Tag: theft
-
Hertz Data Breach Exposes Customer Personal Information to Hackers
The Hertz Corporation has confirmed that sensitive personal information belonging to customers of its Hertz, Dollar, and Thrifty brands was compromised after hackers targeted a vendor’s file transfer platform. The breach has sparked concerns about identity theft and privacy, prompting Hertz to offer free identity monitoring services for affected individuals. According to an official notice…
-
Hertz confirms customer info, drivers’ licenses stolen in data breach
Car rental giant Hertz Corporation warns it suffered a data breach after customer data for its Hertz, Thrifty, and Dollar brands was stolen in the Cleo zero-day data theft attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hertz-confirms-customer-info-drivers-licenses-stolen-in-data-breach/
-
Hertz confirms customer info and drivers’ licenses stolen in data breach
Car rental giant Hertz Corporation warns it suffered a data breach after customer data for its Hertz, Thrifty, and Dollar brands was stolen in the Cleo zero-day data theft attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hertz-confirms-customer-info-and-drivers-licenses-stolen-in-data-breach/
-
Phishing Campaigns Use Real-Time Checks to Validate Victim Emails Before Credential Theft
Cybersecurity researchers are calling attention to a new type of credential phishing scheme that ensures that the stolen information is associated with valid online accounts.The technique has been codenamed precision-validating phishing by Cofense, which it said employs real-time email validation so that only a select set of high-value targets are served the fake login screens.”This…
-
TraderTraitor: The Kings of the Crypto Heist
Allegedly responsible for the theft of $1.5 billion in cryptocurrency from a single exchange, North Korea’s TraderTraitor is one of the most sophisticated cybercrime groups in the world. First seen on wired.com Jump to article: www.wired.com/story/tradertraitor-north-korea-crypto-theft/
-
A Seven”‘Year”‘Old Cisco Flaw Now Lets Hackers Execute Code Remotely on Network Gear
Tags: cisco, credentials, cyber, data-breach, exploit, firmware, flaw, hacker, infrastructure, network, router, service, theft, threatA Cisco’s Smart Install protocol (CVE-2018-0171), first patched in 2018, remains a pervasive threat to global network infrastructure due to widespread misconfigurations and exploitation by state-sponsored threat actors. The flaw allows unauthenticated attackers to execute arbitrary code on Cisco switches and routers via exposed Smart Install Client services, enabling configuration theft, credential harvesting, and firmware…
-
Unraveling the U.S. toll road smishing scams
Cisco Talos has observed a widespread and ongoing financial theft SMS phishing (smishing) campaign since October 2024 that targets toll road users in the United States of America. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/unraveling-the-us-toll-road-smishing-scams/
-
Precision-validated phishing: The rise of sophisticated credential theft
Tags: api, authentication, awareness, ciso, credentials, data-breach, defense, email, infosec, mail, password, phishing, sans, service, spam, spear-phishing, theft, threat, training‘A little bit of hype’: David Shipley, head of Canadian-based security awareness training firm Beauceron Security, said “there’s a little bit of hype” in giving the tactic a fancy name for what is in fact spear phishing, although, he admitted, it’s “rapid-fire spear phishing.”The reason, he said, is that “spray-and-pray” mass phishing campaigns today are…
-
Treasury bureau notifies Congress that email hack was a ‘major’ cybersecurity incident
The OCC said the February incident resulted in the theft of “highly sensitive information” tied to the financial conditions of federally regulated institutions. First seen on cyberscoop.com Jump to article: cyberscoop.com/treasury-bureau-notifies-congress-that-email-hack-was-a-major-cybersecurity-incident/
-
Rogue RDP: Abusing RDP for File Theft and Espionage
A recent report by Google Threat Intelligence Group (GTIG) has shed light on a sophisticated phishing campaign targeting European government and military organizations. This campaign, attributed to a suspected Russia-nexus espionage actor tracked as UNC5837, employed a novel technique leveraging the Remote Desktop Protocol (RDP) for malicious purposes. Unlike typical RDP attacks that focus on…
-
BSidesLV24 Breaking Ground Chrome Cookie Theft On macOS, And How To Prevent It
Author/Presenter: Nick Frost Our sincere appreciation to BSidesLV, and the Presenters/Authors for publishing their erudite Security BSidesLV24 content. Originating from the conference’s events located at the Tuscany Suites & Casino; and via the organizations YouTube channel. Permalink First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/04/bsideslv24-breaking-ground-chrome-cookie-theft-on-macos-and-how-to-prevent-it/
-
Top Australian Pension Funds Breached in Coordinated Hacks
Hackers Use Credential Stuffing to Steal AU$500,000, Breach 20,000 Member Accounts. Australia’s largest pension funds faced coordinated credential attacks last week that compromised thousands of user accounts and led to the theft of at least AU$500,000 from four superannuation accounts. The affected funds included AustralianSuper, Rest and Australian Retirement Trust. First seen on govinfosecurity.com Jump…
-
Massive PoisonSeed phishing campaign seeks extensive crypto theft
First seen on scworld.com Jump to article: www.scworld.com/brief/massive-poisonseed-phishing-campaign-seeks-extensive-crypto-theft
-
Scattered Spider member pleads guilty to identity theft, wire fraud charges
Noah Urban, one of five Scattered Spider suspects identified by U.S. authorities, pleaded guilty in Florida to charges related to the cybercrime operation. First seen on therecord.media Jump to article: therecord.media/scattered-spider-member-noah-urban-guilty-plea
-
Food giant WK Kellogg discloses data breach linked to Clop ransomware
US food giant WK Kellogg Co is warning employees and vendors that company data was stolen during the 2024 Cleo data theft attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/food-giant-wk-kellogg-discloses-data-breach-linked-to-clop-ransomware/
-
A member of the Scattered Spider cybercrime group pleads guilty
A 20-year-old man linked to the Scattered Spider cybercrime group has pleaded guilty to charges filed in Florida and California. Noah Urban, a 20-year-old from Palm Coast, pleaded guilty to conspiracy, wire fraud, and identity theft in two federal cases, one in Florida and another in California. >>In the California case, he pleaded guilty to…
-
King Bob pleads guilty to Scattered Spider-linked cryptocurrency thefts from investors
A Florida man, linked to the notorious Scattered Spider hacking gang, has pleaded guilty to charges related to cryptocurrency thefts which have netted hundreds of thousands of dollars. First seen on bitdefender.com Jump to article: www.bitdefender.com/en-us/blog/hotforsecurity/king-bob-pleads-guilty-to-scattered-spider-linked-cryptocurrency-thefts-from-investors
-
20-Year-Old Scattered Spider Hacker Pleads Guilty in Major Ransomware Case
A 20-year-old Noah Urban, a resident of Palm Coast, Florida, pleaded guilty to a series of federal charges in a Jacksonville courtroom. Urban, linked to the infamous Scattered Spider hacking group, admitted to charges of conspiracy, wire fraud, and aggravated identity theft in Florida, as well as conspiracy to commit wire fraud in a separate…
-
EncryptHub Ransomware Uncovered Through ChatGPT Use and OPSEC Failures
EncryptHub, a rapidly evolving cybercriminal entity, has come under intense scrutiny following revelations of operational security (OPSEC) failures and extensive reliance on ChatGPT for its operations. This emerging threat actor has been linked to ransomware campaigns, data theft, and the development of advanced malware tools, including EncryptRAT. However, critical mistakes in their operational infrastructure have…
-
SpotBugs Access Token Theft Identified as Root Cause of GitHub Supply Chain Attack
The cascading supply chain attack that initially targeted Coinbase before becoming more widespread to single out users of the “tj-actions/changed-files” GitHub Action has been traced further back to the theft of a personal access token (PAT) related to SpotBugs.”The attackers obtained initial access by taking advantage of the GitHub Actions workflow of SpotBugs, a popular…
-
Retirement funds reportedly raided after unexplained portal probes and data theft
Australians checking their pensions are melting down call centres and websites First seen on theregister.com Jump to article: www.theregister.com/2025/04/04/australian_retirement_funds_attacked/
-
Hunters International shifts from ransomware to pure data extortion
The Hunters International Ransomware-as-a-Service (RaaS) operation is shutting down and rebranding with plans to switch to date theft and extortion-only attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hunters-international-rebrands-as-world-leaks-in-shift-to-data-extortion/
-
Oracle Disclosed Breach Of ‘Legacy’ Environment To Customers: Report
A breach of an Oracle ‘legacy’ environment led to the theft of log-in credentials and included a demand by the attacker for an extortion payment, according to a Bloomberg report. First seen on crn.com Jump to article: www.crn.com/news/security/2025/oracle-disclosed-breach-of-legacy-environment-to-customers-report
-
Oracle quietly admits data breach, days after lawsuit accused it of cover-up
Tags: access, attack, authentication, breach, cloud, compliance, credentials, crime, cve, cybersecurity, data, data-breach, endpoint, exploit, finance, fraud, hacker, identity, infrastructure, intelligence, law, oracle, resilience, risk, service, strategy, supply-chain, technology, theft, threat, vulnerabilityLawsuit challenges Oracle’s response: The reports of Oracle’s acknowledgement of the breach come just days after the company was hit with a class action lawsuit over its handling of the security breach.The lawsuit specifically addresses a major security breach discovered in March that reportedly compromised 6 million records containing sensitive authentication-related data from Oracle Cloud…
-
Hackers Exploit Stripe API for Web Skimming Card Theft on Online Stores
Cybersecurity researchers at Jscamblers have uncovered a sophisticated web-skimming campaign targeting online retailers. The campaign utilizes a legacy… First seen on hackread.com Jump to article: hackread.com/hackers-exploit-stripe-api-web-skimming-card-theft/
-
Hunters International Ransomware Gang Rebranding, Shifting Focus
The notorious cybercrime group Hunters International is dropping ransomware to focus on data theft and extortion. The post Hunters International Ransomware Gang Rebranding, Shifting Focus appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/hunters-international-ransomware-gang-rebranding-shifting-focus/
-
New Triada Trojan comes preinstalled on Android devices
A new Triada trojan variant comes preinstalled on Android devices, stealing data on setup, warn researchers from Kaspersky. Kaspersky researchers discovered a new Triada trojan variant preinstalled on thousands of Android devices, enabling data theft upon setup. Kaspersky detected 2,600+ infections in Russia from March 13-27, 2025. The malware was discovered on counterfeit Android devices mimicking…
-
Aura or LifeLock: Who Offers Better Identity Protection in 2025?
The Growing Threat of Digital Identity Theft Identity theft is a continuous online threat that lurks behind every… First seen on hackread.com Jump to article: hackread.com/aura-or-lifelock-who-offers-identity-protection-2025/
-
Crimelords at Hunters International tell lackeys ransomware too ‘risky’
Bosses say theft now the name of the game with a shift in tactics, apparent branding First seen on theregister.com Jump to article: www.theregister.com/2025/04/02/hunters_international_rebrand/