menu
techminis

A naukri.com initiative

New

google-web-stories
Home

>

Cyber Crime News

Cyber Crime News

source image

TechCrunch

1M

read

185

img
dot

Image Credit: TechCrunch

Australian IVF giant Genea confirms hackers ‘accessed data’ during cyberattack

  • Australian IVF giant Genea has confirmed a cybersecurity incident that disrupted patient services and led to the access of potentially sensitive information.
  • The company is urgently investigating the cybersecurity incident and has taken immediate steps to contain and secure the systems.
  • The hacker behind the cyberattack accessed Genea data, but the types of data accessed have not been disclosed.
  • Genea is currently assessing the impact and will notify affected individuals in accordance with legal and regulatory obligations.

Read Full Article

like

11 Likes

share

2 Shares

source image

Securelist

1M

read

239

img
dot

Image Credit: Securelist

Spam and phishing in 2024

  • In 2024, 27% of all emails sent worldwide were spam, with 48.57% in the Russian web segment being spam.
  • Kaspersky Mail Anti-Virus blocked 125,521,794 malicious email attachments in 2024.
  • 893,216,170 attempts to follow phishing links were thwarted by Kaspersky's Anti-Phishing system in the same year.
  • Phishing scams in 2024 targeted travel enthusiasts through fake hotel and airline booking websites, requesting login credentials and bank card details.
  • Cybercriminals targeted employees of travel agencies by gaining access to corporate accounts for financial transactions and access to customer databases.
  • Social media scams involved luring victims with promises of free items or bonus features, including fake giveaways, adult content, and unauthorized premium subscriptions.
  • Scammers exploited the popularity of Facebook and Instagram by offering services to find profiles or download advanced versions of popular apps, leading to malware downloads on victims' devices.
  • Cryptocurrency scams in 2024, such as the Hamster Kombat game scheme, aimed to trick users into paying fees for non-existent services or fraudulent investments.
  • In phishing attacks, cybercriminals mimicked legitimate companies' HR departments or sellers/buyers to deceive victims into providing personal information or credentials through fake links or attachments.
  • The year saw a rise in malicious email attachments, with the top malware families including Agensla stealers, Badun Trojans, and Makoob spyware among others.

Read Full Article

like

14 Likes

share

3 Shares

source image

Cybersecurity-Insiders

1M

read

67

img
dot

Image Credit: Cybersecurity-Insiders

Is quishing the new phishing? Protecting your business against the next threat vector

  • QR codes have become prevalent in daily life, but cybercriminals are now exploiting them for malicious purposes.
  • Quishing, or QR phishing, involves sending fraudulent QR codes to trick individuals into compromising sensitive information or downloading malware.
  • These attacks use social engineering tactics to establish trust and prompt urgent actions from victims.
  • Cybercriminals find quishing appealing due to the ease of creating malicious QR codes and the trust people place in scanning them.
  • QR codes are versatile attack vectors that can be delivered through various channels, making them a popular choice for cybercriminals.
  • Mitigation steps include educating personnel about quishing, implementing robust email and URL filtering, and using endpoint protection to prevent malware downloads.
  • Organizations should also monitor physical QR codes received in the mail and ensure security measures are in place to detect and report any malicious codes.
  • Regularly adjusting defense strategies and providing security training can help companies defend against quishing attacks and strengthen cyber resilience.
  • Staying vigilant and cautious when dealing with QR codes is crucial to prevent falling victim to these evolving cyber threats.

Read Full Article

like

4 Likes

share

Share

source image

TechCrunch

1M

read

58

img
dot

Image Credit: TechCrunch

VC giant Insight Partners confirms January cyberattack 

  • U.S.-based venture capital firm Insight Partners has confirmed a cybersecurity incident that occurred in January.
  • The breach involved an unauthorized third party accessing Insight Partners' information systems through a sophisticated social engineering attack.
  • Insight Partners has taken immediate action to contain and remediate the incident, as well as launched an investigation.
  • While the company has not confirmed if any data was stolen, it is encouraging partners to implement tightened security protocols.

Read Full Article

like

3 Likes

share

Share

source image

Securityaffairs

1M

read

253

img
dot

Image Credit: Securityaffairs

China-linked APT group Winnti targets Japanese organizations since March 2024

  • China-linked APT group Winnti targeted Japanese organizations in a cyberespionage campaign named RevivalStone in March 2024.
  • The campaign focused on manufacturing, materials, and energy sectors, utilizing an advanced version of the Winnti malware.
  • Winnti is part of a larger umbrella group consisting of several APT groups, including Winnti, Gref, PlayfullDragon, APT17, and others.
  • The attack chain involved exploiting an SQL injection, deploying a WebShell, conducting reconnaissance, and installing Winnti malware through a shared account.

Read Full Article

like

15 Likes

share

3 Shares

source image

TechCrunch

1M

read

94

img
dot

Image Credit: TechCrunch

As US newspaper outages drag on, Lee Enterprises blames cyberattack for encrypting critical systems 

  • Lee Enterprises, one of the largest newspaper publishing giants in the US, is facing an ongoing cyberattack that is causing disruptions across its business.
  • The cyberattack, described as a ransomware attack, has resulted in the encryption of critical applications and unauthorized access to the company's network, with certain files being exfiltrated.
  • The outages are expected to last for several more weeks as Lee Enterprises works on restoring affected systems.
  • The incident has impacted various operations, including product distribution, billing, collections, and vendor payments.

Read Full Article

like

5 Likes

share

1 Share

source image

Cybersecurity-Insiders

1M

read

402

img
dot

Image Credit: Cybersecurity-Insiders

AI Data Breach will surge by 2027 because of misuse of GenAI

  • A recent report from Gartner predicts a significant increase in data breaches linked to AI usage by 2027.
  • Nearly 40% of all data breaches are expected to be directly influenced by the rise of Generative AI.
  • The lack of regulation surrounding Generative AI technologies poses a challenge in monitoring and controlling data transfers.
  • Experts are urging the establishment of universal standards to regulate the use of AI and data to combat the growing risks.

Read Full Article

like

24 Likes

share

5 Shares

source image

Digitaltrends

1M

read

36

img
dot

Image Credit: Digitaltrends

Hackers opted for ransomware in 2024 for faster and more advanced attacks

  • Ransomware attacks are becoming more frequent and advanced, with hackers striking faster than ever before.
  • Ransomware-as-a-service offerings play a significant role in the rise of ransomware attacks, as the developers invest heavily in advanced toolsets and templates.
  • Hackers spend between 74 minutes and 2 hours on ransomware attacks before being detected, utilizing intricate strategies.
  • It is crucial for organizations to implement their own safety measures, such as multifactor authentication, access controls, patch management, data protection, and cybersecurity awareness training.

Read Full Article

like

2 Likes

share

Share

source image

TheStartupMag

1M

read

393

img
dot

Image Credit: TheStartupMag

Business Law Basics for Entrepreneurs & Small Business Owners

  • Understanding the basics of business law is crucial for entrepreneurs and small business owners.
  • Areas of business law that entrepreneurs should be familiar with include forming a business, contracts, intellectual property, employment law, taxes, insurance, and privacy & data security.
  • Forming a business requires choosing and legally registering an appropriate business structure.
  • Business owners should also be aware of employment laws, tax obligations, and the importance of having appropriate insurance policies and complying with privacy laws.

Read Full Article

like

23 Likes

share

5 Shares

source image

Securityaffairs

1M

read

438

img
dot

Image Credit: Securityaffairs

Dutch Police shut down bulletproof hosting provider Zservers and seized 127 servers

  • Dutch police seized 127 servers of the bulletproof hosting service Zservers/XHost after government sanctions.
  • Zservers, a Russian bulletproof hosting service, provided services to LockBit ransomware affiliates.
  • The Dutch police shut down Zservers in Amsterdam and found evidence of hacking tools from Conti and LockBit.
  • The investigation into Zservers has been ongoing for a year and the data stored on the seized servers is being analyzed.

Read Full Article

like

26 Likes

share

6 Shares

source image

Securityaffairs

1M

read

239

img
dot

Image Credit: Securityaffairs

New Golang-based backdoor relies on Telegram for C2 communication

  • Netskope Threat Labs discovered a Golang-based backdoor using Telegram for C2 communication, believed to be of Russian origin.
  • The backdoor exploits cloud apps to evade detection and acts as a backdoor after execution.
  • The malware connects to Telegram using an open-source Go package and supports four commands, including executing PowerShell commands and self-destruction.
  • The use of cloud apps presents challenges to defenders, and this backdoor highlights the utilization of such apps by attackers.

Read Full Article

like

14 Likes

share

3 Shares

source image

Eweek

1M

read

140

img
dot

Image Credit: Eweek

Over 40% of AI-Related Data Breaches Tied to Cross-Border AI Use by 2027

  • Over 40% of AI-related data breaches will originate from the improper use of generative AI across borders by 2027.
  • Fragmented regulations and geopolitical tensions are amplifying security risks in cross-border AI data transfers.
  • Quantum encryption is set to redefine security challenges for AI-driven businesses.
  • Organizations are advised to implement stronger governance and encryption strategies to mitigate risks.

Read Full Article

like

8 Likes

share

1 Share

source image

Kaspersky

1M

read

27

img
dot

Image Credit: Kaspersky

All the scams and safety tips you need to know about when buying meme coins | Kaspersky official blog

  • Meme coins, also known as meme tokens or meme cryptocurrencies, are a type of alternative cryptocurrency that have experienced significant market capitalization fluctuations, with high risks of losing money and numerous scams.
  • Meme coins like Dogecoin, Shiba Inu, Pepe, OFFICIAL TRUMP, and Bonk exhibit value dependence on social media trends, leading to rapid price spikes fueled by hype and speculation.
  • Unlike traditional cryptocurrencies, non-fungible tokens (NFTs) are unique digital assets stored on the blockchain, each possessing individual value and collector appeal.
  • Major meme coins by market capitalization include Dogecoin, which surged in value after endorsements by Elon Musk, and OFFICIAL TRUMP, issued by the Trump Organization with a manipulated supply.
  • Scammers exploit the popularity of meme coins and NFTs through scams like rug pulls, namesake attacks, honeypot tokens, drainers, phishing, and malware, leading to significant financial losses in the crypto market.
  • Investors are advised not to invest in crypto assets beyond their financial capabilities, to conduct thorough research on projects and market dynamics, and to prioritize security measures to protect against scams and fraud in the cryptocurrency space.
  • Due diligence is essential when investing in meme coins and NFTs to mitigate risks of falling victim to fraudulent schemes, and using reputable platforms like Binance and Coinbase for transactions.
  • The rise of meme coins and NFTs has sparked increased phishing attempts, malware attacks, and scams targeting crypto investors, emphasizing the importance of implementing robust security solutions on all devices.
  • Prioritize projects and tokens with established reputations, be cautious of newly launched tokens, and verify smart contract addresses to avoid falling prey to scams related to meme coins and NFTs.
  • Stay informed about the latest threats in the crypto market and adhere to best practices to safeguard investments and minimize the risk of financial losses in the volatile cryptocurrency landscape.
  • Investing in meme coins and NFTs requires vigilance, market awareness, and security precautions to navigate the high-risk, high-reward nature of the crypto industry.

Read Full Article

like

1 Like

share

Share

source image

Socprime

1M

read

325

img
dot

Image Credit: Socprime

RedCurl/EarthKapre APT Attack Detection: A Sophisticated Cyber-Espionage Group Uses a Legitimate Adobe Executable to Deploy a Loader

  • The EarthKapre or RedCurl APT cyber-espionage group has targeted legal sector organizations with Indeed-themed phishing attacks.
  • In their latest attack, they employed reconnaissance commands, data exfiltration, and the deployment of the EarthKapre/RedCurl loader.
  • State-sponsored cyber groups from China, North Korea, Iran, and Russia demonstrated enhanced offensive capabilities in 2024.
  • RedCurl (EarthKapre APT) conducted a sophisticated operation targeting organizations in the legal sector.
  • SOC Prime Platform offers Sigma rules to detect potential RedCurl APT attacks effectively.
  • Security professionals can utilize eSentire’s Threat Response Unit analysis and Uncoder AI to hunt for IOCs and enhance threat detection.
  • The use of a legitimate Adobe executable, ADNotificationManager.exe, was observed in the latest RedCurl APT attack.
  • The attack involved phishing emails with malicious PDFs leading to the deployment of the EarthKapre loader.
  • RedCurl/EarthKapre malware uses various techniques like SysInternals AD Explorer and 7-Zip for data exfiltration.
  • Adversaries exploit different stages of attack, including string decryption functions and C2 infrastructure hosted on Cloudflare, to gather victim information.

Read Full Article

like

19 Likes

share

4 Shares

source image

Cybersecurity-Insiders

1M

read

239

img
dot

Image Credit: Cybersecurity-Insiders

Can Simulated Phishing Attacks Help in Training and Creating Awareness Among Employees?

  • Simulated phishing attacks are mock versions of real phishing attempts aimed at educating and training employees on how to recognize and respond to such threats.
  • They provide employees with practical experience in identifying malicious emails and suspicious links, enhancing their ability to detect future attacks.
  • Simulated phishing campaigns not only raise awareness about phishing but also reinforce cybersecurity best practices like verifying sender details and being cautious with attachments.
  • By identifying knowledge gaps and vulnerabilities through simulations, organizations can tailor training programs to address specific weaknesses within the workforce.
  • The ultimate goal of simulated phishing is to reduce the risk of real cyberattacks by equipping employees with the skills to defend against such threats effectively.
  • Regular simulated phishing campaigns demonstrate an organization's commitment to cybersecurity and can enhance trust from clients and stakeholders.
  • Feedback from simulated attacks helps organizations refine their training materials and methods, enabling continuous improvement in security awareness.
  • In conclusion, simulated phishing attacks are vital for fostering a security-aware culture, mitigating cyber risks, and ensuring employees remain vigilant against evolving threats.

Read Full Article

like

14 Likes

share

3 Shares

Prev

10
11
12
13
14
15
16
17
18
19
20

Next

For uninterrupted reading, download the app