Why your password policy should include a custom dictionary wordlist

October 3, 2024 at 10:15PM Custom dictionaries are essential for strengthening password security. They block the use of common words, industry and organization-specific terms, and easily guessable patterns, adding an extra layer of defense against targeted attacks. Integrating custom dictionaries with tools like Specops Password Policy enhances Active Directory password security and reduces the risk … Read more

INTERPOL Arrests 8 in Major Phishing and Romance Fraud Crackdown in West Africa

October 3, 2024 at 06:39AM INTERPOL announced the arrest of eight individuals in Côte d’Ivoire and Nigeria as part of Operation Contender 2.0 to tackle cyber-enabled crimes in West Africa. The campaign targeted phishing and romance scams, resulting in financial losses of over $1.4 million. The importance of continued international cooperation in combating cybercrime was … Read more

Fake Trading Apps Target Victims Globally via Apple App Store and Google Play

October 2, 2024 at 01:27PM Group-IB reported on a large-scale fraud campaign involving fake trading apps on Apple App Store and Google Play Store, using phishing sites to deceive victims. Operating globally, the campaign leverages social engineering, targeting victims for investment fraud. The cybercriminals utilized a fake app to deceive victims into making investments, subsequently … Read more

Hurricane Helene Prompts CISA Fraud Warning

September 26, 2024 at 01:37PM Hurricane Helene approaches Florida coastline as a Category 3 storm with a life-threatening 20-foot surge. Cybercriminals are anticipated to exploit public interest and anxiety by launching fraud and phishing schemes related to the hurricane. The US National Hurricane Center and Cybersecurity agencies advise people to be cautious of charitable solicitations, … Read more

Global infostealer malware operation targets crypto users, gamers

September 21, 2024 at 12:51PM A cybercriminal group named “Marko Polo” has executed a large-scale infostealer malware campaign, impacting thousands and potentially causing millions in financial losses. Using various distribution channels and targeting high-value individuals, the group distributes malicious software under legitimate guises, compromising both Windows and macOS systems. Mitigating these threats involves cautious online … Read more

88,000 Impacted by Access Sports Data Breach Resulting From Ransomware Attack

September 16, 2024 at 07:39AM Access Sports Medicine & Orthopaedics discovered unauthorized access to personal and health information of over 88,000 individuals due to a cyberattack. The compromised data includes names, Social Security numbers, and medical information. While no evidence of misuse has been found, fraud protection services have been offered. The attack was claimed … Read more

Microchip Technology Confirms Personal Information Stolen in Ransomware Attack

September 5, 2024 at 07:12AM Microchip Technology confirmed a recent ransomware attack resulting in stolen personal and other data. The company isolated the affected systems and filed an 8-K Form with the SEC, confirming the breach. Although certain data was stolen, the full extent of the impact and validity of ransomware group’s claims are still … Read more

CEO’s Arrest Will Likely Not Dampen Cybercriminal Interest in Telegram

September 4, 2024 at 09:03AM Telegram CEO Pavel Durov’s recent arrest in France for allowing his platform to be used for illegal activities, including child abuse and drug trafficking, is not expected to have a significant short-term impact on cybercrime. Despite some scrutiny and policy changes, experts anticipate cybercriminals will likely continue using the platform … Read more

Cyberattackers Spoof Palo Alto VPNs to Spread WikiLoader Variant

September 3, 2024 at 02:43PM Cybercriminals are posing as sellers of GlobalProtect VPN software from Palo Alto Networks and spreading a new variant of WikiLoader malware through SEO poisoning. The malware, known as WailingCrab, is traditionally spread through phishing and compromised websites. This campaign, discovered by Palo Alto’s Unit 42 team, has targeted US higher … Read more

Cybercriminals Tap Greasy Opal to Create 750M Fake Microsoft Accounts

August 26, 2024 at 03:45PM Greasy Opal, a tool used for cyberattacks, facilitates volumetric bot attacks, particularly targeting CAPTCHA systems. A threat actor group orchestrated an attack resulting in 750 million fake Microsoft accounts. Microsoft seized control of the domains. Greasy Opal leverages advanced technology to bypass defenses, posing a challenge to traditional security measures. … Read more