menu
techminis

A naukri.com initiative

New

google-web-stories
Home

>

Cyber Crime News

Cyber Crime News

source image

Securityaffairs

1M

read

63

img
dot

Image Credit: Securityaffairs

ToxicPanda Android banking trojan targets Europe and LATAM, with a focus on Italy

  • The ToxicPanda Android malware has infected over 1,500 devices, enabling attackers to perform fraudulent banking transactions.
  • ToxicPanda has infected thousands of devices across Italy, Portugal, Spain, and Latin America, targeting 16 banks.
  • The malware uses On-Device Fraud (ODF) techniques to bypass bank security measures and initiate account takeovers.
  • Experts speculate that Chinese-speaking individuals may be behind the malware campaign, indicating a potential shift or expansion in their operational focus.

Read Full Article

like

3 Likes

share

Share

source image

Cybersecurity-Insiders

1M

read

150

img
dot

Image Credit: Cybersecurity-Insiders

Nokia starts investigating source code data breach claims

  • Nokia has initiated an inquiry into IntelBroker's claims of a cyberattack by a hacking group. The sensitive data breach includes source code materials, SSH keys, RSA keys, SMTP credentials, webhooks and Bitbucket credentials.
  • The intel breach happened via a third-party contractor, the firm said. Nokia has suspended all ongoing R&D activities regarding its 5G products as a precautionary measure.
  • Nokia is currently in discussions with Indian telecom partner Vi (Vodafone Idea) on risk assessment and mitigation strategies after the breach, and it remains unknown whether the data has been used to compromise Nokia's product or system.
  • The company has hired a forensic team of experts to track the origins of the hack, and prevent the stolen data from being sold or disseminated on the dark web. BreachForums is reportedly offering the stolen data for sale for $20,000 in cryptocurrency.
  • Simply acquiring the data does not necessarily equate to an immediate attack on Nokia's infrastructure, experts have said. Counterfeit operations would require more than just the stolen source code anyway.
  • The risk of a data breach, however, damaging a company's reputation is high in the tech industry where security incidents can be seen as a noticeable weakness.
  • Companies such as Huawei and ZTE have experienced huge backlash in recent years due to national security and data privacy concerns. To this end, any breach of intellectual property could increase Nokia's market position, particularly if it is perceived as a serious security lapse.
  • As Nokia works to mitigate the breach's effects, focus is on securing its intellectual property and maintaining the trust of its partners and customers. Reputational risks, however, pose considerable challenges.
  • Nokia's effort to address the situation and safeguard its R&D operations will be crucial in deciding how well the company manages the crisis.
  • Nokia's brand carries a legacy that closely associates with its early dominance in the mobile phone industry-a legacy that can work both in its favor and pose challenges when dealing with security and trust issues.

Read Full Article

like

9 Likes

share

2 Shares

source image

Securityintelligence

1M

read

309

img
dot

Image Credit: Securityintelligence

Skills shortage directly tied to financial loss in data breaches

  • The cybersecurity skills gap continues to widen, with severe consequences for organizations worldwide.
  • More than half of breached organizations face severe security staffing shortages, leading to an average of $1.76 million in additional breach costs.
  • Skills in cloud security, threat intelligence analysis, incident response, data analysis, risk management, and compliance expertise are in high demand.
  • Organizations are combatting the skills shortage with strategies such as expanding internal training programs, leveraging AI to augment human capabilities, and focusing on a mix of technical and soft skills.

Read Full Article

like

18 Likes

share

4 Shares

source image

Socprime

1M

read

291

img
dot

Image Credit: Socprime

Stealthy Strela Stealer Detection: Info-Stealing Malware Resurfaces with Enhanced Capabilities to Target Central and Southwestern Europe

  • Security researchers have discovered a stealthy campaign targeting users in Central and Southwestern Europe with a credential stealer called Strela.
  • The malware, deployed via phishing emails, uses obfuscated JavaScript and WebDAV to evade detection.
  • Strela Stealer has enhanced its capabilities over the past two years, enabling it to covertly steal sensitive data from unsuspecting users.
  • Mitigation measures include strict access controls on WebDAV servers and restricted execution of PowerShell and other scripts.

Read Full Article

like

17 Likes

share

4 Shares

source image

Securityaffairs

1M

read

436

img
dot

Image Credit: Securityaffairs

U.S. CISA adds PTZOptics camera bugs to its Known Exploited Vulnerabilities catalog

  • U.S. CISA adds PTZOptics camera bugs to its Known Exploited Vulnerabilities catalog
  • PTZOptics PT30X-SDI/NDI camera vulnerabilities CVE-2024-8956 and CVE-2024-8957 added
  • Threat actors attempting to exploit the zero-day vulnerabilities
  • Vulnerabilities allow attackers to execute arbitrary commands and bypass authentication

Read Full Article

like

26 Likes

share

6 Shares

source image

Securityaffairs

1M

read

345

img
dot

Image Credit: Securityaffairs

Canadian authorities arrested alleged Snowflake hacker

  • Canadian authorities arrested a suspect linked to multiple hacks following a breach of cloud data platform Snowflake earlier this year.
  • The suspect, Alexander 'Connor' Moucka, was arrested on October 30, 2024, on a US provisional arrest warrant.
  • He is accused of being responsible for a series of attacks involving as many as 165 customers of Snowflake Inc.
  • The attacks involved stolen credentials, data theft, extortion attempts, and selling stolen data on criminal forums.

Read Full Article

like

20 Likes

share

4 Shares

source image

Securityaffairs

1M

read

327

img
dot

Image Credit: Securityaffairs

July 2024 ransomware attack on the City of Columbus impacted 500,000 people

  • The July 2024 ransomware attack on the City of Columbus, Ohio, impacted 500,000 individuals.
  • The attack was successfully thwarted, and no systems were encrypted.
  • The Rhysida ransomware gang claimed responsibility for the attack and demanded 30 Bitcoin ($1.9 million) for stolen data.
  • The City of Columbus determined that the attack compromised personal and financial information of the affected individuals.

Read Full Article

like

19 Likes

share

4 Shares

source image

Guardian

1M

read

150

img
dot

Image Credit: Guardian

TfL reopens some Oyster card applications after cyber-attack

  • Transport for London (TfL) reopens applications for some Oyster photocards after a cyber-attack in September.
  • Students, apprentices, and care leavers over 18 can now apply for discount cards, while other groups will have to wait for phased reintroduction.
  • TfL restored data feeds linking Tube service information to third-party apps, but full online services are still being restored.
  • The hack delayed the rollout of contactless payments at national rail stations around London.

Read Full Article

like

9 Likes

share

2 Shares

source image

TechCrunch

1M

read

13

img
dot

Image Credit: TechCrunch

Columbus says ransomware gang stole personal data of 500,000 Ohio residents

  • The City of Columbus, Ohio confirms that hackers stole personal data of 500,000 residents during a ransomware attack.
  • The compromised information includes names, dates of birth, addresses, identification documents, Social Security numbers, and bank account details.
  • Columbus disconnected its network from the internet to thwart the attack and the ransomware gang responsible demanded 30 bitcoins (around $1.9 million) in exchange for the stolen data.
  • Rhysida, the ransomware gang, claims to have uploaded 3.1 terabytes of unsold data stolen from Columbus on the dark web.

Read Full Article

like

Like

share

Share

source image

Securityaffairs

1M

read

136

img
dot

Image Credit: Securityaffairs

Nigerian man Sentenced to 26+ years in real estate phishing scams

  • Nigerian national, Kolade Ojelade, has been sentenced to 26 years in prison in the US for phishing scams.
  • Ojelade compromised the email accounts of real estate businesses to steal millions of dollars.
  • He conducted Business Email Compromise (BEC) attacks by changing wire payment instructions.
  • The actual losses from the scheme were estimated at $12 million, with intended losses exceeding $100 million.

Read Full Article

like

8 Likes

share

1 Share

source image

Cybersafe

1M

read

72

img
dot

Image Credit: Cybersafe

DDoS attacks service provider websites seized by authorities

  • German police shut down DDoS-for-hire platform Dstat.cc and arrested two men accused of operating the site used for launching DDoS attacks.
  • The arrested individuals are accused of managing criminal infrastructure for DDoS attacks and drug trafficking.
  • The online platform 'Flight RCS' was used for selling designer drugs and facilitating DDoS attacks.
  • The operation involved multiple law enforcement agencies in Germany and international cooperation for arrests and seizures.

Read Full Article

like

4 Likes

share

1 Share

source image

Securityaffairs

1M

read

255

img
dot

Image Credit: Securityaffairs

International law enforcement operation shut down DDoS-for-hire platform Dstat.cc

  • German police shut down DDoS-for-hire platform Dstat.cc and arrested two men accused of operating the site used for launching DDoS attacks.
  • The operation was coordinated by the Central Office for Combating Internet Crime (ZIT) along with authorities from France, Greece, Iceland, and the U.S.
  • The suspects are also accused of running the online platform Flight RCS for drug trafficking and are set to appear before a judge.
  • This operation marks a significant action against the underground economy and showcases the strength of international law enforcement in combating digital crime.

Read Full Article

like

15 Likes

share

3 Shares

source image

Cybersecurity-Insiders

1M

read

96

img
dot

Image Credit: Cybersecurity-Insiders

Gmail Security Challenges Amid Rising Phishing Scams

  • Gmail is facing security challenges due to rising phishing scams.
  • Hackers are gaining unauthorized access to users' email addresses and phone numbers.
  • They trick users into sharing security codes, reset account passwords, and engage in data theft.
  • Users are advised to exercise caution, enable two-factor authentication, and avoid suspicious messages.

Read Full Article

like

5 Likes

share

1 Share

source image

Securityaffairs

1M

read

109

img
dot

Image Credit: Securityaffairs

Security Affairs newsletter Round 496 by Pierluigi Paganini – INTERNATIONAL EDITION

  • Chinese threat actors use Quad7 botnet in password-spray attacks
  • FBI arrested former Disney World employee for hacking computer menus and mislabeling allergy info
  • Sophos details five years of China-linked threat actors’ activity targeting network devices worldwide
  • PTZOptics cameras zero-days actively exploited in the wild

Read Full Article

like

6 Likes

share

1 Share

source image

Securityaffairs

1M

read

392

img
dot

Image Credit: Securityaffairs

Chinese threat actors use Quad7 botnet in password-spray attacks

  • Microsoft warns Chinese threat actors are using the Quad7 botnet to carry out password-spray attacks and steal credentials.
  • Quad7 botnet, also known as CovertNetwork-1658, targets SOHO devices and VPN appliances.
  • Chinese threat actors, including Storm-0940, are using credentials obtained from Quad7 botnet through password-spray attacks.
  • Microsoft advises organizations to prioritize credential hygiene and harden cloud identities to defend against password spraying.

Read Full Article

like

23 Likes

share

5 Shares

Prev

10
11
12
13
14
15
16
17
18
19
20

Next

For uninterrupted reading, download the app