According to a new report, SIM-swapping crimes are rising worldwide, mainly committed by eSIM (Embedded Subscriber Identity Modules) users. eSIMs are digitally stored SIM cards that are embedded using software into devices. As a result, hackers are now attempting to exploit vulnerabilities within this software to brute force their way into victims’ phone accounts to port their mobile numbers to their own devices through brute force. …
Read More
Author: CySecurity
The operators behind the DarkGate malware have been taking advantage of a recently patched flaw in Windows SmartScreen through a phishing scheme. This campaign involves circulating counterfeit Microsoft software installers to spread the malicious code.
Researchers from Trend Micro, along with others, uncovered a vulnerability earlier this year, known as CVE-2024-21412, which allowed attackers to bypass security measures in Internet Shortcut Files.…
Read More
In recent months, cybersecurity researchers have observed a concerning surge in search-based malvertising campaigns, with documented incidents nearly doubling compared to previous periods. Amidst this uptick in online threats, one particular malware variant has captured the attention of experts: FakeBat.
This malware employs unique techniques in its distribution, posing significant challenges to cybersecurity efforts worldwide.…
Read More
A recent study conducted by the Chartered Institute of Information Security (CIISec) has uncovered a concerning trend in the cybersecurity field. The study reveals that many cybersecurity professionals, facing low pay and high stress, are resorting to engaging in cybercrime activities on the dark web. This revelation adds to the challenges faced by security leaders who already feel ill-equipped to combat the increasing threat of AI-driven cybercrime.…
Read More
The Cybercrime Atlas initiative has shifted into its operational phase in 2024, marking a significant milestone in global cybersecurity efforts. Originating from discussions at the RSA Conference two years prior, the initiative aims to dismantle cybercriminal networks by mapping out their relationships, infrastructure, and supply chains.…
The cyberattack’s widespread destruction underscores how threat actors can do significant damage by targeting a relatively unknown vendor that serves a vital operational function behind the scenes.
The AlphV ransomware group disrupted basic operations to the critical systems of US healthcare services by attacking a vital financial and claims processing link in a highly interconnected industry.…
Read More
Taking a cue from ransomware operators, the illicit online drug marketplace known as Incognito Market has initiated a campaign of extortion targeting both its vendors and buyers. Users are being threatened with the exposure of their cryptocurrency transaction histories and chat records unless they pay a fee ranging from $100 to $20,000.…
Read More
Following a cyberattack on the largest health insurer in the United States last month, health care providers are still scrambling as insurance payments and prescription orders continue to be disrupted, costing physicians an estimated $100 million each day.
According to the American Medical Association, that estimate was generated by First Health Advisory, a cybersecurity company that focuses on the healthcare sector.…
Read More
SEC disclosure mandate
The Securities and Exchange Commission’s recently implemented cybersecurity regulations have prompted some breach disclosures from publicly traded firms, such as Microsoft and Hewlett Packard Enterprise.
Read More
Among other things, the guidelines mandate that a “material” cybersecurity event be reported to the SEC within four days of its classification as such.…
Recent research has surfaced serious security vulnerabilities within ChatGPT plugins, raising concerns about potential data breaches and account takeovers. These flaws could allow attackers to gain control of organisational accounts on third-party platforms and access sensitive user data, including Personal Identifiable Information (PII).
According to Darren Guccione, CEO and co-founder of Keeper Security, the vulnerabilities found in ChatGPT plugins pose a significant risk to organisations as employees often input sensitive data, including intellectual property and financial information, into AI tools.…
In today’s digital landscape, small and medium-sized businesses (SMBs) are increasingly becoming prime targets for cybercriminals looking to exploit vulnerabilities for financial gain. A recent report from cybersecurity firm Sophos sheds light on the top cyber threats facing SMBs, highlighting information-stealing malware, ransomware, and business email compromise (BEC) as the most prevalent dangers. …
Read More
In February, cybercriminals orchestrated a series of sophisticated crypto phishing scams, resulting in a staggering $47 million in losses. These scams, often initiated through social media platforms like X (formerly Twitter), saw a dramatic 40% surge in victims compared to January, with over 57,000 individuals falling prey to their deceitful tactics.…
MarineMax, a national retailer of boats and million-dollar yachts, reported on March 12 that a “cybersecurity incident” disrupted its operations, according to documents filed with the Securities and Exchange Commission (SEC).
According to the company, unauthorized access to the information systems of the company was gained by a third party.…
Read More
Voice phishing, also known as vishing, is popular right now, with multiple active campaigns throughout the world ensnaring even savvy victims who appear to know better, defrauding them of millions of dollars.
South Korea is one of the global regions hardest hit by the attack vector; in fact, a fraud in August 2022 resulted in the largest amount ever stolen in a single phishing case in the country.…
Read More
The realm of cybersecurity, particularly within the Microsoft 365 environment, is in a constant state of evolution. Recent events involving major tech firms and cybersecurity entities underscore a crucial truth: grasping security best practices for Microsoft 365 isn’t synonymous with effectively putting them into action.
According to Kaspersky, 2023 witnessed a significant 53% surge in cyber threats targeting documents, notably Microsoft Office documents, on a daily basis.…
Read More
In a concerning development for website owners and administrators, hackers have been exploiting a vulnerability in the popular Popup Builder plugin for WordPress, resulting in the infection of over 3,300 websites worldwide. This security flaw, officially tracked as CVE-2023-6000, allows malicious actors to execute cross-site scripting (XSS) attacks on websites that are using outdated versions of the Popup Builder plugin, specifically versions 4.2.3 and older. …
Read More
Researchers have found a new way of hijacking WiFi networks at Tesla charging stations for stealing vehicles- a design flaw that only needs an affordable, off-the-shelf tool.
Experts find an easy way to steal a TeslaAs Mysk Inc. cybersecurity experts Tommy Mysk and Talal Haj Bakry have shown in a recent YouTube video hackers only require a simple $169 hacking tool known as Flipper Zero, a Raspberry Pi, or just a laptop to pull the hack off. …
Artificial Intelligence (AI) is reshaping the world of social media content creation, offering creators new possibilities and challenges. The fusion of art and technology is empowering creators by automating routine tasks, allowing them to channel their energy into more imaginative pursuits. AI-driven tools like Midjourney, ElevenLabs, Opus Clip, and Papercup are democratising content production, making it accessible and cost-effective for creators from diverse backgrounds. …
A data breach impacting more than 15,000 consumers was revealed by streaming giant Roku. The attackers employed stolen login credentials to gain unauthorised access and make fraudulent purchases.
Roku notified customers of the breach last Friday, stating that hackers used a technique known as “credential stuffing” to infiltrate 15,363 accounts.…
Read More
In exchange for the payment of a ransom, LockBit ransomware blocks access to the computer systems of its users. With LockBit, all computers on a network can be encrypted by encrypting them, confirming that the target is valuable, spreading the infection, and vetting potential targets. …