menu
techminis

A naukri.com initiative

New

google-web-stories
Home

>

Cyber Crime News

Cyber Crime News

source image

Securityaffairs

1M

read

208

img
dot

Image Credit: Securityaffairs

Security Affairs newsletter Round 497 by Pierluigi Paganini – INTERNATIONAL EDITION

  • Mazda Connect flaws allow to hack some Mazda vehicles
  • Veeam Backup & Replication exploit reused in new Frag ransomware attack
  • Texas oilfield supplier Newpark Resources suffered a ransomware attack
  • Palo Alto Networks warns of potential RCE in PAN-OS management interface

Read Full Article

like

12 Likes

share

2 Shares

source image

Bitcoinist

1M

read

262

img
dot

Image Credit: Bitcoinist

Gotcha! Tether Joins Forces With Canadian Authorities To Track Down Stolen Crypto

  • Tether assisted the Ontario Provincial Police in recovering stolen crypto funds worth $10,000 CAD.
  • Tether worked with the Cyber Investigations Team to freeze the USDT in question and return it to the rightful owner.
  • OPP thanked Tether for their assistance and praised the company's commitment to fighting cybercrime.
  • Tether has collaborated with over 195 law enforcement agencies in 48 countries to help combat illicit activities.

Read Full Article

like

15 Likes

share

3 Shares

source image

Securityaffairs

1M

read

199

img
dot

Image Credit: Securityaffairs

Veeam Backup & Replication exploit reused in new Frag ransomware attack

  • A critical flaw, CVE-2024-40711, in Veeam Backup & Replication has been exploited to deploy Frag ransomware.
  • Sophos researchers warned about the exploitation of the vulnerability, which allowed the creation of rogue accounts and malware deployment.
  • Veeam released security updates in September 2024, fixing 18 high and critical severity flaws. The most severe one was the CVE-2024-40711 impacting Veeam Backup & Replication.
  • Threat actors exploited the Veeam vulnerability to spawn net.exe and create a local account named 'point' to deploy ransomware such as Fog and Akira. Sophos recently found instances of Frag ransomware being deployed through the same exploit.

Read Full Article

like

12 Likes

share

2 Shares

source image

Secureerpinc

1M

read

77

img
dot

Image Credit: Secureerpinc

Guarding Against the Growing Threat of Data Poisoning

  • Data poisoning attacks the very heart of artificial intelligence systems by corrupting the dataset used to train machine learning or AI models.
  • Spotting data poisoning attacks requires carefully monitoring the model's accuracy and performance, looking for sudden changes, biased results, or unexpected outcomes.
  • Protecting against data poisoning involves implementing adversarial training, advanced data validation, and continuous monitoring of ML outputs.
  • Addressing the threat of data poisoning also requires educating teams about ML security and encouraging reporting of suspicious outcomes.

Read Full Article

like

4 Likes

share

1 Share

source image

Securityaffairs

1M

read

163

img
dot

Image Credit: Securityaffairs

Texas oilfield supplier Newpark Resources suffered a ransomware attack

  • Texas oilfield supplier Newpark Resources suffered a ransomware attack.
  • The attack disrupted access to information systems and business applications.
  • The company activated its cybersecurity response plan and launched an investigation.
  • Manufacturing and field operations remain largely unaffected.

Read Full Article

like

9 Likes

share

2 Shares

source image

Kaspersky

1M

read

140

img
dot

Image Credit: Kaspersky

Kaspersky uncovers a crypto game created by Lazarus APT | Kaspersky official blog

  • Cybercriminals have launched an attack on crypto gaming enthusiasts by using a zero-day vulnerability in Google Chrome and planting a backdoor on an individual's personal computer via a fake games website.
  • The attack targeted DeTankZone, a game based on an original game DeFiTankLand, with the attackers creating almost identical social media accounts and a boost in followers through a full promotion campaign.
  • The victim was led to believe that they were playing a beta version of the game and were asked to enter their email address and password to log in, giving the attackers complete access to their system.
  • Kaspersky detected the Manuscrypt backdoor and the exploit, and Google later blocked the game's website and released a browser update.
  • The Lazarus APT group has been using various versions of the backdoor since at least 2013 to target large organizations such as banks, IT companies, universities, and government agencies.
  • The group has also used generative AI to launch attacks, and Kaspersky advises internet users to ensure their devices are protected and to keep informed about the latest scams.
  • As the attack demonstrated, seemingly harmless web links can result in cybercriminals taking full control of a user's system, with more sophisticated attacks expected to involve AI in the future.
  • The attackers stole elements of DeFiTankLand's source code and created fake social media accounts for their counterfeit.
  • The fake game was promoted through phishing emails and offers to hundreds of cryptocurrency influencers.
  • Kaspersky discovered the connection elements responsible for the game server, which was non-functional, and replaced the hackers' server with their own to play DeTankZone.

Read Full Article

like

8 Likes

share

1 Share

source image

Arstechnica

1M

read

222

img
dot

Image Credit: Arstechnica

Law enforcement operation takes down 22,000 malicious IP addresses worldwide

  • An international coalition of police agencies conducted an operation named Synergia II to takedown online scams and cybercriminals.
  • The operation resulted in the arrest of 41 people and the takedown of 1,037 servers and other infrastructure.
  • A total of 22,000 IP addresses were identified and targeted during the operation.
  • This collaborative effort between law enforcement agencies and cybersecurity organizations aimed to prevent cybercrime and protect potential victims.

Read Full Article

like

13 Likes

share

3 Shares

source image

Dataprivacyandsecurityinsider

1M

read

0

img
dot

Image Credit: Dataprivacyandsecurityinsider

Precious-Metal Refiner Hit with Data Breach Class Action over 2023 Cyber-Attack

  • Elemetal LLC faces a data breach class action over a 2023 cyber-attack.
  • The breach resulted in the exposure of personal information of approximately 13,000 customers.
  • The lawsuit alleges that Elemetal failed to implement adequate security measures and timely notify customers.
  • The complaint seeks monetary damages, equitable relief, and implementation of a comprehensive data privacy and security program.

Read Full Article

like

Like

share

Share

source image

Schneier

1M

read

399

img
dot

Image Credit: Schneier

Prompt Injection Defenses Against LLM Cyberattacks

  • Researchers propose a defense strategy called Mantis to counter LLM-driven cyberattacks.
  • Mantis exploits LLMs' susceptibility to adversarial inputs to undermine malicious operations.
  • It plants carefully crafted inputs into system responses, disrupting the attacker's operations or compromising their machine.
  • In experiments, Mantis achieved over 95% effectiveness against automated LLM-driven attacks.

Read Full Article

like

24 Likes

share

5 Shares

source image

Secureerpinc

1M

read

208

img
dot

Urgent Action Needed: Tackling the Zero-Day Surge

  • Zero-day surges are a growing threat in cybersecurity.
  • Zero-day attacks exploit vulnerabilities before they can be patched.
  • To protect against zero-day surges, use the right security measures and tools.
  • Regularly update systems for patches and assess third-party vendor vulnerabilities.

Read Full Article

like

12 Likes

share

2 Shares

source image

Securityaffairs

1M

read

395

img
dot

Image Credit: Securityaffairs

Memorial Hospital and Manor suffered a ransomware attack

  • A ransomware attack hit Memorial Hospital and Manor in Bainbridge, Georgia, disrupting access to its Electronic Health Record system.
  • The hospital identified the attack after antivirus software flagged potential risks and launched an internal investigation.
  • Operations were unaffected, but staff had to switch to pen and paper for patient information recording.
  • The Embargo ransomware gang claimed responsibility for the attack, stealing 1.15 terabytes of data.

Read Full Article

like

23 Likes

share

5 Shares

source image

Cybersecurity-Insiders

1M

read

40

img
dot

Image Credit: Cybersecurity-Insiders

Serco Hit by Cyber Attack, Disrupting Prisoner Tracking and Transport Operations

  • Serco, a British multinational, has been hit by a cyber attack, disrupting prisoner tracking and transport operations.
  • The attack affected Serco's ability to monitor prisoners and track prison vans used for inmate transportation.
  • The breach originated from a third-party vendor, Microlise, which was providing software services to Serco.
  • The attack is under investigation, and it is speculated that it may have been carried out by a cybercriminal group with links to Russian intelligence.

Read Full Article

like

2 Likes

share

Share

source image

Silicon

1M

read

281

img
dot

Image Credit: Silicon

Serco Tracking Devices On Prison Vans Disabled After Cyberattack

  • A cyberattack on a third party solutions provider has disabled tracking systems and panic alarms in Serco prisoner vans.
  • Microlise Group, the provider of SaaS-based transport tech solutions to fleet operators, has confirmed that hackers may have accessed its employee data.
  • It appears that the incident may have its beginning on Thursday 31 October 2024, with services being brought back online with some normality by the end the following week.
  • Despite the outage, officials reportedly consider the incident as having no operational impact on the British prisoner escort service.
  • The SERCO staff was informed that vehicle tracking, panic alarms, navigation and notifications related to estimated arrival times were disabled due to the Microlise incident.
  • There is no indication as yet that the hackers specifically targeted Microlise to hit its biggest customer Serco.
  • This attack highlights the risks posed by cyberattacks on a third party supplier.
  • Experts suggest that outsourcing services should not relieve businesses of the responsibility of securing their operations.
  • Organizations need to regularly assess the security posture of their supply chain to safeguard against such vulnerabilities.
  • A coordinated approach to enforce controls across the digital supply chain is important to prevent service disruptions and data breaches.

Read Full Article

like

16 Likes

share

3 Shares

source image

Guardian

1M

read

413

img
dot

Image Credit: Guardian

Banks and social media companies to be fined over scams under new Australian laws touted as ‘strongest in world’

  • Companies could face fines of up to $50m for failing to prevent scams and may be forced to compensate victims under new laws touted as 'strongest in the world' in Australia.
  • Social media companies would be responsible for scams occurring on their platforms for the first time.
  • Designated industries, including telecommunications companies, social media, and banks, would share liability and face fines for non-compliance.
  • Complaints related to scams have increased, and scam victims will have clear pathways to compensation if regulated entities fail to prevent scams.

Read Full Article

like

24 Likes

share

5 Shares

source image

Siliconangle

1M

read

191

img
dot

Image Credit: Siliconangle

Canada arrests suspected hacker over breach of 160+ Snowflake users’ data

  • Canadian authorities have arrested a person suspected to be behind a large-scale hacking campaign that targeted Snowflake Inc. users.
  • Alexander Moucka, the suspect, appeared in court following a request from U.S. authorities.
  • The hacking campaign impacted more than 160 Snowflake customers who failed to refresh login credentials and enable multifactor authentication.
  • Snowflake recently upgraded its platform with new cybersecurity features in response to the hacking campaign.

Read Full Article

like

11 Likes

share

2 Shares

Prev

10
11
12
13
14
15
16
17
18
19
20

Next

For uninterrupted reading, download the app