City of Columbus breach affects around half a million citizens
A ransomware attack against the City of Columbus, Ohio—which drew public scrutiny following the city government’s attempt to silence a researcher…
Read moreSecurity
Crooks bank on Microsoft’s search engine to phish customers
If you searched for your bank’s login page via Bing recently, you may have visited a fraudulent website enabling criminals to get your credentials and even your two-factor security code.
Read moreInside the Massive Crime Industry That’s Hacking Billion-Dollar Companies
Credit to Author: Joseph Cox| Date: Mon, 04 Nov 2024 11:00:00 +0000
When you download a piece of pirated software, you might also be getting a piece of infostealer malware, and entering a highly complex hacking ecosystem that’s fueling some of the biggest breaches on the planet.
Read moreFake LockBit, Real Damage: Ransomware Samples Abuse Amazon S3 to Steal Data
Credit to Author: Jaromir Horejsi| Date: Wed, 16 Oct 2024 00:00:00 +0000
This article uncovers a Golang ransomware abusing Amazon S3 for data theft, and masking as LockBit to further pressure victims. The discovery of hard-coded AWS credentials in these samples led to AWS account suspensions.
Read moreFlorida Man Accused of Hacking Disney World Menus, Changing Font to Wingdings
Credit to Author: Matt Burgess, Lily Hay Newman| Date: Sat, 02 Nov 2024 10:30:00 +0000
Plus: Cops take down a notorious infostealer, Strava leaks world leaders’ locations, and a hacking scandal is causing chaos in Italy.
Read moreBooking.com Phishers May Leave You With Reservations
Credit to Author: BrianKrebs| Date: Fri, 01 Nov 2024 21:12:38 +0000
A number of cybercriminal innovations are making it easier for scammers to cash in on your upcoming travel plans. This story examines a recent spear-phishing campaign that ensued when a California hotel had its booking.com credentials stolen. We’ll also explore an array of cybercrime services aimed at phishers who target hotels that rely on the world’s most visited travel website.
Read more1,000+ web shops infected by “Phish ‘n Ships” criminals who create fake product listings for in-demand products
Fraudsters running the Phish ‘n Ships campaign infected legitimate website and used SEO poisoning to redirect shoppers to their fake web shops
Read moreZero-Click Flaw Exposes Potentially Millions of Popular Storage Devices to Attack
Credit to Author: Kim Zetter| Date: Fri, 01 Nov 2024 10:00:00 +0000
A vulnerability categorized as “critical” in a photo app installed by default on Synology network-attached storage devices could give attackers the ability to steal data and worse.
Read moreChinese threat actor Storm-0940 uses credentials from password spray attacks from a covert network
Credit to Author: Microsoft Threat Intelligence| Date: Thu, 31 Oct 2024 17:00:00 +0000
Since August 2023, Microsoft has observed intrusion activity targeting and successfully stealing credentials from multiple Microsoft customers that is enabled by highly evasive password spray attacks. Microsoft has linked the source of these password spray attacks to a network of compromised devices we track as CovertNetwork-1658, also known as xlogin and Quad7 (7777). Microsoft is […]
The post Chinese threat actor Storm-0940 uses credentials from password spray attacks from a covert network appeared first on Microsoft Security Blog.
Read more