Tag: theft

US may plan legislation to contain Chinese cyber espionage

Dec 5, 2024 1:48 PM

Tags: advisory, ai, at&t, breach, ceo, china, cisa, cloud, cyber, cybersecurity, data, defense, espionage, finance, government, hacker, hacking, intelligence, mobile, network, phone, risk, technology, theft, threat, vulnerability

US senators were briefed behind closed doors this week on the scale of “Salt Typhoon,” an alleged Chinese cyber-espionage campaign targeting the nation’s telecommunications networks.The FBI, CISA, and other key agencies, who were part of the briefing, revealed that the sophisticated operation compromised at least eight US telecom firms, stealing metadata and call intercepts, including…
BT Investigating Hack After Ransomware Group Claims Theft of Sensitive Data

Dec 5, 2024 12:48 PM

Tags: data, group, ransomware, theft

UK telecoms company BT has launched an investigation after the Black Basta ransomware group claimed the theft of 500 Gb of data. The post BT Investigating Hack After Ransomware Group Claims Theft of Sensitive Data appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/bt-investigating-hack-after-ransomware-group-claims-theft-of-sensitive-data/
Identity Phishing: Using Legitimate Cloud Services to Steal User Access

Dec 5, 2024 12:48 PM

Tags: access, attack, cloud, data, finance, fraud, identity, phishing, service, social-engineering, theft

Identity phishing doesn’t just lead to data theft it can also lead to financial fraud, targeted social engineering attacks and lateral movement across endpoints. First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/12/identity-phishing-using-legitimate-cloud-services-to-steal-user-access/
Is the tide turning on macOS security?

Dec 5, 2024 7:48 AM

Tags: access, adware, ai, antivirus, apple, attack, chatgpt, computer, control, cybercrime, cybersecurity, dark-web, data, detection, endpoint, exploit, extortion, guide, hacker, macOS, malware, privacy, rat, service, skills, social-engineering, software, theft, threat, tool, update

The Apple ecosystem has been recognized for years by users and cybersecurity experts as among the most secure, offering flagship security features and a high level of user privacy protection.But macOS security may be experiencing a turning point in 2024, as experts point to a sharp increase in malware created specifically to target the operating system, as well…
New Kimsuky credential theft attacks involve Russian email addresses

Dec 4, 2024 9:48 PM

Tags: attack, credentials, email, russia, theft

First seen on scworld.com Jump to article: www.scworld.com/brief/new-kimsuky-credential-theft-attacks-involve-russian-email-addresses
Security teams should act now to counter Chinese threat, says CISA

Dec 4, 2024 7:48 PM

Tags: 5G, access, apple, at&t, attack, authentication, china, cisa, cisco, communications, control, cyber, cybersecurity, data, encryption, espionage, exploit, google, government, hacker, infrastructure, linux, microsoft, mitigation, mobile, monitoring, network, nist, password, risk, service, siem, technology, theft, threat, vpn, vulnerability

Security teams and individuals across the US need to take immediate precautions to counter the surveillance threat posed by Chinese ‘Salt Typhoon’ hackers, who have burrowed deep into telecoms infrastructure, according to the US Cybersecurity and Infrastructure Security Agency (CISA).CISA issued an official alert recommending defensive measures on December 3, as federal officials briefed journalists…
Cyberattack Compromises Marin City Housing Project, $950,000 in Public Funds Stolen

Dec 4, 2024 9:48 AM

Tags: breach, cyberattack, cybersecurity, theft

A significant cybersecurity incident has impacted the Golden Gate Village housing project in Marin City, resulting in the theft of $950,000 of public funds allocated for critical renovations. The Marin... First seen on securityonline.info Jump to article: securityonline.info/cyberattack-compromises-marin-city-housing-project-950000-in-public-funds-stolen/
Defending Against Email Attachment Scams

Dec 4, 2024 8:48 AM

Tags: attack, email, scam, theft

One of the most alarming methods of attack involves intercepting email attachments during transit, resulting in the theft of personally identifiable information (PII) and other sensitive data. First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/12/defending-against-email-attachment-scams/
North Korean Kimsuky Hackers Use Russian Email Addresses for Credential Theft Attacks

Dec 3, 2024 11:48 AM

Tags: attack, credentials, cybersecurity, email, hacker, korea, north-korea, phishing, russia, service, theft, threat

The North Korea-aligned threat actor known as Kimsuky has been linked to a series of phishing attacks that involve sending email messages that originate from Russian sender addresses to ultimately conduct credential theft.”Phishing emails were sent mainly through email services in Japan and Korea until early September,” South Korean cybersecurity company Genians said. “Then, from…
10 most critical LLM vulnerabilities

Dec 3, 2024 8:49 AM

Tags: access, ai, api, application-security, attack, authentication, automation, awareness, backdoor, breach, business, compliance, control, corporate, credit-card, cybersecurity, data, data-breach, email, exploit, guide, injection, intelligence, jobs, leak, least-privilege, LLM, malicious, privacy, RedTeam, risk, sans, service, social-engineering, spam, strategy, supply-chain, technology, theft, threat, tool, training, unauthorized, update, vulnerability, zero-trust

Enterprise adoption of generative AI technologies has exploded in 2024 due to the rapid evolution of the technology and the emergence of a variety of business use cases. According to Menlo Ventures, AI spending surged to $13.8 billion this year, up six-fold from 2023, and 72% of US decision makers say they are expanding their…
Hundreds of UK Ministry of Defence passwords found circulating on the dark web

Dec 2, 2024 11:48 PM

Tags: 2fa, access, attack, authentication, banking, breach, credentials, cyber, cybercrime, cybersecurity, dark-web, data, data-breach, email, government, hacker, intelligence, iraq, login, malware, mfa, password, phishing, risk, russia, theft, warfare

The login credentials of nearly 600 employees accessing a key British Ministry of Defence (MOD) employee portal have been discovered circulating on the dark web in the last four years, it has been reported.According to the i news site, the stolen credentials were for the MOD’s Defence Gateway website, a non-classified portal used by employees…
Japanese crypto service shuts down after theft of bitcoin worth $308 million

Dec 2, 2024 11:48 PM

Tags: crypto, service, theft

First seen on therecord.media Jump to article: therecord.media/japanese-crypto-service-shuts-down
New CleverSoar Malware Attacking Windows Users Bypassing Security Mechanisms

Dec 2, 2024 5:48 PM

Tags: china, control, cyber, data, malware, theft, tool, windows

CleverSoar, a new malware installer, targets Chinese and Vietnamese users to deploy advanced tools like Winos4.0 and Nidhogg rootkit. These tools enable keylogging, data theft, security circumvention, and stealthy system control for potential long-term espionage. It was initially uploaded to VirusTotal in July 2024 and began distribution in November 2024 as an .msi installer, extracting…
AWS launches tools to tackle evolving cloud security threats

Dec 2, 2024 2:28 PM

Tags: access, ai, api, attack, cio, ciso, cloud, credentials, cyber, data, detection, exploit, finance, framework, healthcare, incident response, metric, mitre, ml, ransomware, security-incident, service, tactics, theft, threat, tool, update

The increasing sophistication and scale of cyber threats pose a growing challenge for enterprises managing complex cloud environments. Security teams often face overwhelming volumes of alerts, fragmented workflows, and limited tools to identify and respond to attack patterns spanning multiple events.Amazon Web Services (AWS) is addressing these challenges with two significant updates to its cloud…
Bologna FC Hit By 200GB Data Theft and Ransom Demand

Dec 2, 2024 11:32 AM

Tags: attack, breach, data, ransom, ransomware, theft

Bologna FC has revealed a ransomware attack, with data on players, fans and employees thought to have been stolen First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/bologna-fc-200gb-data-theft/
14th October Threat Intelligence Report

Dec 1, 2024 3:19 AM

Tags: attack, data, healthcare, intelligence, ransomware, theft, threat

Nonprofit healthcare organization Axis Health System has been hit by a ransomware attack by the Rhysida gang, leading to the theft of sensitive data, … First seen on research.checkpoint.com Jump to article: research.checkpoint.com/2024/14th-october-threat-intelligence-report/
Talos IR trends Q3 2024: Identity-based operations loom large

Dec 1, 2024 2:19 AM

Tags: credentials, identity, ransomware, theft

Credential theft was the main goal in 25% of incidents last quarter, and new ransomware variants made their appearance – read more about the top trend… First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/incident-response-trends-q3-2024/
Smishing Triad Targeted USPS and US Citizens for Data Theft

Dec 1, 2024 1:19 AM

Tags: data, smishing, theft

First seen on resecurity.com Jump to article: www.resecurity.com/blog/article/smishing-triad-targeted-usps-and-us-citizens-for-data-theft
Gaming Engines: An Undetected Playground for Malware Loaders

Nov 27, 2024 3:11 PM

Tags: credentials, cybercrime, malicious, malware, ransomware, tactics, theft

ey Points Introduction Cybercriminals constantly try to evolve their tactics and techniques, aiming to increase infections. Their need to stay undetected pushes them to innovate and discover new methods of delivering and executing malicious code, which can result in credentials theft and even ransomware encryption. Check Point Research discovered a new undetected technique that uses…
Windows Themes zero-day bug exposes users to NTLM credential theft

Nov 26, 2024 11:07 AM

Tags: credentials, ntlm, theft, windows, zero-day

First seen on theregister.com Jump to article: www.theregister.com/2024/10/30/zeroday_windows_themes/
Multiple Flaws With Android Google Pixel Devices Let Attackers Elevate Privileges

Nov 26, 2024 8:13 AM

Tags: access, android, cve, cyber, data, flaw, google, theft, unauthorized, vulnerability

Several high-severity vulnerabilities have been identified in Android and Google Pixel devices, exposing millions of users to potential security risks. These flaws, categorized under various CVEs (Common Vulnerabilities and Exposures), range from privilege escalation to data theft and unauthorized access to sensitive features. While some of these vulnerabilities have been patched, others remain a concern,…
Suspect arrested in Snowflake data-theft attacks affecting millions

Nov 25, 2024 6:51 PM

Tags: attack, credentials, data, exploit, theft, threat

Threat actor exploited account credentials swept up by infostealers years earlier. First seen on arstechnica.com Jump to article: arstechnica.com/security/2024/11/suspect-arrested-in-snowflake-data-theft-attacks-affecting-millions/
FBI pierces ‘anonymity’ of cryptocurrency, secret domain registrars in Scattered Spider probe

Nov 25, 2024 6:51 PM

Tags: access, blockchain, breach, ciso, cloud, communications, computer, control, crime, crimes, crypto, cybercrime, cybersecurity, data, email, fraud, group, hacking, identity, Internet, law, mail, okta, phishing, service, technology, theft, tool

The US Justice Department on Wednesday announced the arrest of five suspected members of the notorious Scattered Spider phishing crew, but the most interesting part of the case was a US Federal Bureau of Investigation (FBI) document detailing how easily the feds were able to track the phishers’ movements and activities. In recent years, services that push…
North Korean fake IT workers up the ante in targeting tech firms

Nov 25, 2024 6:51 PM

Tags: access, advisory, ai, awareness, breach, ciso, compliance, crowdstrike, crypto, cybercrime, data, deep-fake, detection, edr, email, exploit, extortion, finance, governance, government, grc, group, incident response, infrastructure, jobs, korea, north-korea, risk, scam, social-engineering, technology, theft, tool, unauthorized, usa, vpn

North Korean fake IT worker scams are evolving to incorporate theft and extortion as more examples of targeting against technology and other companies emerge.The deception typically features North Korean operatives posing as legitimate IT professionals in attempts to gain employment at Western firms, almost always for positions that offer remote working options.Once hired, these “remote…
Walking the Walk: How Tenable Embraces Its >>Secure by Design<< Pledge to CISA

Nov 25, 2024 6:51 PM

Tags: access, application-security, attack, authentication, best-practice, business, cisa, cloud, conference, container, control, credentials, cve, cvss, cyber, cybersecurity, data, data-breach, defense, exploit, Hardware, identity, infrastructure, injection, Internet, leak, lessons-learned, mfa, open-source, passkey, password, phishing, risk, saas, service, siem, software, sql, strategy, supply-chain, theft, threat, tool, update, vulnerability, vulnerability-management

As a cybersecurity leader, Tenable was proud to be one of the original signatories of CISA’s “Secure by Design” pledge earlier this year. Our embrace of this pledge underscores our commitment to security-first principles and reaffirms our dedication to shipping robust, secure products that our users can trust. Read on to learn how we’re standing…
Cybersecurity Snapshot: Prompt Injection and Data Disclosure Top OWASP’s List of Cyber Risks for GenAI LLM Apps

Nov 22, 2024 5:53 PM

Tags: access, advisory, ai, application-security, attack, backup, best-practice, breach, cisa, cloud, computer, cve, cyber, cyberattack, cybercrime, cybersecurity, data, exploit, extortion, firewall, framework, governance, government, group, guide, Hardware, incident, incident response, infrastructure, injection, intelligence, Internet, LLM, malicious, microsoft, mitigation, mitre, monitoring, network, nist, office, open-source, powershell, privacy, ransomware, regulation, risk, risk-management, russia, service, skills, software, sql, strategy, supply-chain, tactics, technology, theft, threat, tool, update, vulnerability, vulnerability-management, windows

Don’t miss OWASP’s update to its “Top 10 Risks for LLMs” list. Plus, the ranking of the most harmful software weaknesses is out. Meanwhile, critical infrastructure orgs have a new framework for using AI securely. And get the latest on the BianLian ransomware gang and on the challenges of protecting water and transportation systems against…
CISA says BianLian ransomware now focuses only on data theft

Nov 21, 2024 7:56 PM

Tags: advisory, cisa, cyber, cybersecurity, data, extortion, group, infrastructure, ransomware, tactics, theft

The BianLian ransomware operation has shifted its tactics, becoming primarily a data theft extortion group, according to an updated advisory from the U.S. Cybersecurity & Infrastructure Security Agency, the FBI, and the Australian Cyber Security Centre. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-says-bianlian-ransomware-now-focuses-only-on-data-theft/
The Dangerous Blend of Phishing for Government IDs and Facial Recognition Video

Nov 21, 2024 5:53 PM

Tags: business, cctv, defense, exploit, government, identity, infrastructure, phishing, risk, scam, service, theft, threat

In an era where online convenience has become the norm, the risk of identity theft through scam websites has surged. The potential for exploitation grows as more services transition to conducting business online. These sites pose a significant risk to personal security and undermine public trust in the digital infrastructure we have in place. A…
API (In)security: The Hidden Risk of Black Friday

Nov 21, 2024 4:57 PM

Tags: access, api, application-security, attack, authentication, best-practice, breach, compliance, control, corporate, credentials, cyberattack, cybercrime, cybersecurity, data, data-breach, defense, detection, encryption, endpoint, exploit, finance, firewall, fraud, governance, infrastructure, injection, least-privilege, malicious, mobile, monitoring, penetration-testing, programming, risk, security-incident, service, sql, theft, threat, tool, unauthorized, vulnerability

Black Friday may be the pinnacle of the holiday shopping season, a day when online retailers experience unprecedented traffic and revenue opportunities as consumers kick off the Christmas season. For many retailers, it’s a make-or-break event. Yet, with increased traffic comes increased risk, particularly as it relates to cybersecurity and keeping shoppers safe from fraud…
Feds Indict 5 Suspects Tied to Scattered Spider Cybercrime

Nov 21, 2024 3:53 PM

Tags: attack, crypto, cybercrime, government, group, organized, theft

FBI Ties Men to at Least 45 Attacks and Theft of Cryptocurrency Worth Millions. The U.S. government on Wednesday unsealed criminal charges against five suspected members of the loosely organized financially motivated cybercriminal group Scattered Spider. The suspects have been tied to 45 attacks, disrupting businesses and stealing cryptocurrency worth millions of dollars. First seen…