The number of business email compromise (BEC) incidents doubled last year and replaced ransomware as the most prolific cybercrime category, according to Secureworks. Ransomware detections reportedly declined by 57%.
The most notable shift observed in BianLian attacks recently is its move away from ransoming encrypted files, and towards data-leak extortion as a means to extract payments from victims.
Tabnabbing is a phishing method in which attackers take advantage of victims’ unattended browser tabs. With reverse tabnabbing, on the other hand, attackers can actually rewrite the source page after a victim clicks a malicious link.
The exposed database contained users’ sensitive information, including screenshots of “Chat Messages” showing deposits and withdrawal amounts, KYC compliance records, identification images, transaction hashes, and wallet addresses.
The two hackers, belonging to the “ViLE” crime group, allegedly broke into a federal law enforcement database. They also used a compromised Bangladeshi police officer’s email to fraudulently request user data from a social media company.
A study by Hoxhunt sampling 53,000 email users in more than 100 countries found that professional red teamers generated a click rate of 4.2%, while ChatGPT-generated emails induced just a 2.9% click rate.
According to the alert, both the unnamed nation-backed hacking group and the criminal group dubbed XE Group exploited known vulnerabilities in Progress Telerik software located in the unnamed government agency’s Microsoft IIS web server.
By virtue of Chrome’s market share, if Google makes this change for Chrome, that makes it a de facto standard that every commercial public certificate authority would have to follow.
The announcement, titled “350 GB from US Marshal Service (USMS) law enforcement confidential information,” was added on March 15, using an account registered just a day earlier on a Russian-speaking hacking forum.
Jelly Bean Communications Design reached a $293,771 settlement to resolve False Claims Act allegations that it knowingly provided deficient security controls to Florida Healthy Kids Corp., which caused the second-largest healthcare breach of 2021.