Tag: cybercrime
-
‘SessionShark’ A New Toolkit Bypasses Microsoft Office 365 MFA Security
Tags: 2fa, authentication, cyber, cybercrime, marketplace, mfa, microsoft, office, phishing, service, threatSecurity researchers have uncovered a new and sophisticated threat to Microsoft Office 365 users: a phishing-as-a-service toolkit dubbed “SessionShark O365 2FA/MFA.” Promoted through cybercriminal marketplaces, SessionShark is designed to bypass Microsoft’s multi-factor authentication (MFA) protections”, an alarming escalation in the ongoing battle between defenders and cyber attackers. A Toolkit Purpose-Built to Evade 2FA and MFA…
-
New Report Reveals How AI is Rapidly Enhancing Phishing Attack Precision
The Zscaler ThreatLabz 2025 Phishing Report unveils the alarming sophistication of modern phishing attacks, driven by generative AI (GenAI). By examining over 2 billion blocked phishing transactions on the Zscaler Zero Trust Exchange cloud security platform from January to December 2024, the report highlights a seismic shift in cybercriminal tactics. Cybercriminals Leverage GenAI for Hyper-Targeted…
-
Russian VPS Servers With RDP and Proxy Servers Enable North Korean Cybercrime Operations
Trend Research has uncovered a sophisticated network of cybercrime operations linked to North Korea, heavily utilizing Russian internet infrastructure. Specifically, IP address ranges in the towns of Khasan and Khabarovsk, Russia, assigned to organizations under TransTelecom (ASN AS20485), are pivotal in these activities. Khasan, just a mile from the North Korea-Russia border and connected via…
-
Cyberresilient statt nur cyberresistent
Fünf Tipps für mehr Widerstandfähigkeit gegenüber Cyberangriffen. Cyberangriffe sind für Unternehmen und Organisationen zum Alltag geworden. Die Zahl der registrierten Cybercrime-Fälle bleibt laut aktuellem Lagebild des Bundeskriminalamts zu Cybercrime mit rund 134.000 Fällen in Deutschland auf einem hohen Niveau, wobei die Strafverfolgungsbehörde von einem sehr hohen Dunkelfeld von über 90 Prozent ausgeht [1]. Man… First…
-
Beyond the Inbox: ThreatLabz 2025 Phishing Report Reveals How Phishing Is Evolving in the Age of GenAI
Tags: access, ai, attack, authentication, best-practice, captcha, cloud, control, credentials, crypto, cyber, cybercrime, data, defense, detection, dmarc, email, exploit, finance, google, identity, jobs, login, malicious, malware, mfa, phishing, radius, risk, scam, spam, strategy, tactics, technology, theft, threat, tool, vulnerability, zero-day, zero-trustGone are the days of mass phishing campaigns. Today’s attackers are leveraging generative AI (GenAI) to deliver hyper-targeted scams, transforming every email, text, or call into a calculated act of manipulation. With flawless lures and tactics designed to outsmart AI defenses, cybercriminals are zeroing in on HR, payroll, and finance teams”, exploiting human vulnerabilities with…
-
FBI: Cybercrime losses hit record-breaking $16.6B last year
Tags: cybercrimeFirst seen on scworld.com Jump to article: www.scworld.com/brief/fbi-cybercrime-losses-hit-record-breaking-16-6b-last-year
-
Key Takeaways from the FBI’s 2024 IC3 Cybercrime Report
Tags: cybercrimeFirst seen on scworld.com Jump to article: www.scworld.com/brief/key-takeaways-from-the-fbis-2024-ic3-cybercrime-report
-
FBI: Cybercrime Losses Rocket to $16.6B in 2024
The losses are 33% higher than the year before, with phishing leading the way as the most-reported cybercrime last year, and ransomware was the top threat to critical infrastructure, according to the FBI Internet Crime Report. First seen on darkreading.com Jump to article: www.darkreading.com/remote-workforce/fbi-cybercrime-losses-16b-2024
-
Weaponized SVG Files Used by Threat Actors to Redirect Users to Malicious Sites
Cybercriminals are increasingly weaponizing Scalable Vector Graphics (SVG) files to orchestrate sophisticated phishing campaigns. According to research from Intezer, a cybersecurity firm that triages millions of alerts for enterprises globally, attackers are embedding malicious JavaScript within SVG files to redirect unsuspecting users to credential-harvesting phishing sites. This technique, dubbed >>Script in the Shadows,
-
How NFC-Enabled POS Terminals Facilitate Cybercriminal Money Laundering Chains
First seen on resecurity.com Jump to article: www.resecurity.com/blog/article/how-nfc-enabled-pos-terminals-facilitate-cybercriminal-money-laundering-chains
-
BEC scams, investment fraud accounted for biggest cybercrime losses in 2024
Americans lost $16.6 billion to cyber fraud last year, according to a new FBI report, with;phishing, spoofing and extortion topping the list of complaints. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/fbi-internet-crime-bec-scams-investment-fraud-losses/746181/
-
Crooks exploit the death of Pope Francis
Crooks exploit the death of Pope Francis, using public curiosity and emotion to launch scams and spread malware, an old tactic during global events. On April 24, 2025, after Pope Francis’ death, cybercriminals launched scams and malware attacks, exploiting public curiosity, grief, and confusion. Cybercriminals are ready to exploit any event of global interest, it…
-
Darcula Adds GenAI to Phishing Toolkit, Lowering the Barrier for Cybercriminals
The threat actors behind the Darcula phishing-as-a-service (PhaaS) platform have released new updates to their cybercrime suite with generative artificial intelligence (GenAI) capabilities.”This addition lowers the technical barrier for creating phishing pages, enabling less tech-savvy criminals to deploy customized scams in minutes,” Netcraft said in a new report shared with The Hacker News.” First seen…
-
Your vendor may be the weakest link: Percentage of third-party breaches doubled in a year
Cybercriminals are targeting software shops, accountants, lawyers First seen on theregister.com Jump to article: www.theregister.com/2025/04/24/security_snafus_third_parties/
-
When ransomware strikes, what’s your move?
Should we negotiate? Should we pay? These are the questions every organization faces when cybercriminals lock their data. By the time attackers have encrypted your systems, … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/04/18/ciso-ransomware-negotiations/
-
Airport retailer agrees to $6.9 million settlement over ransomware data breach
According to a complaint filed by a former employee, cybercriminals exfiltrated records that held personal information like names and Social Security numbers belonging to 76,000 current and former employees of Paradies Shops. First seen on therecord.media Jump to article: therecord.media/airport-retailer-agrees-to-settlement-ransomware-data-breach
-
Mobile Security Emerging Risks in the BYOD Era
The rise of Bring Your Own Device (BYOD) policies has revolutionized workplace flexibility, enabling employees to use personal smartphones, tablets, and laptops for professional tasks. While this shift reduces hardware costs and supports hybrid work models, it introduces complex security challenges. Cybercriminals increasingly target personal devices as gateways to corporate networks, exploiting vulnerabilities in fragmented…
-
Weaponized Amazon Gift Cards Used to Steal Microsoft Credentials
Cybercriminals are exploiting the trust in e-gift cards and the prestige of Amazon to steal Microsoft credentials from unsuspecting employees. The attack begins with an email, disguised as a >>Reward Gateway
-
Harvest Ransomware Attack: Stolen Data Now Publicly Disclosed
Tags: attack, breach, cyber, cybercrime, data, finance, fintech, group, ransomware, technology, threatFrench fintech leaderHarvest SAShas become the latest high-profile victim of a sophisticated ransomware attack, culminating this week in the public release of a trove of sensitive stolen data. The breach, orchestrated by the rapidly emerging cybercriminal group known as Run Some Wares, underscores the mounting threats facing financial technology firms and their clients worldwide, as per…
-
Die Evolution des KI-unterstützten Internetbetrugs: Neue Betrugsmaschen und Gegenmaßnahmen
Künstliche Intelligenz (KI) macht es Cyberkriminellen immer leichter, ihre eigenen »Produktivitätstools« zu entwickeln. Sie ermöglicht es, täuschend echt wirkende Inhalte für Angriffe in immer schneller werdendem Tempo zu erstellen. Dabei kommen sowohl legitime Apps , die für böswillige Zwecke missbraucht werden, als auch speziell entwickelte Tools, die in der Cybercrime-Unterwelt kursieren, zum Einsatz. KI-Tools durchsuchen……
-
Smart PAM jetzt auch für KMUs
Sechs Aspekte, die bei der Suche nach einer geeigneten PAM-Lösung zu beachten sind. Privileged Access Management (PAM) ist seit langem ein wichtiges Instrument zum Schutz von Passwörtern, zur Sicherung von Zugängen zu wichtigen Ressourcen in einem Unternehmen und zum Schutz sensibler oder vertraulicher Daten. Angesichts der wachsenden Bedrohungslage durch Cyberkriminalität ist eine robuste PAM-Lösung……
-
Whistleblower: Musk’s DOGE Stole Data, Caused Breach at U.S. Agency
A whistleblower in the NLRB said in sworn testimony that staffers within the Musk-led DOGE group breached agency systems, exfiltrated sensitive data, and used tools and techniques similar to those wielded by cybercriminals to hide their actions. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/04/whistleblower-musks-doge-stole-data-caused-breach-at-u-s-agency/
-
Hackers Weaponize Gamma Tool Through Cloudflare Turnstile to Steal Microsoft Credentials
Cybercriminals are exploiting an AI-powered presentation tool called Gamma to launch a multi-stage attack aimed at stealing Microsoft credentials. This attack route is designed not only to evade traditional security measures but also to deceive human recipients by leveraging trusted platforms and services. Exploitation of Gamma and Cloudflare Turnstile Cyber attackers are taking advantage of…
-
Schlendrian an den Netzwerkgrenzen torpediert die Cyberresilienz
Sophos hat seinen ‘Annual Threat Report: Cybercrime on Main Street 2025 ” veröffentlicht. Die Cybersecurity-Fachteams analysieren darin die im Jahr 2024 angesammelten Telemetriedaten aus Sophos-Lösungen, Incident-Response-Fällen sowie MDR-Services. Demnach ist Ransomware nach wie vor die größte Bedrohung gerade für KMUs und profitiert stark von veralteten oder falsch konfigurierten Netzwerkgeräten sie waren Einfallstor Nummer […] First…
-
Accounting Firms Can’t Skimp on Cybersecurity
Cybercriminals capitalize on tax preparation stress, technology sprawl, and lax communications. Accounting teams can’t afford to treat cybersecurity as an afterthought. First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/accounting-firms-cannot-skimp-cybersecurity
-
From Third-Party Vendors to U.S. Tariffs: The New Cyber Risks Facing Supply Chains
Tags: cloud, cyber, cybercrime, exploit, network, risk, service, supply-chain, threat, vulnerabilityIntroductionCyber threats targeting supply chains have become a growing concern for businesses across industries. As companies continue to expand their reliance on third-party vendors, cloud-based services, and global logistics networks, cybercriminals are exploiting vulnerabilities within these interconnected systems to launch attacks. By first infiltrating a third-party vendor with undetected First seen on thehackernews.com Jump to…
-
Online-Betrüger setzen auf KI und synthetische Identitäten
Tags: ai, cyber, cyberattack, cybercrime, fraud, germany, international, login, mail, phishing, risk, usaOft reichen wenige echte Datenfragmente etwa Name und Geburtsdatum um eine synthetische Identität zu erschaffen.Die weltweite Welle der Online-Kriminalität wird nach Einschätzung von Cyberexperten in den kommenden Jahren noch an Wucht und Dynamik gewinnen. Einer wachsenden Zahl von Tätern gelingt es demnach, ihre wahre Identität hinter erfundenen Persönlichkeiten zu verbergen.”Synthetische Identitäten sind international ein wachsender…
-
WhatsApp Job Offer Scam Targets Job Seekers in New Phishing Attack
A new form of phishing attack is making waves among job seekers, as cybercriminals exploit WhatsApp and Meta’s trusted branding to lure victims into sophisticated job offer scams. Security experts warn that these attacks are not only increasing in frequency but have also become more elaborate, bypassing many traditional security layers and preying on those…
-
Authorities Shut Down Four Encrypted Platforms Used by Cybercriminals
Law enforcement authorities across Europe and Türkiye have dealt a major blow to four criminal networks alleged to be at the heart of drug trafficking and money laundering across the continent. The operation, supported by Europol and codenamed Operation BULUT, culminated in coordinated raids that resulted in the arrest of 232 suspects, including some of…