menu
techminis

A naukri.com initiative

New

google-web-stories
Home

>

Cyber Crime News

Cyber Crime News

source image

Guardian

3w

read

382

img
dot

Image Credit: Guardian

M&S cyber-attack linked to hacking group Scattered Spider

  • A major cyber-attack on Marks & Spencer has been linked to the hacking group Scattered Spider.
  • The group, known for targeting cryptocurrency phishing attacks, is reported to have encrypted key M&S systems using ransomware.
  • The online sales at M&S have been suspended for a fifth day, causing a disruption and wiping over £500m from the company's stock market value.
  • While the exact origin of the attack is unknown, experts believe it to be a ransomware attack, with Scattered Spider motivated by both monetary gain and bragging rights.

Read Full Article

like

23 Likes

share

5 Shares

source image

Infoblox

3w

read

365

img
dot

Image Credit: Infoblox

The Essential Role of Zero Trust DNS in Modern Security

  • Microsoft has announced the public preview of Zero Trust DNS (ZTDNS) in Windows 11 Insider builds
  • ZTDNS enforces domain-name-based network access controls and integrates Windows DNS client with trusted Protective DNS (PDNS) servers
  • Zero Trust DNS is important to enhance security and adhere to the 'deny by default' principle of Zero Trust
  • PDNS preemptively blocks threats by leveraging DNS-focused threat intelligence, reducing the likelihood of successful breaches

Read Full Article

like

21 Likes

share

5 Shares

source image

Securityaffairs

3w

read

365

img
dot

Image Credit: Securityaffairs

VeriSource data breach impacted 4M individuals

  • VeriSource, an employee benefits services provider, experienced a data breach in February 2024.
  • The breach exposed personal information of 4 million individuals.
  • Not all data types were impacted for every individual.
  • VeriSource is offering free 12-month ID protection and advises individuals to monitor their financial statements.

Read Full Article

like

21 Likes

share

5 Shares

source image

Guardian

3w

read

242

img
dot

Image Credit: Guardian

‘Source of data’: are electric cars vulnerable to cyber spies and hackers?

  • British defence firms have warned against connecting phones with Chinese-made electric cars due to concerns about data extraction by Beijing, as reported by the i newspaper.
  • Security experts suggest that electric cars with microphones, cameras, and wifi connectivity could be vulnerable to cyber attacks and data compromise.
  • The over-the-air update capabilities of modern vehicles could potentially be exploited for data exfiltration or surveillance purposes, according to Rafe Pilling from Secureworks.
  • Experts recommend that car owners in sensitive industries or government positions should be cautious about connecting devices to their vehicles to prevent potential data access.
  • Chinese electric vehicles are highlighted due to concerns over the Chinese state's cyber-espionage practices and the National Intelligence Law obliging cooperation with state security.
  • There is uncertainty about whether Chinese EVs are being used for intelligence gathering, but experts suggest that mobile phones and wearables are more likely espionage targets.
  • The UK government emphasizes national security protection without specific comments on EV security measures, with the Ministry of Defence exploring threats from all types of vehicles.
  • While there are no centrally mandated restrictions on Chinese manufactured vehicles, individual defence organizations may impose stricter requirements, as mentioned by defence minister Lord Coaker.
  • BYD and XPeng have stated commitments to data privacy laws, and the SMMT reassures that all carmakers adhere to data privacy regulations for electric vehicles.

Read Full Article

like

14 Likes

share

3 Shares

source image

Securityaffairs

3w

read

162

img
dot

Image Credit: Securityaffairs

The Turmoil Following BreachForums Shutdown: Confusion, Risks, and a New Beginning

  • BreachForums, a major data leak marketplace, shut down on April 15 after a MyBB 0-day exploit allowed law enforcement infiltration.
  • Rumors of FBI raids and arrests of the administrator followed the sudden shutdown, fueling speculation.
  • Alternative forums emerged, some demanding entry fees, increasing confusion and the risk of scams or honeypots.
  • BreachForums confirmed no data compromise, but warned users to be cautious of emerging clones.

Read Full Article

like

9 Likes

share

2 Shares

source image

Siliconangle

3w

read

111

img
dot

Image Credit: Siliconangle

RSAC kickoff analysis: Agentic AI and replatforming will be key topics at this week’s conference

  • Agentic AI and replatforming will be key topics at this week's RSAC 2025 Conference in San Francisco.
  • The growing role of AI agents and its implications for cybersecurity will be discussed.
  • Legacy security vendors face pressure to defend installed bases with integrated network platforms.
  • Managed Security Service Providers may drive innovation in replatforming for the industry.

Read Full Article

like

6 Likes

share

1 Share

source image

Infoblox

3w

read

189

img
dot

Image Credit: Infoblox

Uncovering Actor TTP Patterns and the Role of DNS in Investment Scams

  • Investment scams led to consumers losing $5.7 billion in 2024, with threats such as pig butchering scams and social media advertisements.
  • Actor TTP patterns in investment scams involve techniques like registered domain generation algorithms (RDGAs) and embedded web forms to collect user data.
  • Scam actors utilize techniques like traffic distribution systems (TDS) and fake news to deceive victims into transferring money.
  • Validation checks are conducted on user information such as email and phone numbers, and HTTP GET requests are made to validate IP addresses.
  • Ruthless Rabbit and Reckless Rabbit are two notable scam actors tracked through RDGAs, with unique patterns in their domain registrations.
  • Ruthless Rabbit's scams target users in Eastern European countries and employ cloaking services to validate user data before redirecting to scam landing pages.
  • DNS is crucial for detecting and blocking infrastructure used by scam actors, who exploit mechanisms like RDGAs and TDSs to maintain their operations.
  • Scammers leverage DNS to create a large number of domains for their campaigns and hide malicious content from security researchers.
  • Investment scam actors like Reckless and Ruthless Rabbits continue to evolve their tactics, making automated detection through DNS crucial in combating these scams.
  • The proliferation of RDGA domains underscores the importance of leveraging automated detection techniques to correlate and address investment scam domains at scale.

Read Full Article

like

11 Likes

share

2 Shares

source image

Silicon

3w

read

158

img
dot

Image Credit: Silicon

M&S Tells Distribution Centre Staff To Stay At Home

  • Marks & Spencer tells agency staff at its distribution center to stay at home due to a cyberattack.
  • The company stopped online and app orders and has fallen 8% since the attack was disclosed.
  • Around 200 agency staff were affected by the decision and the company is working with experts to resolve the issue.
  • Customer data has not been compromised, but experts advise maintaining vigilance against phishing attempts.

Read Full Article

like

9 Likes

share

2 Shares

source image

Guardian

3w

read

242

img
dot

Image Credit: Guardian

M&S betting on customer patience as cyber-attack threatens to ruin 2025’s strong start

  • Marks & Spencer (M&S) is facing disruption due to a massive cyber-attack.
  • The retailer's internal systems have been put on hold, forcing staff to rely on manual processes.
  • Gift card issues and cancelled orders have impacted M&S's reputation and bottom line.
  • While M&S is expected to recoup losses with insurance, the longer the disruption continues, the more likely customers are to shop elsewhere.

Read Full Article

like

14 Likes

share

3 Shares

source image

Guardian

3w

read

286

img
dot

Image Credit: Guardian

M&S pauses deliveries of some food items to Ocado after cyber-attack

  • Marks & Spencer has paused deliveries of some food items to Ocado due to a cyber-attack, affecting a small number of items listed on Ocado.
  • The disruption caused by the hack has led to a loss of over £500 million from M&S's stock market value.
  • The cyber-attack has impacted M&S's online clothing and homeware sales and led to issues with online orders and payments.
  • The retailer has apologized for the inconvenience caused and reassured customers that no data breach has been detected.
  • M&S has hired cybersecurity experts and implemented measures to protect its network and customer data.
  • The technical issues have affected M&S's online and physical stores, with disruptions in payments and order collections.
  • Shoppers have faced difficulties with online orders, returns, and payments due to the cyber-attack.
  • M&S advised affected customers to wait for notifications before collecting orders and warned about potential scammers taking advantage of the situation.
  • Analysts predict a short-term profit impact for M&S, with uncertainties regarding the resumption of online sales.
  • M&S had reported strong sales over the Christmas period and is set to release full-year results on 21 May.

Read Full Article

like

17 Likes

share

4 Shares

source image

Cybersecurity-Insiders

3w

read

334

img
dot

Power blackouts across Spain, Portugal and France, likely by Cyber Attack

  • Severe power blackouts have affected Spain, Portugal, and parts of France for the past few hours.
  • The cause of the outages is currently being investigated, with potential links to severe weather or a cyber-attack.
  • Authorities have restored power in certain areas, but significant outages remain in Spain and Portugal.
  • The situation has caused disruptions at airports and transit stations, leaving passengers stranded.

Read Full Article

like

20 Likes

share

4 Shares

source image

Kaspersky

3w

read

224

img
dot

Image Credit: Kaspersky

How to protect your social media accounts from SIM swap attacks | Kaspersky official blog

  • A popular Russian blogger's Instagram account was hijacked by scammers who conducted a sophisticated fake giveaway scam to deceive followers.
  • Using AI tools, scammers created a convincing fake giveaway campaign by producing a fake video, a text post, and repurposing old Stories from the blogger's account.
  • The fake video was created with voice deepfake technology and editing software, mimicking the blogger's style but with subtle differences like watermarks and subtitles.
  • Clicking on the phishing link in the scammer's bio could lead users to pages prompting for payment or personal information, resulting in phishing attacks.
  • The account hijack likely occurred through a SIM swap attack, where scammers convince the mobile provider to transfer the victim's number to a new SIM card.
  • To protect against such hacks, it's advised to use app-based two-factor authentication, install reliable protection on devices, use strong passwords, and create unique passwords for each online account.
  • Additionally, users can inquire with their mobile operators about setting up extra security measures to prevent SIM swap attacks.
  • Following dedicated security measures and being cautious while engaging with online content can help prevent falling victim to social media and account hijacking scams.

Read Full Article

like

13 Likes

share

3 Shares

source image

Securityaffairs

3w

read

70

img
dot

Image Credit: Securityaffairs

A large-scale phishing campaign targets WordPress WooCommerce users

  • A large-scale phishing campaign is targeting WordPress WooCommerce users.
  • Threat actors are using a fake security alert to distribute a 'critical patch' that actually contains a backdoor.
  • The phishing campaign resembles a previous attack from December 2023, with similarities in tactics and techniques.
  • Once the fake patch is downloaded, it creates a hidden administrator account and installs web shells, giving attackers full control over the server.

Read Full Article

like

4 Likes

share

Share

source image

Medium

3w

read

251

img
dot

Image Credit: Medium

Cyber Hygiene 101: The New Generation’s Guide to Online Privacy

  • Use strong, unique passwords and enable two-factor authentication (2FA) for added security.
  • Be cautious when using public Wi-Fi and use a VPN to encrypt your internet activity.
  • Manage social media privacy settings and limit data exposure.
  • Secure your devices, keep them updated, and install trusted antivirus software.

Read Full Article

like

15 Likes

share

3 Shares

source image

Medium

3w

read

52

img
dot

Image Credit: Medium

The Digital Threats Women Face Today

  • Cybercriminals target women through various digital threats, such as fake loan apps, phishing scams, and data leaks.
  • The need for stronger digital protection for women is crucial to prevent harassment, fraud, and data breaches.
  • Wipeout is an Android app that offers easy and secure file deletion, ensuring no chance for hackers to recover sensitive data.
  • By taking control of their digital security with tools like Wipeout, women can protect their privacy and prevent unauthorized data recovery.

Read Full Article

like

3 Likes

share

Share

Prev

10
11
12
13
14
15
16
17
18
19
20

Next

For uninterrupted reading, download the app