Tag: theft
-
Massive Facebook Phishing Attack Targets Hundreds of Companies for Credential Theft
A newly discovered phishing campaign targeting Facebook users has been identified by researchers at Check Point Software Technologies. The attack, which began in late December 2024, has already reached over 12,279 email addresses and impacted hundreds of companies globally. The campaign exploits Facebook’s massive user base recognized as the most popular social network worldwide and…
-
Researchers Found North Korean Hackers Advanced Tactics, techniques, and procedures
Recent research has highlighted the increasingly sophisticated tactics, techniques, and procedures (TTPs) employed by North Korean state-sponsored hackers. These cyber actors have demonstrated a strategic focus on espionage, financial theft, and disruption, targeting a broad range of sectors globally. Their operations align with the regime’s geopolitical objectives, including funding nuclear programs, gathering intelligence, and undermining…
-
Top 5 ways attackers use generative AI to exploit your systems
Tags: access, ai, attack, authentication, awareness, banking, captcha, chatgpt, china, control, cyber, cybercrime, cybersecurity, defense, detection, exploit, extortion, finance, flaw, fraud, group, hacker, intelligence, LLM, malicious, malware, network, phishing, ransomware, resilience, service, spam, tactics, theft, threat, tool, vulnerability, zero-dayFacilitating malware development: Artificial intelligence can also be used to generate more sophisticated or at least less labour-intensive malware.For example, cybercriminals are using gen AI to create malicious HTML documents. The XWorm attack, initiated by HTML smuggling, which contains malicious code that downloads and runs the malware, bears the hallmarks of development via AI.”The loader’s…
-
Man Gets 20 Years for $37m Crypto Heist
A US resident based in Indiana was charged with cyber intrusion and cryptocurrency theft conspiracies First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/us-man-20-years-37m-dollars-crypto/
-
Indiana Man Sentenced to 20 Years in Prison for Hacking, $37 Million Crypto Theft
Evan Light was sentenced to 20 years in federal prison for hacking an investment holdings company and stealing $37 million in cryptocurrency. The post Indiana Man Sentenced to 20 Years in Prison for Hacking, $37 Million Crypto Theft appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/indiana-man-sentenced-to-20-years-in-prison-for-hacking-37-million-crypto-theft/
-
Former Google Engineer Charged for Allegedly Stealing AI Secrets for China
A federal grand jury has indicted Linwei Ding, also known as Leon Ding, a former Google software engineer, on four counts of theft of trade secrets. The charges stem from allegations that Ding stole proprietary artificial intelligence (AI) technologies from Google and shared them with companies based in the People’s Republic of China (PRC). According…
-
Bogus Microsoft ADFS login pages leveraged for widespread credential theft
First seen on scworld.com Jump to article: www.scworld.com/brief/bogus-microsoft-adfs-login-pages-leveraged-for-widespread-credential-theft
-
Lazarus Group tricks job seekers on LinkedIn with crypto-stealer
North Korea-linked Lazarus Group is duping job seekers and professionals in an ongoing campaign that runs a LinkedIn recruiting scam to capture browser credentials, steal crypto wallet data, and launch persistence.According to a discovery made by BitDefender Labs, threat actors reach out with fake LinkedIn job offers to lure the victims into downloading and executing…
-
Fake DeepSeek Sites Used for Credential Phishing, Crypto Theft, Scams
Researchers see dozens of fake DeepSeek websites used for credential phishing, cryptocurrency theft, and scams. The post Fake DeepSeek Sites Used for Credential Phishing, Crypto Theft, Scams appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/fake-deepseek-sites-used-for-credential-phishing-crypto-theft-scams/
-
Credential Theft Becomes Cybercriminals’ Favorite Target
Researchers measured a threefold increase in credential stealing between 2023 and 2024, with more than 11.3 million such thefts last year. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/credential-theft-cybercriminals-favorite-target
-
Microsoft SharePoint Connector Flaw Could’ve Enabled Credential Theft Across Power Platform
Cybersecurity researchers have disclosed details of a now-patched vulnerability impacting the Microsoft SharePoint connector on Power Platform that, if successfully exploited, could allow threat actors to harvest a user’s credentials and stage follow-on attacks.This could manifest in the form of post-exploitation actions that allow the attacker to send requests to the SharePoint API on behalf…
-
Canadian charged in two crypto platform thefts totaling $65 million
Andean Medjedovic, a 22-year-old Canadian, was responsible for stealing tens of millions of dollars’ worth of cryptocurrency from two platforms in 2021 and 2023, according to U.S. prosecutors. First seen on therecord.media Jump to article: therecord.media/indictment-canadian-two-cryptocurrency-platform-hacks
-
Lazarus Group Exploits Trusted Apps for Data Theft via Dropbox
Tags: crypto, cyber, data, espionage, exploit, group, infrastructure, korea, lazarus, north-korea, programming, software, technology, theft, toolIn an alarming development, North Korea’s infamous Lazarus Group has been linked to a global cyber espionage campaign, code-named Operation Phantom Circuit. Beginning in September 2024, this operation exploited trusted software development tools to infiltrate systems worldwide, targeting cryptocurrency and technology developers. The campaign’s advanced obfuscation techniques and infrastructure demonstrate a significant evolution in the…
-
3rd February Threat Intelligence Report
Mizuno USA, giant sports equipment manufacturer, has confirmed a cyber-attack that resulted in the theft of personal information from its network between August and October 2024. The data breach included names, Social […] First seen on research.checkpoint.com Jump to article: research.checkpoint.com/2025/3rd-february-threat-intelligence-report/
-
Crazy Evil Gang Targets Crypto with StealC, AMOS, and Angel Drainer Malware
A Russian-speaking cybercrime gang known as Crazy Evil has been linked to over 10 active social media scams that leverage a wide range of tailored lures to deceive victims and trick them into installing malware such as StealC, Atomic macOS Stealer (aka AMOS), and Angel Drainer.”Specializing in identity fraud, cryptocurrency theft, and information-stealing malware, Crazy…
-
IT Services Vendor Hack Affects 293,000 AHN Patients
7 Proposed Class Actions Filed Against Allegheny Health Network and IntraSystems. A Pittsburgh-based healthcare system and its Massachusetts-based IT services firm are facing at least seven proposed federal class action lawsuits involving a data theft – reported on Jan. 17 – affecting about 293,000 people. The hack is the latest major breach involving a business…
-
FBI seizes Cracked.io, Nulled.to hacking forums in Operation Talent
The FBI has seized the domains for the infamous Cracked.io and Nulled.to hacking forums, which are known for their focus on cybercrime, password theft, cracking, and credential stuffing attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/fbi-seizes-crackedio-nulledto-hacking-forums-in-operation-talent/
-
FBI seizes domains for Cracked.io, Nulled.to hacking forums
The FBI has seized the domains for the infamous Cracked.io and Nulled.to hacking forums, which are known for their focus on cybercrime, password theft, cracking, and credential stuffing attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/fbi-seizes-domains-for-crackedio-nulledto-hacking-forums/
-
Clutch grabs $20M to build out its non-human security ID platform
When it comes to the world of cybersecurity, identity is often thought of as a “perimeter” around an organization. So many breaches begin through techniques like password theft, phishing, and credential stuffing; ergo, securing the identities of not only users, but also applications and machines, is the key to securing the whole system. Easier said…
-
312% Surge in Breach Notices That Could Have Been Prevented
Identity Theft Resource Center’s Lee on Lessons Learned From 2024 Mega-Breaches. Six mega cybersecurity incidents led to a record 1.7 billion data breach notices going out to victims in 2024 – a dramatic 312% increase over the previous year. Identity Theft Resource Center President James E. Lee says the increase exposes industry-wide failures in basic…
-
Hellcat Ransomware Attacking Government Organizations Educational Institutions
Tags: cyber, dark-web, data, extortion, government, group, infrastructure, ransomware, service, theft, toolA new ransomware gang, Hellcat, emerged on dark web forums in 2024, targeting critical infrastructure, government organizations, educational institutions, and the energy sector. Operating on a ransomware-as-a-service (RaaS) model, Hellcat offers ransomware tools and infrastructure to affiliates in exchange for a profit share. The group relies on double extortion techniques, combining data theft with system…
-
SLAP, Apple, and FLOP: Safari, Chrome at risk of data theft on iPhone, Mac, iPad Silicon
It’s another cousin of Spectre, here to read your email, browsing history, and more First seen on theregister.com Jump to article: www.theregister.com/2025/01/29/flop_and_slap_attacks_apple_silicon/
-
Mega-Breaches Bump Up 2024 Victim Count
Identity Theft Resource Center Catalogs 3,158 Known US Incidents in 2024. The number of U.S. organizations falling victim to a data breach appears to be holding steady, as viewed on an annual basis, according to the latest annual data breach report from the Identity Theft Resource Center, which counted 3,158 reported data breaches in 2024,…
-
iPhone users targeted in Apple’s first zero-day exploit in 2025
Apple iPhone users were targeted for privilege escalation in the zero-day exploitation of a use-after-free vulnerability affecting Apple’s Core Media framework.”A malicious application may be able to elevate privileges,” Apple said in the security update description. “Apple is aware of a report that this issue may have been actively exploited against versions of iOS before…
-
Nursing Home, Rehab Chain Says Hack Affects Nearly 70,000
RansomHub Theft Hit Patients of 2 Dozen HCF Facilities and Home Healthcare Unit. A chain of more than two dozen skilled nursing and rehabilitation facilities is notifying tens of thousands of patients whose information was compromised in a hacking incident last fall. Russian-speaking cybercriminal gang RansomHub claims to have published 250 gbytes of data stolen…
-
Suspected Phemex hack leads to theft of over $69M
Tags: theftFirst seen on scworld.com Jump to article: www.scworld.com/brief/suspected-phemex-hack-leads-to-theft-of-over-69m
-
Critical Vulnerability in IBM Security Directory Enables Session Cookie Theft
IBM has announced the resolution of several security vulnerabilities affecting its IBM Security Directory Integrator and IBM Security Verify Directory Integrator products. The vulnerabilities, identified through the Common Vulnerabilities and Exposures (CVE) system, expose users to various risks, including sensitive data disclosure and potential cookie theft. The company urges customers to update to the latest…