Cyber Crime News, Latest Updates and Recent Announcements on Techminis

A naukri.com initiative

New

Home

Cyber Crime News

Guardian

270

Image Credit: Guardian

Online criminals attacking HSBC ‘all the time’, says head of UK arm

HSBC's UK arm head stated that the bank is constantly under attack by online criminals, making cybersecurity its biggest expense.
The bank has invested hundreds of millions of pounds in defense mechanisms to protect against cyber threats as customers rely heavily on digital technology.
HSBC processes 1,000 payments per second and makes about 8,000 changes to its IT systems weekly to ensure seamless operations for customers.
Barclays' UK CEO mentioned that a recent technical issue was caused by an external software provider and assured customers that steps have been taken to prevent future recurrences.

Read Full Article

16 Likes

Infoblox

306

Image Credit: Infoblox

Cloudy with a Chance of Hijacking Forgotten DNS Records Enable Scam Actor

Hazy Hawk is a DNS-savvy threat actor that hijacks abandoned cloud resources of high-profile organizations, such as S3 buckets and Azure endpoints, to host scams and malware URLs.
The discovery of vulnerable DNS records indicates that Hazy Hawk likely has access to a large passive DNS service, with attacks involving complex DNS misconfigurations.
Hazy Hawk leverages layered defenses and obfuscation techniques, including hijacking subdomains of reputable domains, obfuscating URLs, and using legitimate website content for redirection.
The threat actor, Hazy Hawk, targets various organizations globally and prominent cloud services like Akamai, Amazon EC2, Azure, and Cloudflare CDN for domain hijacking and scam operations.
Hazy Hawk employs push notifications, TDS mechanisms, and URL obfuscation to lure victims into scams, affiliated with other malicious actors and redirecting users through multiple domains.
To prevent Hazy Hawk attacks, organizations are advised to manage DNS records effectively and invest in protective DNS solutions, while educating users to reject unknown website notification requests.
The FBI reports a rise in scams enabled by threat actors like Hazy Hawk, emphasizing the importance of protecting both hijacked domains and end users from malicious activities in the affiliate marketing space.
Hazy Hawk's extensive list of hijacked domains and indicators include reputable entities like universities, government agencies, healthcare companies, media, and corporations, showcasing the scale and impact of their operations.
The post also delves into technical details of DNS hijacking, CNAME records, URL obfuscation, and the use of legitimate website content in disguising malicious activities by Hazy Hawk.
Overall, the article sheds light on the sophisticated tactics employed by Hazy Hawk in exploiting abandoned cloud resources for malicious purposes and emphasizes the need for robust cybersecurity measures to combat such threats.

Read Full Article

18 Likes

Securityaffairs

150

Image Credit: Securityaffairs

UK’s Legal Aid Agency discloses a data breach following April cyber attack

The UK's Legal Aid Agency suffered a cyberattack in April, leading to a data breach where sensitive information of legal aid applicants was stolen.
The cyberattack on the Legal Aid Agency, part of the UK Ministry of Justice, compromised personal data dating back to 2010, including contact details, national ID numbers, and financial information.
The agency worked with authorities like the National Crime Agency and National Cyber Security Centre to investigate the breach and discovered that hackers accessed and downloaded significant amounts of personal data.
In response to the breach, the Legal Aid Agency took down its online service, implemented security measures, and assured continued access to legal support for those in need.

Read Full Article

9 Likes

Bitcoinist

205

Image Credit: Bitcoinist

World’s Largest Crypto Crime Network Collapses After Telegram Crackdown

One of the world’s largest illicit crypto marketplace, Haowang Guarantee, has ceased operations following a major enforcement action by Telegram.
Elliptic confirmed that Haowang processed over $27 billion in transactions, primarily through the USDT stablecoin, making it the largest known illegal crypto market to date.
USDH, a stablecoin issued by the Huione Group, played a crucial role in evading sanctions and enabling high-volume transfers that were difficult to trace through traditional regulatory channels.
Telegram's crackdown extended to other platforms like Xinbi Guarantee, severely disrupting the two largest illicit marketplaces hosted on Telegram, which have processed a combined total of over $35 billion in USDT transactions.

Read Full Article

12 Likes

Discover more

TechDigest

159

Image Credit: TechDigest

M&S boss faces £1m pay cut following cyber attack, Spain hit by phone and internet blackouts

Logistics firm Peter Green Chilled, a distributor to UK's major supermarkets, is being held to ransom by cyber hackers, impacting deliveries and potentially leading to wastage of products.
M&S CEO Stuart Machin faces a £1.1m pay reduction due to a cyber attack that caused a 14% drop in the company's share price, affecting his performance share plan and deferred bonus.
A survey reveals almost half of young people prefer a world without the internet, with 70% feeling worse after social media use and many supporting restrictions on digital access.
Spain experienced phone and internet blackouts after a system upgrade by Telefonica, affecting emergency services, shortly after a recent power outage incident.

Read Full Article

9 Likes

TechJuice

137

Image Credit: TechJuice

Hannibal Stealer Malware uses Military-Grade tactics to Evade Detection

Hannibal Stealer is a new, modular .NET-based information-stealing malware known for its military-grade tactics to evade detection and harvest sensitive information.
The malware leverages multi-layered obfuscation and stealth routines, dynamically downloads Merkle proofs, uses bespoke decryptors, and communicates through Telegram or dedicated C2 servers to steal data like application data, VPN setups, bitcoin accounts, and credentials.
The makers of Hannibal Stealer actively promote it on underground forums, fake customer reviews, and Google Ads campaigns, spending over $10 million on ads to direct victims to malicious landing pages.
The malware's modular architecture incorporates obfuscation techniques to protect its core logic, launch data theft capabilities from browsers and FTP clients, hijack cryptocurrency wallet addresses, target VPN credentials, and exfiltrate data using Telegram or dedicated C2 servers.

Read Full Article

8 Likes

Pymnts

105

Image Credit: Pymnts

Crypto Firms Grapple With Bank-Like Risks, Without the Regulation

Crypto firms are facing bank-like risks without the regulation, leading to concerns about security vulnerabilities and potential breaches.
Recent incidents, such as the breach at Coinbase, highlight the risks associated with centralized crypto platforms holding vast amounts of customer data and assets.
Centralized crypto firms now handle money, identity, and financial services, amplifying the need for robust security measures and regulations.
Exchanges like Coinbase, Binance, and Kraken are at risk of social engineering attacks targeting employees and customer data.
Coinbase projected a cost of up to $400 million due to the recent breach and vowed to reimburse affected customers who sent funds to criminals.
Rapidly growing FinTechs and crypto firms face challenges in scaling their security programs, particularly in regulatory gray areas.
The breach at Coinbase exposed the vulnerability of centralized data storage, highlighting the need for enhanced security protocols.
As crypto firms evolve, they are resembling traditional banks in terms of services offered but lack the same regulatory oversight and security standards.
The concept of concentration of risk looms large as exchanges and custodians centralize critical functions, making them prime targets for cyberattacks.
Security experts emphasize the importance of addressing architectural issues in the crypto market to prevent severe attacks from threatening this growing asset class.

Read Full Article

6 Likes

Medium

251

Image Credit: Medium

What Is Cyberbullying?

Cyberbullying is the act of harassing someone online by sending or posting mean messages, usually anonymously.
It can take different forms such as harsh text messages, rude comments on social media, and anonymous emails, impacting mental, physical, and emotional health.
Cyberbullying is discreet and often goes unnoticed, leading to increased rates of depression, anxiety, and decreased self-worth.
It is crucial to educate children about cyberbullying, help them recognize being a victim or perpetrator, and provide a safe environment for them to seek support.

Read Full Article

15 Likes

Guardian

105

Image Credit: Guardian

How to protect your data after a cyber-attack

Recent cyber-attacks have compromised personal data of legal aid applicants, prompting concerns regarding data security.
Tips for protecting data after a cyber-attack include changing passwords, using unique passwords for each account, and enabling two-factor authentication.
Be cautious of unsolicited emails and messages, especially those referencing recent cyber-attacks to deceive individuals.
Monitoring credit records, being vigilant on social media, and keeping devices updated are essential steps in safeguarding personal information.

Read Full Article

6 Likes

Cybersecurity-Insiders

260

Image Credit: Cybersecurity-Insiders

Criminal records exposed in cyber attack on Ministry of Justice

A recent cyber-attack on the UK’s Ministry of Justice exposed approximately 2.7 million sensitive records, including criminal records.
The attack occurred on April 23 and was publicly disclosed last week, prompting concerns about transparency and security measures.
The breach was caused by a combination of human error and system vulnerabilities, affecting the Legal Aid Agency and compromising personal data including criminal histories and sensitive personal information.
Collaborative efforts between the Ministry of Justice, National Crime Agency, and National Cyber Security Centre have been initiated to investigate the breach, believed to be part of a larger cyber-criminal campaign.

Read Full Article

15 Likes

TechCrunch

137

Image Credit: TechCrunch

Pharma giant Regeneron to buy 23andMe and its customers’ data for $256M

Regeneron is set to acquire genetic testing company 23andMe for $256 million as part of a bankruptcy auction.
Regeneron plans to use 23andMe's genomics service and 15 million customers' data for drug discovery, ensuring privacy and ethical use.
23andMe filed for bankruptcy after a data breach affecting 7 million customers, leading to decreased stock value and the resignation of its CEO.
Regeneron, as the buyer in the auction, aims to uphold privacy policies and laws regarding customer data as the bankruptcy court reviews the acquisition on June 17.

Read Full Article

8 Likes

Silicon

393

Image Credit: Silicon

Coinbase Hit By $400m Crypto Scam

Cryptocurrency trading platform Coinbase faced a $400 million scam where criminals used customers' data to swindle funds.
Attackers obtained personal data on less than 1% of customers by bribing overseas Coinbase staff and contractors.
Rather than paying a $20 million ransom demand, Coinbase set up a reward fund for information leading to the criminals' arrest.
The incident highlights the crypto industry's vulnerability to theft, with Coinbase estimating costs between $179m to $400m for remediation and reimbursements.

Read Full Article

23 Likes

Guardian

173

Image Credit: Guardian

If our destiny is cyber-attacks and empty shelves at the Co-op, here’s what we should do next | Hugh Muir

The Co-op faced empty shelves following a cyber-attack that disrupted its supply systems, signaling a concerning vulnerability in supply chains.
Amid threats of cyber-attacks and uncertain times, governments like Sweden have urged citizens to prepare for emergencies, emphasizing the need for water and non-perishable food.
Prepping for crises is becoming increasingly important, with residents of fire-prone areas like Los Angeles recognizing the value of having a go bag ready.
The UK also provides advice on emergency preparation, recommending essentials like water and ready-to-eat tinned food with a tin opener.
The necessity of emergency preparedness is gaining traction, with Popular Science magazine advocating that everyone should have some level of prepping.
The variety of items to include in a go bag can be influenced by cultural preferences, raising questions about what is essential versus a luxury, such as jerk chicken in a tin.
As the Co-op works to restock shelves post-cyber-attack, the importance of being prepared for disruptions in the way of life becomes evident.
The article serves as a reminder of the fragility of modern systems and the need for individuals to be ready for unexpected challenges.
Hugh Muir reflects on the current state of affairs, painting a picture of a potentially troubled world where preparedness can make a crucial difference.
The glimpse into the future offered by the depleted Co-op shelves underscores the significance of proactive readiness in the face of uncertainties.
As the world grapples with various threats, being equipped with essentials like water and non-perishable foods is increasingly being recognized as a prudent approach to safeguarding against potential crises.

Read Full Article

10 Likes

Cybersecurity-Insiders

Image Credit: Cybersecurity-Insiders

Scam Messages and emails increase exponentially after M & S Cyber Attack

A cyberattack on Marks and Spencer compromised personal data of nearly 9.4 million customers, exploiting a vulnerability created by human error.
Hackers accessed sensitive information including order histories, dates of birth, and partial payment card details, but not complete card data.
M&S reassured customers that full payment card details were not accessed due to limited data storage, with potential impact on online ordering.
Increase in scam messages and emails reported by customers following the cyberattack, urging vigilance against potential spam campaigns using stolen information.

Read Full Article

2 Likes

Guardian

114

Image Credit: Guardian

Investors await clues on fallout from M&S cyber-attack

Marks & Spencer is expected to provide more details on the impact of a recent cyber-attack, which forced the retailer to halt online operations and affected some in-store availability.
The financial results for the year up to March 29 will be released this week, with focus on the aftermath of the cyber-attack and its implications on the company's finances, particularly online clothing and home sales.
Analysts estimate the cyber-attack could cost M&S around £200m for the 2025/26 financial year, with potential insurance payouts expected to offset part of this cost.
Investors are keen to learn if M&S will provide financial guidance for the future or increase its shareholder dividend, as the cyber-attack has led to a significant drop in the company's market value.

Read Full Article

6 Likes

For uninterrupted reading, download the app