Cyber Crime News, Latest Updates and Recent Announcements on Techminis

A naukri.com initiative

New

Home

Cyber Crime News

Cybersecurity-Insiders

275

Image Credit: Cybersecurity-Insiders

Satanic Threat Actor demands $100k ransom from Hot Topic

Hot Topic, the popular retailer, is dealing with a data breach situation.
The cybercriminal group 'Satanic' is demanding a $100,000 ransom to delete stolen user data.
The breach occurred through Hot Topic employee credentials, leading to the theft of sensitive information.
Hot Topic has activated its incident response plan and advised affected users to monitor their accounts.

Read Full Article

16 Likes

Tech Story

131

Amazon Data Breach Exposes Employee Contact Information Details and Implications of the MOVEit Vulnerability

Amazon employees’ contact details, including work email addresses and phone numbers, were exposed in a significant data breach impacting over 25 major companies.
This breach traces back to a vulnerability in the widely used file transfer software MOVEit.
The compromised data, dating back to May 2023, includes names, work email addresses, phone numbers, and, in some cases, details about company hierarchies.
Fortunately, social security numbers, financial data, and more sensitive personal information were not part of this leak.
The vulnerability enabled the hacker, who operates under the alias “Nam3L3ss,” to gather and leak data, causing a ripple effect across affected companies.
Amazon’s systems themselves were not directly compromised, but this incident has raised concerns over third-party software security and data protection protocols.
The breach is a reminder of the ever-present risks to corporate data security, and companies must prioritize not only their own security infrastructure but also that of any vendors they rely on.
This incident serves as a wake-up call for businesses to adopt more rigorous cybersecurity measures and ensure that their third-party vendors adhere to strict security standards.
Moving forward, companies need to prioritize third-party risk management, performing routine security audits on external vendors and ensuring that any software they depend on is frequently updated and secure.
This breach serves as a critical reminder for organizations across all sectors to adopt robust cybersecurity protocols, especially when relying on third-party software solutions.

Read Full Article

7 Likes

TechCrunch

388

Image Credit: TechCrunch

Snowflake hackers identified and charged with stealing 50 billion AT&T records

Two hackers, Connor Moucka and John Binns, have been identified and charged with stealing around 50 billion customer call and text records from AT&T.
The stolen records were taken from AT&T's systems hosted on Snowflake, a provider of cloud services for data analysis.
The indictment reveals that the hackers accessed billions of sensitive customer records and successfully extorted at least three victims.
AT&T is one of several companies who had sensitive data stolen from their Snowflake instances, making these Snowflake-related breaches some of the worst cyberattacks of the year.

Read Full Article

23 Likes

Cybersecurity-Insiders

194

Image Credit: Cybersecurity-Insiders

UK Senior Citizens should be cautious with SMS Scams for winter heating pay

Winter Fuel Payments in the UK have seen a significant reduction in recipients, causing concern among senior citizens.
A scam targeting pensioners involves fraudulent SMS messages offering access to Winter Fuel Payments.
The SMS messages contain a link to a fake website where victims are asked to provide personal and financial information.
Authorities advise senior citizens to be cautious, avoid clicking on suspicious links, and report any suspicious messages.

Read Full Article

11 Likes

Discover more

Securityaffairs

126

Image Credit: Securityaffairs

A cyberattack on payment systems blocked cards readers across stores and gas stations in Israel

A cyberattack in Israel disrupted credit card readers across stores and gas stations.
The attack was a DDoS attack that targeted the company responsible for the operations of the devices.
The attack lasted for an hour but was mitigated, and no personal or financial data was compromised.
The attack is believed to be linked to ongoing military operations, and an Iran-linked hacker group claimed responsibility.

Read Full Article

7 Likes

Socprime

153

Image Credit: Socprime

Interlock Ransomware Detection: High-Profile and Double-Extortion Attacks Using a New Ransomware Variant

Adversaries employ new Interlock ransomware in big-game hunting and double-extortion attacks.
Interlock ransomware variant targets organizations globally in various sectors.
Interlock ransomware operators maintain a data leak site and exploit unpatched vulnerabilities.
Interlock ransomware encrypts files and demands ransom under threat of data leakage.

Read Full Article

9 Likes

Siliconangle

384

Image Credit: Siliconangle

SlashNext warns of ‘GoIssue’ phishing tool targeting GitHub users

Phishing protection company SlashNext Inc. warns of a new phishing tool called GoIssue that targets GitHub users.
GoIssue allows attackers to extract email addresses from GitHub profiles and send bulk phishing emails to developers.
The tool's advanced features enable targeted phishing campaigns, increasing the risk of credential theft.
GoIssue is sold for $700 for a customized version, making it accessible to cybercriminals.

Read Full Article

23 Likes

HRKatha

176

Image Credit: HRKatha

Amazon employee data breach exposes contact information

Amazon confirmed a data breach affecting employee information due to a vulnerability in a third-party vendor's system.
The breach exposed work-related contact details such as employee emails, desk phone numbers, and building locations.
Sensitive information like Social Security numbers and financial data remained secure, and Amazon's core systems were unaffected.
This incident highlights the challenges of managing cybersecurity across third-party services and the need for comprehensive security practices within vendor networks.

Read Full Article

10 Likes

Securityaffairs

343

Image Credit: Securityaffairs

Ymir ransomware, a new stealthy ransomware grow in the wild

Kaspersky researchers discovered a new ransomware family called Ymir ransomware.
Ymir ransomware was deployed after breaching systems via PowerShell commands.
The ransomware uses the stream cipher ChaCha20 algorithm to encrypt files.
The attack involved the use of RustyStealer malware as a precursor to weaken defenses.

Read Full Article

20 Likes

Securityaffairs

Image Credit: Securityaffairs

Amazon discloses employee data breach after May 2023 MOVEit attacks

Amazon disclosed a data breach exposing employee data, with information allegedly stolen in the May 2023 MOVEit attacks.
The data breach occurred through a third-party vendor and the exact number of impacted employees was not disclosed.
Over 2.8 million records containing employee data were leaked by a threat actor named Nam3L3ss on BreachForums.
The compromised data includes names, contact information, building locations, and email addresses, but did not include SSNs or financial information.

Read Full Article

4 Likes

TechCrunch

149

Image Credit: TechCrunch

Amazon confirms employee data stolen after hacker claims MOVEit breach

Amazon confirms employee data compromised after a 'security event' at a third-party vendor.
The breach involved employee work contact information, such as work email addresses, desk phone numbers, and building locations.
The third-party vendor does not have access to sensitive data like Social Security numbers or financial information.
A threat actor claims to have stolen data from Amazon and other major organizations during the MOVEit Transfer hack.

Read Full Article

8 Likes

Securityaffairs

190

A new fileless variant of Remcos RAT observed in the wild

Fortinet researchers discovered a new phishing campaign spreading a variant of the commercial malware Remcos RAT.
The phishing messages contain a malicious Excel document disguised as an order file to trick the recipient into opening the document. Upon opening the file, the RCE vulnerability CVE-2017-0199 is exploited.
The HTA file is wrapped in multiple layers using different script languages and encoding methods to evade detection.
The malicious code downloads an encrypted Remcos RAT file from a remote server, executes it as a fileless version directly into memory, allowing attackers to remotely control the infected system.

Read Full Article

11 Likes

TechJuice

Image Credit: TechJuice

PTA Issues Urgent Cybersecurity Alert on Critical Oracle WebLogic Server Vulnerability

The Pakistan Telecommunication Authority (PTA) has issued a critical cybersecurity advisory regarding a vulnerability in Oracle WebLogic Server.
The vulnerability, CVE-2017-3506, allows attackers to execute arbitrary code using specially crafted HTTP queries.
PTA advises organizations to upgrade to the most recent versions of WebLogic Server to protect against the vulnerability.
The advisory emphasizes the importance of implementing multi-factor authentication and network segmentation for enhanced security.

Read Full Article

4 Likes

Tech Radar

303

Image Credit: Tech Radar

Quishing is the QR code scam you need to watch out for

QR code phishing, also known as quishing, is becoming a common threat where fraudulent codes are used to steal financial information.
Banks and regulators have issued warnings about the increasing sophistication of these scams.
In quishing attacks, QR codes are sent as email attachments from seemingly legitimate sources, leading to malicious links.
These attacks have expanded into the real world, with QR codes being placed on parking machines to steal payment information.

Read Full Article

18 Likes

Addicted2Success

298

Image Credit: Addicted2Success

5 Ways Cyber Security Planning Will Help Your Business Succeed

Being online is like leaving your front door open if you don’t have the proper security measures in place.
Cybersecurity planning is all about being strategic in protecting an organization’s digital assets, data, and operations from cyber threats.
With assessing risks, the first order of business is establishing where valuable digital assets are stored and who has access to them.
A solid continuity and disaster recovery (BCDR) plan can help your business operations continue in case of a cyberattack or other disasters.
Cyber insurance is a must-have. It can cover everything from data breaches to business interruptions.
Implementing strong cybersecurity measures can make it easier to build trust with customers and separate businesses from the crowd.
We need to get familiar with cybersecurity laws and make sure we comply with them, or else we face penalties for non-compliance.
Regular audits of cybersecurity plans can help identify any gaps in compliance programs and give the team a chance to make corrections before regulators come knocking.
The right cybersecurity posture can go a long way in building a resilient business.
Consulting with IT experts or other tech gurus can help develop cyber defense plans that fit the business needs to a T.

Read Full Article

17 Likes

For uninterrupted reading, download the app