Tag: theft

Google announces new security features for Android for protection against scam and theft

May 13, 2025 7:38 PM

Tags: access, android, google, privacy, scam, theft

At the Android Show on Tuesday, ahead of Google I/O, Google announced new security and privacy features for Android. These new features include new protections for calls, screen sharing, messages, device access, and system-level permissions. With these features, Google aims to protect users from falling for a scam, keep their details secure in case a…
Detecting Remote Monitoring and Management Tools Used by Attackers

May 12, 2025 8:10 PM

Tags: access, browser, chrome, cloud, control, credentials, data, detection, endpoint, exploit, identity, intelligence, ivanti, microsoft, monitoring, network, open-source, risk, saas, service, social-engineering, software, strategy, theft, threat, tool, unauthorized, update, vulnerability, vulnerability-management, windows

Following up on last year’s LOLDriver plugin, Tenable Research is releasing detection plugins for the top Remote Monitoring and Management (RMM) tools that attackers have been more frequently leveraging in victim environments. Background In August 2024, Tenable Research released a detection plugin for Nessus, Tenable Security Center and Tenable Vulnerability Management to help customers identify…
Threat Actors Leverage DDoS Attacks as Smokescreens for Data Theft

May 12, 2025 5:10 PM

Tags: attack, cloud, cyber, data, ddos, service, theft, threat, tool

Distributed Denial of Service (DDoS) attacks, once seen as crude tools for disruption wielded by script kiddies and hacktivists, have undergone a sophisticated transformation in today’s complex, hybrid-cloud environments. No longer just blunt instruments aimed at overwhelming systems, DDoS attacks are increasingly being deployed as strategic smokescreens to mask more insidious breaches. Recent data indicates…
Google Chrome Uses Advanced AI to Combat Sophisticated Online Scams

May 10, 2025 5:10 PM

Tags: ai, android, browser, chrome, cyber, cybersecurity, data, detection, finance, google, intelligence, scam, theft, threat

Google has integrated artificial intelligence into its cybersecurity toolkit to shield users from financial and data theft scams. On Friday, May 09, 2025, the company unveiled a comprehensive report detailing its latest AI-driven initiatives across Search, Chrome, and Android, marking a significant leap in preemptive threat detection and user protection. These advancements aim to counteract…
OtterCookie v4 Adds VM Detection and Chrome, MetaMask Credential Theft Capabilities

May 9, 2025 8:11 PM

Tags: browser, chrome, credentials, detection, malware, north-korea, theft, threat

The North Korean threat actors behind the Contagious Interview campaign have been observed using updated versions of a cross-platform malware called OtterCookie with capabilities to steal credentials from web browsers and other files.NTT Security Holdings, which detailed the new findings, said the attackers have “actively and continuously” updated the malware, introducing versions v3 and v4…
Deploying AI Agents? Learn to Secure Them Before Hackers Strike Your Business

May 9, 2025 2:11 PM

Tags: ai, business, data, hacker, identity, leak, malicious, risk, theft

AI agents are changing the way businesses work. They can answer questions, automate tasks, and create better user experiences. But with this power comes new risks, like data leaks, identity theft, and malicious misuse.If your company is exploring or already using AI agents, you need to ask: Are they secure?AI agents work with sensitive data…
A timeline of South Korean telco giant SKT’s data breach

May 9, 2025 12:11 AM

Tags: breach, country, cyberattack, data, data-breach, korea, theft

In April, South Korea’s telco giant SK Telecom (SKT) was hit by a cyberattack that led to the theft of personal data on approximately 23 million customers, equivalent to almost half of the country’s 52 million residents. At a National Assembly hearing in Seoul on Thursday, SKT chief executive Young-sang Ryu said about 250,000 users…
Extensive credential theft conducted by new CoGUI phishing kit

May 8, 2025 10:10 PM

Tags: credentials, phishing, theft

First seen on scworld.com Jump to article: www.scworld.com/brief/extensive-credential-theft-conducted-by-new-cogui-phishing-kit
Google links new LostKeys data theft malware to Russian cyberspies

May 8, 2025 4:10 PM

Tags: attack, data, espionage, google, government, group, hacking, malware, russia, theft

Since the start of the year, the Russian state-backed ColdRiver hacking group has been using new LostKeys malware to steal files in espionage attacks targeting Western governments, journalists, think tanks, and non-governmental organizations. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/google-links-new-lostkeys-data-theft-malware-to-russian-cyberspies/
Phishing-Resistant MFA: Why FIDO is Essential

May 8, 2025 11:11 AM

Tags: access, ai, attack, authentication, breach, business, cloud, compliance, credentials, cryptography, cybersecurity, data, data-breach, defense, dora, encryption, exploit, fido, framework, GDPR, Hardware, iam, identity, ISO-27001, malicious, mfa, mobile, network, nist, passkey, password, phishing, phone, ransomware, regulation, risk, service, social-engineering, software, strategy, tactics, technology, theft, threat, tool, unauthorized

Phishing-Resistant MFA: Why FIDO is Essential madhav Thu, 05/08/2025 – 04:47 Phishing attacks are one of the most pervasive and insidious threats, with businesses facing increasingly sophisticated and convincing attacks that exploit human error. Traditional Multi-Factor Authentication (MFA), while a step up from password-only security, is no longer enough to fight modern phishing schemes. Today’s…
UNC3944 Hackers Shift from SIM Swapping to Ransomware and Data Extortion

May 6, 2025 5:50 PM

Tags: cyber, data, exploit, extortion, group, hacker, ransomware, theft, threat, vulnerability

UNC3944, a financially-motivated threat actor also linked to the group known as Scattered Spider, has transitioned from niche SIM swapping operations targeting telecommunications organizations to a more aggressive focus on ransomware and data theft extortion across diverse industries. Initially observed exploiting telecom vulnerabilities to facilitate SIM swaps, UNC3944 pivoted in early 2023 to deploy ransomware…
Ongoing Passkey Usability Challenges Require ‘Problem-Solving’

May 6, 2025 5:50 PM

Tags: credentials, passkey, phishing, theft

While passkeys offer enhanced security against phishing and credential theft, implementation hurdles, cross-platform inconsistencies, and user experience challenges pose significant barriers to widespread adoption. First seen on darkreading.com Jump to article: www.darkreading.com/identity-access-management-security/passkey-usability-challenges-require-problem-solving
Ongoing Passkey Usability Challenges Require ‘Problem Solving’

May 6, 2025 3:50 PM

Tags: credentials, passkey, phishing, theft

While passkeys offer enhanced security against phishing and credential theft, implementation hurdles, cross-platform inconsistencies, and user experience challenges pose significant barriers to widespread adoption. First seen on darkreading.com Jump to article: www.darkreading.com/identity-access-management-security/passkey-usability-challenges-require-problem-solving
UK Retail Chains Targeted by Ransomware Attackers Claiming Data Theft

May 6, 2025 11:50 AM

Tags: cyber, data, hacker, network, ransomware, theft

Major ransomware campaign targeting UK retailers has escalated as hackers provided BBC News with evidence of extensive network infiltration and data theft from Co-op, contradicting the company’s initial statements that downplayed the incident. The cyber criminals, operating under the name DragonForce, claim to possess personal information of approximately 20 million Co-op loyalty scheme members and…
Critical Microsoft 0-Click Telnet Vulnerability Enables Credential Theft Without User Action

May 6, 2025 8:50 AM

Tags: attack, corporate, credentials, cyber, exploit, flaw, microsoft, network, theft, vulnerability, windows

A critical vulnerability has been uncovered in Microsoft’s Telnet Client (telnet.exe), enabling attackers to steal Windows credentials from unsuspecting users, even without interaction in certain network scenarios. Security researchers warn that this >>zero-click
Fake resumes targeting HR managers now come with updated backdoor

May 6, 2025 5:53 AM

Tags: attack, awareness, backdoor, best-practice, ciso, control, cybersecurity, data, defense, detection, email, endpoint, espionage, exploit, government, infection, infrastructure, intelligence, jobs, linkedin, malicious, microsoft, mitigation, network, password, phishing, radius, scam, soc, social-engineering, spear-phishing, theft, threat, windows

%temp%\ieuinit.inf and writes obfuscated commands to it, including a Windows batch file.When this code is executed, Microsoft WordPad is automatically launched in a ploy to distract the user, who is meant to believe the promised resumÃ© is being opened. The batch script will then covertly launch the legitimate Windows utility %windir%\system32\ie4uinit.exe, which in turn executes the commands from…
Luna Moth extortion hackers pose as IT help desks to breach US firms

May 6, 2025 12:50 AM

Tags: attack, breach, data, extortion, finance, group, hacker, phishing, ransom, theft

The data-theft extortion group known as Luna Moth, aka Silent Ransom Group, has ramped up callback phishing campaigns in attacks on legal and financial institutions in the United States. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/luna-moth-extortion-hackers-pose-as-it-help-desks-to-breach-us-firms/
Iranian Hackers Breach Middle East Infrastructure

May 5, 2025 8:50 PM

Tags: breach, credentials, cyberespionage, fortinet, group, hacker, infrastructure, iran, middle-east, network, technology, theft, threat

Fortinet Uncovers Long-Term Cyberespionage in Region. An Iranian state-sponsored threat group conducted a years-long cyberespionage campaign targeting a Middle East critical infrastructure provider, with its operational technology network a key target. The attackers focused reconnaissance activity and credential theft on the OT network. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/iranian-hackers-breach-middle-east-infrastructure-a-28284
StealC malware enhanced with stealth upgrades and data theft tools

May 4, 2025 5:50 PM

Tags: data, malware, theft, tool

The creators of StealC, a widely-used information stealer and malware downloader, have released its second major version, bringing multiple stealth and data theft enhancements. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/stealc-malware-enhanced-with-stealth-upgrades-and-data-theft-tools/
Security Affairs newsletter Round 522 by Pierluigi Paganini INTERNATIONAL EDITION

May 4, 2025 12:50 PM

Tags: data, email, government, group, international, ransomware, theft, WeeklyReview

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Rhysida Ransomware gang claims the hack of the Government of Peru DragonForce group claims the theft of data…
DragonForce group claims the theft of data after Co-op cyberattack

May 3, 2025 6:50 PM

Tags: breach, cyberattack, data, group, hacker, theft

Hackers claim Co-op cyberattack is worse than admitted, with major customer and employee data stolen, and provide proof to the BBC. The attackers behind the recent Co-op cyberattack, who go online with the name DragonForce, told the BBC that they had stolen data from the British retail and provided proof of the data breach. Hackers…
Ransomware Attacks Up 9% but Payments Are Down

May 3, 2025 4:50 PM

Tags: attack, data, law, ransomware, theft

Recorded Future’s Liska on What Happens Next When Ransomware Gets Less Profitable. Data theft-only ransomware attacks have reached 50% of incidents in Q1 2025, said Allan Liska, senior security architect at Recorded Future. Law enforcement has disrupted the major players, leaving less-skilled actors scrabbling for a payday or stealing information. First seen on govinfosecurity.com Jump…
Why Many Fraud Victims Don’t Report Attacks

May 2, 2025 11:50 PM

Tags: attack, data, fraud, identity, theft

ITRC’s James Lee on Shame, Fatigue and Precision Targeting. Many fraud victims stay silent due to shame, fatigue or fear. James Lee, president of the Identity Theft Resource Center, explains why underreporting is rising and how better data sharing could help reduce the impact of identity-driven cyberattacks. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/many-fraud-victims-dont-report-attacks-a-28228
Tsunami Malware Surge: Blending Miners and Credential Stealers in Active Attacks

May 2, 2025 11:50 PM

Tags: access, attack, botnet, credentials, crypto, cyber, framework, malware, theft

Security researchers have recently discovered a sophisticated malware operation called the >>Tsunami-Framework
Malicious PyPi, npm packages found abusing trusted services for data theft

May 2, 2025 10:50 PM

Tags: data, malicious, pypi, service, theft

First seen on scworld.com Jump to article: www.scworld.com/brief/malicious-pypi-npm-packages-found-abusing-trusted-services-for-data-theft
Co-op confirms data theft after DragonForce ransomware claims attack

May 2, 2025 10:50 PM

Tags: attack, breach, cyberattack, data, ransomware, theft

The Co-op cyberattack is far worse than initially reported, with the company now confirming that data was stolen for a significant number of current and past customers. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/co-op-confirms-data-theft-after-dragonforce-ransomware-claims-attack/
Disney Slack Channel Hacker Pleads Guilty

May 2, 2025 8:50 PM

Tags: access, data, hacker, russia, theft

Hacker Who Feigned Russian Hacktivist Persona Faces Up to a Decade in Prison. A California man whose theft of a terabyte of company data from Disney led the media and entertainment conglomerate to eschew Slack pleaded guilty in Los Angeles federal court to two felony charges. Santa Clarita resident Ryan Mitchell Kramer, 25, gained access…
Phone theft is turning into a serious cybersecurity risk

May 2, 2025 7:50 AM

Tags: cybersecurity, phone, risk, theft

Phone theft is a rising issue worldwide, and it’s more than just a property crime. It’s a serious cybersecurity threat. In the UK alone, the Metropolitan Police recovers 1,000 … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/05/02/phone-theft-cybersecurity-threat/
AI Security Risks: Jailbreaks, Unsafe Code, and Data Theft Threats in Leading AI Systems

May 1, 2025 4:50 PM

Tags: ai, cybersecurity, data, google, openai, risk, theft, threat, vulnerability

In recent reports, significant security vulnerabilities have been uncovered in some of the world’s leading generative AI systems, such as OpenAI’s GPT-4, Anthropic’s Claude, and Google’s Gemini. While these AI models have revolutionized industries by automating complex tasks, they also introduce new cybersecurity challenges. These risks include AI jailbreaks, the generation of unsafe code, and…
Netgear EX6200 Flaw Enables Remote Access and Data Theft

May 1, 2025 1:50 PM

Tags: access, cve, cyber, data, firmware, flaw, theft, unauthorized, vulnerability, wifi

Security researchers have disclosed three critical vulnerabilities in the Netgear EX6200 Wi-Fi range extender that could allow remote attackers to gain unauthorized access and steal sensitive data. The flaws affect firmware version 1.0.3.94 and have been assigned the CVEs CVE-2025-4148, CVE-2025-4149, and CVE-2025-4150. Despite early notification, Netgear has yet to respond to these reports, leaving…