Every week, Information Security Media Group rounds up cybersecurity incidents in the world of digital assets. Between March 31 and April 6, hackers returned millions of dollars in stolen cryptocurrency, a rogue validator stole $25 million, and bad actors used new malware to steal cryptocurrency.
North Korean hackers who use social engineering tactics for espionage have learned that less is more when it comes to coaxing victims into clicking a malicious link. Hackers that Google tracks as Archipelago might not introduce a malicious link until after a chain of emails has been exchanged.
Spanish National Police on Friday arrested a teenager hacker who allegedly stole the sensitive data of more than half a million taxpayers from the national revenue service and boasted in an online podcast about having access to personal data of 90% of the population.
Warning to criminals: Could that cybercrime service you're about to access really be a sting by law enforcement agents who are waiting to identify and arrest you? That's the message from British law enforcement agents, who say they're running multiple DDoS-for-hire sites as criminal honeypots.
A former U.S. Army physician set to go to trial next month in a case alleging a scheme to provide military medical records to the Russian government contends they will not get a fair trial unless they are tried separately from their alleged co-conspirator spouse.
The FBI and other national police are touting an operation that dismantled Genesis Market, a marketplace used by ransomware hackers and bank thieves to gain ongoing access to victims' computers. Genesis Market since 2018 offered access to more than 1.5 million compromised computers around the world.
Not every ransomware group uses a larger-than-life persona designed to scare victims into immediately acceding to bogeyman extortionists' demands. Recently discovered Rorschach - aka BabLock - ransomware, researchers have found, opts instead for speed, stealth and more modest ransom demands.
The sheer volume of federal regulations in place makes it almost impossible for agencies to monitor and comply with all of them, much less understand the impact of new ones. Nick Graham of Skyhigh Security explores the many compliance challenges - and how to overcome them.
The U.S. Department of Justice seized virtual assets worth $112 million in a crackdown on "pig butchering," a romance-based cryptocurrency investment scam. Cybercriminals used six accounts to launder funds from cryptocurrency confidence scams, federal prosecutors said.
An employee of a Ukrainian utility company installed an unlicensed version of Microsoft Office from a torrent website resulting in two remote access Trojans infecting the company's systems. The Computer Emergency Response Team of Ukraine attributes the malware to a group it tracks as UAC-0145.
A West Virginia hospital will soon begin notifying patients and employees affected by ransomware attackers who leaked data on the dark web. Hackers encrypted a handful of servers hosting historic "institutional data," including budget documents, cost reports and payments to vendors.
The Royal ransomware group has been running a social engineering campaign designed to trick targets into thinking they've fallen victim to a crypto-locking and data exfiltration attack by giving them a purported list of what was stolen that, if opened, installs Royal ransomware, researchers warn.
Security researchers have uncovered more evidence that the North Korean Lazarus Group is responsible for the software supply chain attack on 3CX, a voice and video calling desktop client used by major multinational companies. Tools and code samples match previous Lazarus hacks.
Ukrainian law enforcement busted a transnational group of scammers that used more than 100 phishing websites to defraud Europeans. The scammers embezzled nearly $4.4 million by fooling more than 1,000 victims into handing over payment card details, police said.
Hackers have used a modular toolkit called "AlienFox" to compromise email and web hosting services at 18 companies. Distributed mainly by Telegram, the toolkit scripts are readily available in open sources such as GitHub, leading to constant adaptation and variation in the wild.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.eu, you agree to our use of cookies.