menu
techminis

A naukri.com initiative

google-web-stories
Home

>

Cyber Crime News

Cyber Crime News

source image

Socprime

6d

read

12

img
dot

Image Credit: Socprime

UAC-0125 Attack Detection: Hackers Use Fake Websites on Cloudflare Workers to Exploit the “Army+” Application

  • Another hacking collective has evolved in the cyber threat arena to target Ukrainian organizations.
  • CERT-UA notifies defenders about the discovery of fake websites that mimic the official page of the “Army+” application and are hosted using the Cloudflare Workers service.
  • UAC-0125 group is highly likely associated with the nefarious russia-backed hacking collective tracked as UAC-0002 (aka APT44 aka Sandworm).
  • The increasing number of cyber attacks targeting government bodies, military and defense agencies and critical infrastructure sector has been causing a stir on the cyber front line since russia’s full-fledged war against Ukraine.
  • SOC Prime Platform for collective cyber defense equips security teams with a relevant detection stack to proactively thwart attacks covered in the CERT-UA#12559 alert.
  • UAC-0125 Attack Analysis: Users are prompted to download the executable file “ArmyPlusInstaller-v.0.10.23722.exe” when visiting fake websites.
  • The executable file runs a PowerShell script to install OpenSSH on compromised system and generate an RSA key pair.
  • The adversary activity is tracked under the UAC-0125 identifier and is highly likely associated with the russia-linked UAC-0002 cluster (aka Sandworm).
  • The notorious Sandworm APT group has been targeting Ukrainian state bodies and critical infrastructure organizations for over a decade.
  • MITRE ATT&CK Context: Security teams can gain valuable insights into the UAC-0125 TTPs involved in the latest malicious campaign against Ukraine.

Read Full Article

like

Like

source image

Tech Story

7d

read

397

img
dot

Meta Fined €251 Million for 2018 Facebook Data Breach EU Watchdogs Penalize Meta for Privacy Violations

  • European Union’s privacy regulators fined Meta €251 million for a 2018 data breach.
  • The breach exposed millions of user accounts through vulnerabilities in Facebook's code.
  • Meta responded by disabling the feature, fixing the vulnerabilities, and notifying regulators.
  • Meta intends to appeal the decision and emphasizes its commitment to user data protection.

Read Full Article

like

23 Likes

source image

Siliconangle

7d

read

166

img
dot

Image Credit: Siliconangle

1.4M records stolen in Texas Tech University Health Sciences Center ransomware attack

  • Approximately 1.4 million records related to students, staff, and patients at Texas Tech University's Health Science Center were stolen in a ransomware attack.
  • The attack occurred in September, but the university only recently disclosed the incident.
  • The stolen data includes personally identifiable information such as names, dates of birth, addresses, Social Security numbers, and medical records.
  • Texas Tech University is offering complimentary credit monitoring services to affected individuals.

Read Full Article

like

9 Likes

source image

Securityaffairs

7d

read

12

img
dot

Image Credit: Securityaffairs

Texas Tech University data breach impacted 1.4 million individuals

  • Texas Tech University disclosed a data breach that impacted over 1.4 million individuals following a cyber attack.
  • The incident took place in September 2024 and temporarily impacted computer systems and applications.
  • Compromised information includes personal, health, and financial data such as Social Security numbers, driver's license numbers, and medical records.
  • The Interlock ransomware gang claimed responsibility for the security breach and allegedly stole 2.6 terabytes of data.

Read Full Article

like

Like

source image

Hackernoon

7d

read

112

img
dot

Image Credit: Hackernoon

Why Are Crypto Scammers (And Not Hackers) Looking For You?

  • Crypto scammers and hackers have very different methods (and targets). Scammers rely on social engineering, targeting everyday individuals who may not be particularly tech-savvy. Hackers generally pursue more lucrative or technically challenging targets, like corporations or financial institutions. Both groups, however, exploit weaknesses. Scammers focus on human weaknesses, while hackers concentrate on system vulnerabilities.
  • Common crypto scams targeting everyday people usually play on the promise of easy wealth. These include fraudulent investment schemes, phishing, fake giveaways, and impersonation scams.
  • Crypto scammers often target individuals who have limited knowledge about cryptocurrency but are eager to profit from its rapid growth. Scammers exploit this by presenting offers that seem too good to pass up, such as guaranteed returns or low-risk investment opportunities.
  • Another ideal target for crypto scammers is someone who is easily influenced by social proof or endorsements. They exploit this by impersonating well-known figures or creating fake testimonials to make their schemes appear credible.
  • People with a strong desire for quick financial gains, especially during economic uncertainty, are prime targets. They often ignore red flags in their pursuit of fast returns, assuming they can cash out before the scam collapses.
  • Scams evolve constantly to exploit human error or momentary lapses in judgment, making anyone susceptible to a crypto scam. There are several key protection measures to follow, including using multi-factor authentication, double-checking URLs and email addresses, avoiding sharing private keys with anyone, and researching investment opportunities thoroughly.

Read Full Article

like

6 Likes

source image

Socprime

7d

read

108

img
dot

Image Credit: Socprime

DarkGate Malware Attack Detection: Voice Phishing via Microsoft Teams Leads to Malware Distribution

  • Researchers have uncovered a new malicious campaign using voice phishing (vishing) to spread the DarkGate malware.
  • Adversaries masqueraded as a known client on a Microsoft Teams call, tricking victims into downloading AnyDesk for remote access and deploying malware.
  • The DarkGate malware facilitated remote control, offensive commands, data collection, and connection to a C2 server.
  • Mitigation measures include careful vetting of third-party technical support providers, cloud vetting processes, and implementation of multi-factor authentication (MFA).

Read Full Article

like

6 Likes

source image

Securityaffairs

7d

read

87

img
dot

Image Credit: Securityaffairs

The FBI warns of HiatusRAT scanning campaigns against Chinese-branded web cameras and DVRs

  • The FBI warns of HiatusRAT scanning campaigns against Chinese-branded web cameras and DVRs.
  • The FBI released a Private Industry Notification (PIN) highlighting HiatusRAT malware campaigns targeting these devices.
  • The malware has been active since July 2022 and is being used for reconnaissance and intelligence gathering.
  • The FBI recommends mitigation measures including patching, strong passwords, and network segmentation.

Read Full Article

like

5 Likes

source image

TechCrunch

7d

read

41

img
dot

Image Credit: TechCrunch

Texas medical school says hackers stole sensitive health data of 1.4 million individuals

  • Hackers stole sensitive health data of 1.4 million individuals from Texas Tech University Health Sciences Center during a September cyberattack.
  • The attackers accessed personal information such as Social Security numbers, financial account details, government-issued ID information, and medical records.
  • TTUHSC's security incident website has been made more difficult to find in search results through 'noindex' code.
  • The Interlock ransomware group has claimed responsibility for the cyberattack and published 2.1 million stolen files, totaling 2.6 terabytes of data.

Read Full Article

like

2 Likes

source image

Securityaffairs

1w

read

75

img
dot

Image Credit: Securityaffairs

ConnectOnCall data breach impacted over 900,000 individuals

  • ConnectOnCall, a telehealth platform, disclosed a data breach impacting over 900,000 individuals.
  • The breach occurred between February 16, 2024, and May 12, 2024, and an unknown third party accessed personal and medical information.
  • ConnectOnCall took its product offline, hired cybersecurity experts, and notified law enforcement.
  • Potentially exposed information includes names, phone numbers, Social Security numbers, and health-related information.

Read Full Article

like

4 Likes

source image

Pymnts

1w

read

192

img
dot

Image Credit: Pymnts

Rhode Island Urges Residents to Protect Personal Information Amid Data Breach

  • Rhode Island is urging residents to protect their personal information amid a data breach of RIBridges, a system that handles social services programs.
  • The state's vendor, Deloitte, reported a high probability that a cybercriminal obtained personally identifiable information from the system.
  • Rhode Islanders are advised to freeze their credit, contact credit bureaus, set up multiple levels of security, and stay alert.
  • The breached information may include names, addresses, dates of birth, Social Security numbers, and certain banking information.

Read Full Article

like

11 Likes

source image

TechCrunch

1w

read

368

img
dot

Image Credit: TechCrunch

Called your doctor after-hours? ConnectOnCall hackers may have stolen your medical data

  • ConnectOnCall, owned by Phreesia, a healthcare tech company, has alerted almost a million individuals of a data breach that occurred in May.
  • The breach involved stolen personal and health information shared between patients and doctor's offices that relied on ConnectOnCall.
  • Affected information includes patient names, phone numbers, dates of birth, health conditions, treatments, prescriptions, and some Social Security numbers.
  • Phreesia is notifying 914,138 people, making it the 14th largest healthcare-related data breach in 2024 so far.

Read Full Article

like

22 Likes

source image

Cybersecurity-Insiders

1w

read

121

img
dot

Image Credit: Cybersecurity-Insiders

Kids videos games are acting as espionage points for missile attacks

  • Cybercriminals are using video games to recruit child players for missile attacks.
  • Russian cybercrime groups target children, promising rewards like Bitcoin.
  • Children are asked to send pictures and videos of their surroundings, which are used to pinpoint their location.
  • The attackers then target the area with missile strikes, causing devastation.

Read Full Article

like

7 Likes

source image

Socprime

1w

read

406

img
dot

Image Credit: Socprime

UAC-0099 Attack Detection: Cyber-Espionage Activity Against Ukrainian State Agencies Using WinRAR Exploit and LONEPAGE Malware

  • The UAC-0099 hacking collective has been launching cyber-espionage attacks against Ukraine, with a spike in malicious activity observed throughout November-December 2024 targeted at Ukrainian government entities.
  • The group has been using phishing as an attack vector and spreading LONEPAGE malware.
  • The continuous rise in cyberattacks against government agencies in Ukraine calls for stronger defense measures against CVE-2023-38831 exploitation and LONEPAGE malware distribution.
  • The latest CERT-UA alerts focus on UAC-0099's adversary operations that span November and December 2024.
  • All detections are mapped to the MITRE ATT&CK® framework to enhance threat research, including CTI and other important metadata.
  • In addition, teams can accelerate IOC packaging and retrospective hunting of the group's TTPs.
  • The UAC-0099 group has been observed launching cyberattacks against forestry departments, forensic institutions, factories, and public sector agencies.
  • The group uses phishing emails, containing attachments in the form of double archives with LNK or HTA files. Some archives include an exploit for the known WinRAR vulnerability CVE-2023-38831. Once successfully compromised, the LONEPAGE malware executes on the affected machines, enabling command execution.
  • Leveraging MITRE ATT&CK helps security teams gain insight into UAC-0099 TTPs used in cyber-espionage campaigns against Ukraine.
  • The expanding scope of UAC-0099's cyber-espionage campaigns, combined with its shifting methods, tools, and targets, highlights the critical need for improved cyber vigilance to counter the group's adaptability effectively.

Read Full Article

like

24 Likes

source image

Altcoinbuzz

1w

read

51

img
dot

Ledger User Loses 10 BTC in Phishing Attack

  • A user named "Anchor Drops" on X has lost 10 BTC and $1.5 million worth of NFTs in a phishing attack.
  • The attack happened nearly three years ago but has only recently come to light as the hacker drained the user's wallet.
  • The user fell victim to a phishing attack in which they were manipulated into digitally signing the transfer, giving control of their wallet to the hacker.
  • Experts suggest that if the hacker obtained the user's recovery phrase, they would have complete control over all cryptocurrencies in the wallet.

Read Full Article

like

3 Likes

source image

Cybersafe

1w

read

58

img
dot

Image Credit: Cybersafe

Clop Ransomware claims responsibility for Cleo Data Breaches

  • The Clop ransomware gang has claimed responsibility for the recent data breaches targeting Cleo's file transfer platforms.
  • Cleo, a provider of managed file transfer solutions, had patched a vulnerability (CVE-2024-50623) in October.
  • However, the patch was incomplete and cybercriminals continued to exploit the flaw to steal data using a JAVA backdoor.
  • The Clop ransomware group has been increasingly targeting secure file transfer platforms to conduct data theft.

Read Full Article

like

3 Likes

For uninterrupted reading, download the app