for stuff” on cybercrime forums.

Cybercrime

Cybercrime Marketing Scams Retail

Who’s Behind the SWAT USA Reshipping Service?

Krebs on Security

NOVEMBER 6, 2023

Last week, KrebsOnSecurity broke the news that one of the largest cybercrime services for laundering stolen merchandise was hacked recently, exposing its internal operations, finances and organizational structure. Apathyp told the proprietor that his chosen password on the service was “ 12Apathy.” However, in Sept.

Passwords

Passwords Cybercrime Accountability Hacking

Surveillance by the US Postal Service

Schneier on Security

DECEMBER 13, 2023

This is not about mass surveillance of mail , this is about sorts of targeted surveillance the US Postal Inspection Service uses to catch mail thieves : To track down an alleged mail thief, a US postal inspector used license plate reader technology, GPS data collected by a rental car company, and, most damning of all, hid a camera inside one of the (..)

Surveillance

Surveillance Data collection Technology

ERM Program Fundamentals for Success in the Banking Industry

Speaker: William Hord, Senior VP of Risk & Professional Services

This exclusive webinar with William Hord, Senior VP of Risk & Professional Services, will explore the answers to these questions and other foundational elements you need to start or validate your ERM program. Does our bank understand and support the importance of a strong ERM program to continue to position our company for growth?

Banking

US Harbors Prolific Malicious Link Shortening Service

Krebs on Security

OCTOBER 31, 2023

The top-level domain for the United States — US — is home to thousands of newly-registered domains tied to a malicious link shortening service that facilitates malware and phishing scams, new research suggests. A graphic describing the operations of a malicious link shortening service that Infoblox has dubbed “Prolific Puma.”

Phishing

Phishing Telecommunications Malware Scams

Phishers Spoof USPS, 12 Other Natl’ Postal Services

Krebs on Security

OCTOBER 9, 2023

Postal Service (USPS) customers. Here’s a look at an extensive SMS phishing operation that tries to steal personal and financial data by spoofing the USPS, as well as postal services in at least a dozen other countries. A phishing page targeting An Post, the state-owned provider of postal services in Ireland.

Phishing

Phishing Scams Passwords Web Fraud

ICANN Launches Service to Help With WHOIS Lookups

Krebs on Security

DECEMBER 6, 2023

At the end of November 2023, ICANN launched the Registration Data Request Service (RDRS), which is designed as a one-stop shop to submit registration data requests to participating registrars. This video from ICANN walks through how the system works. The RDRS portal.

Phishing

Phishing Internet Internet Scams

DuckDuckGo launches a premium Privacy Pro VPN service

Bleeping Computer

APRIL 11, 2024

DuckDuckGo has launched a new paid-for 3-in-1 subscription service called 'Privacy Pro,' which includes a virtual private network (VPN), a personal data removal service, and an identity theft restoration solution. [.]

VPN

VPN Identity Theft Software

How Preparation and Strategy Can Be Used to Fight and Defeat Any Ransomware Attack

Speaker: Karl Camilleri, Cloud Services Product Manager at phoenixNAP

Through a detailed analysis of major attacks and their consequences, Karl Camilleri, Cloud Services Product Manager at phoenixNAP, will provide you with best practices for attack prevention and recovery. During this session he will cover: Major attacks of 2021. Ransomware growth trends and stats.

Ransomware

Ukrainian military intelligence service hacked the Russian Federal Taxation Service

Security Affairs

DECEMBER 12, 2023

The Ukrainian government’s military intelligence service announced the hack of the Russian Federal Taxation Service (FNS). Hackers of the Main Intelligence Directorate of the Ministry of Defense of Ukraine announced they have compromised the Russian Federal Taxation Service (FNS). ” concludes the statement.

Hacking

Hacking Cyber Attacks Backups Government

The Fall of LabHost: Law Enforcement Shuts Down Phishing Service Provider

Trend Micro

APRIL 17, 2024

On April 18, 2024, the UK’s Metropolitan Police Service and others conducted an operation that succeeded in taking down the Phishing-as-a-Service provider LabHost.

Phishing

Phishing Cyber threats

FBI warns against using unlicensed crypto transfer services

Bleeping Computer

APRIL 25, 2024

The FBI has warned today that using unlicensed cryptocurrency transfer services can result in financial loss if these platforms are taken down by law enforcement. [.]

Cryptocurrency

Best Secure Access Service Edge Platforms in 2024

Tech Republic Security

FEBRUARY 28, 2024

Here are the top Secure Access Service Edge platforms that provide security and network functionality. Find the best SASE solution for your business needs.

Monetization Monitor: Monetization Models and Pricing 2020

Advertiser: Revenera

Customers demand—and suppliers offer—a diverse mix of monetization models for Software and Digital Services related to IoT Devices. However, many suppliers still struggle to get a full view of what’s being used by customers, what is owed to the vendors, and how a product is being used across the customer’s business.

IoT

Cisco warns of large-scale brute-force attacks against VPN services

Bleeping Computer

APRIL 16, 2024

Cisco warns about a large-scale credential brute-forcing campaign targeting VPN and SSH services on Cisco, CheckPoint, Fortinet, SonicWall, and Ubiquiti devices worldwide. [.]

VPN

Global Police Operation Disrupts 'LabHost' Phishing Service, Over 30 Arrested Worldwide

The Hacker News

APRIL 18, 2024

As many as 37 individuals have been arrested as part of an international crackdown on a cybercrime service called LabHost that has been used by criminal actors to steal personal credentials from victims around the world.

Phishing

Phishing Cybercrime Banking

Cisco warns of large-scale brute-force attacks against VPN and SSH services

Security Affairs

APRIL 16, 2024

Cisco Talos warns of large-scale brute-force attacks against a variety of targets, including VPN services, web application authentication interfaces and SSH services.

VPN

VPN Firewall Authentication Hacking

Cisco warns of password-spraying attacks targeting VPN services

Bleeping Computer

MARCH 28, 2024

Cisco has shared a set of recommendations for customers to mitigate password-spraying attacks that have been targeting Remote Access VPN (RAVPN) services configured on Cisco Secure Firewall devices. [.]

VPN

VPN Passwords Firewall

LabHost phishing service with 40,000 domains disrupted, 37 arrested

Bleeping Computer

APRIL 18, 2024

The LabHost phishing-as-a-service (PhaaS) platform has been disrupted in a year-long global law enforcement operation that compromised the infrastructure and arrested 37 suspects, among them the original developer. [.]

Phishing

Law enforcement operation dismantled phishing-as-a-service platform LabHost

Security Affairs

APRIL 18, 2024

An international law enforcement operation led to the disruption of the prominent phishing-as-a-service platform LabHost. An international law enforcement operation, codenamed Nebulae and coordinated by Europol, led to the disruption of LabHost, which is one of the world’s largest phishing-as-a-service platforms.

Phishing

Phishing Cybercrime Passwords Banking

Russia-linked APT29 switched to targeting cloud services

Security Affairs

FEBRUARY 26, 2024

Russia-linked APT29 threat actors have switched to targeting cloud services, according to a joint alert issued by the Five Eyes cybersecurity agencies. In previous campaigns associated with this threat actor, APT29 used brute forcing and password spraying to compromise service accounts. ” reads the joint advisory.

Accountability

Accountability Authentication Passwords Internet

GhostLocker 2.0 Unveiled: Evolving Ransomware-as-a-Service Poses Growing Threat

Penetration Testing

APRIL 18, 2024

This notorious Ransomware-as-a-Service (RaaS) framework, operated by the hacktivist group GhostSec, has undergone a significant evolution. Unveiled: Evolving Ransomware-as-a-Service Poses Growing Threat appeared first on Penetration Testing. Its new... The post GhostLocker 2.0

Penetration Testing

Penetration Testing Ransomware Cybersecurity Malware

New Darcula phishing service targets iPhone users via iMessage

Bleeping Computer

MARCH 27, 2024

A new phishing-as-a-service (PhaaS) named 'Darcula' uses 20,000 domains to spoof brands and steal credentials from Android and iPhone users in more than 100 countries. [.]

Phishing

LA County Health Services: Patients' data exposed in phishing attack

Bleeping Computer

APRIL 25, 2024

County's Department of Health Services, the second-largest public health care system in the United States, disclosed a data breach after patients' personal and health information was exposed in a data breach resulting from a recent phishing attack impacting over two dozen employees. [.]

Phishing

Phishing Data breaches

Toyota Financial Services discloses a data breach

Security Affairs

DECEMBER 11, 2023

Toyota Financial Services (TFS) disclosed a data breach, threat actors had access to sensitive personal and financial data. Toyota Financial Services (TFS) is warning customers it has suffered a data breach that exposed sensitive personal and financial data. ” reads a statement published by the company on its website.

Financial Services

Financial Services Data breaches Identity Theft Banking

Cisco Warns of Global Surge in Brute-Force Attacks Targeting VPN and SSH Services

The Hacker News

APRIL 17, 2024

Cisco is warning about a global surge in brute-force attacks targeting various devices, including Virtual Private Network (VPN) services, web application authentication interfaces, and SSH services, since at least March 18, 2024.

VPN

VPN Authentication

Impact Of COVID-19 On Live Streaming Services

SecureBlitz

MARCH 13, 2024

In this post, we will show you the impact of COVID-19 on live-streaming services. The COVID-19 pandemic has significantly impacted various industries, and the live-streaming services sector is no exception.

Cybersecurity

'Darcula' Phishing Service Unleashes Sophisticated Smishing Attacks

SecureWorld News

APRIL 1, 2024

A new Phishing-as-a-Service (PhaaS) threat called "darcula" is taking advantage of encrypted mobile messaging services to unleash a wave of sophisticated smishing attacks targeting organizations across more than 100 countries. Attackers are always experimenting with new ways to get into people's data," said Savolainen.

Phishing

Phishing Mobile Encryption Technology

Google Podcasts service shuts down in the US next week

Bleeping Computer

MARCH 29, 2024

users have just a few more days to make the transition from Google Podcasts as the company moves forward with the process of discontinuing the service globally. [.]

Software

Q1 2024 Success Services Use Cases

Security Boulevard

MARCH 29, 2024

As part of the Subscription Services team, LogRhythm consultants work with customers to help bolster their defenses against cyberthreats and to improve the effectiveness of their security operations. The post Q1 2024 Success Services Use Cases appeared first on Security Boulevard.

Vulnerability in Popular VPN Software Could Lead to Crashes and Service Disruptions

Penetration Testing

APRIL 15, 2024

A newly discovered vulnerability in Libreswan, a widely used open-source VPN (Virtual Private Network) software, could leave systems open to crashes and potential denial of service attacks, say researchers.

VPN

VPN Penetration Testing Software Risk

Nation-state actors are using AI services and LLMs for cyberattacks

Security Affairs

FEBRUARY 14, 2024

According to a study conducted by Microsoft in collaboration with OpenAI, the two companies identified and disrupted operations conducted by five nation-state actors that abused their AI services to carry out their attacks. ” reads the report published by Microsoft.

Artificial Intelligence

Artificial Intelligence Social Engineering Phishing Engineering

Understanding Malware-as-a-Service

SecureList

JUNE 15, 2023

The Malware-as-a-Service (MaaS) business model emerged as a result of this, allowing malware developers to share the spoils of affiliate attacks and lowering the bar even further. The customer using the service is called an affiliate , and the service itself is called an affiliate program.

Malware

Malware Ransomware Cybercrime Hacking

Scale Your Security with vCISO as a Service

Security Boulevard

APRIL 14, 2024

This is where […] The post Scale Your Security with vCISO as a Service appeared first on WeSecureApp :: Simplifying Enterprise Security. The post Scale Your Security with vCISO as a Service appeared first on Security Boulevard.

Cybersecurity

Jira down: Atlassian outage affecting multiple cloud services

Bleeping Computer

JANUARY 18, 2024

Users of Jira Work management, Jira Software, Jira Service Management and Jira Product Discovery are facing connection issues. [.] Multiple Atlassian Jira products are experiencing an ongoing outage as of this morning.

Software

Software Technology

Elevating Privileges with Azure Site Recovery Services

NetSpi Technical

MARCH 28, 2024

This prompted further investigation in which we were able to determine that the vulnerability was caused by the Microsoft-managed Azure Site Recovery service. Requirements The Azure Site Recovery service is not enabled by default. This Runbook is hidden from the end user since it’s created by the managed service (ASR).

Penetration Testing

Penetration Testing Accountability Authentication

ADOKit: Azure DevOps Services Attack Toolkit

Penetration Testing

JANUARY 31, 2024

ADOKit Azure DevOps Services Attack Toolkit – ADOKit is a toolkit that can be used to attack Azure DevOps Services by taking advantage of the available REST API. The tool allows the user to... The post ADOKit: Azure DevOps Services Attack Toolkit appeared first on Penetration Testing.

Penetration Testing

Lithuania security services warn of China’s espionage against the country

Security Affairs

MARCH 10, 2024

A report published by Lithuanian security services warned that China has escalated its espionage operations against Lithuania. A report released by Lithuanian security services has cautioned that China has intensified espionage activities targeting Lithuania. ” reads the report published by Lithuanian security services.

Government

Government Hacking Information Security

CISA to Provide Cybersecurity Services to Critical Infrastructure Entities

Security Boulevard

NOVEMBER 20, 2023

The federal government’s top cybersecurity agency wants to become the managed services provider for commercial critical infrastructure entities, which have become an increasing target of cybercriminals. The post CISA to Provide Cybersecurity Services to Critical Infrastructure Entities appeared first on Security Boulevard.

Cybersecurity

Cybersecurity IoT Ransomware Malware

INC Ransom stole 3TB of data from the National Health Service (NHS) of Scotland

Security Affairs

MARCH 27, 2024

The INC Ransom extortion group hacked the National Health Service (NHS) of Scotland and is threatening to leak three terabytes of alleged stolen data. The INC Ransom extortion gang added the National Health Service (NHS) of Scotland to the list of victims on its Tor leak site. “3 terabytes of data will be published soon.

Healthcare

Healthcare Government Hacking Cybercrime

Sophisticated Linux Malware Campaign Targets Misconfigured Cloud Services

Penetration Testing

MARCH 6, 2024

Cado Security Labs’ recent discovery exposed a complex malware campaign zeroing in on Linux servers misconfigured with popular cloud services.

Penetration Testing

Penetration Testing Malware

Best VPN services for SMBs

Tech Republic Security

JULY 18, 2022

Here's how leading VPN services for SMBs compare. The post Best VPN services for SMBs appeared first on TechRepublic. VPNs are an essential component in small and medium-sized businesses' cybersecurity toolkit.

VPN

VPN Cybersecurity Network Security

Cyberattack disrupted services at Omni Hotels & Resorts

Security Affairs

APRIL 5, 2024

A cyberattack hit Omni Hotels & Resorts disrupting its services and forcing the company to shut down its systems. It offers upscale accommodations, amenities, and services primarily targeting business and leisure travelers. Since Friday, March 29, Omni Hotels & Resorts has been responding to a cyberattack on its systems.

Cyber Attacks

Cyber Attacks Hacking Cybersecurity Ransomware

Promising Jobs at the U.S. Postal Service, ‘US Job Services’ Leaks Customer Data

Russian Reshipping Service ‘SWAT USA Drop’ Exposed

Trending Sources

Who’s Behind the SWAT USA Reshipping Service?

Surveillance by the US Postal Service

ERM Program Fundamentals for Success in the Banking Industry

US Harbors Prolific Malicious Link Shortening Service

Phishers Spoof USPS, 12 Other Natl’ Postal Services

ICANN Launches Service to Help With WHOIS Lookups

DuckDuckGo launches a premium Privacy Pro VPN service

How Preparation and Strategy Can Be Used to Fight and Defeat Any Ransomware Attack

Ukrainian military intelligence service hacked the Russian Federal Taxation Service

The Fall of LabHost: Law Enforcement Shuts Down Phishing Service Provider

FBI warns against using unlicensed crypto transfer services

Best Secure Access Service Edge Platforms in 2024

Monetization Monitor: Monetization Models and Pricing 2020

Cisco warns of large-scale brute-force attacks against VPN services

Global Police Operation Disrupts 'LabHost' Phishing Service, Over 30 Arrested Worldwide

Cisco warns of large-scale brute-force attacks against VPN and SSH services

Cisco warns of password-spraying attacks targeting VPN services

LabHost phishing service with 40,000 domains disrupted, 37 arrested

Law enforcement operation dismantled phishing-as-a-service platform LabHost

Russia-linked APT29 switched to targeting cloud services

GhostLocker 2.0 Unveiled: Evolving Ransomware-as-a-Service Poses Growing Threat

New Darcula phishing service targets iPhone users via iMessage

LA County Health Services: Patients' data exposed in phishing attack

Toyota Financial Services discloses a data breach

Cisco Warns of Global Surge in Brute-Force Attacks Targeting VPN and SSH Services

Impact Of COVID-19 On Live Streaming Services

'Darcula' Phishing Service Unleashes Sophisticated Smishing Attacks

Google Podcasts service shuts down in the US next week

Q1 2024 Success Services Use Cases

Vulnerability in Popular VPN Software Could Lead to Crashes and Service Disruptions

Nation-state actors are using AI services and LLMs for cyberattacks

Understanding Malware-as-a-Service

Scale Your Security with vCISO as a Service

Jira down: Atlassian outage affecting multiple cloud services

Elevating Privileges with Azure Site Recovery Services

ADOKit: Azure DevOps Services Attack Toolkit

Lithuania security services warn of China’s espionage against the country

CISA to Provide Cybersecurity Services to Critical Infrastructure Entities

INC Ransom stole 3TB of data from the National Health Service (NHS) of Scotland

Sophisticated Linux Malware Campaign Targets Misconfigured Cloud Services

Best VPN services for SMBs

Cyberattack disrupted services at Omni Hotels & Resorts

Stay Connected