menu
techminis

A naukri.com initiative

New

google-web-stories
Home

>

Cyber Crime News

Cyber Crime News

source image

Cybersecurity-Insiders

2M

read

13

img
dot

Image Credit: Cybersecurity-Insiders

DdoS Attack on Russian Foreign Ministry during BRICS summit

  • A Distributed Denial of Service (DDoS) attack disrupted the official website of the Russian Foreign Ministry during the BRICS summit.
  • Suspicions have arisen regarding a Ukrainian hacking group as the perpetrators of the attack.
  • The attack aimed to disrupt the live streaming services of the summit and potentially embarrass the Russian government.
  • The incident highlights the growing intersection of technology, politics, and international relations.

Read Full Article

like

Like

share

Share

source image

Secureerpinc

2M

read

248

img
dot

Image Credit: Secureerpinc

Staying Ahead of Phishing Threats

  • Phishing threats are becoming harder to identify, making it important for businesses to stay vigilant.
  • Hackers are utilizing advanced technology like artificial intelligence and machine learning for more convincing phishing attacks.
  • New techniques, such as quishing using QR codes and social engineering, are increasing the effectiveness of phishing attempts.
  • To stay ahead of evolving attacks, businesses should implement a Zero-Trust approach, utilize multi-factor authentication, and improve employee awareness and training.

Read Full Article

like

14 Likes

share

3 Shares

source image

Securityaffairs

2M

read

9

img
dot

Image Credit: Securityaffairs

Crooks are targeting Docker API servers to deploy SRBMiner

  • Threat actors are targeting Docker remote API servers to deploy SRBMiner crypto miners on compromised instances.
  • Attackers bypass security by using the gRPC protocol over h2c to execute crypto mining on Docker hosts.
  • After scanning for public-facing Docker API hosts and checking for HTTP/2 upgrades, attackers manipulate Docker functionalities via gRPC methods.
  • SRBMiner is downloaded and deployed from GitHub, with attackers mining cryptocurrency to their wallet and masking their public IP address.

Read Full Article

like

Like

share

Share

source image

Cybersafe

2M

read

308

img
dot

Image Credit: Cybersafe

Bumblebee malware returns in recent attacks

  • The Bumblebee malware loader, believed to be the creation of TrickBot developers, has resurfaced in recent attacks.
  • Bumblebee infects systems through phishing, malvertising, and SEO poisoning techniques.
  • The malware delivers various payloads, including Cobalt Strike beacons, information-stealing malware, and different ransomware strains.
  • Researchers have identified new Bumblebee activity, indicating a possible resurgence of the malware.

Read Full Article

like

18 Likes

share

4 Shares

source image

Securelist

2M

read

138

img
dot

Image Credit: Securelist

Grandoreiro, the global trojan with grandiose ambitions

  • Grandoreiro is a Brazilian banking Trojan used by threat actors to perform fraudulent banking operations by using the victim’s computer to bypass security measures of banking institutions, targeting 1,700 banks and 276 crypto wallets in 45 countries.
  • The gang behind Grandoreiro continue attacking users all over the world, further developing new malware and establishing new infrastructure, despite disruptions and the arrest of some local operators and gang members in Spain, Brazil, and Argentina.
  • Grandoreiro generally operates as Malware-as-a-Service. There won’t be an announcement selling the Grandoreiro package, as it seems access to the source code or builders of the Trojan is very limited, only for trusted partners.
  • Grandoreiro has evolved over the years to become one of the most sophisticated Trojans globally. It currently uses tactics such as the usage of three domain generation algorithms in its C2 communications, the adoption of Ciphertext Stealing encryption, and mouse behavior tracking aiming to bypass anti-fraud solutions.
  • In the most recent versions found in July 2024 and later, the malware is capturing user input patterns, particularly mouse movements, to bypass machine learning-based security systems. The malware operators are equipped with a wide variety of remote commands, including an option to lock the user screen and present a custom image.
  • The threat actors behind Grandoreiro have equipped themselves with tools for performing fraudulent banking operations, including locking user screens and capturing victim’s behavioral patterns, with the gang primarily searching for money mules in Telegram channels, paying $200 to $500 USD per day.
  • The newest Grandoreiro version uses 3 Domain Generation Algorithms, generating valid domains for C2 communications dynamically. The attackers set up a gateway computer between the victim’s machine and the malware operator, hiding the cybercriminal’s real IP address.
  • From January to October 2024, Kaspersky’s solutions blocked more than 150,000 infections impacting more than 30,000 users worldwide, a clear sign that the gang remains very active despite the disruption caused by Interpol and law enforcement agencies across the globe.
  • The threat actors behind Grandoreiro malware are continuously evolving their tactics and malware to successfully carry out attacks against their targets and evade security solutions. Kaspersky continues to cooperate with INTERPOL and other agencies around the world to fight the Grandoreiro threat among internet banking users.
  • The threat is detected by Kaspersky products as HEUR:Trojan-Banker.Win32.Grandoreiro, Trojan-Downloader.OLE2.Grandoreiro, Trojan.PDF.Grandoreiro, and Trojan-Downloader.Win32.Grandoreiro.

Read Full Article

like

8 Likes

share

1 Share

source image

Securityaffairs

2M

read

450

img
dot

Image Credit: Securityaffairs

Experts warn of a new wave of Bumblebee malware attacks

  • Experts warn of a new wave of attacks involving the Bumblebee malware, months after Europol’s ‘Operation Endgame‘ that disrupted its operations in May.
  • Bumblebee was developed by the TrickBot group and replaced the BazarLoader backdoor in ransomware attacks.
  • The malware is distributed through phishing messages and initiates post-exploitation activities, including reconnaissance and credential theft.
  • Netskope researchers detected new Bumblebee attacks, which utilize the MSI SelfReg table to execute malicious DLLs directly, making it stealthier.

Read Full Article

like

27 Likes

share

6 Shares

source image

Silicon

2M

read

372

img
dot

Image Credit: Silicon

Sophos Expands Cybersecurity With $860m Secureworks Purchase

  • UK cybersecurity firm Sophos is set to acquire US-based cybersecurity rival Secureworks in an all-cash transaction valued at $859 million.
  • This acquisition will strengthen Sophos' security portfolio and expand its offerings to small, mid-, and enterprise customers.
  • Secureworks will provide its leading endpoint, cloud, and network security solutions to enhance Sophos' security posture.
  • The transaction is expected to close in early 2025, and there is no information regarding potential job losses.

Read Full Article

like

22 Likes

share

5 Shares

source image

Medium

2M

read

133

img
dot

Image Credit: Medium

The Flood of AI-Cybercrime — Your Money & Identity at Risk

  • The merger of AI with cybercrime has led to highly convincing and fearful cyber-attacks.
  • Scammers are using AI tools to create realistic looking deepfake calls, tricking people into giving them money.
  • Cybercriminals are also using digital arrest tactics, pretending to be government officials to steal sensitive information.
  • Identity theft is another major concern, where scammers can create deepfakes of individuals for fraudulent activities.

Read Full Article

like

8 Likes

share

1 Share

source image

Minis

2M

read

492

img
dot

Image Credit: Minis

BeerBiceps aka Ranveer Allahbadia breaks silence on his channels getting hacked: ‘Is this the end of my YouTube career’

  • Popular YouTuber Ranveer Allahbadia, known as BeerBiceps, recently had his YouTube channels hacked.
  • Cyber attackers deleted all his podcasts and interviews, replacing them with old streams of Elon Musk and Donald Trump. His channels were renamed “@Elon.trump.tesla_live2024” and “@Tesla.event.trump_2024,” but both have since been removed by YouTube.
  • Reacting on Instagram, Ranveer humorously posted about the incident while enjoying vegan burgers and questioned, “Is this the end of my YouTube career?” Ranveer, who started his content journey at 22, manages seven channels with a combined 12 million subscribers.

Read Full Article

like

23 Likes

share

5 Shares

source image

Minis

5M

read

7.7k

img
dot

Image Credit: Minis

Passwords Leaked: Hackers post file with 1,000 crore passwords online in biggest cyber security breach yet

  • A massive cyber security breach has exposed a file containing approximately 10 billion passwords on an online hacking forum.
  • The compilation, posted on July 4, includes both old and new password breaches, making it the largest such leak to date. The leak raises significant concerns about credential stuffing attacks, where hackers use a breached password to access multiple accounts.
  • An IMF report highlights that malicious cyberattacks have doubled globally since 2020, particularly targeting the financial and healthcare sectors. Despite the leak's magnitude, some experts believe the file's size may render it less effective for attacks.

Read Full Article

like

40 Likes

share

18 Shares

source image

Minis

5M

read

2.6k

img
dot

Image Credit: Minis

Shadowy hacker claims he has data of 375 million Airtel users, Airtel says no breach in its systems

  • A hacker claims to possess data of 375 million Airtel users, including sensitive information like phone numbers, Aadhaar numbers, and more.
  • Airtel denies any breach, attributing the claim to misinformation aimed at damaging its reputation. The alleged data sale surfaced on forums frequented by cybercriminals, sparking concerns despite Airtel's assurances.
  • Security experts debate the validity of the claim, urging vigilance in cyber hygiene practices like password updates, monitoring accounts, enabling 2FA, and avoiding phishing. Airtel emphasizes its systems' security while acknowledging past data breaches in Indian companies.

Read Full Article

like

23 Likes

share

6 Shares

source image

Minis

6M

read

1.2k

img
dot

Image Credit: Minis

Fake CBI, police officers threaten woman on Skype, wipe her bank account in Kolkata

  • A Kolkata company secretary lost ₹51,000 to scammers posing as Delhi Police and CBI officers. They claimed she had 35 bank accounts involved in money laundering.
  • The scammers coerced her into transferring money for "verification" via Skype, threatening arrest. She sent the money to an account in Andhra Pradesh and later realized the fraud, filing complaints with Kolkata police and on a cybercrime portal.
  • Similar cases across India have surfaced, with victims losing large sums. Critics argue banks need stricter KYC monitoring, suspecting insider involvement in some cases. Victims have questioned the slow investigative response.

Read Full Article

like

22 Likes

share

9 Shares

source image

Minis

7M

read

797

img
dot

Image Credit: Minis

Chinese man uses 4,600 phones to fake live-stream views, earns over ₹ 3 crore in 4 months

  • A Chinese man has been sentenced to one year and three months in prison and fined $7,000 for using 4,600 phones to fake live-stream views, earning over ₹3 crore in just four months.
  • Wang's scheme, known as "brushing," involved inflating viewer counts to simulate genuine interactions. He purchased phones controlled by cloud software and network equipment, profiting by selling his service to live-streamers.
  • Authorities are investigating Wang and 17 others for breaking regulations and disrupting market order. This case sheds light on the prevalence of online fraud and the measures needed to combat it effectively.

Read Full Article

like

13 Likes

share

4 Shares

source image

Minis

7M

read

745

img
dot

Image Credit: Minis

Bengaluru techie shares new fraud criminals are using to steal your money

  • As online fraud cases surge, Bengaluru-based entrepreneur Aditi shared a cautionary tale on X, warning about a new scam tactic exploiting SMS messages.
  • During an office call, Aditi received a call from someone claiming to transfer money to her father. After receiving SMS alerts mimicking bank notifications, the caller alleged mistakenly sending Rs 30,000 instead of Rs 3,000 and urged Aditi to return the excess. Alert to discrepancies in the SMS alerts, Aditi avoided the scam.
  • This incident underscores the need for vigilance, urging individuals to verify transactions through secure channels, as reliance on SMS notifications alone can be exploited by cybercriminals.

Read Full Article

like

4 Likes

share

6 Shares

source image

Minis

11M

read

1.4k

img
dot

Image Credit: Minis

What is ‘Digital Arrest’, a new form of cybercrime?

  • "Digital Arrest" is a new form of cybercrime where scammers, posing as law enforcement officers, use virtual platforms like Skype to intimidate and manipulate victims.
  • In recent cases reported by cyber police across several states in India, scammers falsely accused individuals of involvement in crimes like money laundering, presenting fabricated documents and conducting virtual interrogations.
  • To create a convincing illusion, scammers set up virtual police stations during Skype calls. Victims are coerced into transferring funds, taking loans, and even virtually signing fake documents under the guise of aiding investigations. This emerging cybercrime tactic exploits fear and misinformation, leading to significant financial losses.

Read Full Article

like

9 Likes

share

12 Shares

Prev

10
11
12
13
14
15
16
17
18
19
20

Next

For uninterrupted reading, download the app