A naukri.com initiative
Cyber Crime News
Securityaffairs
1M
86
Image Credit: Securityaffairs
SparkCat campaign target crypto wallets using OCR to steal recovery phrases
- A malicious campaign called SparkCat has been discovered, targeting crypto wallets.
- Malware-laced apps were distributed through official stores and were downloaded over 242,000 times from Google Play.
- The malware used OCR technology to scan the victim's gallery for images with recovery phrases to steal access to crypto wallets.
- Localized keywords and apps supporting multiple countries were used in this campaign, targeting Android and iOS users in Europe and Asia.
Read Full Article
5 Likes
TechDigest
1M
45
Image Credit: TechDigest
Cybersecurity expert demonstrates ease of phishing attacks
- A cybersecurity expert demonstrated the simplicity of executing a phishing attack, comparing it to assembling flat-pack furniture.
- The expert showcased the process of purchasing leaked emails, creating a fake website, and stealing credentials.
- Phishing attacks have become more prevalent and effective due to readily available tools and resources, including AI and website cloning.
- To enhance protection against phishing, the expert recommends monitoring for compromised data, using password managers, creating strong passwords, and enabling multi-factor authentication.
Read Full Article
2 Likes
Securityaffairs
1M
109
Image Credit: Securityaffairs
International Civil Aviation Organization (ICAO) and ACAO Breached: Cyberespionage Groups Targeting Aviation Safety Specialists
- The International Civil Aviation Organization (ICAO) is investigating a significant data breach that has raised concerns about the security of its systems and employees data.
- The breach involved approximately 42,000 recruitment application data records from April 2016 to July 2024, affecting 11,929 individuals.
- In a separate incident, the Arab Civil Aviation Organization (ACAO) was also targeted by cyberespionage groups.
- The leaked data included logins, passwords, emails, titles, and communications of aviation safety specialists from various aviation organizations.
Read Full Article
6 Likes
Cybersafe
1M
41
Image Credit: Cybersafe
Russian Cybercriminals exploit 7-Zip flaw to deploy SmokeLoader Malware
- Russian cybercriminals are actively exploiting a recently patched security flaw in the 7-Zip archiver to deploy the SmokeLoader malware.
- The vulnerability (CVE-2025-0411) allows malicious code execution and bypasses Windows' Mark-of-the-Web protections.
- Attackers disguise file extensions using homoglyph techniques, leading to the execution of malicious payloads.
- At least nine Ukrainian government entities, including the Ministry of Justice and City Council, have been affected.
Read Full Article
2 Likes
Cybersecurity-Insiders
1M
370
Image Credit: Cybersecurity-Insiders
Can Smartwatches Be Targeted by Cyber Attacks?
- Smartwatches are vulnerable to various forms of cyber threats.
- Potential risks include data interception and theft, unauthorized access, malware infections, Bluetooth vulnerabilities, and ransomware attacks.
- To protect smartwatches, users should keep software updated, enable strong authentication, be cautious with third-party apps, secure Bluetooth connections, and use reliable security software.
- Remaining vigilant, adopting security practices, and staying informed about emerging threats is crucial for keeping smartwatches secure.
Read Full Article
22 Likes
Securityaffairs
1M
1k
Image Credit: Securityaffairs
Online food ordering and delivery platform GrubHub discloses a data breach
- Online food ordering and delivery platform GrubHub disclosed a data breach that exposed customer and driver information.
- An investigation revealed that attackers compromised an account associated with a third-party support services provider, which was promptly locked out and removed by GrubHub.
- Compromised data included names, emails, phone numbers, partial card info, and hashed passwords from legacy systems. Passwords were reset for affected accounts.
- No passwords associated with Grubhub Marketplace accounts were accessed, but customers are advised to use unique passwords as a precaution.
Read Full Article
23 Likes
Pymnts
1M
105
Image Credit: Pymnts
Grubhub Reports Data Breach Affecting Some Diners, Drivers and Merchants
- Grubhub reports a data breach that affected some diners, drivers, and merchants.
- Unauthorized access to certain user contact information occurred through a third-party contractor.
- Data breach involved names, email addresses, phone numbers, and payment card information.
- Grubhub has taken steps to contain the incident, strengthen security controls, and prevent similar breaches in the future.
Read Full Article
6 Likes
Digitaltrends
1M
77
Image Credit: Digitaltrends
Millions may be eligible for $6,000 in data breach settlement
- Millions of Americans may be eligible for up to $6,000 from a data breach settlement by Arthur J. Gallagher & Co.
- The settlement is the result of a data breach that occurred between June 3 and September 26, 2020.
- Affected individuals must prove monetary damages and file the claim before the deadline of February 10.
- The compensation amount varies based on the number of valid claims and includes credit monitoring and identity theft insurance.
Read Full Article
4 Likes
Securityaffairs
1M
380
Image Credit: Securityaffairs
Coyote Banking Trojan targets Brazilian users, stealing data from 70+ financial apps and websites
- Coyote Banking Trojan targets Brazilian users, stealing data from over 70 financial applications and websites.
- Threat actors use LNK files and PowerShell commands to deploy the Coyote Banking Trojan.
- The Trojan supports keylogging, capturing screenshots, and displaying phishing overlays.
- The malware expands its targets to include 1,030 sites and 73 financial agents, posing a significant threat.
Read Full Article
22 Likes
TechCrunch
1M
216
Image Credit: TechCrunch
Grubhub confirms data breach affecting customers and drivers
- U.S. food delivery giant Grubhub has confirmed a data breach affecting its customers and drivers.
- Hackers accessed personal details after breaching Grubhub's internal systems.
- The breach impacted customer, merchant, and driver data, including names, email addresses, and partial payment card information.
- Bank account details and Social Security numbers were not affected by the breach.
Read Full Article
12 Likes
Securityaffairs
1M
224
Image Credit: Securityaffairs
Google fixed actively exploited kernel zero-day flaw
- The February 2025 Android security updates fixed 48 vulnerabilities, including a kernel zero-day flaw.
- The zero-day flaw, CVE-2024-53104, was actively exploited in the wild for privilege escalation in the Kernel's USB Video Class driver.
- Google released two security patch sets for February 2025: 2025-02-01 and 2025-02-05.
- Another critical vulnerability in Qualcomm's WLAN component, CVE-2024-45569, was also addressed.
Read Full Article
13 Likes
Securityaffairs
1M
201
Image Credit: Securityaffairs
Web Skimmer found on at least 17 websites, including Casio UK
- A web skimmer has been discovered on the Casio UK website, as well as at least 17 other victim sites.
- The skimmer was placed on all pages of the Casio UK website, except the checkout page.
- The skimmer intercepted checkout clicks and displayed a fake payment form to steal users' personal details.
- The skimmer encrypted the stolen data using AES-256-CBC and sent it to a server controlled by the attackers.
Read Full Article
12 Likes
Livebitcoinnews
1M
206
Image Credit: Livebitcoinnews
Cyber Gang Uses Malware to Target Crypto Users in Russia
- Russian cybercriminal group 'Crazy Evil' is targeting cryptocurrency users in phishing scams.
- The group employs social engineering methods to deceive victims and steal digital assets.
- Their operations focus on stealing cryptocurrency, gaming accounts, and payment cards.
- Experts advise using endpoint detection and response solutions to defend against their malware.
Read Full Article
12 Likes
Securityaffairs
1M
137
Image Credit: Securityaffairs
Crazy Evil gang runs over 10 highly specialized social media scams
- The Russian-speaking Crazy Evil group runs over 10 social media scams, tricking victims into installing StealC, AMOS, and Angel Drainer malware.
- The group's subteams target specific victim profiles, using phishing, identity fraud, and malware to steal cryptocurrency.
- Crazy Evil has earned over $5 million through phishing scams since 2021, targeting high-value victims in the cryptocurrency space.
- The group maintains a strong presence on dark web forums, collaborates with other cybercrime gangs, and focuses on targeting the Web3 and decentralized finance sector.
Read Full Article
8 Likes
Pymnts
1M
297
Image Credit: Pymnts
Musk Says His DOGE Is Suspending Payments to Federal Contractors
- Elon Musk's Department of Government Efficiency (DOGE) is suspending payments to federal contractors.
- Musk claims that corruption and waste are being rooted out in real-time.
- The extent of Musk's access to sensitive systems in the U.S. Treasury is unclear.
- Senator Ron Wyden expresses concerns over Musk's access and potential mismanagement of payment systems.
Read Full Article
17 Likes
For uninterrupted reading, download the app