A naukri.com initiative
Cyber Crime News
Infoblox
5d
338
Image Credit: Infoblox
A Phishing Tale of DoH and DNS MX Abuse
- Threat actors are utilizing DNS to enhance cyber campaigns, including employing DNS MX records for phishing activities, by Morphing Meerkat.
- Morphing Meerkat leverages DNS MX records to serve fake login pages, targeting over 100 brands, using open redirects and stolen credentials distribution.
- The phishing kits are part of a PhaaS platform exhibiting consistent tactics and features for personalized, multilingual phishing schemes.
- Morphing Meerkat evades traditional security by redirecting to compromised websites, bypassing email security, dynamically translating content, and cloaking phishing material.
- The platform tracks campaigns targeting email credentials with phishing templates evolving to over 114 brands, incorporating DNS MX record-based dynamic loading.
- Spam emails generated by Morphing Meerkat spoof sender details and use scare tactics to prompt victims to click on phishing links leading to fake login pages.
- Morphing Meerkat employs various techniques to evade detection, including using legitimate domains for URL redirection and implementing anti-analysis measures.
- The platform dynamically loads phishing pages based on victims' DNS MX records, sending stolen credentials through email or Telegram, while obfuscating code for security evasion.
- Morphing Meerkat's advanced phishing techniques highlight the importance of DNS security and monitoring for cybersecurity defense against evolving threats.
- Visibility and monitoring are vital in cybersecurity defense, with advanced phishing techniques like those used by Morphing Meerkat emphasizing the need for DNS security.
Read Full Article
20 Likes
Securityaffairs
5d
257
Image Credit: Securityaffairs
Crooks target DeepSeek users with fake sponsored Google ads to deliver malware
- Cybercriminals are exploiting the popularity of DeepSeek by using fake sponsored Google ads to distribute malware.
- Crooks are using DeepSeek as a lure to trap unsuspecting Google searchers.
- The researchers observed that cybercriminals created a convincing fake DeepSeek website linked to malicious Google ads.
- The researchers recommend avoiding clicking on sponsored search results and always verifying the advertiser by checking the details behind the URL to ensure it’s the legitimate brand owner.
Read Full Article
15 Likes
Mcafee
5d
40
Image Credit: Mcafee
How to Spot Phishing Emails and Scams
- Phishing emails continue to target millions of inboxes daily with the intention of stealing personal information or money.
- These emails often appear to be from trusted companies like banks or service providers but contain deceptive links or malware.
- Scammers utilize bait-and-hook tactics in phishing emails to steal sensitive information or install malicious software.
- In 2022, over 300,000 victims reported phishing attacks to the FBI in the U.S., with worldwide attempts increasing by 61%.
- Spear phishing targets specific individuals, often with authority over financial matters, resulting in substantial financial losses.
- Phishing emails may create a sense of urgency, posing as notifications from companies like PayPal or credit card providers.
- Advanced phishing attacks mimic genuine messages, making it harder to differentiate between legitimate and fraudulent emails.
- Scammers employ various tactics like fear, urgency, and unconventional payment requests to deceive recipients.
- Key indicators of phishing emails include mismatched addresses, urgent demands for action, and payment through untraceable methods.
- To stay safe, verify email sources, refrain from downloading suspicious attachments, and hover over links to verify URLs before clicking.
- Using online protection software can help identify and block phishing attempts, as well as remove personal information from risky data broker sites.
Read Full Article
2 Likes
Securityaffairs
5d
45
Image Credit: Securityaffairs
Arkana Security group claims the hack of US telco provider WideOpenWest (WOW!)
- Arkana Security, a new ransomware group, claims to have breached the telecommunications provider WideOpenWest (WOW!).
- Arkana Security group claims to have stolen data from two databases of WideOpenWest, containing a total of 2.6 million accounts.
- The group threatens to expose and sell the stolen customer data if the requested fee is not paid.
- WOW! has not yet confirmed the alleged data breach.
Read Full Article
2 Likes
TechCrunch
5d
167
Image Credit: TechCrunch
NHS vendor Advanced to pay £3M fine following 2022 ransomware attack
- NHS vendor Advanced has been fined £3 million ($3.8 million) for not implementing basic security measures prior to a ransomware attack in 2022.
- The fine is half of what the Information Commissioner's Office (ICO) initially sought, which was over £6 million.
- The ICO found that Advanced broke data protection law by not fully implementing multi-factor authentication, allowing hackers to breach the system and steal personal information of thousands of people.
- The ransomware attack on Advanced caused widespread outages across NHS systems.
Read Full Article
10 Likes
Medium
5d
62
Image Credit: Medium
AI in Cybersecurity: The Global Digital Defense Report
- Cyber threats have rapidly increased, with cyber risks growing by 30% in 2024 compared to the previous year.
- The average cost of a data breach in 2023 was $4.45 million, causing significant disruptions and financial losses.
- AI-powered cybersecurity offers advanced detection of new and unknown threats through behavior-based analysis and anomaly detection.
- AI can automate response systems, detect phishing attacks, enhance penetration testing, and protect against AI-driven malware.
Read Full Article
3 Likes
Securityaffairs
5d
74
Image Credit: Securityaffairs
New ReaderUpdate malware variants target macOS users
- Multiple versions of the ReaderUpdate malware variants, written in Crystal, Nim, Rust, and Go, are targeting macOS users, according to SentinelOne researchers.
- ReaderUpdate, a macOS malware loader, first appeared in 2020 and was later found delivering Genieo adware.
- The malware variants are distributed in five different source languages, including Go, Crystal, Nim, Rust, and compiled Python.
- The malware obfuscates strings and URLs, making it difficult to analyze and detect the threats it poses.
Read Full Article
4 Likes
Cybersecurity-Insiders
6d
296
Image Credit: Cybersecurity-Insiders
Third-Party Data Breaches: The Hidden Threat Lurking in Vendor Networks
- The prevalence of third-party data breaches reveals significant cybersecurity vulnerabilities in vendor supply chains, as shown in Black Kite's 2024 Third-Party Breach Report, where breaches through 92 vendors affected 227 companies.
- Undetected supply chain weaknesses may impact over 700 organizations, emphasizing the risks of 'silent breaches' and unseen vulnerabilities within interconnected ecosystems.
- Understanding modern threat behaviors is crucial for cybersecurity providers to assist organizations in strengthening their defenses against systemic risks posed by third-party breaches.
- Common vulnerabilities exploited in vendor supply chains include unsecured remote access, unpatched software, overprivileged access, and lack of real-time monitoring.
- Unauthorized network access stood out as the top attack vector for third-party breaches, with over 50% of such breaches in 2024 attributed to this vulnerability.
- Ransomware attacks, often leveraging third-party vectors, were notably disruptive in 2024, highlighting the importance of implementing an immutable backup strategy.
- Software vulnerabilities and unpatched systems pose ongoing security risks, with zero-day vulnerabilities and internet-facing device weaknesses continuing to be exploited by threat actors.
- Credential misuse, powered by dark web credentials, automated tools, and session hijacking techniques, accounted for 8% of third-party breaches in 2024.
- To combat credential misuse, organizations should enforce phishing-resistant MFA, implement JIT access, monitor login anomalies, and leverage dark web monitoring for compromised credentials.
- Prioritizing supply chain security validation, enforcing strong security requirements in vendor contracts, and adopting a zero-trust model are pivotal in preventing costly third-party breaches.
Read Full Article
17 Likes
Securityaffairs
6d
358
Image Credit: Securityaffairs
BlackLock Ransomware Targeted by Cybersecurity Firm
- Resecurity found an LFI flaw in the leak site of BlackLock ransomware, exposing clearnet IPs and server details.
- Cybersecurity experts exploited the vulnerability and obtained additional information related to the ransomware network infrastructure.
- BlackLock Ransomware is one of the fastest-growing strains, targeting organizations in various sectors across different countries.
- The rebranding of BlackLock as Mamona Ransomware and the takeover by DragonForce group are potential developments in this scenario.
Read Full Article
21 Likes
Cybersecurity-Insiders
6d
84
Image Credit: Cybersecurity-Insiders
Motivations for Hackers to launch Cyber Attacks
- Cyber attacks pose a significant threat in today's interconnected world, with motivations ranging from financial gain to political agendas.
- Financial gain is a common motivation, seen in activities like ransomware attacks and banking fraud targeting large organizations and individuals.
- Hacktivists driven by political or ideological motives target entities they view as unethical in actions like protests against governments or corporations.
- Corporate espionage involves stealing trade secrets to provide a competitive edge, while personal vendettas drive attacks based on revenge.
- Hackers launch attacks for exploration, power, or anonymity, with some engaging in cyber warfare for geopolitical reasons using disruption and espionage tactics.
- Understanding hacker motivations is essential to bolster cybersecurity measures against evolving threats and mitigate risks of falling victim to attacks.
- By being proactive and vigilant, organizations and governments can better protect critical assets from malicious actors.
Read Full Article
4 Likes
Hackernoon
6d
157
Image Credit: Hackernoon
IDT Corporation Partners With AccuKnox For Zero Trust Runtime IoT/Edge Security
- IDT Corporation partners with AccuKnox to deploy Zero Trust runtime security for IoT/Edge.
- Gartner predicts that 25% of enterprise security breaches by 2028 will be due to AI agent abuse.
- AccuKnox runtime-powered CNAPP offers inline security, micro-segmentation, and OS hardening, among other features.
- IDT Telecom selects AccuKnox's KubeArmor for its zero trust security solution and strong open-source foundation.
Read Full Article
9 Likes
Securityaffairs
7d
178
Image Credit: Securityaffairs
Android malware campaigns use .NET MAUI to evade detection
- Researchers warn of a new Android malware that uses .NET MAUI to mimic legit services and evade detection.
- The malware disguises itself as legitimate services to steal sensitive information from users.
- It uses hidden C# blob binaries instead of traditional DEX files for evasion.
- Malware authors leverage various techniques like multi-stage loading and encryption to obfuscate the malicious behaviors.
Read Full Article
10 Likes
Siliconangle
7d
91
Image Credit: Siliconangle
Malicious AI tool mentions surge 200% across dark web channels in 2024
- A report by KELA Research and Strategy Ltd. reveals a 200% increase in mentions of malicious AI tools on cybercrime forums in 2024.
- The report also highlights a 52% rise in AI jailbreak discussions and the distribution of 'dark AI tools' used for phishing, malware development, and financial fraud.
- AI-powered cyber threats are accelerating phishing campaigns, malware development, and deceptive social engineering.
- KELA recommends implementing AI-driven security measures and employee training to combat the growing AI-powered cybercrime threat.
Read Full Article
5 Likes
Analyticsindiamag
7d
320
Image Credit: Analyticsindiamag
CloudSEK and Security Experts Raise Alarm for Data Breach, Oracle Denies It
- Cybersecurity firm CloudSEK found a threat actor selling six million records allegedly extracted from Oracle Cloud.
- Oracle denies the data breach, refuting the claims made by CloudSEK.
- CloudSEK provides additional evidence to support their theory of the breach and plans to publish more details.
- The breach potentially impacts over 1,500 unique organizations, leading to increased risk and urging Oracle to take action.
Read Full Article
19 Likes
Securelist
7d
340
Image Credit: Securelist
Financial cyberthreats in 2024
- Financial cyberthreats, including phishing and malware, are a significant part of the global cyberthreat landscape as digital transactions increase yearly.
- The 2024 report by Kaspersky focuses on banking Trojans and phishing targeting online banking, shopping accounts, and cryptocurrency wallets.
- Key findings include a rise in financial phishing attempts, with banks being the top lure and cryptocurrency phishing seeing a substantial increase.
- PC malware affecting financial users decreased, while mobile banking malware attacks nearly quadrupled in 2024.
- Popular targets for phishing include banks, online shopping sites like Amazon, and payment systems, with PayPal being a frequent target.
- Cryptocurrency phishing scams are on the rise, with an 83.37% increase in 2024 compared to the previous year.
- Cybercriminals use various tactics like fake prizes, free offers, and account verification scams to deceive victims into sharing financial data.
- Top organizations mimicked by phishing sites in 2024 include Amazon, Apple, and PayPal, with phishing attacks targeting both individuals and businesses.
- To defend against financial cyberthreats, users are advised to use strong authentication, avoid suspicious links, and employ reliable security solutions.
- For businesses, updating software, educating employees on security practices, and implementing strict security policies are recommended measures.
Read Full Article
20 Likes
For uninterrupted reading, download the app