According to INTERPOL, it created a “global stop-payment mechanism” that made it possible to retrieve the most amount of money ever stolen in a business email compromise (BEC) scam. This event follows the mid-July 2024 BEC scam victimisation of an unidentified Singaporean commodities firm. It is a kind of cybercrime in which a malevolent actor […]
INTERPOL Recovers $41 Million From Singapore BEC Scam Read More »
The Indian cryptocurrency exchange WazirX has acknowledged that $230 million worth of bitcoin assets were stolen as a result of a security incident that affected it. The corporation released a statement stating that “a cyber attack occurred in one of our [multi-signature] wallets involving a loss of funds exceeding $230 million.” “This wallet was operated
WazirX Cryptocurrency Exchange Loses $230 Million in Cyber Attack Read More »
Unidentified threat actors exploited an unauthenticated endpoint in Authy to find information connected to Authy accounts, including user phone numbers, according to cloud communications provider Twilio. The business claimed to have secured the endpoint so that it could no longer receive requests without authentication. This happened just a few days after a user going by
Twilio’s Authy App Breach Exposes Millions of Phone Numbers Read More »
This comes as the Department of Justice (DoJ) has unsealed an indictment charging James Pepaire-Bueno, 28, of New York, and Anton Peraire-Bueno, 24, of Boston, with conspiring to commit money laundering, wire fraud, and conspiracy to commit wire fraud. The maximum sentence for each of them is 20 years in prison. “The charges in the
Hackers Stole $25M in 12 Seconds in Crypto Heist Read More »
Microsoft has come under fire from the U.S. Cyber Safety Review Board (CSRB) for a string of security failings that allowed a nation-state group named Storm-0558, based in China, to compromise almost two dozen businesses in Europe and the United States last year. According to the results, which were made public by the Department of
An Iranian person was the target of an alleged multi-year cyber-enabled campaign by the U.S. Department of Justice (DoJ) on Friday, when the DoJ unsealed an indictment against him. The campaign was intended to breach both private and governmental entities in the United States. According to reports, over a dozen organisations have been targeted, including
U.S. Charges Iranian Hacker, Offers $10 Million Reward for Capture Read More »
As part of a “sophisticated cryptojacking scheme,” a 29-year-old Ukrainian national has been detained; the operation brought in over $2 million (€1.8 million) in illegal revenues. With assistance from Europol and an unidentified cloud service provider, the National Police of Ukraine captured the individual dubbed the “mastermind” of the operation on January 9 in Mykolaiv,
29-Year-Old Ukrainian Cryptojacking Kingpin Taken into Arrest for Abusing Cloud Services Read More »
Google is alerting users to the existence of several threat actors that are disseminating a proof-of-concept (PoC) attack that uses its Calendar service to host command-and-control devices. Using a Gmail account, the application, known as Google Calendar RAT (GCR), uses Google Calendar Events for C2. It was initially released in June 2023 on GitHub. Developer
Hackers Can Create A C2 Channel Using Google Calendar Read More »
As part of its ongoing Operation Dream Job effort, the North Korea-affiliated Lazarus Group (also known as Hidden Cobra or TEMP.Hermit) has been seen employing trojanized Virtual Network Computing (VNC) programmes as enticements to target nuclear engineers and the defence sector. In its APT trends report for Q3 2023, Kaspersky stated that “the threat actor
Lazarus Group Targeting Defense Experts with Fake Interviews via Trojanized VNC Apps Read More »
Between February and September 2023, an undisclosed Middle Eastern country was the focus of an eight-month campaign by the Iran-linked threat actor OilRig. The Symantec Threat Hunter Team, a division of Broadcom, claimed in a report published with The Hacker News that the attack resulted in the loss of information and passwords and, in one
Iran-Linked OilRig Targets Middle East Governments in 8-Month Cyber Campaign Read More »
