Summary: The video discusses the increasing sophistication of cyberattacks, focusing on two main stories: hackers exploiting Google search ads to impersonate legitimate businesses and a pastor charged with defrauding his congregation through a fraudulent cryptocurrency scheme. The video highlights the methods used in these scams and the significant amounts of money involved, as well as the challenges in combating these cybercrimes.Keypoints:…
Read More
Tag: BLOCKCHAIN
Summary: Singapore-based cryptocurrency platform Phemex experienced a cyberattack that resulted in the theft of over $69 million in digital assets. The company has paused some operations and is working to restore withdrawals while manually reviewing requests. Experts suggest that the sophistication of the attack indicates involvement from experienced threat actors, potentially linked to North Korean hackers.…
Read More
The CloudSEK Threat Research Team has identified a generic phishing page capable of impersonating various brands to steal user credentials. This phishing page, hosted on Cloudflare’s workers.dev, utilizes a generic login interface and can be customized to target specific organizations. Victims’ credentials are exfiltrated to a remote server after they log in.…
Read More
Summary: Oracle has released 318 new security patches in its January 2025 Critical Patch Update, addressing over 180 vulnerabilities that can be exploited remotely without authentication. Among these, 30 patches resolve critical-severity flaws, with Oracle Communications receiving the highest number of new patches. The update also includes security fixes for MySQL and various other Oracle applications, emphasizing the urgency of applying these patches to mitigate potential threats.…
Read More
Victim: JOMARSOFTCORP.COM
Country :
Actor: clop
Source: http://santat7kpllt6iyvqbr7q4amdv6dzrh6paatvyrzl7ry3zm72zigf4ad.onion/jomarsoftcorp-com
Discovered: 2025-01-22 05:53:03.558179
Published: 2025-01-22 05:53:03.558179
Description :
Company Name: JOMARSOFTCORP.COM
Services Offered: Software and IT services
Specializations: Custom software development, mobile app development
Focus: Understanding specific business needs
Benefits: Automating processes, increasing efficiency, driving growth
Industries Served: Various sectors
Goal: Assisting businesses in achieving technology objectives
About Country: Cybersecurity Perspective and Ransomware Cases
Read More
– Cybersecurity Framework: The country has established a national cybersecurity strategy that focuses on enhancing resilience against cyber threats and improving response mechanisms.…
This article analyzes the Clickfix phishing incidents, highlighting the evolution of CAPTCHA bypass techniques and the exploitation of user trust in verification mechanisms. It details how attackers use social engineering to manipulate users into executing malicious commands, leading to data theft. Affected: Windows system users, WordPress websites, online security sector
Read More
Keypoints :
Clickfix is a phishing technique that exploits user fatigue with verification processes.…
đ Build Your Home Lab
How to Build a Home Lab for Infosec by Ralph MayLearn how to set up a home lab to practice and enhance your cybersecurity skills.Watch here
đ Network Security
Networking for Pentesters: Beginner by Serena D.A beginner-friendly guide to understanding networking concepts for penetration testing.Watch…
Read More
This weekly threat intelligence report from RST Cloud summarizes 49 threat intelligence reports, highlighting various cyber threats and tactics used by different threat actors. Notable campaigns include “Sneaky 2FA,” which targets Microsoft 365 accounts, and “Contagious Interview,” a social engineering tactic by the Lazarus APT group.…
Read More
In December 2024, a new Adversary-in-the-Middle (AiTM) phishing kit known as Sneaky 2FA was identified, targeting Microsoft 365 accounts. This phishing kit, sold as Phishing-as-a-Service (PhaaS) by the cybercrime service âSneaky Logâ, utilizes sophisticated techniques including autograb functionality and anti-bot measures. The analysis reveals its operational methods, including the use of Telegram for distribution and support.…
Read More
Summary: SecurityWeekâs Cyber Insights 2025 explores expert predictions regarding the evolving landscape of cybersecurity, particularly focusing on Open Source Software (OSS) and the Software Supply Chain. The report highlights the increasing risks associated with OSS, including supply chain attacks and the challenges of governance and visibility.…
Read More
Summary: Cybersecurity researchers have uncovered links between North Korean threat actors involved in fraudulent IT worker schemes and a 2016 crowdfunding scam. These actors have been infiltrating companies globally under false identities to generate revenue for North Korea, while also being connected to previous scams. Recent findings highlight the evolution of their tactics and the ongoing threat they pose in cyberspace, particularly in cryptocurrency thefts.…
Read More
Summary: In 2024, North Korean hackers stole approximately $660 million in cryptocurrency, with the funds allegedly supporting Pyongyang’s weapons programs. The US, Japan, and South Korea issued a joint statement warning the blockchain industry about the persistent threat posed by these cybercriminals.
Read More
Threat Actor: North Korean hackers | North Korean hackers Victim: Cryptocurrency exchanges and users | cryptocurrency exchanges
Key Point :
North Korean hackers conducted at least five major cryptocurrency heists in 2024.…
Summary: The United States, Japan, and the Republic of Korea have issued a warning regarding North Korea’s cyber actors targeting the global blockchain technology industry, emphasizing the threat of cryptocurrency theft. This joint statement highlights the sophisticated tactics employed by these actors and the need for enhanced collaboration to mitigate the risks.…
Read More
Summary: North Korean state-sponsored hacking groups have stolen over $659 million in cryptocurrency through various cyberattacks, with a significant increase in activity noted in 2024. The U.S., South Korea, and Japan have issued warnings about ongoing threats to the blockchain industry and the tactics employed by these groups.…
Read More
Summary: HuiOne Guarantee has emerged as the largest online illicit marketplace, surpassing Hydra with over $24 billion in cryptocurrency transactions. The platform is linked to various criminal activities, including money laundering and human trafficking, and has connections to organized crime groups globally.
Read More
Threat Actor: HuiOne Guarantee | HuiOne Guarantee Victim: Global online users | online users
Key Point :
HuiOne Guarantee has received at least $24 billion in cryptocurrency, significantly more than the defunct Hydra marketplace.…
Victim: Blockchain Users | blockchain users
Price: Not disclosed
Exfiltrated Data Type: User credentials and activity data
Read More
Key Points :
Reported data breach exposing a database of 30,000 blockchain users. Compromised information includes sensitive user credentials and activity data. Raises significant concerns about the security and privacy of blockchain platforms.…
Summary: The U.S. Department of Justice has indicted three Russian nationals for their roles in operating cryptocurrency mixing services Blender.io and Sinbad.io, which were allegedly used for laundering criminal funds. The mixers facilitated transactions that obscured the origins of funds linked to various cyber crimes, including ransomware and wire fraud.…
Read More
Summary: New York’s attorney general is pursuing over $2 million in cryptocurrency stolen through a remote job scam that deceived victims into investing in fake job opportunities. The investigation, in collaboration with the U.S. Secret Service, aims to recover the funds and penalize the scammers involved in the fraudulent scheme.…
Read More
Summary: Three Russian nationals have been indicted for their involvement in operating cryptocurrency mixing services Blender.io and Sinbad.io, which were used to launder funds for cybercriminals, including North Korea’s Lazarus Group. The U.S. Department of Justice, in collaboration with international law enforcement, has taken significant steps to dismantle these platforms and hold the operators accountable.…
Read More
Summary: Threat actors are utilizing a new tactic known as “transaction simulation spoofing” to steal cryptocurrency, successfully executing an attack that resulted in the theft of 143.45 Ethereum, valued at around $460,000. This method exploits flaws in transaction simulation mechanisms in Web3 wallets, which are intended to protect users from fraudulent activities.…
Read More