Hackers pretending to be Iranian govt use SMS messages to steal credit card info, create botnet
Security company Check Point Research has uncovered a hacking campaign that involves cyberattackers impersonating Iranian government bodies to infect the mobile devices of Iranian citizens through SMS messages. The SMS
Microsoft seizes domains used to attack 29 governments across Latin America, Caribbean, Europe
Microsoft has announced the seizure of dozens of domains used in attacks by the China-based APT group Nickel on governments and NGOs across Europe, the Americas and the Caribbean. In
Prison for Newstar Websites Money Launderer
Prison for Newstar Websites Money Launderer The United States has imprisoned a woman for her role in a child sexual abuse material (CSAM) subscription service that produced millions of images
Crypto-Exchange BitMart to Pay Users for $200M Theft
BitMart confirmed it had been drained of ~$150 million in cryptocurrency assets, but a blockchain security firm said it’s closer to $200 million. Cryptocurrency exchange BitMart has pledged to dig
Cyber-attack Closes UK Convenience Stores
Cyber-attack Closes UK Convenience Stores The retailer SPAR has been forced to close some of its convenience stores in the UK after a cyber-attack on its IT systems. The digital
Losses from BitMart breach reach $200 million
Crypto trading platform BitMart released an update on the devastating security breach that caused about $200 million in losses, writing on Monday that the breach was “mainly caused by a
Are You Guilty of These 8 Network-Security Bad Practices?
Tony Lauro, director of Security Technology & Strategy at Akamai, discusses VPNs, RDP, flat networks, BYOD and other network-security bugbears. They say the first step in addressing a serious issue
Hack-and-leak group Black Shadow keeps targeting Israeli victims
Written by AJ Vicens Dec 6, 2021 | CYBERSCOOP In October, a little-watched hacking group called Black Shadow went public with data it appeared to have stolen from an Israeli
Court hands Microsoft control of websites linked to spying by Chinese hackers
Written by Tim Starks Dec 6, 2021 | CYBERSCOOP Microsoft obtained a court order to seize websites from a Chinese government-linked espionage group that was using the sites to attack
Cyber Command Publicly Joins Fight Against Ransomware Groups
U.S. military acknowledges targeting cybercriminals who launch attacks on U.S. companies. Cybercriminals who launch attacks on critical U.S. companies are going to be targeted by the branch of the military
Fake KPSPico Windows activator tool KPSPico steals crypto wallet data
The malware is dubbed CrypBot is essentially an information stealer that can obtain credentials for cryptocurrency wallets, browsers, credit cards, browser cookies, and capture screenshots from compromised devices. Cybersecurity solutions
BitMart Confirms $150M Crypto Theft
BitMart Confirms $150M Crypto Theft Crypto-currency worth at least $150m has been stolen from crypto-currency exchange BitMart. Blockchain security company Peckshield shared news of the theft on Saturday night on social media, claiming that
Security experts question new DHS/TSA cybersecurity rules for rail companies
On Thursday, the Department of Homeland Security (DHS) released new rules for the US’s freight railroad and passenger rail transit industry. The rules make it mandatory for companies to have
Cuba Ransomware Gang Hauls in $44M in Payouts
The gang is using a variety of tools and malware to carry out attacks in volume on critical sectors, the FBI warned. The “Cuba” ransomware gang has settled into a
iPhones of 9 State Dept officials hijacked by NSO Pegasus spyware
It has been revealed that NSO Group’s Pegasus malware was used to spy on U.S. government officials over the past few months. The iPhones of 9 U.S. state department officials were
A cyber attack has forced supermarket Spar to close some stores
A cyber attack has forced supermarket chain Spar to close some of its UK stores. The retailer, which has 2,600 locations in the UK, said has been hit by what
Pegasus Spyware Infects U.S. State Department iPhones
It’s unknown who’s behind the cyberattacks against at least nine employees’ iPhones, who are all involved in Ugandan diplomacy. An unknown assailant planted NSO Group’s Pegasus spyware on the iPhones
Apache Kafka Cloud Clusters Expose Sensitive Data for Large Companies
The culprit is misconfigured Kafdrop interfaces, used for centralized management of the open-source platform. Some of the world’s largest companies have exposed reams of sensitive information from the cloud, researchers
Apache Kafka Cloud Clusters Expose Sensitive Data for Large Companies
The culprit is misconfigured Kafdrop interfaces, used for centralized management of the open-source platform. Some of the world’s largest companies have exposed reams of sensitive information from the cloud, researchers
Pegasus Spyware Used to Hijack Phones of US State Department Officials
According to Reuters and The Washington Post, Apple informed nine U.S. Embassy and State Department staff members that their iPhones may have been targeted by an unknown attacker employing state-sponsored
Excel XLL Add-ins Are Pushing a Password-stealing Malware
Malicious hackers are distributing Excel XLL files that download and install the RedLine password and information-stealing malware via website contact forms and discussion forums. What Are XLL Files? XLL files
Researchers Reveal More Details About SideCopy, the Pakistani Threat Actor Group
A hacking group from Pakistan managed to perform Facebook, Twitter, and Google sensitive credentials theft. It seems that its targets were Afghan ministries and a shared government computer from India.
Hackers are using this new malware which hides between blocks of junk code
A Russian-government back hacking group linked to the SolarWinds supply chain attack has developed new malware which has been used to conduct attacks against businesses and governments in North America and Europe
SolarWinds hackers kept busy in the year since the seminal hack, Mandiant finds
Written by AJ Vicens Dec 6, 2021 | CYBERSCOOP Hackers associated with the SolarWinds supply chain compromise have been busy in the year since that attack was revealed, compromising multiple
“Get Your Free Omicron PCR test” is the latest Omicron phishing scam
The latest Omicron phishing scam is currently targeting unsuspecting users in the United Kingdom and uses fake NHS emails to do so. Omicron is the new variant of COVID-19 that
Brace yourself for these five top data breach trends in 2022, Experian warns
In its latest annual Data Breach Industry Forecast released Monday, credit bureau and information services company Experian said that it has identified five areas it believes cybercriminals will find opportunities
Twitter Verified Accounts Targeted as Part of a Large Phishing Attempt
On Twitter, verified accounts are those that have a blue badge with a checkmark. These accounts often represent well-known influencers, celebrities, politicians, journalists, activists, as well as government and commercial
Enter the Heimdal™ Social Media Giveaway for a Chance to Win Holiday Goodies
Happy holidays from us to you! As the gift-giving season draws near, we are very excited to announce our first time ever social media giveaway! Make sure you follow us
Retail Cybersecurity: Common Threats During the Holiday Shopping Season
With Black Friday past us and Cyber Monday turning into a Cyber Week — the holiday shopping season has started out with a bang. For many retailers, this season is
Cuba Ransomware Nets Nearly $50m
Cuba Ransomware Nets Nearly $50m The threat actors behind the Cuba ransomware variant have already amassed $44m through targeting of at least 49 victims, according to the FBI. The bureau’s
Nine State Department Phones Hijacked by Spyware
Nine State Department Phones Hijacked by Spyware Nine US State Department officials had their iPhones remotely hacked by spyware from controversial firm NSO Group, according to reports. Four people familiar
Romance Fraudster Targeted 670 Women Online
Romance Fraudster Targeted 670 Women Online A romance fraudster who targeted hundreds of women online has pleaded guilty to charges of fraud and money laundering. Osagie Aigbonohan, 40, from Lagos,
ASIC says financial market cyber resiliency remained steady but fell short of target
Firms in Australia’s financial market have continued to be resilient against cyber threats, with improvement rates in cyber resiliency remaining steady, the Australian Securities and Investment Commission (ASIC) reported on
Didi to leave Wall St listing for Hong Kong Stock Exchange
Image: Getty Images Ride hailing app Didi announced it was preparing to leave the New York Stock Exchange in a small note released on Friday. “[Didi Global] today announced that
No surprise: NSW iVote fails during local council elections
Image: Getty Images New South Wales’ iVote online voting system failed on Saturday during the state’s local government elections, with an unknown number of voters unable to exercise their democratic
Australia commences work on electronic surveillance law reforms
The Australian government has commenced work to reform the country’s electronic surveillance laws that have been labelled as overly complex, inconsistent, and incompatible with the current technology landscape. The federal
BitMart Exchange hacked as hackers steal $150 million
BitMart Exchange has confirmed that the security breach involves one of its ETH hot wallets and one of BSC hot wallets. BitMart Exchange, a cryptocurrency trading platform has suffered a
Malvertising attack distributes malicious Chrome extensions, backdoors
Researchers believe that the campaign has been active since 2018, and since then, the malware has been under development constantly. Cisco Talos researchers have identified malvertising campaigns using fake installers
FBI: Cuba ransomware group hit 49 critical infrastructure organizations
The FBI has released a new notice about the Cuba ransomware, explaining that the group has attacked “49 entities in five critical infrastructure sectors” and made at least $43.9 million
Ex Ubiquiti Developer Arrested for Data Theft
Ex Ubiquiti Developer Arrested for Data Theft A man from Oregon has been charged with stealing confidential data from his employer and secretly extorting the company for a $2m ransom while purporting
Sensitive information of 30k Florida healthcare workers exposed in unprotected database
More than 30,000 US healthcare workers’ personal information was recently exposed due to a non-password protected database, according to security researcher Jeremiah Fowler and a team of ethical hackers with
Pandemic-Influenced Car Shopping: Just Use the Manufacturer API
Jason Kent, hacker-in-residence at Cequence, found a way to exploit a Toyota API to get around the hassle of car shopping in the age of supply-chain woes. The pandemic has
Omicron Phishing Scam Already Spotted in UK
Omicron COVID-19 variant anxiety inspires new phishing scam offering fake NHS tests to steal data. The global pandemic has provided cover for all sorts of phishing scams over the past
Bill proposes suspension of instant payments in Brazilian state as crime surges
As crime increases in Brazil, a new bill is proposing the suspension of instant payments system Pix in the state of São Paulo. If signed into law, the proposals put
NSO Group tech reportedly used to hack US officials' iPhones
Written by AJ Vicens Dec 3, 2021 | CYBERSCOOP Nearly a dozen iPhones associated with U.S. State Department employees were hacked using spyware developed by Israel-based NSO Group, Reuters first
UK Government Fined Over Honors List Data Breach
UK Government Fined Over Honors List Data Breach The UK’s data watchdog has slapped the British government with a hefty fine for exposing the addresses of individuals chosen to receive honors. The
Hackers steal $120m from Badger Defi and $30m from MonoX
MonoX security breach was caused by a bug in smart contracts meanwhile Badger is still investigating the incident. Two DeFi projects BadgerDAO and MonoX are the latest victims of security
US Issues Cybersecurity Directive for Airlines and Railroads
US Issues Cybersecurity Directive for Airlines and Railroads Nearly all railroads and airlines in the United States have been ordered to report cybersecurity breaches to the federal government. Under the