menu
techminis

A naukri.com initiative

google-web-stories
Home

>

Cyber Crime News

Cyber Crime News

source image

Dataprivacyandsecurityinsider

2d

read

212

img
dot

Image Credit: Dataprivacyandsecurityinsider

CISA Issues Alert on Potential Legacy Oracle Cloud Compromise

  • The Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert regarding a potential legacy Oracle Cloud compromise.
  • The compromise involved the exfiltration of data from the Oracle Identity Manager database, including user emails, hashed passwords, and usernames.
  • The threat actor has shared data from the incident with BleepingComputer and posted newer records on a hacking forum.
  • CISA's guidance emphasizes the risks associated with compromised credentials and provides recommendations to reduce these risks.

Read Full Article

like

12 Likes

source image

TechCrunch

2d

read

249

img
dot

Image Credit: TechCrunch

Florida draft law mandating encryption backdoors for social media accounts billed ‘dangerous and dumb’

  • A Florida draft bill called "Social Media Use by Minors" (SB 868) has cleared a key legislative hurdle.
  • The bill would require social media platforms to provide encryption backdoors for law enforcement to access user accounts.
  • Opponents argue that weakening encryption compromises user privacy and could lead to data breaches.
  • Tech companies, including Apple, Google, and Meta, are increasingly encrypting user data to protect privacy.

Read Full Article

like

14 Likes

source image

Securityaffairs

2d

read

316

img
dot

Image Credit: Securityaffairs

Node.js malvertising campaign targets crypto users

  • Microsoft warns of a malvertising campaign using Node.js to deliver info-stealing malware via fake crypto trading sites like Binance and TradingView.
  • Threat actors are increasingly using Node.js to deploy malware, bypass security tools, and persist in systems.
  • In these attacks, malvertising is used to lure users to fake sites, and once executed, a malicious DLL collects system data and delivers further payloads.
  • Microsoft has provided recommendations to mitigate threats related to the misuse of Node.js.

Read Full Article

like

19 Likes

source image

Hackernoon

3d

read

208

img
dot

Image Credit: Hackernoon

SquareX To Uncover Data Splicing Attacks At BSides San Francisco, A Major DLP Flaw

  • SquareX researchers Jeswin Mathai and Audrey Adeline will present data splicing attack techniques at BSides San Francisco 2025, bypassing major DLP vendors through browser vulnerabilities.
  • Data breaches can lead to IP loss, fines, and reputational damage, with browsers being a prime target due to the shift of data storage to the cloud.
  • Browser-related challenges include data lineage management, multiple SaaS apps, and unauthorized software installations by employees.
  • Data splicing attacks exploit newer browser features, evading traditional DLP solutions and posing serious threats to organizations using browsers.
  • SquareX will release an open-source toolkit, 'Angry Magpie', for testing DLP stacks against data splicing attacks after the BSides San Francisco presentation.
  • The research aims to raise awareness about browser vulnerabilities and prompt enterprises and vendors to enhance their data loss protection strategies.
  • Speakers Jeswin Mathai and Audrey Adeline will also present at RSAC 2025 and offer further insights at Booth S-2361, South Expo.
  • SquareX's Chief Architect Jeswin Mathai has a history of presenting at renowned cybersecurity events and creating popular open-source projects.
  • Researcher Audrey Adeline heads the Year of Browser Bugs project at SquareX, focusing on disclosing critical browser vulnerabilities.
  • SquareX's Browser Detection and Response (BDR) helps organizations defend against web attacks targeting employees in real-time.

Read Full Article

like

12 Likes

source image

Securityaffairs

3d

read

280

img
dot

Image Credit: Securityaffairs

Chinese Android phones shipped with malware-laced WhatsApp, Telegram apps

  • Cheap Chinese Android phones are being shipped with trojanized WhatsApp and Telegram clones designed to steal cryptocurrencies through address swapping.
  • The campaign targets low-end phones resembling well-known models and embeds malware in pre-installed apps.
  • Attackers spoof device specifications to make phones appear as Android 14 with better hardware, fooling users and apps.
  • The malware, dubbed Shibai, uses hidden modules to hijack updates, replace crypto wallet addresses, and exfiltrate chat data.

Read Full Article

like

16 Likes

source image

Securityaffairs

3d

read

237

img
dot

Image Credit: Securityaffairs

Cyber Threats Against Energy Sector Surge as Global Tensions Mount

  • Rising cyberattacks on the energy sector, linked to large-scale campaigns targeting national infrastructure for geopolitical aims, have been identified.
  • Cybersecurity experts warn about the increase in targeted cyberattacks against enterprises in the energy sector worldwide.
  • The vulnerability of American power grids to cyberattacks is a growing concern, as the number of susceptible points in electrical networks continues to increase.
  • Technological advancements, such as cloud adoption and AI integration, have further increased cyber-risk scenarios for the energy sector.

Read Full Article

like

14 Likes

source image

Medium

4d

read

397

img
dot

Image Credit: Medium

Phishing: You Know What It Is But Will You Know When It Happens To You?

  • Phishing scams have become increasingly sophisticated, imitating the familiar logos and login pages of legitimate companies.
  • Scammers use various tactics to create a sense of urgency, like freezing accounts, fake tax refunds, or threatening arrest.
  • People, including children, are vulnerable to scams and phishing attempts, particularly when distracted or enticed by promises of gaming benefits.
  • To stay safe, it's crucial not to enter personal information unless the authenticity of the sender has been firmly validated.

Read Full Article

like

23 Likes

source image

Siliconangle

1d

read

137

img
dot

Image Credit: Siliconangle

What to expect during RSAC 2025: Join theCUBE April 28-May 1

  • Cybersecurity is crucial in the digital era as AI adoption exposes vulnerabilities, highlighted at RSAC 2025 in San Francisco.
  • Enterprises are adopting AI, but facing cybersecurity blind spots especially in securing data and applications.
  • TheCUBE will cover RSAC 2025 from April 28-May 1, discussing cloud security advancements and AI's impact on cybersecurity.
  • AI's role in cybersecurity will be a key topic, with growth seen in enterprise AI & machine learning leading to new threat scenarios.
  • Concern grows around AI supply chain vulnerabilities, with more focus needed on vetting suppliers and security stack consolidation.
  • RSAC sessions will cover AI governance, challenges posed by generative AI, and the evolving cybersecurity threat landscape.
  • The need for AI and automation in combating AI-driven cyber threats is emphasized by industry experts like Dave Vellante.
  • TheCUBE's coverage of RSAC 2025 will provide insights into cybersecurity challenges, AI integration, and supply chain issues.
  • Audiences can watch theCUBE's event coverage on-demand and engage with leading voices in enterprise tech at RSAC 2025.
  • Various platforms like YouTube and SiliconANGLE offer ways to watch theCUBE's interviews and podcasts from RSAC 2025.

Read Full Article

like

8 Likes

source image

Securityaffairs

2d

read

46

img
dot

Image Credit: Securityaffairs

Entertainment venue management firm Legends International disclosed a data breach

  • Legends International disclosed a data breach from November 2024 that affected employees and visitors to its managed venues.
  • Legends International is a global leader in sports and entertainment venue management, specializing in delivering comprehensive solutions for stadiums, arenas, and attractions.
  • On November 9, 2024, Legends International detected unauthorized activity on its IT systems, took action to stop it, and launched an investigation with the help of external cybersecurity experts.
  • The company confirmed that a review is underway to determine if personal data was involved and is offering 24 months of free Experian IdentityWorks as a precaution.

Read Full Article

like

2 Likes

source image

Securityaffairs

2d

read

263

img
dot

Image Credit: Securityaffairs

China-linked APT Mustang Panda upgrades tools in its arsenal

  • China-linked APT group Mustang Panda deployed a new custom backdoor, MQsTTang, in recent attacks targeting Europe, Asia, and Australia.
  • The APT group has been active since at least 2012, targeting American and European entities as well as Asian countries.
  • Recent campaigns of APT Mustang Panda utilized European Union reports on the conflict in Ukraine as lures to deploy malware.
  • The group has introduced new tools such as MQsTTang backdoor, StarProxy lateral movement tool, and several keyloggers for enhanced stealth and functionality.

Read Full Article

like

15 Likes

source image

Cybersecurity-Insiders

3d

read

155

img
dot

Zoom Video Conferencing App down by DDoS Attack

  • Zoom, the widely popular video conferencing platform, experienced a significant outage due to a DDoS cyber-attack.
  • The attack was global in nature and was claimed by the hacking group Dark Storm.
  • The Zoom service was down for a brief period, but services were rapidly restored.
  • Zoom's recent security incident highlights the need for continuous improvement in digital security.

Read Full Article

like

9 Likes

source image

Silicon

3d

read

68

img
dot

Image Credit: Silicon

China Names US Operatives For Alleged Cyberattacks

  • China has publicly named three US citizens accused of carrying out cyberattacks on Chinese infrastructure.
  • China alleged that the US operatives worked through the National Security Agency (NSA).
  • The attacks targeted the systems managing the Asian Games and critical infrastructure in Heilongjiang province.
  • China has expressed concerns and urged the US to adopt a responsible attitude on cybersecurity issues.

Read Full Article

like

4 Likes

source image

Silicon

3d

read

76

img
dot

Image Credit: Silicon

AI in Cybersecurity: Double-Edged Sword or Game-Changer?

  • AI is reshaping cybersecurity, providing defenders with enhanced detection capabilities and automating incident responses.
  • However, cybercriminals are leveraging AI for more sophisticated attacks, including AI-enhanced phishing and voice deepfakes.
  • Generative AI tools are enabling cybercriminals to conduct reconnaissance, automate malware development, and mimic individuals convincingly.
  • Despite the advancements in AI-driven attacks, AI is also being used by defenders to detect abnormal patterns and automate low-level threat responses.
  • AI-driven tools like GenAI are assisting security teams in SIEM rule generation and identifying vulnerabilities before hackers exploit them.
  • While AI enhances cybersecurity, it comes with limitations such as data bias, false positives, and the inability to comprehend intent without human oversight.
  • Concerns regarding privacy, bias, and ethical use of AI in cybersecurity highlight the importance of human judgment in tandem with AI systems.
  • Organizations deploying AI for security must prioritize transparency, data privacy, and human accountability in decision-making processes.
  • When selecting AI-based cybersecurity tools, organizations should prioritize native AI solutions, question vendors on model training and explainability, and assess integration capabilities.
  • AI's impact on cybersecurity is a high-stakes game, where thoughtful integration with human expertise can be a force multiplier in staying ahead of evolving cyber threats.

Read Full Article

like

4 Likes

source image

Securityaffairs

4d

read

185

img
dot

Image Credit: Securityaffairs

Government contractor Conduent disclosed a data breach

  • Conduent, a business services provider, disclosed a data breach to the SEC.
  • The cyberattack, which occurred in January, resulted in the theft of personal data including names and Social Security numbers.
  • The company has restored operations and is investigating the full impact of data exfiltration, while notifying affected clients.
  • No major operational impact was reported, but Conduent incurred costs for notifications and holds cyber insurance.

Read Full Article

like

11 Likes

source image

Cybersecurity-Insiders

4d

read

193

img
dot

Crafty Threat Actors Unleash Ingenious Phishing Ploys

  • Crafty threat actors and scammers deploy various ingenious phishing tactics to deceive individuals and organizations.
  • A tax-themed phishing campaign uses Microsoft Common Console document files to deliver malicious payloads and exploit victims.
  • Gamers are targeted with fake game beta test messages, leading to the extraction of sensitive information through infostealers.
  • Amazon Prime customers face phishing emails pretending their membership is expiring, stealing personal and financial data.
  • A surge in smishing campaigns impersonating the USPS prompts victims to divulge personal and credit card details.
  • Facebook users are targeted by fake copyright violation emails, tricking victims into divulging login credentials to scammers.
  • Preventive measures against phishing include staying informed, conducting phish training, implementing multi-factor authentication, and using email filters.
  • Regular monitoring of accounts for unusual activity and suspicious transactions is crucial to combat evolving phishing scams.
  • Vigilance, employee training, and stringent security practices are vital to mitigate the risks posed by phishing attacks.
  • Phishing scams are a significant threat that continues to evolve, emphasizing the importance of maintaining awareness and implementing robust security measures.

Read Full Article

like

11 Likes

For uninterrupted reading, download the app