menu
techminis

A naukri.com initiative

google-web-stories
Home

>

Cyber Crime News

Cyber Crime News

source image

Cybersecurity-Insiders

2h

read

55

img
dot

Image Credit: Cybersecurity-Insiders

American Airlines shutdown not because of Cyber Attack

  • American Airlines unexpectedly grounded its flights for approximately 69 minutes due to a technical issue in its air service controls.
  • The disruption was not the result of a cyberattack but arose from a technical glitch within American Airlines' aviation control systems.
  • Passengers expressed frustration on social media, speculating about a possible cyberattack, but the airline reassured the public that it was a temporary issue caused by the glitch.
  • This incident highlights the vulnerability of critical infrastructure during busy times, emphasizing the need for businesses to proactively safeguard their systems.

Read Full Article

like

3 Likes

source image

TechCrunch

3h

read

133

img
dot

Image Credit: TechCrunch

Clop ransomware gang takes credit for latest mass hack that breached dozens of companies

  • Clop ransomware gang takes credit for latest mass hack that breached dozens of companies.
  • Clop exploited a bug in Cleo Software's widely used corporate file transfer tools.
  • At least 66 companies had their data stolen by the ransomware gang.
  • Clop plans to extort the victims by revealing their hacked names and demanding ransom.

Read Full Article

like

8 Likes

source image

Bravenewcoin

7h

read

322

img
dot

Image Credit: Bravenewcoin

Phishing Alert: Crypto Event Attendee Data For Sale

  • Cointelegraph has obtained samples of attendee data from crypto events in Southeast Asia and India. Lists contain sensitive data, including full names, job titles, social media profiles and follower counts, and crypto wallet addresses. The leaked data is believed to be part of an international trade in blockchain event attendee data. One notable dataset contained information on 1,700 attendees of the November 2024 AIBC conference in Malta. Such information could be weaponised for social engineering and tailored attacks, such as malicious phishing links and offers. Attendees have been advised to use unique email addresses for registration and avoid sharing wallet addresses.
  • Cointelegraph has obtained samples of attendee data from crypto events.
  • Leaked data contained sensitive information such as job titles, social media profiles and follower counts and even crypto wallet addresses.
  • Lists are marketed as tools for “marketing and client outreach”.
  • International trade in blockchain events data is suspected.
  • The unauthorized trade of attendee data highlights the urgent need for stricter security measures in the crypto industry.
  • Malicious phishing links and offers could be directed at attendees.
  • Attendees have been advised to be more cautious when sharing personal information.
  • Such precautions include using unique email addresses for registrations, avoiding the sharing of wallet addresses and being vigilant of unsolicited messages linked to events.
  • The trust and security of events and the crypto industry as a whole could be impacted by the misuse of attendee data.

Read Full Article

like

19 Likes

source image

Kaspersky

1d

read

38

img
dot

Image Credit: Kaspersky

Crypto scam: seed phrases shared publicly | Kaspersky official blog

  • Crypto scam: seed phrases shared publicly on YouTube comments.
  • Scammers trick victims by sharing seed phrases and asking for help to transfer funds.
  • Scammers target naive thieves, who end up losing their funds.
  • To protect against such scams, avoid attempting to access other people's wallets and stay updated on the latest crypto scams.

Read Full Article

like

2 Likes

source image

Cybersecurity-Insiders

1d

read

142

img
dot

Image Credit: Cybersecurity-Insiders

Top 5 Ransomware Attacks and Data Breaches of 2024

  • HealthCorps healthcare network fell victim to a targeted Hades ransomware attack (formerly linked to the notorious Conti group) in March 2024, compromising 5.6 million patient records.
  • In June 2024, MetroLink, a major public transportation network in the US was compromised by the Lazarus Group, a hacking collective linked to North Korea. The cyberattack compromised the personal data of over 15 million riders.
  • BluePeak Financial was infiltrated by a former employee who used stolen credentials to gain access to the company’s internal network. The breach led to the exfiltration of data related to 2.3 million customers.
  • BlackCat ransomware group (ALPHV) targeted GlobalBank in July 2024. The attack, which began with the breach of a cloud-based third-party service provider, affected over 30 financial institutions across 50 countries.
  • eComX, one of the world’s largest e-commerce platforms, suffered a devastating data breach that exposed 110 million customer accounts in September 2024.
  • These cyber-attacks underscore the vulnerability of the healthcare, public transportation, finance, and e-commerce sectors.
  • Organizations must implement stronger cybersecurity hygiene, multi-layered defenses, and comprehensive incident response plans to prevent sophisticated attacks.
  • Third-party risk management is a critical component of cybersecurity strategies, as attackers frequently exploit supply chain vulnerabilities.
  • Detecting attacks early is important - organizations should implement advanced intrusion detection systems (IDS) to monitor unusual activity.
  • Staying ahead of the curve is crucial to safeguarding both sensitive data and organizational integrity.

Read Full Article

like

8 Likes

source image

Dev

2d

read

206

img
dot

Image Credit: Dev

Get Phished by a Public AWS Systems Manager Automation Document

  • A phishing attack targeting AWS users was discovered involving a public AWS Systems Manager Automation Document.
  • The attack used a crafted URL that resembled a legitimate AWS Console link to trick users.
  • By clicking the link, users unknowingly executed a malicious SSM document, leading to unauthorized access, data exfiltration, and malware deployment.
  • Preventative measures include increasing awareness, verifying SSM document owners, implementing enhanced warnings in the AWS Console, and refining permission settings.

Read Full Article

like

12 Likes

source image

Securityaffairs

2d

read

372

img
dot

Image Credit: Securityaffairs

BadBox rapidly grows, 190,000 Android devices infected

  • Experts uncovered a botnet of 190,000 Android devices infected by BadBox bot, primarily Yandex smart TVs and Hisense smartphones.
  • Bitsight researchers sinkholed a BADBOX domain and identified over 160,000 unique infected devices in 24 hours.
  • BADBOX-infected devices primarily found in Russia, China, India, Belarus, Brazil, and Ukraine, are sending telemetry to a C2 server.
  • The BadBox malware conducts ad fraud, creates email and messaging accounts for spreading disinformation, and can download additional payloads.

Read Full Article

like

22 Likes

source image

Cybersecurity-Insiders

1d

read

139

img
dot

Image Credit: Cybersecurity-Insiders

Lazarus launches malware on Nuclear power org and Kaspersky Telegram Phishing scams

  • The Lazarus Group, funded by the North Korean government, is targeting employees within nuclear power organizations and critical infrastructure sectors through highly advanced malware campaigns, facilitating data theft, espionage, and ransomware infections.
  • The hackers use phishing emails disguised as career opportunities or industry-specific announcements and execute the malware on the victim's system upon a click or download of the attachment.
  • Lazarus Group is primarily focusing on nuclear organizations and energy firms in the USA, UK, Canada, and Australia that handle sensitive information, working as high-potential targets.
  • The malware campaign, dubbed 'Operation DreamJob,' is named for the way the Lazarus Group cleverly uses job-related phishing tactics to exploit human behaviors like curiosity and professional ambition.
  • While the Lazarus Group's activities are currently limited to specific regions, namely the UK, USA, Canada, and Australia, the risk of these attacks spreading to other countries is high.
  • Kaspersky, the Russian cybersecurity firm, warns of Telegram phishing scams that offer discounted Telegram Premium services to trick users into clicking malicious links, leading to data theft, malware infections, and unauthorized payload downloads.
  • Experts recommend carefully verifying links and obtaining Premium services only through the official Telegram website, avoiding third-party offers and discount coupons that may be scams.
  • Organizations must strengthen their defenses through robust technical defenses and employee education to reduce human error, the weakest link in the security chain.
  • State-sponsored hacking groups play an increasing role in the global cybersecurity landscape, calling for public-private collaboration to safeguard critical infrastructure from these persistent threats.
  • Vigilance is key to early detection systems to prevent these types of attacks.

Read Full Article

like

8 Likes

source image

TechCrunch

1d

read

351

img
dot

Image Credit: TechCrunch

The TechCrunch Cyber Glossary

  • The cybersecurity world is full of technical lingo and jargon.
  • This glossary includes some of the most common — and not so common — words and expressions that we use in our articles.
  • Advanced persistent threat (APT) is often categorized as a hacker.
  • Arbitrary code execution can be achieved remotely or with physical access.
  • Hackers are historically categorized as either “black hat” or “white hat,” usually depending on the motivations.
  • Botnets are networks of hijacked internet-connected devices for the purposes of being used in cyberattacks.
  • A bug is essentially the cause of a software glitch.
  • Command-and-control servers (also known as C2 servers) are used by cybercriminals to remotely manage and control their fleets.
  • Cryptojacking is when a device’s computational power is used, with or without the owner’s permission, to generate cryptocurrency.
  • Data breach is when protected data was confirmed to have improperly left a system from where it was originally stored.

Read Full Article

like

21 Likes

source image

Securelist

1d

read

266

img
dot

Image Credit: Securelist

Cloud Atlas seen using a new tool in its attacks

  • Cloud Atlas has been found to be using a previously undocumented toolset in which the group heavily used in 2024.
  • The group targets Eastern Europe and Central Asia mostly.
  • Victims get infected through phishing emails with a malicious document.
  • The HTA files in the document exploit vulnerabilities in formula editors to download and execute malware code.
  • After the download is complete, the malware adds a registry key to run an auto script 'VBShower Launcher'.
  • VBCloud, a new tool, is being used to steal data from the infected system.
  • VBCloud module duplicates the core functionality of VBShower and uses public cloud storage as C2 server.
  • The group uses PowerShell scripts to perform a range of tasks on the infected system.
  • Phishing emails continue to play an important role as an initial access point.
  • Cloud Atlas has been observed to attack victims in Russia, Belarus, Canada, Moldova, Israel, Kyrgyzstan, Vietnam, and Turkey.

Read Full Article

like

16 Likes

source image

Silicon

1d

read

3

img
dot

Image Credit: Silicon

North Koreans Stole $1.34bn In Crypto This Year

  • Hackers linked to North Korea have stolen a record $1.34 billion in cryptocurrency this year.
  • The hacks accounted for over half of the total amount stolen in all cryptocurrency hacks.
  • North Korea uses the funds obtained from hacking to finance its missile and nuclear programs.
  • The hacking activity has slowed down in the second half of the year after a strategic partnership was signed.

Read Full Article

like

Like

source image

Securityaffairs

2d

read

120

img
dot

Image Credit: Securityaffairs

Security Affairs newsletter Round 503 by Pierluigi Paganini – INTERNATIONAL EDITION

  • BadBox rapidly grows, 190,000 Android devices infected
  • Romanian national sentenced to 20 years for NetWalker ransomware attacks
  • Sophos fixes critical vulnerabilities in its Firewall product
  • U.S. CISA adds BeyondTrust software flaw to its Known Exploited Vulnerabilities catalog

Read Full Article

like

7 Likes

source image

Securityaffairs

3d

read

35

img
dot

Image Credit: Securityaffairs

Romanian national was sentenced to 20 years in prison for his role in NetWalker ransomware attacks

  • Romanian national Daniel Christian Hulea, 30, was sentenced to 20 years in prison for his role in NetWalker ransomware attacks, pleading guilty to fraud charges in June.
  • Hulea admitted to extorting 1,595 bitcoin (~$21.5M) in ransom payments from organizations worldwide, including healthcare during COVID-19.
  • Romanian authorities arrested Hulea in July 2023 and extradited him to the U.S. under the U.S.-Romania extradition treaty.
  • The NetWalker ransomware group has targeted various victims, including K-Electric, Dirección Nacional de Migraciones, and the University of California San Francisco.

Read Full Article

like

2 Likes

source image

Infoblox

3d

read

282

img
dot

Image Credit: Infoblox

2024 DNS Threat Landscape

  • DNS-sourced threats are evolving with new evasion and stealth techniques that bypass security controls.
  • In 2024, Infoblox added 20 million new indicators and provided an average of 63 days of protection before a malicious domain was actively used.
  • Registered Domain Generation Algorithm (RDGA) is used by adversaries to create numerous domain names, which was the top technique seen in 2024.
  • Lookalike domain names were discovered during key events like the Olympics and elections in 2024.
  • Traffic Distribution Systems (TDSs) allow actors to target specific audiences making them the second most important technique seen.
  • Actors are exploiting the effectiveness of sitting duck attacks, which involve hijacking domains for their positive reputation.
  • DNS tunneling is being used by malicious actors to bypass firewalls and exfiltrate data most of whom remain undetected.
  • The Muddling Meerkat actor may be linked to a nation-state nexus that probes DNS networks through open resolvers.
  • Malicious usage of DNS remains underreported in the security industry, and organizations should include protection against the malicious usage of domains as part of the enterprise defense-in-depth strategy.
  • Infoblox enables security teams to block over 75% of malicious domains before victim interaction.

Read Full Article

like

16 Likes

source image

TechCrunch

4d

read

193

img
dot

Image Credit: TechCrunch

Ransomware attack on health giant Ascension hits 5.6 million patients

  • A ransomware attack on Ascension, a U.S. healthcare giant, has impacted 5.6 million patients.
  • Hackers were able to steal personal and sensitive health information during the cyberattack.
  • The attack caused disruptions in the hospital system, leading to delayed or lost lab results and medication errors.
  • The Black Basta gang is responsible for the attack, making it the third-largest healthcare-related breach of 2024.

Read Full Article

like

11 Likes

For uninterrupted reading, download the app