July 4, 2024 at 12:18PM A threat actor compromised Ethereum’s mailing list provider and sent a phishing email to over 35,000 addresses, luring recipients to a malicious site offering investment returns. Ethereum disclosed the incident, stating it had no material impact. The internal security team launched an investigation, blocked the attacker, and warned the community. … Read more
June 6, 2024 at 10:39AM The US government filed a civil forfeiture action to recover over $5.3 million lost by a Massachusetts workers union in a business email compromise scam. Cybercriminals tricked the union into transferring the funds using a spoofed email. The fraudsters transferred the money through intermediary bank accounts. Authorities have seized the … Read more
March 8, 2024 at 02:06AM Echefu, a Nigerian man involved in a business email compromise scheme, has pleaded guilty to conspiracy charges in the US. Alongside his co-conspirators from South Africa, he gained unauthorized access to email accounts to orchestrate wire fraud and money laundering. Echefu faces up to 20 years in prison and must … Read more
January 3, 2024 at 02:35PM Nigerian national Olusegun Samson Adejorin was arrested in Ghana for wire fraud and identity theft, related to $7.5 million embezzlement from US charitable organizations. The fraud scheme involved unauthorized access to email accounts and impersonation of employees to trick one charity into transferring funds to accounts controlled by the attacker. … Read more
December 14, 2023 at 06:07AM Miscreants are using OAuth to automate financially motivated cyber crimes, such as BEC, phishing, and deploying virtual machines for crypto mining, as highlighted by Microsoft. These criminals leverage compromised accounts to create OAuth applications and manipulate user permissions. Microsoft suggests monitoring Azure audit logs for illicit mining activities and enabling … Read more
November 4, 2023 at 12:30PM SecurityWeek’s weekly cybersecurity roundup highlights several significant developments. Stanford University suffered a ransomware attack, resulting in 430 GB of data being stolen. The MOVEit hack compromised around 632,000 email addresses from the US Justice and Defense Departments. The Henry Schein cyberattack was claimed by the BlackCat ransomware group. A link … Read more
October 26, 2023 at 12:05PM Nigerian police have arrested six men connected to a cybercrime recruitment and mentoring hub. The suspects, aged 19 to 27, have confessed to various cybercrimes such as identity theft, hacking, and trading of hacked Facebook accounts, among others. Intelligence reports suggest their involvement in more high-level cybercrimes. The investigation is … Read more