Tag: theft

HubPhish Exploits HubSpot Tools to Target 20,000 European Users for Credential Theft

Dec 18, 2024 5:42 PM

Tags: attack, cloud, control, credentials, cybersecurity, exploit, microsoft, network, phishing, theft, tool

Cybersecurity researchers have disclosed a new phishing campaign that has targeted European companies with an aim to harvest account credentials and take control of the victims’ Microsoft Azure cloud infrastructure.The campaign has been codenamed HubPhish by Palo Alto Networks Unit 42 owing to the abuse of HubSpot tools in the attack chain. Targets include at…
This new cipher tech could break you out of your Gen AI woes

Dec 18, 2024 6:42 AM

Tags: access, ai, computer, computing, cybersecurity, data, data-breach, defense, email, encryption, finance, fortinet, google, group, healthcare, ibm, intelligence, microsoft, network, privacy, risk, service, technology, theft, threat, training, unauthorized, update

Generative AI has cybersecurity teams thrilled and sweating bullets. The technology churns out tricks much like a slot machine on a hot streak, yet significant risks to proprietary data lurk in the background. There’s no telling how exposed that data is, once it’s fed into these models, it’s out there in the wild. Experts are toying…
Lesson from latest SEC fine for not completely disclosing data breach details: ‘Be truthful’

Dec 18, 2024 5:42 AM

Tags: attack, breach, business, cio, ciso, cloud, compliance, control, corporate, credentials, cyber, cybersecurity, data, data-breach, email, finance, governance, government, group, incident, law, monitoring, network, risk, software, theft, threat, unauthorized

A $3.55 million civil penalty levied this week by a US financial regulator against a Michigan bank for filing misleading statements about the theft of 1.5 million people’s data is a reminder to leaders of all organizations to be upfront about cyber incidents.”The message is, ‘Be truthful with your disclosures,’” said Bob Zukis, executive director…
Nebraska AG sues Change Healthcare, UnitedHealth for data theft after ransomware attack

Dec 17, 2024 10:42 PM

Tags: attack, breach, data, data-breach, group, healthcare, law, ransomware, service, theft

The 29-page filing alleges violations of Nebraska’s consumer protection and data security laws and says Change Healthcare, which is owned by UnitedHealth Group (UHG), failed to implement proper security measures that exacerbated the data breach, disrupting critical healthcare services across the state.]]> First seen on therecord.media Jump to article: therecord.media/nebraska-ag-sues-change-healthcare-unitedhealth-after-ransomware-attack
That cheap webcam? HiatusRAT may be targeting it, FBI warns

Dec 17, 2024 9:43 PM

Tags: access, attack, backdoor, business, cctv, china, computer, control, crime, cyber, cybersecurity, data, defense, espionage, Hardware, intelligence, Internet, malware, office, open-source, password, router, theft, threat, tool, usa, vpn, vulnerability

Webcams have been a key part of business and home offices everywhere, especially since the COVID pandemic hit. But they are not often high-quality products, especially if used only sporadically, as many consumers and remote workers are content with a cheap one from China. This not only causes regular hardware problems, but it can also be…
10 Major Ransomware Attacks And Data Breaches In 2024

Dec 17, 2024 4:42 PM

Tags: attack, breach, china, data, government, healthcare, ransomware, theft

Major ransomware attacks and data breaches in 2024 included the Change Healthcare attack, data theft attacks targeting Snowflake customers and the China-linked Salt Typhoon campaign against U.S. government officials. First seen on crn.com Jump to article: www.crn.com/news/security/2024/10-major-ransomware-attacks-and-data-breaches-in-2024
Thousands Affected by Data Theft Hack of Smallest US State

Dec 16, 2024 11:42 PM

Tags: attack, breach, cybercrime, data, group, service, theft

Brain Cipher Gang Claims Credit for Hit on State of Rhode Island’s Vendor Deloitte. Potentially hundreds of thousands of Rhode Islanders are affected by an attack on RIBridges, the state’s IT system for health and human service benefits, including Medicaid. Cybercriminal group Brain Cipher claims to have stolen 1 terabyte of data from Deloitte, which…
5 Things To Know On The Cleo Data Theft Attacks

Dec 16, 2024 10:42 PM

Tags: attack, cybercrime, data, exploit, group, moveIT, theft

The cybercriminal group Clop, previously responsible for the widely felt MOVEit data theft attacks of 2023, has reportedly claimed responsibility for the recent attacks exploiting Cleo file transfer tools. First seen on crn.com Jump to article: www.crn.com/news/security/2024/5-things-to-know-on-the-cleo-data-theft-attacks
Fake Captcha Campaign Highlights Risks of Malvertising Networks

Dec 16, 2024 3:42 PM

Tags: captcha, exploit, malware, network, risk, theft

Large-scale campaign identified by Guardio Lans and Infoblox, exploiting malvertising and fake captchas to distribute Lumma infostealer for massive theft First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/fake-captcha-campaign-risks/
Rhode Island suffers major cyberattack, exposing personal data of thousands

Dec 16, 2024 2:42 PM

Tags: attack, breach, conference, cyber, cyberattack, cybercrime, cybersecurity, data, data-breach, finance, fraud, government, hacker, identity, infrastructure, insurance, international, law, leak, malicious, malware, mfa, organized, password, ransom, service, theft, threat, unauthorized, update, vulnerability

Rhode Island has suffered a severe cyberattack that has potentially exposed the personal data of hundreds of thousands of residents enrolled in state-run social services programs since 2016.Officials confirmed that RIBridges, the government system for programs like Medicaid and SNAP, was infiltrated by an international cybercriminal group. Governor Dan McKee confirmed that sensitive information, including…
Future of proposed US cybersecurity healthcare bills in doubt

Dec 16, 2024 10:42 AM

Tags: access, attack, authentication, breach, business, ceo, cio, ciso, citrix, compliance, credentials, cybersecurity, data, data-breach, email, finance, government, group, healthcare, infrastructure, jobs, law, mfa, penetration-testing, ransomware, regulation, risk, risk-analysis, risk-management, service, technology, theft, training, unauthorized, vulnerability

Six months after Congressional hearings that promised action on the massive Change Healthcare ransomware attack and data theft, three pieces of proposed legislation to tighten cybersecurity requirements on healthcare providers are waiting to be dealt with.But Senators have left the proposals too late in the legislative calendar: Experts say the issue will likely only be…
Clop ransomware claims responsibility for Cleo data theft attacks

Dec 15, 2024 9:42 PM

Tags: attack, breach, corporate, data, exploit, network, ransomware, theft, zero-day

The Clop ransomware gang has confirmed to BleepingComputer that they are behind the recent Cleo data-theft attacks, utilizing zero-day exploits to breach corporate networks and steal data. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/clop-ransomware-claims-responsibility-for-cleo-data-theft-attacks/
PDQ Deploy users warned of credential-theft risk

Dec 14, 2024 10:07 PM

Tags: credentials, risk, theft

First seen on scworld.com Jump to article: www.scworld.com/news/pdq-deploy-users-warned-of-credential-theft-risk
Cyberint’s 2024 Report Highlights Surge in Credential Theft and Rise of AI-Powered Phishing

Dec 13, 2024 7:05 PM

Tags: ai, attack, credentials, cyber, data, phishing, supply-chain, theft, threat

Cyberint, a Check Point company, has released its 2024 Cyber Security Landscape Report, painting a concerning picture of the evolving threat landscape. The report, drawing on data from the Cyberint Argos Platform, analysed 140,000 cyber threat alerts across critical industries, revealing a 333% surge in credential theft, a significant rise in supply chain attacks, and…
DoJ Indicts 14 North Koreans for $88M IT Worker Fraud Scheme Over Six Years

Dec 13, 2024 6:05 PM

Tags: fraud, identity, korea, north-korea, theft

The U.S. Department of Justice (DoJ) has indicted 14 nationals belonging to the Democratic People’s Republic of Korea (DPRK or North Korea) for their alleged involvement in a long-running conspiracy to violate sanctions and commit wire fraud, money laundering, and identity theft by illegally seeking employment in U.S. companies and non-profit organizations.”The conspirators, who worked…
US Indicts 14 North Koreans in IT Scam Funding WMD Programs

Dec 12, 2024 11:05 PM

Tags: breach, data, exploit, jobs, north-korea, scam, theft

DOJ Indicts North Korean IT Workers for Using Remote Jobs to Fund Weapons Programs. U.S. federal prosecutors indicted 14 North Koreans for a long-running IT scam generating $88 million by exploiting remote work with U.S. firms, a scheme prosecutors say is tied to DPRK-controlled companies that fund weapons programs through stolen identities, data theft and…
Cleo patches critical zero-day exploited in data theft attacks

Dec 12, 2024 7:05 PM

Tags: attack, data, exploit, flaw, software, theft, update, zero-day

Cleo has released security updates for a zero-day flaw in its LexiCom, VLTransfer, and Harmony software, currently exploited in data theft attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cleo-patches-critical-zero-day-exploited-in-data-theft-attacks/
Ongoing widespread AWS customer credential theft exposed by open S3 bucket

Dec 10, 2024 10:08 PM

Tags: credentials, data-breach, theft

First seen on scworld.com Jump to article: www.scworld.com/news/ongoing-widespread-aws-customer-credential-theft-exposed-by-open-s3-bucket
New Cleo zero-day RCE flaw exploited in data theft attacks

Dec 10, 2024 5:07 PM

Tags: attack, breach, corporate, data, exploit, flaw, hacker, network, rce, remote-code-execution, software, theft, vulnerability, zero-day

Hackers are actively exploiting a zero-day vulnerability in Cleo managed file transfer software to breach corporate networks and conduct data theft attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-cleo-zero-day-rce-flaw-exploited-in-data-theft-attacks/
AppLite: A New AntiDot Variant Targeting Mobile Employee Devices

Dec 10, 2024 4:07 PM

Tags: android, banking, credentials, crypto, malicious, malware, mobile, theft

Our zLabs team has identified an extremely sophisticated mishing (mobile-targeted phishing) campaign that delivers malware to the user’s Android mobile device enabling a broad set of malicious actions including credential theft of banking, cryptocurrency and other critical applications. First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/12/applite-a-new-antidot-variant-targeting-mobile-employee-devices/
WhatsApp finally fixes View Once flaw that allowed theft of supposedly vanishing pics

Dec 10, 2024 9:07 AM

Tags: flaw, theft

And it only took four months, tut First seen on theregister.com Jump to article: www.theregister.com/2024/12/10/whatsapp_view_once/
Radiant Capital Incident: $50M Cyber Heist Linked to North Korean Threat Actors

Dec 10, 2024 5:07 AM

Tags: cyber, cyberattack, north-korea, theft, threat

A new report from Radiant Capital provides a detailed analysis of the sophisticated cyberattack that led to the theft of approximately $50 million USD on October 16, 2024. The findings,... First seen on securityonline.info Jump to article: securityonline.info/radiant-capital-incident-50m-cyber-heist-linked-to-north-korean-threat-actors/
Deloitte denied its systems were hacked by Brain Cipher ransomware group

Dec 9, 2024 10:07 PM

Tags: breach, data, group, leak, ransomware, theft

Deloitte has responded to claims by the Brain Cipher ransomware group, which alleges the theft of over 1 terabyte of the company’s data. Recently, the ransomware group Brain Cipher added Deloitte UK to its Tor leak site. The gang claimed to have stolen one terabyte of compressed data from the company. A Deloitte spokesperson addressed…
Blue Yonder Probing Data Theft Claims After Ransomware Gang Takes Credit for Attack

Dec 9, 2024 3:07 PM

Tags: attack, data, ransomware, theft

The Blue Yonder ransomware attack that caused disruptions to Starbucks and major grocery stores may have also involved information theft. The post Blue Yonder Probing Data Theft Claims After Ransomware Gang Takes Credit for Attack appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/blue-yonder-probing-data-theft-claims-after-ransomware-gang-takes-credit-for-attack/
Deloitte Responds After Ransomware Group Claims Data Theft

Dec 9, 2024 2:07 PM

Tags: breach, data, group, ransomware, theft

Deloitte has issued a response after the Brain Cipher ransomware group claimed to have stolen over 1 Tb of information belonging to the company. The post Deloitte Responds After Ransomware Group Claims Data Theft appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/deloitte-responds-after-ransomware-groups-claims-data-theft/
Blue Yonder investigating data theft claims after ransomware gang takes credit for cyberattack

Dec 9, 2024 12:07 PM

Tags: breach, cyberattack, data, ransomware, software, supply-chain, theft

Supply chain software giant Blue Yonder says it is investigating claims of data theft after a ransomware gang threatened to publish troves of data stolen from the company. Arizona-based Blue Yonder, which provides supply chain management software to thousands of organizations including DHL, Starbucks and Walgreens, was hit by a cyberattack on November 21. The…
Cybersecurity Snapshot: Study Raises Open Source Security Red Flags, as Cyber Agencies Offer Prevention Tips Against Telecom Spying Attacks

Dec 6, 2024 6:49 PM

Tags: access, advisory, ai, attack, authentication, best-practice, breach, business, china, cisa, cloud, communications, compliance, computing, control, credentials, cyber, cybercrime, cybersecurity, data, data-breach, defense, detection, espionage, exploit, finance, firewall, fraud, government, group, guide, hacker, hacking, identity, infrastructure, insurance, international, Internet, interpol, iot, korea, law, least-privilege, linux, lockbit, login, malware, mfa, mitigation, mobile, network, open-source, password, phishing, privacy, ransomware, RedTeam, resilience, risk, router, scam, service, software, strategy, supply-chain, technology, theft, threat, tool, unauthorized, usa, vpn, vulnerability, windows

Don’t miss the Linux Foundation’s deep dive into open source software security. Plus, cyber agencies warn about China-backed cyber espionage campaign targeting telecom data. Meanwhile, a study shows the weight of security considerations in generative AI projects. And get the latest on ransomware trends, financial cybercrime and critical infrastructure security. Dive into six things that…
Russian hackers abuse Cloudflare tunneling service to drop GammaDrop malware

Dec 6, 2024 1:48 PM

Tags: access, credentials, cyber, cybersecurity, data, detection, dns, email, exploit, group, hacker, infection, infrastructure, malicious, malware, network, russia, service, theft, threat, unauthorized

In a new campaign, a Russia-backed advanced persistent threat (APT) group is seen abusing Cloudflare tunnels to deliver its proprietary GammaLoad malware.The threat actor, tracked as BlueAlpha, was observed by the cybersecurity research firm Insikt Group to be exploiting this legitimate tunneling service for infections aimed at data exfiltration, credential theft, and persistent access to…
Video: Protect Your Identity After the NPD Data Breach

Dec 5, 2024 8:49 PM

Tags: breach, data, data-breach, identity, theft

A recent data breach at National Public Data (NPD), including the theft of Social Security numbers, shows the need to protect your identity and prevent fraud. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/video/protect-your-identity-after-npd-data-breach/
Romanian elections targeted with cyberattacks by foreign state-sponsored actors

Dec 5, 2024 5:48 PM

Tags: access, attack, breach, computer, country, credentials, cyber, cyberattack, cybercrime, cybersecurity, data, data-breach, defense, election, exploit, government, group, infrastructure, injection, intelligence, Internet, monitoring, network, organized, password, risk, russia, service, sql, theft, threat, training, unauthorized, vulnerability

Romania, an EU and NATO member state, faced tens of thousands of intrusion attempts, some successful, that targeted its election IT infrastructure before and during the first round of its presidential elections, according to a report from the country’s main intelligence service. The Romanian Intelligence Service (SRI), which operates the National Cyberint Center tasked with detecting…