menu
techminis

A naukri.com initiative

New

google-web-stories
Home

>

Cyber Crime News

Cyber Crime News

source image

Cybersecurity-Insiders

1M

read

311

img
dot

March Madness: Don’t Let Cyber Scammers Attack Your Bracket Blind Spot

  • Cybersecurity risks tied to major events like March Madness continue to be a critical concern.
  • Common cyber scams during events include phishing, quishing, and vishing.
  • Both individuals and businesses need to employ defensive strategies to combat cyber attacks.
  • Key defensive strategies include thinking before clicking, strengthening digital security, staying updated, using secure connections, and setting smart boundaries.

Read Full Article

like

18 Likes

share

4 Shares

source image

Securityaffairs

1M

read

103

img
dot

Image Credit: Securityaffairs

AkiraBot: AI-Powered spam bot evades CAPTCHA to target 80,000+ websites

  • AkiraBot is a CAPTCHA-evading Python framework that has spammed over 80,000 websites.
  • AkiraBot uses AI-generated messages to target small and medium-sized businesses.
  • The spam framework bypasses CAPTCHA and network detection using rotating attacker-controlled domains and proxies.
  • AkiraBot uses OpenAI's GPT-4o-mini to generate personalized spam messages and evades CAPTCHA services using Selenium WebDriver.

Read Full Article

like

6 Likes

share

1 Share

source image

Kaspersky

1M

read

18

img
dot

Image Credit: Kaspersky

Protecting against attacks in ZIP, RAR, CAB, MSI, ISO and other archives | Kaspersky official blog

  • Archiving programs are commonly used by attackers to deceive users and extract stolen data, requiring cybersecurity attention to archive handling in operating systems and applications.
  • Attackers exploit archiver vulnerabilities to deliver malware, bypass security warnings, and execute malicious files.
  • Flaws in archivers like WinRAR and 7-Zip have been used by attackers to execute malicious actions, highlighting the importance of archive security.
  • Archiver vulnerabilities, like Zip Slip, can lead to server compromises when handling uploaded archives, posing a risk to organizations with web apps allowing archive uploads.
  • Attackers may corrupt archive contents to evade security tools, disguise malware in various file formats, and bypass security measures using legitimate archive features.
  • Social engineering tactics combined with technical tricks are used by attackers to deceive users into interacting with malicious archives without detection.
  • Protective measures like testing security tools, safe extraction setups, and monitoring archive usage on endpoints are recommended to enhance security when handling archives.
  • Blocking dangerous archive formats, restricting disk image mounting, and training employees on safe archive handling practices are crucial steps in protecting against archive-related threats.
  • Inclusion of archivers in vulnerability management programs and regular update maintenance are essential in ensuring archive security.
  • Employee cybersecurity training should also cover awareness of phishing attacks and safe practices when handling various archive formats to prevent security breaches.

Read Full Article

like

1 Like

share

Share

source image

Hackernoon

1M

read

207

img
dot

Image Credit: Hackernoon

Gcore Super Transit Brings Advanced DDoS Protection And Acceleration For Enterprise Security & Speed

  • Gcore has launched Super Transit, a cutting-edge DDoS protection and acceleration feature for enterprise infrastructure.
  • Super Transit is delivered as part of the Gcore DDoS Protection Suite, offering real-time DDoS threat mitigation and global-scale protection.
  • It uses the Gcore global network to intelligently split malicious traffic from legitimate traffic, ensuring uninterrupted user experience during attacks.
  • Gcore Super Transit optimizes performance, ensures consistent high-speed connectivity, and offers cost-effective protection.

Read Full Article

like

12 Likes

share

2 Shares

source image

Securityaffairs

1M

read

266

img
dot

Image Credit: Securityaffairs

National Social Security Fund of Morocco Suffers Data Breach

  • Threat actor 'Jabaroot' claims breach of National Social Security Fund of Morocco, aiming to steal large volumes of sensitive citizen data.
  • The breach is seen as the largest cyber attack in Morocco by the number of victims.
  • The data breach involves personal information of 1,996,026 employees from various enterprises in Morocco.
  • The compromised data includes passport, email, salary, and banking information, posing risks of fraud and identity theft.

Read Full Article

like

16 Likes

share

3 Shares

source image

Securityaffairs

1M

read

438

img
dot

Image Credit: Securityaffairs

The US Treasury’s OCC disclosed an undetected major email breach for over a year

  • The US Treasury’s Office of the Comptroller of the Currency (OCC) disclosed an undetected major email breach for over a year.
  • The breach involved unauthorized access to emails via a compromised admin account.
  • The OCC disabled affected accounts, reviewed email logs, and reported the breach to CISA.
  • The breach exposed sensitive financial data, and the review process is ongoing.

Read Full Article

like

26 Likes

share

6 Shares

source image

Kaspersky

1M

read

361

img
dot

Image Credit: Kaspersky

GetShared phishing | Kaspersky official blog

  • A former colleague received a suspicious email notification from GetShared, a genuine service unknown to him.
  • Scammers are increasingly using GetShared, a free service for sending large files, to conduct phishing attacks.
  • The scam email asks about prices for items listed in the attachment, leveraging a classic phishing trick.
  • To defend against such attacks, it is recommended to train employees to recognize threats and install robust security solutions on all corporate devices.

Read Full Article

like

21 Likes

share

5 Shares

source image

Global Fintech Series

1M

read

104

img
dot

Image Credit: Global Fintech Series

Protecting Private Equity Firms in a Complex Threat Landscape

  • Private equity firms are prime targets for cybercriminals due to valuable client data and complex networks.
  • Navigating cyber risks is crucial for private equity firms to protect investments and reputation.
  • A single cyber breach can have cascading negative effects on a firm's performance and investments.
  • Understanding cyber adversaries and investing in cybersecurity is key for private equity firms.
  • Cybersecurity infrastructure is crucial for enhancing a company's value and preventing breaches.
  • Successful cyberattacks can lead to financial loss, collapsed deals, and reputational damage.
  • Private equity firms are increasingly targeted by cyber incidents during deal closure and acquisitions.
  • Sophisticated cyber threats like BEC attacks pose significant risks to private equity firms.
  • Proactive cybersecurity measures are essential for safeguarding private equity investments and operations.
  • Firms must prioritize cybersecurity across their portfolio companies to mitigate cyber risks throughout the investment cycle.

Read Full Article

like

6 Likes

share

1 Share

source image

Cybersecurity-Insiders

1M

read

389

img
dot

Image Credit: Cybersecurity-Insiders

The Key Differences Between a Data Breach and a Data Leak

  • In the digital world, data breaches and data leaks are major concerns, with distinct differences in implications for businesses and individuals.
  • A data breach involves unauthorized access to sensitive data with malicious intent, leading to legal consequences and potential misuse.
  • Examples of data breaches include hacking, insider misuse, and ransomware attacks holding data hostage.
  • Conversely, a data leak occurs from accidental exposure or poor security practices without malicious intent.
  • Data leaks, such as cloud misconfigurations or email errors, can still result in significant consequences if accessed by unauthorized entities.
  • Key distinctions include intent (malicious for breaches, accidental for leaks), cause, consequences, discovery time, and legal ramifications.
  • Understanding these differences is vital for appropriate response strategies, liability assessment, and prevention measures.
  • For consumers, recognizing the type of incident can help in taking timely actions to safeguard personal information and mitigate risks.
  • Data breaches require immediate investigation, legal notifications, and credit monitoring, while data leaks focus on security improvements.
  • Maintaining robust cybersecurity measures is essential for organizations to protect against data breaches and leaks.

Read Full Article

like

23 Likes

share

5 Shares

source image

Cybersecurity-Insiders

1M

read

284

img
dot

Image Credit: Cybersecurity-Insiders

Hackers breach email systems of OCC to gather intelligence from emails

  • The Office of the Comptroller of the Currency (OCC) has disclosed a serious breach involving its email systems.
  • Unknown hackers gained unauthorized access and potentially stole sensitive information linked to over 160,000 employees of the agency.
  • The breach started in June 2023, with the hackers accessing and exfiltrating over 150,000 possibly confidential emails.
  • In related news, a new regulatory measure restricts data transfers to countries deemed to pose a national security threat, with severe penalties for non-compliance.

Read Full Article

like

17 Likes

share

4 Shares

source image

TechJuice

1M

read

176

img
dot

Image Credit: TechJuice

NCERT Issues Alert Over Phishing Campaign Impersonating PKCERT

  • The National Computer Emergency Response Team (nCERT) has released an urgent advisory warning users about a phishing campaign impersonating PKCERT.
  • The phishing campaign distributes fraudulent emails with malicious content disguised as a security patch.
  • The advisory warns about the consequences of engaging with the fake patch, including malware infections, data breaches, and financial loss.
  • nCERT advises users to remain cautious, verify email sources, and implement preventive measures to protect against such phishing campaigns.

Read Full Article

like

10 Likes

share

2 Shares

source image

Securityaffairs

1M

read

312

img
dot

Image Credit: Securityaffairs

Everest ransomware group’s Tor leak site offline after a defacement

  • The Tor leak site of the Everest ransomware group went offline after being hacked and defaced.
  • The site displayed a message saying 'Don't do crime CRIME IS BAD xoxo from Prague' before going offline.
  • The defacement may be an exit scam, and no threat actor has claimed responsibility.
  • The Everest ransomware group has been active since 2020 and has targeted the healthcare industry in recent years.

Read Full Article

like

18 Likes

share

4 Shares

source image

Cybersecurity-Insiders

1M

read

162

img
dot

Image Credit: Cybersecurity-Insiders

Vishing: The voice scam you need to know about

  • Vishing is a voice scam that is on the rise, involving phone-based phishing attacks.
  • Vishing attacks have increased by 1,265% since the launch of ChatGPT.
  • Scammers use spoofing technology to make calls appear legitimate.
  • To protect yourself, avoid giving out personal information over the phone and use call blockers.

Read Full Article

like

9 Likes

share

2 Shares

source image

Silicon

1M

read

325

img
dot

Image Credit: Silicon

Singapore Banks Hit By Ransomware Data Breach

  • DBS Bank and Bank of China's Singapore branch have reported a data breach after a ransomware attack on Toppan Next Tech, a printing services firm used by both banks.
  • Customer monies and both banks' systems remain secure, with no evidence of unauthorized transactions.
  • Around 8,200 DBS customers and approximately 3,000 Bank of China customers are potentially affected.
  • Compromised data includes names, addresses, and loan account numbers, but does not include login credentials or deposit balances.

Read Full Article

like

19 Likes

share

4 Shares

source image

Cybersecurity-Insiders

1M

read

258

img
dot

Image Credit: Cybersecurity-Insiders

Can a DDoS Cyber Attack Lead to Political Warfare?

  • In the world of digitization, Distributed Denial of Service (DDoS) attacks have emerged as a common form of warfare with potential political implications.
  • DDoS attacks flood a target's online services with massive traffic, often orchestrated by botnets controlled by the attacker.
  • These attacks can range from disrupting websites to targeting critical infrastructure, with broader repercussions when politically motivated.
  • Political actors may use DDoS attacks to silence opposition, disrupt elections, or protest policies, creating chaos and drawing attention to their cause.
  • A single DDoS attack, especially when targeting critical infrastructure, can escalate into political warfare by provoking retaliatory responses between nations.
  • Real-world examples include Estonia in 2007, Georgia in 2008, and the United States during the 2016 presidential election, demonstrating the political impact of DDoS attacks.
  • The rise of cyber warfare blurs the lines between cybercrime, hacktivism, and state-sponsored aggression, leading to complex geopolitical tensions.
  • Nations must develop comprehensive cybersecurity strategies to protect against cyber threats that can disrupt governance and lead to political instability.
  • As cyber conflict becomes intertwined with international relations, the need for appropriate responses to cyberattacks grows, potentially impacting political stability.
  • In this era of digital geopolitics, understanding the political implications of cyber warfare like DDoS attacks is crucial for safeguarding national security and international relations.
  • DDoS attacks have the capacity to initiate political warfare, emphasizing the importance of robust cybersecurity measures in preserving political stability and mitigating cyber threats.

Read Full Article

like

15 Likes

share

3 Shares

Prev

10
11
12
13
14
15
16
17
18
19
20

Next

For uninterrupted reading, download the app