Cyber Crime News, Latest Updates and Recent Announcements on Techminis

A naukri.com initiative

New

Home

Cyber Crime News

Spamresource

195

Image Credit: Spamresource

Don't fall for smishing scams

Smishing scams, which involve phishing via text messages, are on the rise.
The latest smishing template is targeting users with fake toll road fines, claiming to be from SunPass, iPass, or EZPass.
These messages often come from international numbers, like the UK or China, and contain suspicious links.
Telecom providers need to improve their blocking mechanisms to address this issue.

Read Full Article

11 Likes

Guardian

Image Credit: Guardian

UK cybersecurity agency warns over risk of quantum hackers

The UK's cybersecurity agency is urging organisations to protect their systems from quantum hackers by 2035.
The National Cyber Security Centre (NCSC) has issued guidance recommending the use of 'post-quantum cryptography' to prevent quantum technology from being used to breach systems.
Quantum computers have the potential to solve the hard mathematical problems that underpin current encryption methods, posing a threat to digital encryption.
The NCSC recommends large entities, critical national infrastructure operators, and companies with bespoke IT systems to implement post-quantum cryptography by 2035.

Read Full Article

3 Likes

Pymnts

Image Credit: Pymnts

A Matter of Trust: How AI Is Reshaping Risk Assessment

Financial institutions are increasingly relying on AI for risk management as the threat landscape evolves with generative AI tools like synthetic identity generation and real-time phishing attacks.
AI is both enabling advanced defensive capabilities for companies and being used by criminals for fraud and scams, creating a constant battle in the financial services sector.
Challenges include criminal use of AI tools like FraudGPT for malicious activities, posing a significant threat to cybersecurity measures.
Visa, a key player in the financial industry, has been utilizing AI for fraud detection since 1992 and continues to advance its fraud detection models with GenAI technology.
AI-powered fraud is compared to shape-shifting organisms by experts, highlighting the dynamic nature of modern cyber threats that can adapt in real time.
The speed at which AI allows fraudsters to operate is a concerning trend, accelerating activities like synthetic identity fraud and posing challenges to traditional security measures.
While AI continues to enhance customer experiences in financial services, the role of human oversight and trust remains crucial in ensuring AI-driven systems operate effectively.
Financial institutions are urged to adapt AI-driven fraud detection models rather than resorting to shutting down operations in response to fraud incidents.
The future of AI in finance involves moving from enabling interactions to actions, where AI can predict, take, and complete actions autonomously.
Visa's vision for 'agentic commerce' involves AI agents assisting users in the shopping process, showcasing the potential for AI to enhance customer experiences in new ways.
The integration of AI into risk assessment is reshaping the financial landscape, emphasizing the importance of trust, security, and ongoing innovation in combatting evolving cyber threats.

Read Full Article

1 Like

Mjtsai

243

Apple Passwords Phishing Vulnerability

A serious HTTP bug in Apple Passwords left users vulnerable to phishing attacks for nearly three months.
Security researchers at Mysk discovered the flaw, which allowed attackers to intercept HTTP requests.
The bug was quietly patched in December, but Apple only recently disclosed the vulnerability.
Mysk, the researchers who found the bug, did not receive a bounty from Apple for their discovery.

Read Full Article

14 Likes

Discover more

Digitaltrends

Image Credit: Digitaltrends

Apple just patched a security flaw left users open to phishing attacks

Apple has released a security update to address a critical vulnerability in the Apple Password App.
The security flaw allowed unauthorized access to stored usernames and passwords.
The patch ensures the Password app only uses HTTPS connections by default.
Users are advised to update their iOS to at least version 18.2 to mitigate the risk.

Read Full Article

4 Likes

TechCrunch

294

Image Credit: TechCrunch

US teachers’ union says hackers stole sensitive personal data on over 500,000 members

The Pennsylvania State Education Association (PSEA), a teachers' union, reported a cyberattack that led to the theft of sensitive personal data of over 500,000 members.
The stolen information includes government-issued identification documents, Social Security numbers, passport numbers, medical information, and financial information.
Member account numbers, PINs, passwords, and security codes were also accessed during the breach.
PSEA indicated that they took steps to ensure the stolen data was deleted, but paying a ransom does not guarantee data deletion.

Read Full Article

17 Likes

Securityaffairs

337

Image Credit: Securityaffairs

California Cryobank, the largest US sperm bank, disclosed a data breach

California Cryobank, the largest US sperm bank, suffered a data breach exposing customer information.
CCB discovered unauthorized activity on its IT systems on April 21, 2024.
Threat actors potentially accessed and/or acquired customers' personal information.
CCB is offering affected individuals free credit monitoring services and implementing enhanced security measures.

Read Full Article

20 Likes

Securityaffairs

Image Credit: Securityaffairs

Nation-state actors and cybercrime gangs abuse malicious .lnk files for espionage and data theft

At least 11 state-sponsored threat groups have been abusing Windows shortcut files for espionage and data theft, according to Trend Micro's Zero Day Initiative.
These threat actors have exploited the vulnerability ZDI-CAN-25373, with 1,000 malicious .lnk files discovered by ZDI researchers.
The vulnerability has been targeted by APT groups from North Korea, Iran, Russia, and China, with attacks aimed at various sectors and regions.
Microsoft has been notified of the vulnerability but has not addressed it with a security patch.

Read Full Article

2 Likes

Coinjournal

420

Image Credit: Coinjournal

Hyperliquid 50x leverage whale is cybercriminal gambling stolen funds: ZachXBT

The "Hyperliquid 50x leverage whale" is identified as a cybercriminal gambling with stolen funds.
The whale made a $9 million profit despite efforts to liquidate the position.
ZachXBT, an on-chain investigator, revealed the whale's activities and dismissed any links to the Lazarus Group.
The incident raises concerns about stolen funds circulating through decentralized finance protocols and the impact of high-leverage trades on the market.

Read Full Article

25 Likes

Securityaffairs

Image Credit: Securityaffairs

New StilachiRAT uses sophisticated techniques to avoid detection

Microsoft discovered a new remote access trojan (RAT), dubbed StilachiRAT, that uses sophisticated techniques to avoid detection.
StilachiRAT is a sophisticated RAT designed for stealth, persistence, and data theft.
The malware supports functionalities to steal credentials, digital wallet data, clipboard content, and system information.
StilachiRAT employs advanced evasion methods and targets cryptocurrency wallet extensions.

Read Full Article

3 Likes

Cybersecurity-Insiders

244

Image Credit: Cybersecurity-Insiders

How to Identify Zero-Day Attacks and Their Repercussions

Zero-Day attacks exploit unknown vulnerabilities in software or hardware, posing a severe threat to organizations and individuals.
These attacks are challenging to detect due to the lack of patches and can lead to data breaches, system downtime, financial loss, and reputational damage.
Indicators of a Zero-Day attack include unusual system behavior, suspicious network traffic, increased exploit attempts, software or hardware anomalies, and detection of malicious payloads.
Repercussions of Zero-Day attacks include data breaches, system downtime, financial loss, reputational damage, intellectual property theft, and spread of malware.
Mitigating Zero-Day risks involves implementing advanced threat detection systems, regular patch management, least privilege principle, incident response planning, and collaboration with the security community.
Organizations need to stay vigilant, update software regularly, limit user privileges, and be prepared to respond swiftly and effectively to Zero-Day attacks.
Collaboration with cybersecurity experts, vendors, and government agencies can provide early warnings and solutions to mitigate the impact of Zero-Day vulnerabilities.
By understanding the signs of Zero-Day attacks and taking proactive security measures, organizations can better protect themselves from these evolving cybersecurity threats.

Read Full Article

14 Likes

Cybersecurity-Insiders

Image Credit: Cybersecurity-Insiders

Cyber Attack halts a murder shooting trial in American court

A murder shooting trial in a New Hampshire court was postponed due to a cyberattack.
The trial involved a defendant accused of attempting to murder his neighbor.
The nature and motive behind the cyberattack remain uncertain.
Such cyberattacks on judicial systems can have severe consequences, causing operational losses and delaying court proceedings.

Read Full Article

4 Likes

Securityaffairs

318

Image Credit: Securityaffairs

Attackers use CSS to create evasive phishing messages

Threat actors exploit Cascading Style Sheets (CSS) to bypass spam filters and detection engines, and track users’ actions and preferences.
Cisco Talos observed threat actors abusing CSS to evade detection and track user behavior, raising security and privacy concerns.
Attackers use CSS properties like text-indent and font-size to hide phishing text in emails and bypass security parsers.
Threat actors can also track user behavior and conduct fingerprinting attacks using CSS, gathering data on recipients' preferences and system information.

Read Full Article

19 Likes

Securityaffairs

Image Credit: Securityaffairs

Researcher releases free GPU-Based decryptor for Linux Akira ransomware

A security researcher has released a free decryptor for Linux Akira ransomware that uses GPU power to recover keys through brute force.
The researcher, Yohanes Nugroho, implemented a decryption technique that exploits the use of timestamp-based seeds by Akira ransomware to generate unique encryption keys for each file.
By analyzing log files, file metadata, and hardware benchmarks, the researcher estimated encryption timestamps, making the brute-forcing of decryption keys more efficient.
To speed up the process, Nugroho used sixteen RTX 4090 GPUs through cloud GPU services, reducing the decryption time to 10 hours.

Read Full Article

3 Likes

TheStartupMag

245

Image Credit: TheStartupMag

Why Investing in Antivirus for Your Company’s Computers Is Essential

Investing in antivirus software is essential for company computers to protect against cyber threats.
Antivirus software safeguards sensitive business information, preventing financial and reputational damage.
Antivirus software helps prevent malware and ransomware attacks, detecting and blocking suspicious files.
Investing in antivirus software enhances employee cybersecurity awareness and improves system performance and efficiency.

Read Full Article

14 Likes

For uninterrupted reading, download the app