menu
techminis

A naukri.com initiative

New

google-web-stories
Home

>

Cyber Crime News

Cyber Crime News

source image

HRKatha

2M

read

271

img
dot

Image Credit: HRKatha

Google tightens security after sophisticated phishing attack

  • A sophisticated phishing attack targeting a Google programmer has raised security concerns.
  • The attack nearly succeeded and involved a convincing phone call and email.
  • Google has taken swift action by suspending the fraudulent account and reinforcing security measures.
  • The company has warned users that it never calls to reset passwords or troubleshoot account issues.

Read Full Article

like

16 Likes

share

3 Shares

source image

Securelist

2M

read

174

img
dot

Image Credit: Securelist

No need to RSVP: a closer look at the Tria stealer campaign

  • A new report by cybersecurity firm Kaspersky analyses the Tria Stealer campaign, which has been active since March 2024, and found it to be operated by an Indonesian-speaking individual or group that targeted locals in Malaysia and Brunei. The operator sends malicious Android apps to victims disguised as wedding invitations via personal and group chats on Telegram and WhatsApp. The apps collect data such as SMS messages and email communications and send it back to the attacker through various Telegram bots, which can hijack victims' personal messaging accounts and impersonate owners to request financial transfers.
  • Kaspersky recommends that individuals avoid installing apps from untrusted sources on their devices and use reliable security solutions to protect their mobile devices from attackers. The company also suggests that individuals be cautious while using messaging platforms and check the sender's information before clicking links or downloading files.
  • The malware, which is detected by Kaspersky products as HEUR:Trojan-Spy.AndroidOS.Agent.*, uses a phishing technique to target individuals in Malaysia and Brunei. Once the malware is downloaded, it gains access to SMS data, tracks call logs, messages, and email data to exfiltrate the sensitive data to various Telegram bots. The threat actor behind the malware then exploits this data to take over and sign in to the victims' various accounts.
  • Kaspersky researchers discovered several APK samples tagged as Trojan-Spy.AndroidOS.Agent, originating from Malaysia and Brunei. Further investigation revealed multiple posts by Malaysian Android users on X and Facebook discussing a scam campaign involving malicious APKs and WhatsApp hijacking. The malware was found to have two verisons, first one initially detected in March 2024 and second one in August 2024, which was slightly upgraded with additional functionality and adjusted wording in messages that were sent to Telegram bots.
  • The report estimates that the threat actor behind the Tria Stealer campaign will continue to target users in Malaysia and Brunei, aiming to take over new accounts and sign in to victims' accounts with various services to inflict further damage.
  • Kaspersky attributes the attack to an Indonesian-speaking group or individual, based on unique found strings written in the Indonesian language, used by the malware and the naming pattern of the Telegram bots for hosting the command-and-control servers.
  • Researchers at Kaspersky found that the malware communicates with a variety of Telegram bots to send the collected information back to the operator. A different Telegram bot was used for each of the samples investigated, with a separate one for collecting data from messaging apps and email, and another to collect SMS data.
  • The malware requests permission to read SMS messages, which is then used to access OTP/TAC codes used to hijack WhatsApp, Telegram, and other digital accounts. Kaspersky found that the malware is requesting all permissions declared in its manifest, including permissions to access messaging and call data and read phone, email, and social media messages.
  • In addition to monitoring incoming call activities and SMS messages, the malware's newer variant collects personal messages and emails from a range of mobile phone apps such as WhatsApp and Outlook, by intercepting notifications from these apps.
  • Kaspersky researchers observed that the same target will receive phishing messages from compromised WhatsApp and Telegram accounts, and the message content would vary depending on the threat actor's intentions. The same Twitter account is also used to send the APK to victims.
  • Researchers noted similarity between the Tria Stealer malware campaign and the UdangaSteal malware campaign that targeted individuals in Indonesia, Malaysia, and India in 2023 and early 2024 to steal SMS data and exfiltrate it to Telegram bots. However, Kaspersky did not attribute the Tria Stealer campaign to the same threat actor associated with UdangaSteal.

Read Full Article

like

10 Likes

share

2 Shares

source image

Hackernoon

2M

read

303

img
dot

Image Credit: Hackernoon

AI Is the Key to Surviving Supply Chain Challenges in 2025

  • Supply chain challenges faced by organizations include geopolitical conflict, extreme weather, resource scarcity, and cybercrime that are expected to persist in 2025 and beyond.
  • To mitigate these challenges, AI can help to identify diversification opportunities to highlight risk and probabilistic solutions.
  • It can also predict and prevent supply and demand issues before they arise by adjusting inventory levels automatically according to predicted customer trends, logistics events, and fluctuations in suppliers’ production capacity.
  • Cutting-edge AI tools can simulate how supply chain networks may respond to various situations or model how operational changes will impact the overall system - scenario modeling is expected to gain popularity in the coming years.
  • AI can accelerate cybersecurity responses with automatic network monitoring to detect and fix cybersecurity risks before cybercriminals can exploit them. It can also warn IT teams of potential vulnerabilities and suggest fixes.
  • AI can help organizations maximize productivity and offset the impact of supply chain disruptions by enabling faster, more cost-efficient workflows, and higher uptime and lower costs for manufacturers.
  • As global supply chains continue to face new and considerable obstacles, organizations must capitalize on AI technology to become more resilient and competitive in the long run.

Read Full Article

like

18 Likes

share

4 Shares

source image

TechCrunch

2M

read

418

img
dot

Image Credit: TechCrunch

MGM Resorts settles lawsuits after millions of customer records stolen in data breaches

  • MGM Resorts has agreed to pay $45 million to settle class action lawsuits after data breaches.
  • Hackers stole personal data on millions of customers in two separate cyberattacks.
  • The breaches occurred in 2019 and 2023, resulting in the theft of names, addresses, phone numbers, and other personal information.
  • Class action members will receive up to $75 each, with attorney fees accounting for 30% of the settlement fund.

Read Full Article

like

25 Likes

share

5 Shares

source image

Cybersecurity-Insiders

2M

read

124

img
dot

Image Credit: Cybersecurity-Insiders

Mishing Cyber Attack from malicious PDF

  • A new form of attack known as 'Mishing' has emerged, specifically targeting mobile devices with phishing links.
  • Hackers are impersonating the United States Postal Service (USPS) to send malicious SMS messages containing PDF files.
  • When opened, the PDF files redirect users to websites designed to steal credentials and compromise personal data.
  • To protect against these attacks, users should exercise caution, avoid clicking suspicious links, and never open attachments from unknown senders.

Read Full Article

like

7 Likes

share

1 Share

source image

TechCrunch

2M

read

36

img
dot

Image Credit: TechCrunch

Engineering giant Smiths Group says hackers accessed its systems during cyberattack

  • Engineering giant Smiths Group experienced a cybersecurity incident involving unauthorized access to its systems.
  • The London-listed company has isolated affected systems and activated business continuity plans.
  • The company is currently working with cybersecurity experts to recover affected systems and determine the impact on its business.
  • Smiths Group has not disclosed the nature of the incident or if any data has been compromised.

Read Full Article

like

2 Likes

share

Share

source image

Socprime

2M

read

78

img
dot

Image Credit: Socprime

TorNet Backdoor Detection: An Ongoing Phishing Email Campaign Uses PureCrypter Malware to Drop Other Payloads

  • Phishing attacks aimed at deploying multiple payloads, including Agent Tesla, and a novel backdoor, dubbed TorNet, are targeting Poland and Germany via a malicious email campaign deliverd via PureCrypter malware, according to Cyber Defence company, SOC Prime. The attacks are orchestrated by financially motivated hackers and require pro-active responses from defenders, SOC Prime warned, adding that it offers curated detection content and relevant metadata and actionable threat intelligence that is aligned with MITRE ATT&CK to help defenders counter the attacks. TorNet, which connects through the Tor network and can fetch and execute arbitrary .NET assemblies in memory, broadens the attack surface for further exploitation, the company said.
  • Social media protection provider, BrandShield, has increased its sales, marketing, development, intelligence and customer service teams by 30% as part its response to a massive increase in demand in 2020.
  • ThycoticCentrify has integrated cybersecurity solution, 4me, into its ‘Cloud Automation Services’ to provide its clients with an improved security posture across IT services, according to SecurityWeek.
  • Instacart hired former Facebook executive, Fidji Simo, as CEO replacing Christa Leahmannn, as the food delivery company’s value booms post its IPO, according to TechCrunch
  • Data breach protection and remediation firm, SiteLock, plans to open an office in Dublin, Ireland in the first quarter of next year to help it better address the needs of Irish and European customers post-Brexit. In a statement, SiteLock said its investment in Ireland reflected its desire to build a strong local presence and support base in the EU.
  • A Russian-language dark web marketplace for criminal services, Hydra, has been encouraging vendors to submit false reviews and ratings, to help them trade against competitors, according to ClearSky.
  • US city Battle Creek in Michigan has agreed to pay $200,000 to the attackers following a ransomware attack earlier this year. As part of the agreement, the attackers will provide the city with the encryption key to unlock its computer network.
  • A remote code execution flaw in free and open-source browser engine, Chromium, was used by Google last month to update its Chrome browser to version 96.0.4664.45, Russian cyber security consultancy, Positive Technologies, explains on its website.
  • Akamai Technologies is buying API security specialist, NokNok Labs, for an undisclosed fee, according to Business Wire.
  • IoT asset monitoring company, Ffly4u has partnered with connectivity solutions provider, Cloud of Things, to launch a new solution intended to make IoT implementation easier, according to IoT News.

Read Full Article

like

4 Likes

share

1 Share

source image

Cybersafe

2M

read

41

img
dot

Image Credit: Cybersafe

DeepSeek disables registrations after large-scale cyberattack

  • Chinese AI company DeepSeek has temporarily disabled new registrations for its DeepSeek-V3 chat platform following a large-scale cyberattack.
  • DeepSeek is a renowned AI company known for its advancements in artificial intelligence and its popular AI Assistant app.
  • The cyberattack, suspected to be a massive DDoS attack, has prompted DeepSeek to limit new registrations to ensure service stability.
  • Cybersecurity researchers have raised concerns about DeepSeek's security, highlighting vulnerabilities that could be exploited.

Read Full Article

like

2 Likes

share

Share

source image

Minis

6M

read

503

img
dot

Image Credit: Minis

BeerBiceps aka Ranveer Allahbadia breaks silence on his channels getting hacked: ‘Is this the end of my YouTube career’

  • Popular YouTuber Ranveer Allahbadia, known as BeerBiceps, recently had his YouTube channels hacked.
  • Cyber attackers deleted all his podcasts and interviews, replacing them with old streams of Elon Musk and Donald Trump. His channels were renamed “@Elon.trump.tesla_live2024” and “@Tesla.event.trump_2024,” but both have since been removed by YouTube.
  • Reacting on Instagram, Ranveer humorously posted about the incident while enjoying vegan burgers and questioned, “Is this the end of my YouTube career?” Ranveer, who started his content journey at 22, manages seven channels with a combined 12 million subscribers.

Read Full Article

like

23 Likes

share

6 Shares

source image

Minis

8M

read

7.7k

img
dot

Image Credit: Minis

Passwords Leaked: Hackers post file with 1,000 crore passwords online in biggest cyber security breach yet

  • A massive cyber security breach has exposed a file containing approximately 10 billion passwords on an online hacking forum.
  • The compilation, posted on July 4, includes both old and new password breaches, making it the largest such leak to date. The leak raises significant concerns about credential stuffing attacks, where hackers use a breached password to access multiple accounts.
  • An IMF report highlights that malicious cyberattacks have doubled globally since 2020, particularly targeting the financial and healthcare sectors. Despite the leak's magnitude, some experts believe the file's size may render it less effective for attacks.

Read Full Article

like

41 Likes

share

18 Shares

source image

Minis

8M

read

2.6k

img
dot

Image Credit: Minis

Shadowy hacker claims he has data of 375 million Airtel users, Airtel says no breach in its systems

  • A hacker claims to possess data of 375 million Airtel users, including sensitive information like phone numbers, Aadhaar numbers, and more.
  • Airtel denies any breach, attributing the claim to misinformation aimed at damaging its reputation. The alleged data sale surfaced on forums frequented by cybercriminals, sparking concerns despite Airtel's assurances.
  • Security experts debate the validity of the claim, urging vigilance in cyber hygiene practices like password updates, monitoring accounts, enabling 2FA, and avoiding phishing. Airtel emphasizes its systems' security while acknowledging past data breaches in Indian companies.

Read Full Article

like

24 Likes

share

6 Shares

source image

Minis

9M

read

1.3k

img
dot

Image Credit: Minis

Fake CBI, police officers threaten woman on Skype, wipe her bank account in Kolkata

  • A Kolkata company secretary lost ₹51,000 to scammers posing as Delhi Police and CBI officers. They claimed she had 35 bank accounts involved in money laundering.
  • The scammers coerced her into transferring money for "verification" via Skype, threatening arrest. She sent the money to an account in Andhra Pradesh and later realized the fraud, filing complaints with Kolkata police and on a cybercrime portal.
  • Similar cases across India have surfaced, with victims losing large sums. Critics argue banks need stricter KYC monitoring, suspecting insider involvement in some cases. Victims have questioned the slow investigative response.

Read Full Article

like

22 Likes

share

9 Shares

source image

Minis

10M

read

808

img
dot

Image Credit: Minis

Chinese man uses 4,600 phones to fake live-stream views, earns over ₹ 3 crore in 4 months

  • A Chinese man has been sentenced to one year and three months in prison and fined $7,000 for using 4,600 phones to fake live-stream views, earning over ₹3 crore in just four months.
  • Wang's scheme, known as "brushing," involved inflating viewer counts to simulate genuine interactions. He purchased phones controlled by cloud software and network equipment, profiting by selling his service to live-streamers.
  • Authorities are investigating Wang and 17 others for breaking regulations and disrupting market order. This case sheds light on the prevalence of online fraud and the measures needed to combat it effectively.

Read Full Article

like

13 Likes

share

4 Shares

source image

Minis

10M

read

753

img
dot

Image Credit: Minis

Bengaluru techie shares new fraud criminals are using to steal your money

  • As online fraud cases surge, Bengaluru-based entrepreneur Aditi shared a cautionary tale on X, warning about a new scam tactic exploiting SMS messages.
  • During an office call, Aditi received a call from someone claiming to transfer money to her father. After receiving SMS alerts mimicking bank notifications, the caller alleged mistakenly sending Rs 30,000 instead of Rs 3,000 and urged Aditi to return the excess. Alert to discrepancies in the SMS alerts, Aditi avoided the scam.
  • This incident underscores the need for vigilance, urging individuals to verify transactions through secure channels, as reliance on SMS notifications alone can be exploited by cybercriminals.

Read Full Article

like

4 Likes

share

6 Shares

source image

Minis

1y

read

1.4k

img
dot

Image Credit: Minis

What is ‘Digital Arrest’, a new form of cybercrime?

  • "Digital Arrest" is a new form of cybercrime where scammers, posing as law enforcement officers, use virtual platforms like Skype to intimidate and manipulate victims.
  • In recent cases reported by cyber police across several states in India, scammers falsely accused individuals of involvement in crimes like money laundering, presenting fabricated documents and conducting virtual interrogations.
  • To create a convincing illusion, scammers set up virtual police stations during Skype calls. Victims are coerced into transferring funds, taking loans, and even virtually signing fake documents under the guise of aiding investigations. This emerging cybercrime tactic exploits fear and misinformation, leading to significant financial losses.

Read Full Article

like

10 Likes

share

12 Shares

Prev

10
11
12
13
14
15
16
17
18
19
20

Next

For uninterrupted reading, download the app