A naukri.com initiative
Cyber Crime News
Gbhackers
3d
108
Tycoon 2FA Attacking Microsoft 365 AND Google Users To Bypass MFA
- Tycoon 2FA is a phishing platform targeting Microsoft 365 and Gmail accounts.
- It uses an AitM technique to steal user session cookies and bypass MFA.
- The platform has updated its features to evade security defenses and avoid detection.
- Tycoon 2FA employs various tactics such as fake authentication links and QR codes to steal credentials.
Read Full Article
6 Likes
Tech Story
3d
60
Data Breach at DELL! Investigation Begins as Dell Confirms Data Breach
- Dell is currently investigating a data breach that occurred on one of its portals containing customer information.
- The breach involved a database with limited customer details such as names, physical addresses, and certain Dell hardware and order information.
- No sensitive information like financial details, email addresses, or phone numbers was compromised.
- Dell is taking proactive measures to notify affected customers and is committed to cybersecurity and risk mitigation.
Read Full Article
3 Likes
Medium
3d
96
Image Credit: Medium
Don’t Get Hooked: Recognizing and Avoiding Phishing Attacks
- Phishing attacks are often disguised as legitimate emails, text messages, or social media posts.
- They create a sense of urgency and trick you into clicking on malicious links or downloading infected attachments.
- To protect yourself, be aware of common phishing red flags and practice good online habits.
- Using a password manager like FrostByte can provide an additional layer of security.
Read Full Article
5 Likes
Silicon
3d
196
Image Credit: Silicon
MGM Hackers Launch New Campaign Targeting Banks, Insurance
- A hacking group known as Scattered Spider, responsible for previous attacks on MGM Resorts International and Caesars Entertainment casinos, has launched a new campaign targeting banks and insurance companies.
- The group has compromised at least two insurance firms and has targeted companies such as Visa, PNC Financial Services Group, Transamerica, New York Life Insurance, and Synchrony Financial.
- Scattered Spider, believed to consist of teenagers and young adults from the US, UK, and Eastern Europe, uses social engineering techniques to obtain passwords and sensitive information.
- The FBI is working towards arresting members of Scattered Spider, with private firms assisting in gathering evidence.
Read Full Article
11 Likes
Medium
3d
188
Image Credit: Medium
THE NATIONAL CYBER SECURITY LEVY — A BRIEF OVERVIEW
- The National Cyber Security Fund was established to boost financial resources of the federal government in tackling cybercrimes and related issues.
- The Fund is to be funded from various sources including levies of 0.5% equivalent to half percent of electronic transaction values by businesses specified in the Second Schedule to the Act.
- The affected businesses are required to remit the cyber security levy within 30 days of when it’s due.
- The Office of the National Security Adviser holds the responsibility of keeping proper records of accounts and ensuring the Fund’s compliance monitoring mechanism.
- However, there are legal issues that must be considered, especially with respect to Section 44 of the Cybercrime Act which deals with the Fund.
- According to the Constitution, all revenues collected by the Federal Government must go into the ‘Federation Account’ before being disbursed to agencies, ministries, and organizations.
- There are conflicting constitutional provisions, and it must be resolved before the Cyber Security Levy implementation can be fully effected.
- Businesses affected by the cyber security levy include Internet Service Providers, Insurance Companies, Nigerian Stock Exchange, and Banks among others.
- Several transactions exempted from the levy include intra-bank transfers, salary payments and other social welfare programs transactions among others.
- Penalties for defaults may lead to closure or withdrawal of the operation license for such a defaulter.
Read Full Article
11 Likes
Securityaffairs
3d
128
Image Credit: Securityaffairs
Australian Firstmac Limited disclosed a data breach after cyber attack
- Firstmac Limited, one of the largest non-bank lenders in Australia, disclosed a data breach after the Embargo extortion group leaked over 500GB of data allegedly stolen from the company.
- The breach resulted in unauthorized access to customer information, including names, contact information, date of birth, external bank account details, and driver's license numbers.
- Firstmac Limited assures that customer funds are secure, and there is no evidence of any impact on current customer accounts.
- Impacted customers are being provided with identity theft protection services and advised to monitor their bank accounts for suspicious activity.
Read Full Article
7 Likes
Gbhackers
3d
104
Ohio Lottery Hacked: 500,000+ Customers Data Exposed
- A major cybersecurity breach occurred at the Ohio Lottery.
- Approximately 538,959 people's private information and Social Security numbers were stolen.
- Free identity theft security services offered to affected customers.
- Ohio Lottery to improve security measures and work with cybersecurity experts to prevent future breaches.
Read Full Article
6 Likes
Guardian
4d
254
Image Credit: Guardian
BT ramps up AI use to counter hacking threats to business customers
- BT is using artificial intelligence to detect and neutralise hacking threats to its business customers.
- The £10.5bn group has patented technology that uses AI to analyse attack data and protect tech infrastructure.
- BT's AI technology, Eagle-i, suggests policies to implement in firewalls to protect against future attacks.
- BT is also using AI to improve fault detection across its network, reducing fix times.
Read Full Article
15 Likes
Medium
4d
141
Image Credit: Medium
Partnering with Syringa for Cyber Risk Prevention
- Syringa partners with businesses to provide tailored cybersecurity solutions.
- They prioritize cybersecurity awareness and offer training programs to mitigate risks.
- Syringa helps businesses stay ahead of emerging threats in the evolving digital landscape.
- They emphasize adapting to AI-driven changes for robust cybersecurity measures.
Read Full Article
8 Likes
Medium
4d
271
Image Credit: Medium
Red Team Phishing: Experience using sing Evilginx2 and GoPhish
- Evilginx2 and Gophish are popular tools for red team phishing campaigns.
- Evilginx2 offers built-in filters and functions, but its setup is more complicated.
- Gophish allows for dynamic email creation and user management.
- Both tools have their limitations and require some customization for optimal use.
Read Full Article
16 Likes
Securityaffairs
4d
389
Image Credit: Securityaffairs
Security Affairs newsletter Round 471 by Pierluigi Paganini – INTERNATIONAL EDITION
- Ohio Lottery data breach exposed over 538,000 individuals.
- IntelBroker claims responsibility for hacking Europol.
- Google fixes fifth Chrome zero-day exploit of the year.
- Citrix warns customers to manually update PuTTY version due to vulnerability.
Read Full Article
23 Likes
Securityaffairs
4d
97
Image Credit: Securityaffairs
As of May 2024, Black Basta ransomware affiliates hacked over 500 organizations worldwide
- Black Basta ransomware affiliates have breached over 500 organizations between April 2022 and May 2024, FBI and CISA reported.
- The Black Basta ransomware-as-a-service (RaaS) has targeted 12 critical infrastructure sectors, including Healthcare and Public Health.
- The group has accumulated at least $107 million in Bitcoin ransom payments and has infected over 329 victims.
- US agencies recommend implementing various mitigations, including prompt updates, multi-factor authentication, secure remote access software, backups, and following the #StopRansomware Guide.
Read Full Article
5 Likes
Medium
4d
276
Data Encryption Techniques for Web Hosting: Safeguarding Confidential Information from Unauthorized…
- Data encryption plays a crucial role in safeguarding sensitive information in web hosting environments.
- Encryption ensures that unauthorized parties cannot decipher data without the encryption key.
- Key components of data encryption for web hosting include Transport Layer Security (TLS) and file/disk encryption.
- By prioritizing data encryption, web hosting providers can enhance security, compliance, and customer trust.
Read Full Article
16 Likes
Medium
4d
264
Security Information and Event Management (SIEM) for Web Hosting: Strengthening Threat Detection…
- SIEM platforms are crucial for web hosting providers to consolidate and analyze security data from various sources.
- Key components of effective SIEM solutions include customizing alerting rules and integrating with threat intelligence feeds.
- SIEM systems help hosting providers strengthen their security defenses, detect threats, and respond rapidly to security incidents.
- Implementing and optimizing SIEM solutions allows web hosting providers to demonstrate compliance and build trust with customers.
Read Full Article
15 Likes
Medium
4d
358
Image Credit: Medium
— Case Study #1424
- In May 2024, Dell Technologies confirmed a significant cyberattack that compromised its customer database.
- Approximately 49 million customer records were compromised, making this one of the significant data breaches of the year.
- The exposed data presents a risk of targeted phishing, potential brand reputation damage, regulatory scrutiny, and possible fines.
- Dell has implemented immediate containment measures and should focus on improving data segregation, conducting security audits, and enhancing phishing awareness programs.
Read Full Article
21 Likes
For uninterrupted reading, download the app