Cyber Crime News, Latest Updates and Recent Announcements on Techminis

A naukri.com initiative

New

Home

Cyber Crime News

Hackernoon

389

Image Credit: Hackernoon

The HackerNoon Newsletter: 13 Cybercrime Facts That Will Give You Chills (10/26/2024)

Whitney Houston Earns Her First #1 Hit in 1985, Infant Receives Baboon Heart in 1984, The First Continental Congress Adjourns in 1774
13 Cybercrime Facts That Will Give You Chills - Scary cybersecurity facts that haunt businesses and individuals throughout the year
Is Backup Testing Part of Your Security Strategy? - Importance of testing the effectiveness of data backups in the age of ransomware attacks
How to Write Precise Prompts on Google's AI Test Kitchen - A guide to writing effective AI prompts for Google's AI Test Kitchen

Read Full Article

23 Likes

Hackernoon

307

Image Credit: Hackernoon

13 Cybercrime Facts That Will Give You Chills

Ransomware payments bad guys received in 2023 exceeded $1.1 billion, according to Chainalysis data.
One company paid a ransom demand of $75m to the Dark Angels ransomware group in 2024, according to cybersecurity company Zscaler.
More than half of the organisations surveyed by Biocatch shelled out between $5m and $25m in 2023 due to AI-driven threat, with 12% suffering at least $25m in damages.
Older adults thought to have topped $1.9bn in reported fraud losses in 2023, according to US Federal Trade Commission, with unreported costs believed to put the figure at more than $61bn.
The FBI warns that generative AI technologies are increasingly being used for various fraud scams. In particular, generative AI is being used for various cybercrime scams like virtual kidnapping.
Data exfiltration is occurring faster than ever before in almost 45% of the cases, according to Palo Alto.
Unmanaged devices are targeted in 90% of ransomware events, according to the 2024 Microsoft Digital Defense Report.
95% of polled security leaders believe AI-powered security tools will improve their organisations' speed and efficiency when it comes to combating cyber threats, according to Darktrace.
Google is implementing mutual TLS to ensure that user credentials are bound to a device, while the US Secret Service may be granted new powers related to fighting cybercrime.
The number of data breach victims increased by a whopping 1,170% YoY from Q2 2023 to Q2 2024, according to the Identity Theft Resource Center.

Read Full Article

18 Likes

Pymnts

229

Image Credit: Pymnts

Making Sense of Quantum Data Defense in the Payments Space

Firms in security-critical areas like financial services and payments are urged to prioritize cybersecurity.
Transitioning to cutting-edge protocols and investing in new tech and training is essential.
Quantum computing poses a future threat, urging firms to stay ahead in cybersecurity measures.
Securing sensitive financial data and payment networks is crucial to prevent devastating breaches.

Read Full Article

13 Likes

Securityaffairs

302

Image Credit: Securityaffairs

Change Healthcare data breach impacted over 100 million people

The Change Healthcare data breach in February 2024 impacted over 100 million people, making it the largest-ever healthcare data breach in the US.
UnitedHealth Group confirmed that the cyber attack disrupted IT operations of Change Healthcare, affecting more than 100 applications and impacting thousands of pharmacies and healthcare providers.
Compromised data in the breach includes names, addresses, dates of birth, phone numbers, Social Security numbers, medical records, and more.
The Alphv/BlackCat ransomware gang claimed responsibility for the attack, with reports suggesting that UnitedHealth paid a $22 million ransom.

Read Full Article

18 Likes

Discover more

Cybersecurity-Insiders

206

Image Credit: Cybersecurity-Insiders

Australia government looses visa holders sensitive details in cyber attack

A cyber attack targeting the database of ZicroDATA has led to the leak of sensitive information of Australian visa holders.
The compromised data includes full names, phone numbers, dates of birth, driving license details, passport numbers, and medical history.
The breach could have wide-ranging consequences for various agencies, including law enforcement, national security, and immigration.
ZicroDATA reported the data breach in June after the stolen data was found for sale on the dark web.

Read Full Article

12 Likes

Securityintelligence

403

Image Credit: Securityintelligence

Addressing growing concerns about cybersecurity in manufacturing

Manufacturing is increasingly reliant on modern technology, ICS, IoT devices and OT, expanding the cyberattack surface making them vulnerable to cyberattacks.
According to a report, the average total cost of a data breach in the industrial sector reached $5.56 million, showing an 18% increase for the sector.
Ransomware is one of the most prevalent forms of cyberattacks in the manufacturing industry, causing severe financial and reputational damage, supply chain chaos, production delays, and lost revenue.
Intellectual property theft is another major concern for manufacturers. Cyber criminals often target proprietary designs and trade secrets to gain economic or strategic advantages.
Third-party suppliers or partners can lead to supply chain attacks, which can have a cascading effect across the entire production line. This interconnectedness makes the industry particularly susceptible to large-scale attacks.
To mitigate risks, manufacturers should establish strong cybersecurity frameworks that govern all aspects of their operations, conduct regular security audits, implement robust incident response plans, and have a continuous employee training program.
Regularly updating IoT devices and firmware, segmenting and air-gapping networks, investing in advanced threat detection, and having backup and disaster recovery planning are other measures that manufacturers can implement.
Security Information and Event Management (SIEM) systems, such as IBM Security QRadar on Cloud technology, deployed as SaaS, can provide real-time visibility into network activity.
ANDRITZ, a leading industrial plant provider, adopted a comprehensive approach to cybersecurity. In less than six months of deploying Managed Security Services (MSS), they had a new and comprehensive security services solution.
Manufacturers must adopt proactive cybersecurity measures to protect their systems and data, leveraging new technologies securely, while ensuring they mitigate new risks.

Read Full Article

24 Likes

Socprime

362

Image Credit: Socprime

UAC-0218 Attack Detection: Adversaries Steal Files Using HOMESTEEL Malware

UAC-0218 group is behind phishing attacks using HOMESTEEL malware for file theft.
SOC Prime Platform has published Sigma rules for UAC-0218 activity detection.
The phishing emails contain invoice-related subject lures leading to malicious RAR archives.
The malware facilitates exfiltration of files to an adversary server via HTTP requests.

Read Full Article

21 Likes

Securityaffairs

275

Image Credit: Securityaffairs

OnePoint Patient Care data breach impacted 795916 individuals

US hospice pharmacy OnePoint Patient Care experienced a data breach that impacted approximately 800,000 individuals.
The breach resulted in the exposure of personal information, including names, residence info, medical records, and Social Security numbers.
OnePoint Patient Care detected suspicious network activity on August 8, 2024, prompting an internal investigation and engagement of a forensic security firm.
The breach was attributed to the INC RANSOM ransomware group, which leaked stolen data after the company refused to pay the ransom.

Read Full Article

16 Likes

TechCrunch

440

Image Credit: TechCrunch

UnitedHealth says Change Healthcare hack affects over 100 million, the largest-ever US healthcare data breach

More than 100 million individuals had their private health information stolen during the ransomware attack on Change Healthcare in February.
The U.S. Department of Health and Human Services first reported the updated number on its data breach portal on Thursday.
UHG began notifying affected individuals in late July, which continued through October.
The stolen personal data includes personal information, such as names and addresses, dates of birth, phone numbers and email addresses, and government identity documents, including Social Security numbers, driver licenses and passport numbers.
Change Healthcare is one of the largest handlers of health, medical data and patient records as it processes patient insurance and billing across the U.S. healthcare sector.
The cyberattack became public on February 21 when Change Healthcare pulled much of its network offline to contain the intruders, causing immediate outages across the U.S. healthcare sector.
In paying the ransom, Change obtained a copy of the stolen dataset, allowing the company to identify and notify the affected individuals whose information was found in the data.
Corporate consolidation and poor security blamed for data breach.
According to its 2023 full-year earnings report, UHG made $22 billion in profit on revenues of $371 billion.
The Justice Department reportedly began cranking up its investigation into UHG and its potential anticompetitive practices in the months prior to the Change Healthcare hack.

Read Full Article

26 Likes

Dataprivacyandsecurityinsider

Image Credit: Dataprivacyandsecurityinsider

Microsoft Report Highlights Attacks Against Healthcare Organizations

Ransomware attacks against healthcare organizations are a significant cybersecurity threat.
The healthcare sector was among the top 10 most impacted industries in Q2 2024.
Ransomware attacks against healthcare organizations have surged by 300% since 2015.
Four case studies highlight the far-reaching effects of ransomware attacks on healthcare organizations.

Read Full Article

1 Like

Dataprivacyandsecurityinsider

454

Image Credit: Dataprivacyandsecurityinsider

Ally Financial Faces Class Actions Over Data Breach

Ally Financial Inc. faces two class action lawsuits over a data breach in April 2024.
The suits allege that Ally failed to secure customers' personal information.
Lead plaintiffs claim fraudulent activity and exposure of personal information on the dark web.
Ally is accused of negligence in preventing the breach and delaying customer notifications.

Read Full Article

27 Likes

Dataprivacyandsecurityinsider

Image Credit: Dataprivacyandsecurityinsider

CT AG Settles Data Breach Case with Guardian Analytics

Connecticut Attorney General settles data breach case with Guardian Analytics for $500,000.
Data breach exposed personal information of 157,629 Connecticut residents.
Guardian Analytics accused of failing to implement reasonable data security measures.
Settlement requires Guardian Analytics to maintain information security program and implement various security measures.

Read Full Article

Neuways

Image Credit: Neuways

Cyber Criminals are using PDFs as a method to hide fake QR Codes in new Quishing attacks

Hackers are using PDFs to hide fake QR codes in new phishing attacks.
Over half a million of these attacks have been detected in the last three months.
Attackers are concealing QR codes within attached PDFs to bypass email security scanners.
Industries managing sensitive information, such as finance and healthcare, are being targeted.

Read Full Article

Infoblox

Image Credit: Infoblox

Threat Actors Abuse DNS to Con Consumers

According to CISA, more than 90% of successful cyber-attacks start with a link or webpage designed by bad actors to trick users into revealing their passwords or other sensitive information. DNS infrastructure and communications fit perfectly to the criminal mode of operation.
The first element DNS offers to cybercriminals is anonymity, enabling them to set up a nefarious infrastructure including the content bait, malicious payload, and victim data-capturing backend while staying unidentifiable.
Second advantage adversaries find in DNS is the ability to intentionally target and aim at victims. By combining multiple DNS servers, domain names can lure and redirect traffic to the right malicious content based on the victim’s environment.
Most importantly, by hiding commands in the DNS response, the C2 communication stays undetected by many security tools, allowing the adversary to continue their attack.
DNS is the Swiss army knife for any actor and supports a broad spectrum of intrusion techniques, such as social engineering, credential theft, unauthorized remote access, or data leakage.
Infoblox has discovered multiple DNS weaponizations, including sophisticated campaigns using techniques like fake messages via SMS to trick users into entering personal information for supposed high-return investments.
Another discovery by Infoblox found an advanced technology suite connected to Chinese organized crime, money laundering, and human trafficking that uses DNS configurations, website hosting, payment mechanisms, and more. The brands exploit residents in China and victims worldwide tapping into the $1.7 trillion illegal gambling economy.
Common in all the adversarial tactics is that the cyber-criminal first carefully created the domain and malicious site sometimes months to a year in advance of the attack.
Infoblox generates threat intelligence to proactively stop these attacks and efficiently protect businesses from costly incidents.
DNS can give the attacker an advantage by deceiving the victims and automatically providing a malicious link. To learn more on how to protect brand and consumer trust using Infoblox threat intelligence go to https://www.infoblox.com/threat-intel/

Read Full Article

4 Likes

Tech Story

221

Russia Faces ‘Unprecedented’ Cyberattack Amid BRICS Summit A Massive DDoS Attack

Russia’s Foreign Ministry experienced a large-scale cyberattack on Wednesday, as the country hosted the BRICS summit in Kazan.
The attack, which was described as “unprecedented in scale” by Foreign Ministry spokeswoman Maria Zakharova, targeted the ministry’s online infrastructure.
The Foreign Ministry’s official website and portal were hit by a distributed denial-of-service (DDoS) attack.
The scale of this attack was unprecedented with previous attacks on Russia’s infrastructure.
The timing of the cyberattack, coinciding with the BRICS summit, has added to suspicions that it may have been politically motivated.
The BRICS summit, held in Kazan from October 22 to 24, carries even more weight for Russia as the country seeks to demonstrate its global influence despite facing sanctions from Western nations over its ongoing conflict with Ukraine.
Russia has long been both a target and a suspected perpetrator of cyberattacks.
The massive scale of this attack could prompt Russia to further bolster its cybersecurity defenses.
The cyberattack on Russia’s Foreign Ministry raises important questions about the broader geopolitical environment.
As countries increasingly rely on digital infrastructure to project power and influence, cyberattacks have become a powerful tool for disruption.

Read Full Article

13 Likes

For uninterrupted reading, download the app