Cyber Crime News, Latest Updates and Recent Announcements on Techminis

A naukri.com initiative

New

Home

Cyber Crime News

Cybersecurity-Insiders

Image Credit: Cybersecurity-Insiders

Details on Home Office Apple iCloud access and FBI message scam alert

The UK Home Office has requested access to Apple iCloud accounts in order to obtain intelligence on individuals involved in criminal activities.
Apple has firmly rejected the Home Office's request, reaffirming its commitment to user privacy and refusal to compromise the security of iCloud accounts.
The FBI has issued a warning about a phishing scam targeting toll payment recipients, urging the public to be cautious of unsolicited messages and avoid clicking on suspicious links.
Residents across the US are advised to remain vigilant and employ updated security measures to protect against online threats.

Read Full Article

3 Likes

Securityaffairs

Image Credit: Securityaffairs

Security Affairs newsletter Round 510 by Pierluigi Paganini – INTERNATIONAL EDITION

PlayStation Network has been experiencing an outage for over 24 hours.
Kimsuky APT group used custom RDP Wrapper version and forceCopy stealer.
Russian intelligence is recruiting Ukrainians for terror attacks using messaging apps.
Hospital Sisters Health System was impacted, affecting 882,782 individuals.

Read Full Article

Dev

Image Credit: Dev

How to protect yourself against cyber threats

Understanding Cyber Threats: Cybersecurity threats such as malware, phishing, Man-in-the-Middle attacks, software vulnerability exploits, and social engineering attacks put personal, financial, and corporate data at risk.
Implementing Technical Security Measures: Adopting technical measures such as using reliable antivirus and firewall, regularly updating software and operating systems, and using a virtual private network (VPN) can reduce the risk of cyberattacks and protect sensitive data.
Creating Strong Passwords: Creating and managing strong passwords, using passphrases and complex combinations, and avoiding password reuse across multiple accounts can enhance online account protection. Enabling two-factor authentication (2FA) adds an extra layer of security.
Prevention is Key: Understanding cyber threats, implementing technical security measures, and practicing secure online habits are vital for protecting against cyber threats. Taking proactive measures is crucial to reducing the risk of falling victim to these threats.

Read Full Article

2 Likes

Securityaffairs

315

Image Credit: Securityaffairs

Hospital Sisters Health System impacted 882,782 individuals

The cyberattack on Hospital Sisters Health System in 2023 compromised the personal information of 883,000 individuals.
The attack caused a disruption in internal systems, applications, communications, online payments, and the HSHS website.
The unauthorized access occurred between August 16 and 27, 2023, and various personal information was exposed.
HSHS is providing free identity theft protection and credit monitoring to affected individuals.

Read Full Article

18 Likes

Discover more

TechCrunch

337

Image Credit: TechCrunch

The biggest breach of US government data is under way

A group of young, private-sector staffers working for Elon Musk's Department of Government Efficiency (DOGE) have gained access to top federal departments and sensitive government data, including personal information about millions of Americans and payment systems handling trillions of dollars.
DOGE's takeover of federal government is the widest-known compromise of federal government-held data by a private group of individuals.
It is uncertain what level of security clearance the DOGE staff have and whether their interim security clearance gives them the authority to demand access to restricted federal systems.
Critics have expressed concerns about DOGE's cybersecurity practices, and the legality of their activities.
DOGE staffers are reportedly feeding sensitive data from at least one government department into AI software with little transparency, leaving open questions around whether cybersecurity and privacy practices are being followed.
Opponents, including some Republicans, have voiced concerns for national security, with particular emphasis on Musk’s operations in China.
Accessing government networks and mishandling personal information can compromise devices on the federal network and allow the theft of sensitive government information across the US and abroad.
The cybersecurity consequences of DOGE’s ongoing access to federal departments and datasets may not be known for some time.
Allied nations may not want to share intelligence with the US government if they think the information could leak or spill.
It is unclear whether DOGE staff is following procedures to keep sensitive data on Americans from being accessed by other people, or if any other steps are being taken to protect the data.

Read Full Article

20 Likes

Secureerpinc

397

Image Credit: Secureerpinc

Fresh Insights Into Google Chrome Extension Attack

The recent Google Chrome Extension attack against Cyberhaven highlights the ongoing threat of phishing scams.
Phishing attacks involve hackers sending fraudulent communications, often through emails, to trick individuals into sharing sensitive data or installing malware.
In this case, the attackers used a fake email from Google to breach the Chrome Web Store and distribute a malicious Chrome Extension.
The attack affected 2.6 million users and serves as a reminder for businesses to be vigilant against phishing attempts and promptly remove any suspicious extensions.

Read Full Article

23 Likes

TechCrunch

Image Credit: TechCrunch

HPE begins notifying data breach victims after Russian government hack

Hewlett Packard Enterprise (HPE) has begun notifying victims of a data breach caused by Russian government hackers.
Over a dozen individuals have been informed about the breach, in which personal information including Social Security numbers, driver’s license information, and credit card numbers were stolen.
The breach, announced by HPE in January 2024, involved a cyberattack on HPE's email systems and SharePoint environments hosted by Microsoft.
The hacking group responsible, called Midnight Blizzard (also known as APT29) and linked to Russia's SVR, has previously been involved in high-profile attacks, including the SolarWinds espionage campaign.

Read Full Article

5 Likes

TechCrunch

Image Credit: TechCrunch

Coalition of US states to file lawsuit after Musk’s DOGE gains access to Americans’ personal data

A coalition of over a dozen U.S. states plans to file a lawsuit to block Elon Musk's team from accessing federal government payment systems with personal data on Americans.
The coalition of states, including California, Connecticut, Maine, Maryland, and New York, will file the lawsuit to defend privacy rights and essential funding.
Elon Musk's team gained access to top U.S. government departments and datasets, including personal information of millions of Americans who receive Social Security checks and tax returns.
Musk's access to sensitive federal data is seen as a risk to national security, and the lawsuit seeks relief from this access.

Read Full Article

2 Likes

TechCrunch

452

Image Credit: TechCrunch

PowerSchool data breach affected 16,000 students in the UK

PowerSchool confirms data breach affecting 16,000 students in the United Kingdom.
Hackers accessed personal and sensitive data after breaching PowerSchool's customer support portal.
Stolen data includes contact information, dates of birth, limited medical data, and other related information.
PowerSchool has not filed a data breach report to the U.K.'s Information Commissioner's Office.

Read Full Article

27 Likes

Digitaltrends

Image Credit: Digitaltrends

Your Netgear router might be an open door for hackers

Netgear has released a security advisory addressing two critical vulnerabilities affecting Nighthawk Pro Gaming routers and certain Wi-Fi 6 access points.
The first vulnerability is a Remote Code Execution (RCE) flaw that allows attackers to execute arbitrary code on affected devices remotely.
The second vulnerability is an authentication bypass flaw, enabling attackers to gain unauthorized access to the device's management interface.
Netgear has recommended users to update their device's firmware to mitigate risks and has provided detailed instructions for doing so on their official support page.

Read Full Article

1 Like

Silicon

Image Credit: Silicon

Former ASML Employee Accused Of Contact With Russian Intelligence

Dutch prosecutors have added more charges against a Russian national arrested in December in the Netherlands for alleged industrial espionage.
German Aksenov, a former employee of ASML and NXP, is accused of stealing and selling corporate secrets to a Russian buyer who had contact with Russia’s FSB intelligence service.
ASML, a chip equipment maker, has experienced previous instances of intellectual property (IP) theft.
Prosecutors dropped money laundering and corruption charges, focusing the case on corporate theft and sanctions violations.

Read Full Article

2 Likes

Securityaffairs

425

Image Credit: Securityaffairs

Notorious hacker behind 40+ cyberattacks on strategic organizations arrested

Spanish Police arrested an unnamed hacker who allegedly breached tens of government institutions in Spain and the US.
The hacker targeted organizations such as the U.S. Army, United Nations, NATO, and multiple Spanish government agencies.
The suspect was responsible for data breaches, illegal access to computer systems, computer damage, and money laundering.
The hacker used anonymous messaging and browsing tools to hide his identity and operated through a complex network.

Read Full Article

25 Likes

Securityaffairs

164

Image Credit: Securityaffairs

Lazarus APT targets crypto wallets using cross-platform JavaScript stealer

The North Korea-linked APT group Lazarus is using a cross-platform JavaScript stealer to target crypto wallets in a new hacking campaign.
Scammers are using fake LinkedIn job offers in the cryptocurrency and travel sectors to deliver the JavaScript stealer.
The attackers request personal data and share a fake project repository containing hidden malicious code.
The final payload is a cross-platform stealer that targets popular cryptocurrency wallets and steals browser data and login credentials.

Read Full Article

9 Likes

Secureerpinc

324

Two-Step Phishing Campaign Exploits Microsoft Tools

A new two-step phishing campaign is exploiting Microsoft tools to deceive businesses.
Instead of directly delivering malware, attackers trick users into visiting fake Microsoft 365 login pages and steal their credentials.
The phishing scheme uses Microsoft Visio to spread malicious links hidden in files that appear to come from colleagues or clients.
To protect against these attacks, experts recommend investing in advanced threat detection solutions, staying updated on software and backups, educating teams about new threats, and implementing authentication mechanisms.

Read Full Article

19 Likes

Guardian

407

Image Credit: Guardian

Global ransomware payments plunge by a third amid crackdown

Ransomware payments fell by over a third to $813m in 2024 as victims refused to pay and law enforcement took action.
The decline in ransomware payments was attributed to improved international collaboration, law enforcement actions, and a growing refusal by victims to meet attackers' demands.
Despite the decrease in payments, ransomware attacks remain prolific and the downward trend is considered fragile.
The market has seen the impact of coordinated international operations targeting ransomware gangs, leading to a shift in the ransomware ecosystem and the emergence of newcomers focusing on smaller targets.

Read Full Article

24 Likes

For uninterrupted reading, download the app