March 15, 2024 at 03:50PM The IMF disclosed a cyber incident involving the breach of 11 email accounts. They are currently investigating the impact and have not found any evidence of further compromise outside of the breached accounts. The organization uses Microsoft’s Office 365 email system, which has been targeted by various hacking groups. IMF … Read more
March 1, 2024 at 09:57AM The US Justice Department announced charges against Iranian national Alireza Shafie Nasab, accused of involvement in hacking operations targeting government and private sector organizations. His firm, Mahak Rayan Afraz, linked to cyberespionage, had ties to the IRGC. Nasab, now at large, faces charges carrying up to 20-year prison sentences, with … Read more
February 26, 2024 at 02:19PM LockBit, a ransomware gang, is reported to have resumed its activities following the takedown of its servers by law enforcement. A new leak site surfaced, listing alleged victims including the FBI and Georgia’s Fulton County. The gang has threatened to reveal confidential data and demanded a ransom from the county. … Read more
February 14, 2024 at 11:39AM North Korean hackers breached the personal emails of a South Korean President’s staff member before his Europe trip. The cyberattack only affected the staff member’s personal account, and security protocols were violated by using commercial email services for official duties. Yoon’s office detected the breach in advance and ensured overall … Read more
February 6, 2024 at 05:38AM A Singapore-based cybersecurity firm, Group-IB, uncovered a new threat actor, ResumeLooters, targeting employment agencies and retail companies in the Asia-Pacific region. The group aims to steal sensitive data from job search platforms, compromising over 65 websites and collecting millions of user data records. The stolen information is then sold on … Read more
January 31, 2024 at 07:51AM Cybersecurity researchers highlight Telegram’s role in democratizing the phishing ecosystem, enabling cybercriminals to easily exchange tools and resources. This trend has made phishing more accessible to newcomers, with malicious activities facilitated through the platform’s public channels and groups. The article also discusses the various components and monetization strategies involved in … Read more
January 30, 2024 at 04:31PM The U.S. Department of Justice arrested and charged suspects involved in hacking almost 68,000 DraftKings accounts in a credential stuffing attack. Three defendants were charged, with two selling access to accounts that were compromised, leading to a loss of $635,000. Similar attacks affected FanDuel and Chick-fil-A. Automated tools and stolen … Read more
January 26, 2024 at 10:28AM Microsoft confirmed that the Russian hacking group Midnight Blizzard, linked to the Russian Foreign Intelligence Service, breached its systems in November 2023 and stole email from its leadership. The group gained access through a non-MFA-enabled test account and leveraged OAuth applications to access corporate mailboxes. Similar attacks targeting other organizations … Read more
January 23, 2024 at 06:54AM Hackers used SIM swapping to take over the US Securities and Exchange Commission’s Twitter account, announcing the approval of a bitcoin exchange-traded fund. After the post caused a spike in bitcoin price, the agency clarified that the account had been compromised. The hackers gained unauthorized access through a telecom carrier … Read more
January 22, 2024 at 12:06PM In December 2023, media organizations and North Korea experts were targeted by a cyber campaign orchestrated by the threat actor ScarCruft. This North Korea-linked group, also known as APT37, targeted individuals with malicious files, displaying a sophisticated and evolving approach. The attack is indicative of the group’s ongoing efforts to … Read more