A naukri.com initiative
Cyber Crime News
Securityaffairs
1M
221
Image Credit: Securityaffairs
ConnectWise suffered a cyberattack carried out by a sophisticated nation state actor
- ConnectWise detected suspicious activity linked to a nation-state actor, impacting a small number of its ScreenConnect customers.
- ConnectWise confirmed the cyberattack and launched an investigation with cybersecurity firm Mandiant, patching the flaw in ScreenConnect and implementing enhanced security measures.
- The breach possibly occurred in August 2024 and went unnoticed until May 2025. The ScreenConnect flaw (CVE-2025-3935) may have allowed remote code execution via stolen machine keys.
- Threat actors exploited ScreenConnect vulnerabilities (CVE-2024-1709 and CVE-2024-1708) in early 2024, with Black Basta and Bl00dy ransomware groups actively exploiting the flaws.
Read Full Article
13 Likes
Medium
1M
253
Image Credit: Medium
What To Do If You Become a Victim of Cyberbullying
- If you become a victim of cyberbullying, reach out to a trusted adult such as parents, family member, teacher, or school counselor for support.
- Keep evidence of cyberbullying conversations as it may be helpful in taking legal actions against the bully.
- Do not respond to cyberbullying messages, as this could encourage the bully. Report the bully to social media moderators and block the account if being harassed.
- To prevent cyberbullying in the future, consider making your social media accounts private, and adults can help in creating a bullying prevention strategy.
Read Full Article
15 Likes
Hackernoon
1M
240
Image Credit: Hackernoon
Fullscreen BitM Attack Discovered By SquareX Exploits Browser Fullscreen APIs To Steal Credentials
- SquareX discovered a Fullscreen BitM attack targeting Safari users, exploiting Fullscreen API vulnerabilities to steal credentials.
- BitM attacks involve tricking victims by displaying genuine login pages in a pop-up window to steal sensitive information.
- SquareX's research exposed a major Safari-specific flaw in the Fullscreen API, allowing for more convincing attacks.
- Safari users are at higher risk due to no clear visual indication when entering fullscreen mode.
- The use of Fullscreen API in combination with BitM enables attackers to create convincing fake login pages.
- Other browsers like Firefox and Chrome have subtle notifications for fullscreen mode, while Safari lacks this feature.
- Existing security solutions struggle to detect Fullscreen BitM attacks due to architectural limitations.
- Security researchers advise enterprises to update defense strategies against advanced browser attacks.
- SquareX's Browser Detection and Response tool helps organizations detect and mitigate web-based threats effectively.
- The Fullscreen BitM Attack disclosure is part of a series focusing on browser security by SquareX's research team.
Read Full Article
14 Likes
Securityaffairs
1M
99
Image Credit: Securityaffairs
Victoria’s Secret ‘s website offline following a cyberattack
- Victoria's Secret took its website offline after a cyberattack that impacted customer care and distribution center operations.
- The company's CEO mentioned that recovery from the cyberattack will take some time as the incident affected email access for some staff.
- After the security incident, Victoria's Secret shares dropped by 6.9%, and the company did not disclose technical details about the attack.
- Recent data breaches in major brands like Dior and Adidas, along with UK retailers facing cyberattacks, indicate a rising threat against retailers globally.
Read Full Article
5 Likes
Securityaffairs
1M
67
Image Credit: Securityaffairs
New AyySSHush botnet compromised over 9,000 ASUS routers, adding a persistent SSH backdoor.
- GreyNoise researchers discovered the AyySSHush botnet compromising over 9,000 ASUS routers by adding a persistent SSH backdoor.
- The attackers used stealthy tactics like auth bypasses and abusing legit settings to avoid detection, gaining durable control over the routers.
- GreyNoise identified an ongoing exploitation campaign targeting specific ASUS router models, ensuring persistent backdoor access through firmware updates.
- Nearly 9,000 ASUS routers have been compromised, with only 30 related requests observed over three months, indicating the stealthiness of the campaign.
Read Full Article
4 Likes
TechDigest
1M
412
Image Credit: TechDigest
NHS trusts hit by cyber attack, patient data feared stolen
- NHS trusts in the UK have experienced a cyberattack leading to concerns about patient data being stolen.
- University College London Hospitals NHS Foundation Trust and University Hospital Southampton NHS Foundation Trust were affected by a software vulnerability.
- The cyberattack exploited a vulnerability in Ivanti Endpoint Manager Mobile software, potentially exposing patient records and sensitive information.
- Hackers with an IP address based in China were identified. NHS England and cybersecurity partners are investigating the incident.
Read Full Article
24 Likes
TechCrunch
1M
253
Image Credit: TechCrunch
Data broker giant LexisNexis says breach exposed personal information of over 364,000 people
- LexisNexis Risk Solutions, a data broker, disclosed a breach affecting over 364,000 people, dating back to December 25, 2024.
- The hacker obtained consumers' sensitive personal data, such as names, dates of birth, phone numbers, addresses, Social Security numbers, and driver's license numbers.
- Data brokers like LexisNexis profit from collecting and selling access to large amounts of Americans' personal and financial data for various purposes.
- The Trump administration recently scrapped a plan that aimed to restrict data brokers from selling Americans' personal information, despite calls by privacy advocates.
Read Full Article
15 Likes
Siliconangle
1M
54
Image Credit: Siliconangle
Cisco introduces Duo Identity and Access Management to enhance identity protection in the AI era
- Cisco introduces Duo Identity and Access Management as a new security solution to combat identity-based attacks in the artificial intelligence era.
- Duo IAM offers a security-first approach with multifactor authentication and a new user directory to manage user identities and access to resources securely.
- The solution integrates with existing third-party identity systems, introduces advanced phishing protection features like Complete Passwordless authentication, and enhances security with Proximity Verification.
- Duo IAM also integrates with Cisco Identity Intelligence to monitor identity risks in real time, automate response actions, and neutralize emerging threats swiftly.
Read Full Article
3 Likes
Medium
1M
176
Image Credit: Medium
AI-Enhanced Phishing Emails: The New Frontier in Cybersecurity Threats
- Phishing emails are evolving with the use of AI, making them highly convincing and personalized.
- AI-generated spear-phishing emails have a success rate of 54%, surpassing generic phishing campaigns.
- AI-powered phishing simulations demonstrate how cybercriminals can automate interactions and create context-aware responses, lowering the barrier for attacks.
- Awareness and vigilance are critical to combatting AI-driven phishing threats in cybersecurity.
Read Full Article
10 Likes
Securityaffairs
1M
54
Image Credit: Securityaffairs
Crooks use a fake antivirus site to spread Venom RAT and a mix of malware
- A fake Bitdefender website has been discovered spreading the Venom RAT by deceiving users into downloading it as antivirus software.
- Researchers found a malicious campaign using the fake website to distribute Venom RAT, a Remote Access Trojan (RAT) designed for password theft and stealthy access.
- Upon clicking the fake download button, users are redirected to an Amazon S3 link to download a ZIP file containing the VenomRAT malware.
- VenomRAT, a fork of the Quasar RAT, supports remote control, credential theft, keylogging, and data exfiltration, with attackers aiming for financial gain and persistent system control.
Read Full Article
3 Likes
Securityaffairs
1M
122
Image Credit: Securityaffairs
Iranian Man pleaded guilty to role in Robbinhood Ransomware attacks
- Iranian national Sina Gholinejad pleaded guilty to his role in a Robbinhood ransomware scheme that caused over $19 million in damages to Baltimore.
- The ransomware attack disrupted key services like billing and citations in cities like Baltimore and Greenville.
- Gholinejad and his co-conspirators utilized sophisticated methods like using VPNs and crypto mixers to demand Bitcoin ransoms and launder payments.
- Gholinejad faces up to 30 years in prison for computer and wire fraud conspiracy, with sentencing scheduled for August.
Read Full Article
7 Likes
Cybersafe
1M
49
Image Credit: Cybersafe
Russian Cyberspy Group ‘Laundry Bear’ tied to Dutch Police Breach
- Russian cyber-espionage group Laundry Bear linked to the September 2024 security breach of Dutch national police.
- Stolen information from the breach included names, email addresses, phone numbers, and private personal data of multiple officers.
- Laundry Bear infiltrated Dutch organizations by compromising a police employee’s account through pass-the-cookie attack.
- The group, also known as Void Blizzard, aligns with Russian strategic interests, targeting Ukraine, NATO countries, and organizations of interest to the Russian state.
Read Full Article
3 Likes
Cybersafe
1M
381
Image Credit: Cybersafe
DragonForce exploits SimpleHelp flaws to breach MSP
- Sophos researchers discovered a cyberattack where DragonForce ransomware exploited three vulnerabilities in SimpleHelp to breach an MSP and its customers.
- The vulnerabilities (CVE-2024-57727, CVE-2024-57728, and CVE-2024-57726) allowed unauthorized access, arbitrary file downloads, uploads, and privilege escalation.
- Arctic Wolf observed a targeted campaign exploiting these vulnerabilities shortly after their disclosure, potentially compromising devices using SimpleHelp client software.
- Sophos found that the attackers used a legitimate SimpleHelp instance to deploy malicious software, compromising multiple customers, with some successfully defended by Sophos MDR and XDR services.
Read Full Article
22 Likes
Securityaffairs
1M
4
Image Credit: Securityaffairs
DragonForce operator chained SimpleHelp flaws to target an MSP and its customers
- Sophos reports that a DragonForce ransomware operator exploited three vulnerabilities in SimpleHelp software to target a managed service provider.
- The vulnerabilities in SimpleHelp software (CVE-2024-57727, CVE-2024-57728, and CVE-2024-57726) allowed attackers to gain initial access and carry out various malicious activities.
- These vulnerabilities enabled unauthorized downloading and uploading of files, remote code execution, and privilege escalation, posing a serious security risk to customer machines.
- Arctic Wolf observed a campaign targeting SimpleHelp servers utilizing the disclosed vulnerabilities. Sophos identified an attacker using a legitimate SimpleHelp tool from an MSP to access client networks and extract sensitive information.
Read Full Article
Like
Pymnts
1M
298
Image Credit: Pymnts
Firms Eye Vendor Vulnerabilities as Enterprise Cybersecurity Risks Surge
- Risks to enterprise cybersecurity are increasing due to vulnerabilities in vendor networks and third-party integrations.
- Data breaches involving third parties have doubled from 15% to 30%, highlighting the growing threat from service providers and infrastructure enablers.
- Continuous cyber risk monitoring and evolving security measures, such as AI-driven threat detection, are being adopted to combat the surge in cyber attacks.
- The use of emerging technologies like zero-trust architecture and AI in cybersecurity is crucial for modern enterprises to proactively address digital threats.
Read Full Article
15 Likes
For uninterrupted reading, download the app