You are here

Topic: hacking

The Scattered Spiders hacking group is notorious for infiltrating organizations using advanced techniques. Read on for all the details. News 

Beware: ‘Scattered Spiders’ Hackers Lurking – Alert from FBI!

Sanjay Patil

The Federal Bureau of Investigation (FBI) has warned organizations about a hacking group called Scattered Spiders – a group known to have infiltrated several organizations across the United States and the world. This advisory consists of the techniques, tactics, and procedures these hackers use to operate and warns of how these hackers carry out crimes such as extortion and use social engineering techniques. These include phishing, push bombing, and SIM swapping attacks to steal credentials, install remote access tools, and even bypass multi-factor authentication. This hacker group also goes by…

Read More
Scammers use attractive pricing to lure victims into their traps. They will try to pressure you into booking a room immediately by claiming that the deal is about to expire. News 

Don’t Lose Your Money Booking Hotels Online: 5 Common Mistakes to Avoid

Nitin Misra,

As 2023 draws to a close, many people start planning short winter vacations in December. If you’re also considering a getaway, we have something important to tell you. Online hotel fraud is now a growing concern, with scammers taking advantage of travelers’ excitement to trick them. In fact, a recent report revealed that more than 100 tourists have lost their money to online hotel fraud while booking accommodation in Puri through fake websites. Online fraudsters typically set up fake websites in the names of various hotels in Puri and lure…

Read More
Digital marketing firms in India, the US and the UK are having a hard time dealing with Vietnam-based hackers, and are facing malware attacks. News 

Marketing Firms in India, US, and UK Being Targeted by Hackers

Adarsh V.K,

Cybercriminal groups based in Vietnam are targeting digital marketing companies based in India, the US and the UK by hijacking corporate Facebook accounts in a malicious campaign, a new report has found. According to cybersecurity company WithSecure, the popular malware “Darkgate” has been bundled with a Malware as a Service (MaaS) toolkit to infect victims with competing Remote Access Trojans (RATs) and additional data-stealing malware such as Ducktail, Lobshot, and Redline. . Researchers detected multiple infection attempts with the DarkGate malware targeting these countries on August 4. The decoy documents,…

Read More
As per F-Secure, the 'SpyNote' spyware app can steal sensitive user data—like banking information, and targets Android phones. Here's what you must know. News 

ALERT: Be Cautious of This ‘High-Tech’ Spyware – It Can Access Your Funds and Monitor Your Conversations

Febin Mathew, , ,

A new malware called SpyNote that knows how to hide itself is making the rounds on the Internet. According to Internet security company F-Secure, this fake app can steal sensitive user data, such as bank details, and primarily targets Android phones. Per Amit Tambe, a researcher at the company, this spyware, SpyNote, spreads through “smishing,” which involves sending infected text messages. When users receive these messages, they are prompted to download specific apps via the attached link, bypassing Google Play’s security measures. How it hides itself on Android Once an…

Read More
The Lazarus hacking group's wallets contain about $42.5 million in BTC, $1.9 million in Ether (ETH), $1.1 million in Binance Coin (BNB), and an additional $640,000 in stablecoins, with Binance USD (BUSD) dominant, a new report has revealed. News 

North Korean Cybercriminals Possess $47 Million in Illegally Obtained Cryptocurrency

Febin Mathew,

North Korean Hackers – The Lazarus Group is said to be in possession of more than $47 million in cryptocurrencies, most of which is in Bitcoin (BTC), a new report shows. According to data collected by Dune Analytics, a subsidiary of 21.co, the infamous hacking group has about $42.5 million in BTC, $1.9 million in Ether (ETH), $1.1 million in Binance Coin (BNB), and an additional $640,000 in wallets stable coins. Binance USD (BUSD) dominant. The report traced 295 wallets identified by the US government as belonging to the Lazarus…

Read More
Cult of the Dead Cow officially launched Veilid at DEF CON this week. News 

America’s Pioneering Hacking Group Releases Free Tool to Enhance App Security

Adarsh V.K, ,

The hacking group Cult of the Dead Cow (cDc), famous for its activist activities, has developed an open source tool called Veilid. This tool, unveiled at DEF CON on Friday, provides developers with the ability to create secure applications. Veilid offers various features, including the option for users to decline data collection and online tracking. This aligns with the group’s objective of combating the commercialization of the internet. “We feel that at some point the Internet became less of a landscape for sharing information and ideas and more of a…

Read More
Microsoft said that Russian hackers tricked Microsoft Teams users into revealing their login credentials, and this has affected over 40 global organizations since late May. News 

Cybercriminals Impersonate Tech Support To Obtain Microsoft Teams Login Information

Adriana Marais,

On Wednesday, researchers from Microsoft revealed that a hacking group associated with the Russian government has targeted numerous international organizations. Their strategy involves tricking users into believing they are interacting with technical support in Microsoft Teams chats, with the intention of stealing their login credentials. These “highly targeted” social engineering attacks have affected “fewer than 40 unique global organizations” since late May, Microsoft researchers said in a blog post, adding that the company is investigating. The Russian Embassy in Washington did not immediately respond to a request for comment. Hackers…

Read More
Microsoft reveals that Chinese hackers exploited a flaw in its code and stole emails from U.S. government agencies and other clients News 

Microsoft Warns of Chinese Hackers Abusing Code Vulnerability to Access US Government Emails

Adriana Marais, ,

On Friday, Microsoft announced that a digital key belonging to the company was unlawfully obtained by Chinese hackers, who then exploited a vulnerability in Microsoft’s code to pilfer emails from various clients, including U.S. government agencies. The company said in a blog post that the hackers were able to use the key — which they obtained under undisclosed circumstances — and exploit a “validation flaw in Microsoft code” to carry out their cyber espionage campaign. The blog offered the most comprehensive explanation yet for the hack, which shocked both the…

Read More
Complete sexual assault case folios containing these details were among more than 300,000 files dumped online ( (iStockphoto)) News 

Hackers Posting Private Files of Children Following School Cyberattacks

Nitin Misra, ,

Ransomware gangs have stolen confidential documents from schools and released them online, revealing deeply personal and distressing information. These documents provide explicit details about student sexual assaults, psychiatric hospitalizations, abusive parents, truancy, and even suicide attempts. “Please do something,” one student pleaded in one leaked file, recalling the trauma of repeatedly running into her former abuser at a Minneapolis school. Other victims spoke of wetting the bed or crying themselves to sleep. Complete sexual-assault case files containing that information were among more than 300,000 files released online in March after…

Read More
In response to the vulnerability report, the creators of the plugin promptly released a new version, 2.6.4, intending to fix the problem. News 

WordPress Plugin Bug Leaves Over 200,000 Websites at Risk of Hacking: Report

Jim Hendler, ,

Over 200,000 WordPress websites are currently vulnerable to hacking as a result of a serious security flaw that has not yet been fixed, and is actively being exploited by malicious individuals. According to WordPress security company WPScan, the flaw is found in the Ultimate Member plugin, a free user profile WordPress plugin that makes it easy to create powerful online communities and membership sites using WordPress. “This is a very serious problem because unauthenticated attackers could exploit this vulnerability to create new user accounts with administrative privileges, giving them the…

Read More
Apple has fixed iPhone software bug that was at the centre of a controversy over extensive hacks in Russia. (Bloomberg) News 

Apple Fixes iPhone Bug After Allegations of Russian Hacking

Adriana Marais, , ,

On Wednesday, Apple declared that it has rectified two security vulnerabilities discovered in iPhones and iPads that were utilized to hack devices in Russia. According to the Washington Post, these weaknesses were part of a major operation that Russian intelligence attributed to the United States. Credit for finding these flaws goes to researchers from the Russian security software maker Kaspersky Lab. Kaspersky had revealed three weeks ago that its senior employees were targeted. Meanwhile, Russia’s Federal Security Service (FSB) accused the National Security Agency (NSA) of being responsible, but no…

Read More
Ransomware gang BlackCat is likely behind a February attack on the company. News 

Hackers on Reddit Issue Ultimatum for $4.5 Million and API Alterations or Risk Leak of 80GB of Data

Febin Mathew, , , , ,

Reddit disclosed in February that it had fallen prey to a focused phishing attack that resulted in the exposure of confidential documents, code, dashboards, and contracts, as well as the personal information of some advertisers and current and former employees. Although none of the data has been made public, this could change soon. BlackCat, also known as ALPHV, a ransomware gang, has claimed responsibility for the breach and says it has 80GB of compressed data. In a post titled “The Reddit Files,” BlackCat has stated that it will erase the…

Read More
Saudi use of the Pegasus spying tool has come up in other controversial cases. (Unsplash ) News 

NSO Group Sued by Khashoggi’s Widow for Alleged Phone Hacking

Febin Mathew, , ,

According to a lawsuit filed by the widow of slain Saudi journalist Jamal Khashoggi, the Israeli surveillance firm NSO Group’s spyware was utilized to monitor her messages in the period preceding her husband’s murder. In a civil lawsuit filed Thursday in Northern Virginia, Hanan Elatr Khashoggi said NSO had “deliberately targeted” her equipment and “caused her tremendous harm both through the tragic loss of her husband and her own loss of safety, privacy, and autonomy.” The NSO initially said it had not seen the lawsuit. When the company was sent…

Read More
PDFs are the primary malicious email attachment type being used over 66 per cent of the time to deliver malware via email in 2022. News 

Researchers Issue Warning Regarding Malware in PDF File Attachments

Sanjay Patil, , ,

According to a new report released on Wednesday, PDFs are the most commonly used type of malicious email attachment, accounting for over 66% of malware delivered via email in 2022. According to researchers at Palo Alto Networks Unit 42, monthly registrations of both benign and malicious domains increased by 910% with ChatGPT’s AI chatbot between November 2022 and April 2023. The researchers also saw a huge increase (17,818 percent) in attempts to imitate ChatGPT using squatting domains – website names deliberately registered to look similar to a popular brand or…

Read More
Authorities said the virus is also capable of "bypassing anti-virus programs and deploying ransomware on the targeted devices" News 

“Daam” virus steals call logs and reads history from Android phones

Sanjay Patil, , , ,

The National Cyber Security Agency said in its latest alert that an Android malware called “booster” infects mobile phones and compromises sensitive data such as call logs, contacts, history and camera. India’s Computer Emergency Response Team, or CERT-In, said the virus is also capable of “bypassing antivirus software and spreading ransomware on target devices.” The agency is the federal technology division that combats cyberattacks and protects cyberspace from phishing, hacking, and similar cyberattacks. The agency said botnets are distributed through third-party websites or apps downloaded from untrusted/unknown sources. Once installed…

Read More
The tech giant uncovered stealthy and targeted malicious activity focused on post-compromise credential access and network system discovery aimed at critical infrastructure organisations in the US. News 

China-sponsored hackers targeting critical US infrastructure: Microsoft

Adriana Marais, , , ,

Microsoft has revealed that a state-sponsored Chinese hacker group called Volt Typhoon, which typically focuses on espionage and data collection, has targeted US critical infrastructure. The tech giant revealed a stealthy and targeted malicious activity focused on post-breach access and network discovery targeting critical infrastructure organizations in the United States. “The strike was carried out by Volt Typhoon, a state-sponsored actor in China. This campaign aims to develop capabilities that can disrupt critical communications infrastructure between the US and Asia during future crises,” the company said in a blog post…

Read More
A new survey by cybersecurity company Sophos showed that in a majority of ransomware cases in India, cybercriminals exploited existing vulnerabilities to fulfil their agenda News 

73% of Indian companies victims of ransomware; Chennai, Bengaluru, Kolkata Top Picks for Hackers

Adarsh V.K, , ,

Ransomware cases are on the rise in the country, with 73 percent of Indian organizations reporting being victims of such attacks in 2022. A new study by a UK-based firm found that Chennai, Bengaluru and Kolkata faced the highest number of ransomware attacks, followed by Delhi and Mumbai. Cyber security company Sophos released the latest report after conducting a survey between January and March involving 14 countries, including India. The team received responses from 3,000 IT or cybersecurity leaders at mid-sized organizations, including 300 respondents from India. “Nearly three-quarters of…

Read More
If you have an internet router that is not up to date or obsolete, you may want to be careful—as a new report claims that Chinese hackers are targeting them to install backdoor malware to compromise networks. News 

Chinese Hackers Exploiting Internet Routers and Installing Malware to Compromise Networks: Report

Adriana Marais, , , ,

If you have an internet router that is out of date or out of date, you should be careful, as a new report claims that Chinese hackers are targeting them to install backdoor malware to compromise networks. As reported by Check Point Research, a hacker group called Camaro Dragon is planting malware on TP-Link routers, including a backdoor called “Horse Shell.” This backdoor agent can give hackers full control over the infected device. it remains undetected and continues to access compromised networks. The attacks are said to be targeting European…

Read More
Twitter then responded at that time by deactivating all verified accounts and disabling the tweet feature in an attempt to target the hackers. News 

Hacker who took over Biden, Elon Musk’s Twitter accounts plead guilty

Jim Hendler, , , ,

A UK national accused of hacking Twitter accounts as part of a Bitcoin scheme has pleaded guilty to cyber surveillance and computer hacking that targeted several high-profile social media accounts, including the July 2020 Twitter hack. Joseph James O’Connor, aka PlugwalkJoe, 23, was extradited from Spain to the United States last month, where he was awaiting trial on charges of harassing, threatening and extorting victims. According to Gizmodo, O’Connor was first arrested in 2021 for trying to control 130 Twitter accounts, including US President Joe Biden, American socialite and model…

Read More
Western Digital Corp said on Friday it had restored My Cloud services and expects customer access to its online store to be normalized in the week of May 15, more than a month after the data storage chip maker disclosed a security breach. News 

Western Digital Brings Services Back Online Soon After Breach: All the Details

Febin Mathew, , ,

Western Digital Corp said Friday it has restored My Cloud services and expects customer access to its online store to return to normal in the week of May 15, more than a month after the storage chip maker disclosed a security breach. Western Digital said it was moving forward with the restoration process and most systems and services were operational. An “unauthorized party” obtained customers’ names, phone numbers and partial credit card numbers from their systems, Western Digital said in a statement. The company said it is communicating directly with…

Read More