Cyber Crime News, Latest Updates and Recent Announcements on Techminis

A naukri.com initiative

New

Home

Cyber Crime News

Securityaffairs

185

Image Credit: Securityaffairs

Storm-2372 used the device code phishing technique since August 2024

Russia-linked group Storm-2372 has been using device code phishing technique since August 2024.
The group targets governments, NGOs, and various industries through phishing messages posing as Microsoft Teams meeting invitations.
They trick users into logging in with a threat actor-generated device code, allowing them to steal login tokens and gain access to accounts and data.
Microsoft advises organizations to block device code flow, enable MFA, and implement the principle of least privilege to mitigate these attacks.

Read Full Article

11 Likes

Securityaffairs

403

Image Credit: Securityaffairs

Security Affairs newsletter Round 511 by Pierluigi Paganini – INTERNATIONAL EDITION

U.S. CISA adds Apple iOS and iPadOS and Mitel SIP Phones flaws to its Known Exploited Vulnerabilities catalog
Attackers exploit recently disclosed Palo Alto Networks PAN-OS firewalls bug
Valve removed the game PirateFi from the Steam video game platform because it contained malware
Russian cybercriminal Alexander Vinnik is being released from U.S. custody in exchange for Marc Fogel

Read Full Article

24 Likes

Arstechnica

222

Image Credit: Arstechnica

Russian spies use device code phishing to hijack Microsoft accounts

Russian spies have been using a technique called device code phishing to hijack Microsoft 365 accounts.
The technique exploits 'device code flow' in the OAuth standard, which is used for authentication for devices like printers and smart TVs.
Instead of directly authenticating the user, the technique involves displaying a device code and link associated with the user account.
The user enters the code on a different device, which then allows the remote server to log into the account.

Read Full Article

13 Likes

TechJuice

394

Image Credit: TechJuice

Top Cybercrime Official Warns Against Pre-Activated International SIMs in Pakistan

Pre-activated international SIMs in Pakistan are a growing security concern, mainly used by criminals for illegal activities.
UK pre-activated SIM cards are the most commonly misused in Pakistan.
Authorities have arrested 44 individuals and recovered over 8,000 pre-activated SIMs in recent crackdowns.
The ongoing operations against illegal use of these SIMs will continue, while legal usage is not targeted.

Read Full Article

23 Likes

Discover more

Securityaffairs

390

Image Credit: Securityaffairs

Valve removed the game PirateFi from the Steam video game platform because contained a malware

Valve removed the game PirateFi from the Steam video game platform because it contained a Windows malicious code to steal browser cookies and hijack accounts.
Affected users were warned to fully reformat their operating systems to remove the threat.
The game PirateFi was flagged by multiple antivirus as Trojan.Win32.Lazzzy.gen.
It is estimated that over 800 users may have downloaded the game.

Read Full Article

23 Likes

Securityaffairs

145

Image Credit: Securityaffairs

The Rise of Cyber Espionage: UAV and C-UAV Technologies as Targets

Researchers at cybersecurity firm Resecurity detected a rise in cyberattacks targeting UAV and counter-UAV technologies.
Resecurity identified an increase in malicious cyber activity targeting UAV and counter-UAV (C-UAV/C-UAS) technologies, especially during active periods of local conflicts.
Unmanned Aerial Vehicles (UAVs) have become integral to modern military operations, leading to increased focus on counter-UAV (C-UAV) technologies.
Foreign actors show a significant interest in UAV and counter-UAV technologies, and there has been an observed increase in foreign actors involved in science and technology and drone engineering.

Read Full Article

8 Likes

TechDigest

390

AI in the Wrong Hands: How Unregulated Technology Could Fuel Cybercrime

The potential cybersecurity threat posed by AI is often overlooked amidst regulatory discussions and technological advancements.
AI's integration into business operations introduces vulnerabilities that existing security measures may struggle to address.
AI is increasingly used by cyber attackers to automate sophisticated phishing attacks through personalized content.
AI tools enable less experienced individuals to launch cyberattacks, adding to the challenges faced by security teams.
The adoption of AI tools in various industries raises concerns about security, with many organizations noting adversarial advances powered by AI.
Balancing innovation and security is crucial as organizations accelerate the adoption of AI technologies.
Regulation like the EU's AI Act aims to manage high-risk AI systems, but the pace of regulatory implementation may lag behind AI advancements.
AI's capacity to automate and optimize cyberattacks extends beyond phishing to potentially crippling global systems.
Businesses are advised to invest in AI-driven security tools to enhance cybersecurity efforts and prepare for evolving threats.
Continuous training for security teams, incorporating AI threat modeling, and remaining vigilant against AI-powered threats are essential steps for cybersecurity resilience.

Read Full Article

23 Likes

Arstechnica

427

Image Credit: Arstechnica

Financially motivated hackers are helping their espionage counterparts and vice versa

There is a growing collaboration between hacking groups engaged in espionage and those involved in financial cybercrime.
This collaboration helps espionage groups to conceal their activities within financially motivated cyberattacks.
Modern cybercriminals specialize in specific areas and partner with other entities for joint operations.
State-backed groups can purchase malware and resources from cybercriminals to blend in and attract less attention.

Read Full Article

25 Likes

Cybersafe

145

Image Credit: Cybersafe

IoT Data Breach exposes 2.7 B records, including Wi-Fi credentials

A significant security breach has exposed 2.7 billion sensitive user records, including Wi-Fi network credentials.
The breach is linked to Mars Hydro, a China-based grow light manufacturer, and LG-LED SOLUTIONS LIMITED, a California-registered firm.
The exposed database contained Wi-Fi SSIDs, passwords, IP addresses, device IDs, and other details from IoT devices sold globally.
The breach raises concerns about network infiltration, botnet recruitment, and physical threats to crops.

Read Full Article

8 Likes

Securityaffairs

418

Image Credit: Securityaffairs

Sarcoma ransomware gang claims the theft of sensitive data from PCB maker Unimicron

The Sarcoma ransomware group claims to have breached the Taiwanese PCB manufacturer Unimicron and threatens to release the stolen data if no ransom is paid.
Unimicron Technology Corporation is a key supplier in the semiconductor and electronics industries, providing critical components for products such as smartphones and computers.
The company confirmed a ransomware attack on its subsidiary in January 2025 and is currently investigating the breach.
Sarcoma ransomware group has claimed to have stolen 377 GB of SQL files and documents from Unimicron.

Read Full Article

25 Likes

Medium

113

Image Credit: Medium

The Rise of Malicious AI: Are We Prepared?

AI enables attackers to create malware that learns and adapts in real-time, posing a significant threat.
Phishing attacks can be enhanced with AI to craft hyper-personalized content and automate the entire process.
AI is being explored to identify and exploit vulnerabilities missed by traditional scanning tools and create sophisticated botnets.
The democratization of cyber warfare using AI poses a significant threat, highlighting the need for preparation and collaboration.

Read Full Article

6 Likes

Silicon

Image Credit: Silicon

Majority Of Businesses Expect A Cyber Breach In 2025

60% of global organizations expect to experience a significant cyber failure in the next 12 months.
A fundamental shift in approach and mindset is needed to make cyber resilience a vital part of security strategies.
Only 39% of leaders believe cyber resilience is one of their top priorities.
Zscaler's Zero Trust Exchange supports a 'Resilient by Design' approach to cyber resilience.

Read Full Article

4 Likes

Securityaffairs

291

Image Credit: Securityaffairs

Russian cybercriminal Alexander Vinnik is being released from U.S. custody in exchange for Marc Fogel

Russian cybercriminal Alexander Vinnik is being released from U.S. custody in exchange for Marc Fogel, a decision reportedly made by the Trump administration.
Vinnik, a Russian national, pleaded guilty to money laundering charges related to operating the cryptocurrency exchange BTC-e from 2011 to 2017, processing over $9 billion in transactions and serving over a million users globally.
In July 2017, law enforcement shut down BTC-e, which received criminal proceeds from various illegal activities, including computer intrusions, ransomware attacks, and identity theft.
Vinnik was accused of promoting unlawful activities through BTC-e, leading to at least $121 million in losses.
Greek authorities arrested Vinnik in 2017 for laundering billions worth of cryptocurrency through the BTC-e Bitcoin exchange.
French authorities accused Vinnik of hacking, money laundering, extortion, and involvement in organized crime, defrauding more than 100 individuals and businesses globally.
Vinnik denied charges of extortion and money laundering and returned to Greece before extradition to the U.S., where he must forfeit seized money as part of the exchange.
The U.S. also charged Aliaksandr Klimenka, linked to BTC-e, with money laundering conspiracy and operating an unlicensed money services business.
Vinnik's release, negotiated as a gesture by Trump and Putin for peace talks, has sparked disappointment among government officials regarding the potential impact on cybercrime.
The exchange involving Vinnik and Fogel has raised concerns about emboldening cybercriminals and ransomware actors, according to U.S. law enforcement.

Read Full Article

17 Likes

Coinjournal

281

Image Credit: Coinjournal

Jailed BTC-e operator Vinnik released in US-Russia prisoner swap

Jailed BTC-e operator Alexander Vinnik is being released from US custody in a prisoner swap with Russia.
Vinnik, the former operator of the Russian crypto exchange BTC-e, was convicted of money laundering charges.
He is part of a prisoner exchange deal involving US national Marc Fogel, who has been released by Russia.
Vinnik's release comes after his lawyers' unsuccessful attempt to include him in other US-Russia prisoner exchanges.

Read Full Article

16 Likes

Cybersecurity-Insiders

450

Image Credit: Cybersecurity-Insiders

IoT data breach leaks over 2.7 billion records, a repeat of 2019

A significant data breach related to the Internet of Things (IoT) has been uncovered.
The breach is linked to an unprotected database belonging to Mars Hydro and LG LED Solutions.
Hackers may have gained access to 1.7 terabytes of data distributed across 13 folders.
Users of IoT devices are urged to take precautionary steps to protect their personal data.

Read Full Article

27 Likes

For uninterrupted reading, download the app