menu
techminis

A naukri.com initiative

New

google-web-stories
Home

>

Cyber Crime News

Cyber Crime News

source image

Securityaffairs

1M

read

228

img
dot

Image Credit: Securityaffairs

FBI arrested former Disney World employee for hacking computer menus and mislabeling allergy info

  • A former Disney World employee hacked servers after being fired, altering prices, adding profanities, and mislabeling allergy info.
  • The FBI arrested the man last week, falsely declaring some items as allergy-safe could put the lives of visitors at risk.
  • The former Disney employee denied any misconduct when FBI agents searched his home last month.
  • The company had to take its menu creation program offline for over a week, incurring costs of at least $150,000 due to the attacks.

Read Full Article

like

13 Likes

share

3 Shares

source image

Krebsonsecurity

1M

read

406

img
dot

Booking.com Phishers May Leave You With Reservations

  • Phishing attacks on the hotel industry are increasing and centered around the booking.com site. The majority of these attacks appear to stem from phishing attacks launched on unsecured hotel machines that store login details to the site.
  • According to statista.com, booking.com is the most searched travel site, receiving 550 million visits in September alone.
  • A recent spear-phishing campaign was launched on booking.com after a California hotel had its credentials stolen.
  • The phishing messages often reference actual booking details, making them appear much more convincing for the receiver.
  • In response to the spear-phishing campaign, booking.com has introduced two-factor authentication. However, it is unclear whether this is mandatory for all as the company still advises users to activate it on their own accounts.
  • Cybercriminal services have emerged to provide phishing campaigns targeting hotels and other booking.com partners. This includes stealing login details and fraudulent listings on the site.
  • Intel 471 reported that there is high demand for compromised booking.com accounts belonging to hotels and other partners on numerous cybercrime forums.
  • Some hackers have used compromised booking.com accounts to promote their own travel agencies amongst other scammers. They have provided amazing discounts for hotel reservation through bulk bookings.
  • The solution for this would be to have better security protocols and both consumers and businesses should be cautious of emails that appear to be from booking.com.
  • There needs to be an awareness of the impact of phishing and to consider the amount of data that is available to cybercriminals.

Read Full Article

like

24 Likes

share

5 Shares

source image

Securityaffairs

1M

read

59

img
dot

Image Credit: Securityaffairs

LottieFiles confirmed a supply chain attack on Lottie-Player

  • LottieFiles confirmed a supply chain attack on Lottie-Player.
  • Threat actors targeted cryptocurrency wallets to steal funds.
  • The attack involved unauthorized versions of the npm package.
  • LottieFiles is investigating the incident and implementing security measures.

Read Full Article

like

3 Likes

share

Share

source image

Pymnts

1M

read

397

img
dot

Image Credit: Pymnts

Securing the Cyber Perimeter Starts With Safeguarding Corporate Emails

  • Amazon's WorkMail enterprise email service now supports multi-factor authentication (MFA) through integration with Amazon Web Services (AWS) Identity and Access Management (IAM) Identity Center.
  • Multi-factor authentication adds an extra layer of security by requiring users to confirm their identity using two or more authentication factors.
  • While it is surprising that Amazon took eight years to implement MFA in its email business, MFA will still need to be manually configured by administrators for each WorkMail user.
  • MFA helps counteract phishing, business email compromise (BEC), and other cyberattacks targeting email accounts and adds a robust layer of protection to sensitive corporate information.

Read Full Article

like

23 Likes

share

5 Shares

source image

Securityaffairs

1M

read

41

img
dot

Image Credit: Securityaffairs

Threat actor says Interbank refused to pay the ransom after a two-week negotiation

  • Peruvian Interbank confirmed a data breach after threat actors accessed its systems and leaked stolen information online.
  • A threat actor with the moniker 'kzoldyck' claims to have leaked 3.7 TB of company data related to 3 million Interbank customers, including personal information, credit card details, passwords, and API credentials.
  • Interbank has deployed additional security measures to protect client information and assures the security of deposits and financial products.
  • Interbank refused to pay the ransom demanded by the threat actor after a two-week negotiation.

Read Full Article

like

2 Likes

share

Share

source image

Siliconangle

1M

read

338

img
dot

Image Credit: Siliconangle

Phish ’n’ Ships: Human Security warns of fake shops exploiting payment platforms and SEO

  • A report from Human Security Inc. warns of a large-scale phishing scheme called 'Phish 'n' Ships.'
  • The scheme leverages fake online shops and compromised search engine ranks to defraud consumers.
  • Attackers infect legitimate websites to create and rank fake product listings, redirecting unsuspecting consumers to counterfeit stores.
  • Payment information is collected, but the products never arrive, costing victims millions of dollars.

Read Full Article

like

20 Likes

share

4 Shares

source image

Securelist

1M

read

438

img
dot

Image Credit: Securelist

Loose-lipped neural networks and lazy scammers

  • Loose-lipped neural networks (LLMs) enable automated writing that mimics human speech, which is useful to scammers who develop fake websites, sometimes to coincide with events such as Black Friday.
  • These sites use LLMs to create unique and high-quality content that is hard to detect and analyse, often mimicking companies in dynamic industries, such as cryptocurrency.
  • An LLM-generated message is detectable, however, by first-person apologies or refusals to follow instructions. Weaknesses in LLM applications can also leave tells, artifacts or indicators, that enable investigators to track fraudsters.
  • Artifacts of this kind not only expose the use of LLMs to create scam web pages, but allow us to estimate both the campaign duration and the approximate time of content creation.
  • LLMs can be used not only to generate text blocks, but entire web pages.
  • LLM-generated text can go hand-in-hand with various techniques that hinder rule-based detection.
  • As large language models improve, their strengths and weaknesses, as well as the tasks they do well or poorly, are becoming better understood. Threat actors are exploring applications of this technology in a range of automation scenarios.
  • Peering into the future, we can assume that LLM-generated content will become increasingly difficult to distinguish from human-written.
  • The task of automatically identifying LLM-generated text is extremely complex, especially as regards generic content like marketing materials, which are similar to what we saw in the examples.
  • To better protect yourself against phishing, be it hand-made or machine-generated, it’s best to use modern security solutions that combine analysis of text information, metadata and other attributes to protect against fraud.

Read Full Article

like

26 Likes

share

6 Shares

source image

Silicon

1M

read

246

img
dot

Image Credit: Silicon

Russia Carrying Out Targeted Attacks In UK, Microsoft Warns

  • Microsoft and Amazon Web Services (AWS) have warned of targeted attacks by a Russian-backed group impersonating staff of the two companies.
  • The group, tracked by Microsoft as Midnight Blizzard and by AWS as APT29, is known for carrying out hacks on organisations and individuals to gather intelligence on behalf of Russia’s Foreign Intelligence Service (SVR).
  • The group has been sending out “highly targeted spear-phishing emails” to individuals in government, academia, defence, non-governmental organisations, and other sectors since 22 October, Microsoft said in an advisory.
  • The emails appear to be sent from addresses gathered during previous compromises in order to appear more authentic, Microsoft said.

Read Full Article

like

14 Likes

share

3 Shares

source image

Securityaffairs

1M

read

425

img
dot

Image Credit: Securityaffairs

New version of Android malware FakeCall redirects bank calls to scammers

  • The latest FakeCall malware version for Android intercepts outgoing bank calls, redirecting them to attackers to steal sensitive info and bank funds.
  • FakeCall is a banking trojan that impersonates banks in fraudulent calls to obtain sensitive information from victims.
  • The new version of FakeCall sets itself as the default call handler, allowing it to control all outgoing calls and redirect them to scammers.
  • The malware mimics the legitimate Android call interface, displaying the real bank's phone number to deceive users and gain unauthorized access to financial accounts.

Read Full Article

like

25 Likes

share

5 Shares

source image

Hackernoon

1M

read

265

img
dot

Image Credit: Hackernoon

ATPC Cyber Forum To Focus On Next Generation Cybersecurity And Artificial Intelligence Issues

  • The American Transaction Processors Coalition (ATPC) Cyber Council will convene “The Tie that Binds: A 21st Century Cybersecurity Dialogue,” on October 31, 2024, at the Bank of America Financial Center Tower’s Convention Hall in Atlanta.
  • The forum will include discussions on evolving technologies that will influence the path forward, the role of AI, supply chain security needs, and more.
  • Key speakers include The Honorable Harry Coker, Jr., White House National Cyber Director, and Barry McCarthy, CEO of Deluxe and Chair of the ATPC Board of Directors.
  • The event will also feature panel discussions on AI in financial services and cyber education.
  • The ATPC Cyber Council is a unique group made up of only CISOs, CSOs, CIOs and CTOs who are on the front lines every day dealing with the operational impacts of cybersecurity.
  • The forum will conclude with a fireside chat focused on 'A Look to the Future: 2025: Top Cybersecurity and Critical Technology Priorities for the ATPC Cyber Council.'
  • The ATPC is a leading voice for America’s payments processors, consisting of the world’s largest, global payment processors, banks, credit card companies and financial services companies.
  • The ATPC Cyber Council’s mission is to identify best practices and areas of shared risk to help ATPC members address the evolving cyber threat across America’s payments processing system.
  • The Cyber Council was established to galvanize the efforts of the ATPC member companies in addressing cybersecurity risks.
  • The event will focus on pressing cybersecurity issues in the financial services sector and ways in which the sector is addressing these issues.

Read Full Article

like

15 Likes

share

3 Shares

source image

Cybersecurity-Insiders

1M

read

452

img
dot

Image Credit: Cybersecurity-Insiders

Disastrous cyberattacks show organisations need to be more proactive in defence, says Oxylabs

  • Organisations need to be more proactive in defence against cyberattacks, according to Oxylabs.
  • Threat intelligence and proactive measures can help identify and isolate cyber threats before they cause harm.
  • Threat hunting teams consisting of professionals with specific knowledge and skills are essential for effective proactive defence.
  • Advancing AI capabilities are changing how businesses approach and combat cyber risks.

Read Full Article

like

27 Likes

share

6 Shares

source image

Cybersecurity-Insiders

1M

read

86

img
dot

Image Credit: Cybersecurity-Insiders

Cyber Expert Points SMB Leaders to Patching as Important Tool for Avoiding Attacks

  • Small to mid-sized businesses (SMBs) struggling with unprecedented security challenges amid the surge in ransomware attacks.
  • SMBs are prime targets for repeated attacks, due to minimally managed IT systems and limited security budgets.
  • Small business owners need to prioritize cybersecurity as a fundamental component of their overall business strategy.
  • Investing in modern cybersecurity solutions and regular software updates significantly enhance SMBs defenses against cyberthreats.
  • Fighting automation with automation is crucial where the speed of response is paramount to minimize human error.
  • Automated patch management systems streamline the identification, testing, and deployment of patches across an IT infrastructure.
  • Outsourcing key IT systems can greatly reduce the stress a business owner can feel in attempting to secure everything in house.
  • Consistent patch management is an essential tool that allows system patches to be placed on autopilot and achieve patching consistently throughout the ecosystem.
  • Business owners can flip the script and encourage responsible internet practices, enforce password security and adopt multi-factor authentication or VPN tools.
  • Developing robust and proactive strategies can significantly enhance SMB's security posture and instill confidence in both employees and owners.

Read Full Article

like

5 Likes

share

1 Share

source image

Cybersecurity-Insiders

1M

read

32

img
dot

Image Credit: Cybersecurity-Insiders

US Elections 2024 are super prone to cyber attacks

  • With only a week remaining until the 2024 U.S. elections, concerns arise about potential cyber attacks.
  • Potential threats include DDoS attacks, misinformation campaigns, and manipulation of election procedures.
  • While the overall threat level is considered low, experts warn against underestimating the risk of interference.
  • Ensuring a fair and transparent electoral process is crucial for democracy.

Read Full Article

like

1 Like

share

Share

source image

Securityaffairs

1M

read

128

img
dot

Image Credit: Securityaffairs

International law enforcement operation dismantled RedLine and Meta infostealers

  • A global law enforcement operation disrupted RedLine and Meta infostealers, seizing their infrastructure and making arrests.
  • RedLine and Meta targeted millions of victims worldwide, making it one of the largest malware platforms globally.
  • Authorities from the Netherlands, the United States, Belgium, Portugal, the United Kingdom, and Australia participated in the operation.
  • Law enforcement agencies seized servers, domains, and made arrests, aiming to shut down the criminal activities of RedLine and Meta.

Read Full Article

like

7 Likes

share

1 Share

source image

Infoblox

1M

read

388

img
dot

Image Credit: Infoblox

CISO Spotlight: Ed Hunter on Security, AI and Industry Trends

  • Infoblox CISO Ed Hunter shares his thoughts on cybersecurity, industry trends and the future of security.
  • The CISO is responsible for leading the Information Security program at Infoblox.
  • Hunter's experience ranges across industries, ranging from cybersecurity, space and defense and manufacturing.
  • Defense-in-depth involves layering multiple security technologies while platformization focuses on integrating security tools into a unified platform.
  • Hunter's approach to evaluating the security stack is to continuously review and assess its effectiveness, identify gaps and update policies and procedures as necessary.
  • Infoblox uses its own products, including DNS, DHCP and IPAM solutions, to ensure high standards and gain firsthand experience.
  • Hunter highlights the cybersecurity awareness program for new hires, monthly phishing campaigns and internal TAD Talks on research projects, security incidents.
  • Infoblox is embracing the use of AI and generative AI tools to improve productivity and efficiency.
  • Developing and disseminating an AI Policy, directions on correct AI use and compliance checks are necessary to safely enable employees to use AI.
  • The cybersecurity community can read Renee Barton and team's research and take advantage of Infoblox's security workshops on how threat actors are using DNS.

Read Full Article

like

23 Likes

share

5 Shares

Prev

10
11
12
13
14
15
16
17
18
19
20

Next

For uninterrupted reading, download the app