A naukri.com initiative
Cyber Crime News
Siliconangle
4w
82
Image Credit: Siliconangle
Dashlane launches AI-powered Omnix platform to tackle phishing and shadow IT
- Dashlane Inc. has launched Dashlane Omnix, an AI-accelerated credential security platform designed to address AI-powered phishing and shadow IT.
- Dashlane Omnix unifies proactive intelligence, real-time response, and protected access to offer complete credential security across businesses.
- The platform aims to combat the increase in phishing attacks and the rise of unmanaged AI apps driving shadow IT.
- Dashlane Omnix provides intelligent detection of malicious websites and offers proactive credential protection, secure storage, and in-context alerts.
Read Full Article
4 Likes
Securityaffairs
4w
31
Image Credit: Securityaffairs
Crooks exploit the death of Pope Francis
- Crooks exploit the death of Pope Francis, using public curiosity and emotion to launch scams and spread malware.
- Cybercriminals are ready to exploit any event of global interest, it has already happened in the past during events like Queen Elizabeth II’s death or the COVID-19 pandemic.
- Disinformation and fake news spread like wildfire during these events, with cybercriminals using AI-generated images and videos to fuel conspiracy theories and draw clicks and shares.
- To protect oneself, it is advised to keep the browser and OS up to date, use trusted web protection tools, be skeptical of sensational headlines, avoid clicking on suspicious links, and invest in a comprehensive security suite.
Read Full Article
1 Like
Cybersecurity-Insiders
4w
222
How Cybercriminals Are Exploiting Technology to Scam Taxpayers
- AI is being increasingly used by cybercriminals to scam taxpayers, particularly in the domain of tax fraud and IRS scams.
- AI-powered phishing attacks have become more sophisticated, with hyper-realistic emails impersonating the IRS or financial institutions, as well as deepfake voice calls mimicking IRS agents or company executives.
- AI is also being utilized for automated tax fraud and identity theft, generating fraudulent tax returns, creating fake taxpayer profiles, and exploiting the IRS refund system.
- To combat these threats, corporations need a multi-layered defense strategy, including employee training, AI-based fraud detection systems, MFA, strict verification procedures, and dark web monitoring. Individuals should monitor their credit, use authorized tax software, file electronically, and employ the IRS IP PIN for added security.
Read Full Article
13 Likes
Securityaffairs
4w
79
Image Credit: Securityaffairs
Crypto mining campaign targets Docker environments with new evasion technique
- A new malware campaign has been discovered that targets Docker environments to secretly mine cryptocurrency.
- The campaign deploys a malicious node connected to Teneo, a decentralized infrastructure network, to covertly monetize social media bandwidth.
- The malware uses an obfuscated script in the Docker image, which requires multiple iterations to reveal the actual malicious code.
- The attacker's DockerHub profile suggests a pattern of abuse, utilizing alternative methods of generating crypto with a Nexus network client.
Read Full Article
4 Likes
Medium
4w
14
Image Credit: Medium
LLMjacking: How Hackers Are Stealing Your AI Resources
- LLMjacking is a concerning security trend in the world of artificial intelligence.
- It involves hackers hijacking your cloud resources to run their own AI operations at your expense.
- The attack could cost organizations up to $46,000 per day.
- To safeguard against LLMjacking, implement measures such as securing credentials, discovering unauthorized AI applications, patching vulnerabilities, and monitoring abnormal resource usage.
Read Full Article
Like
TechCrunch
4w
48
Image Credit: TechCrunch
Blue Shield of California shared the private health data of millions with Google for years
- Health insurance giant Blue Shield of California has shared patients' private health information with Google since 2021.
- The data sharing stopped in January 2024, but was not discovered until February.
- The shared data includes personal and sensitive health information, insurance details, and patient financial responsibility.
- Blue Shield is notifying 4.7 million affected individuals, making it the largest healthcare-related data breach of 2025 so far.
Read Full Article
2 Likes
Alvinashcraft
4w
22
Dew Drop – April 23, 2025 (#4405)
- Microsoft Build 2025 highlights include .NET and C# teams joining, Windows App SDK 1.8.0 Experimental 1 release, and GitHub Copilot features in Visual Studio 17.14 Preview 3.
- Web & Cloud Development updates cover Azure Container Apps, Blazor PWAs, YARP integration, and GraphQL usage in .NET.
- WinUI, .NET MAUI & XAML content includes using MVVM Toolkit, AI-Powered Air Quality Dashboard, and updates on WPF in .NET 9.0.
- Visual Studio & .NET topics feature Nadaraya-Watson Kernel Regression, ReSharper 2025.1 updates, and leveraging EF Core for date handling.
- AI-related articles discuss multiagent research, GitHub Copilot models, and Azure AI agents integration.
- Design, Methodology & Testing articles encompass Azure Boards updates, CI/CD security best practices, and bug report writing tips.
- Mobile, IoT & Game Development content covers Firebase Cloud Messaging on Android and building a home recording studio with Raspberry Pi 500.
- Articles on Database topics include SQL Server procedures, CHOOSE function exploration, and SSMS 21 Preview 6 release.
- SharePoint, M365 & MS Teams updates feature Microsoft Graph API reports and Microsoft 365 Copilot Power User Tips.
- PowerShell & Terminal content includes PowerShell Universal v5.5 updates and Docker x Warp information.
- Miscellaneous articles touch on Windows 11 Insider Preview Builds, DIY email solutions like Notion Mail, and the alarming decline of bees.
Read Full Article
1 Like
Silicon
4w
279
Image Credit: Silicon
The Ransomware Business Model: The State of Cybercrime
- Ransomware has transformed into a professional, corporate-like underground industry with sophisticated operations and financial support.
- Ransomware-as-a-Service (RaaS) platforms have made cybercrime accessible to individuals with limited technical skills by providing ready-made kits.
- The profitability of ransomware is driven by low upfront investment, global scalability, and the potential for substantial returns.
- Groups like LockBit and RansomHub operate from jurisdictions like Russia or North Korea, beyond the reach of Western law enforcement.
- Cryptocurrency plays a crucial role in ransomware payments due to its anonymity, speed, and global accessibility.
- Ransomware attackers have evolved to target strategically, conducting research on victims to set ransom amounts within their ability to pay.
- Smaller and mid-sized businesses are increasingly targeted by ransomware groups due to their vulnerability and lack of robust cybersecurity measures.
- A zero-trust security model with strong identity controls, network segmentation, real-time detection, and privilege management is crucial in combating modern ransomware threats.
- AI is used by both attackers and defenders to enhance their capabilities in crafting attacks, detecting threats, and responding swiftly.
- Effective cybersecurity measures include consistent patching, multi-factor authentication, employee training, and backup resilience.
- Businesses must adopt proactive planning, incident response protocols, and crisis communication strategies to mitigate the impact of ransomware attacks.
Read Full Article
16 Likes
Securityaffairs
4w
306
Image Credit: Securityaffairs
The popular xrpl.js Ripple cryptocurrency library was compromised in a supply chain attack
- The xrpl.js Ripple cryptocurrency library was compromised in a supply chain attack aimed at stealing users’ private keys.
- Threat actors compromised the Ripple cryptocurrency npm JavaScript library xrpl.js to harvest users’ private keys.
- The researchers investigated the supply chain attack and discovered that five xrpl package versions contained malicious code.
- Users of the xrpl.js library are urged to update to versions 4.2.5 or 2.14.3 to mitigate risks from the recent supply chain attack.
Read Full Article
18 Likes
Securityaffairs
4w
337
Image Credit: Securityaffairs
British retailer giant Marks & Spencer (M&S) is managing a cyber incident
- Marks & Spencer (M&S) is managing a cyber incident after multiple customer complaints surfaced.
- M&S has engaged external cyber security experts to assist with investigating and managing the incident.
- Customers reported outages affecting card payments, gift cards, and M&S's Click and Collect service.
- The incident has been reported to relevant data protection authorities and the National Cyber Security Centre.
Read Full Article
20 Likes
Securityaffairs
4w
44
Image Credit: Securityaffairs
Chinese Cybercriminals Released Z-NFC Tool for Payment Fraud
- Chinese cybercriminals have released a tool called Z-NFC for conducting payment fraud using NFC technology.
- Multiple Chinese cybercriminal groups have been targeting Google and Apple Wallet customers, abusing contactless payments and NFC technology.
- The Z-NFC tool is being sold on Telegram and facilitates fraudulent transactions using Android-based phones and mobile wallets.
- Cybercriminals exploit the lack of Cardholder Verification Method (CVM) for low-value contactless payments, enabling multiple small transactions with compromised cards.
Read Full Article
2 Likes
Cybersecurity-Insiders
4w
395
Mark & Spencer hit by Cyber Attack on Easter
- British retail giant Mark and Spencer (M&S) confirmed a cyberattack on its contactless payment terminals in over 1,400 UK stores.
- Physical stores and online sales platforms were unaffected, but disruptions in cardless payment processing were reported.
- It is unclear if sensitive data was compromised or if ransomware was involved.
- Experts suggest adopting automated threat detection systems and conducting regular penetration testing to mitigate the risk of cyberattacks.
Read Full Article
23 Likes
Securityaffairs
4w
440
Image Credit: Securityaffairs
Millions of SK Telecom customers are potentially at risk following USIM data compromise
- SK Telecom, South Korea's largest wireless telecom company, reported that threat actors accessed customer Universal Subscriber Identity Module (USIM) info through a malware attack.
- The company detected the infection on April 19, 2025, and promptly reported it to the Korea Internet & Security Agency (KISA), sanitized the impacted systems, and isolated the suspected hacking device.
- No cases of misuse of the information have been confirmed to date, but SK Telecom has enhanced defensive measures, blocked illegal SIM card changes, and abnormal authentication attempts.
- The company is offering impacted customers a free subscription to the 'SIM protection service' as an additional security measure.
Read Full Article
26 Likes
Unite
4w
36
Image Credit: Unite
Next-Gen Phishing: The Rise of AI Vishing Scams
- AI vishing, an evolution of voice phishing, utilizes AI technologies like voice cloning and deepfakes to impersonate trusted individuals in scams.
- Attacks using AI vishing have grown more frequent and sophisticated, targeting vulnerable individuals and businesses with automated phone calls.
- High-profile AI vishing incidents include scammers using AI to impersonate figures like the Italian Defense Minister and targeting hotels and travel firms.
- In one case, scammers used AI to mimic the voices of family members, resulting in a significant financial loss for elderly victims.
- AI Vishing-as-a-Service (VaaS) has facilitated the growth of AI vishing by offering subscription models for launching large-scale attacks with lifelike voices.
- Providers like PlugValley offer advanced vishing bots that mimic human speech patterns and assist cybercriminals in stealing sensitive information.
- Protecting against AI vishing requires proactive measures such as employee training, fraud detection systems, and real-time threat intelligence.
- Individuals should be cautious of unsolicited calls, verify caller identities, limit sharing personal information, educate themselves and others, and report suspicious calls to authorities.
- As AI vishing continues to evolve, organizations need to anticipate and prepare for increasing volumes and improved execution of these attacks.
- A comprehensive security strategy combining technology defenses with informed and vigilant employees is crucial for mitigating the risks associated with AI vishing scams.
Read Full Article
2 Likes
TechCrunch
4w
481
Image Credit: TechCrunch
Marks & Spencer confirms cybersecurity incident amid ongoing disruption
- Marks & Spencer confirms cybersecurity incident amid ongoing disruption.
- Marks & Spencer has been managing a cyber incident and making operational changes to protect customers and the business.
- The company's stores remain open and its website and app are operating normally.
- External cybersecurity experts have been engaged to investigate the incident, and data protection authorities have been notified.
Read Full Article
24 Likes
For uninterrupted reading, download the app