Security News
Amazon Prime Day is one such seasonal event in which the retail giant kicks off a series of tempting sales for consumers looking to save money. In advance of this year's Amazon Prime Day set for July 12 and 13, Check Point said it has seen a 37% jump in Amazon-related phishing attacks at the start of July compared with the daily average for June.
During the first half of 2022, BioCatch data reveals that money mule accounts represent up to 0.3 percent of accounts held by financial institutions, and an estimated $3 billion in fraudulent financial transfers. Applying BioCatch findings to the estimated 657 million bank accounts in the United States, this translates to approximately two million mule accounts and nearly $3 billion in fraudulent transfers in a year.
Timeline May 31: Volexity found zero-day vulnerability in Atlassian Confluence. AI Spera used Criminal IP to determine the number of Atlassian Confluence servers connected to the Internet.
Proofpoint unveiled its annual Human Factor report, which provides a comprehensive examination of the three main facets of user risk - vulnerability, attacks, and privilege - and how threat actors continue their ceaseless creativity as they exploit the many opportunities presented by people. "One constant that remains as organizations approach a sense of normalcy after a disruptive year is that cyber criminals continue to target and exploit people," said Ryan Kalember, EVP of cybersecurity strategy, Proofpoint.
Cybersecurity researchers have detailed the workings of a fully-featured malware loader dubbed PureCrypter that's being purchased by cyber criminals to deliver remote access trojans and information stealers. Some of the malware families distributed using PureCrypter include Agent Tesla, Arkei, AsyncRAT, AZORult, DarkCrystal RAT, LokiBot, NanoCore, RedLine Stealer, Remcos, Snake Keylogger, and Warzone RAT. Sold for a price of $59 by its developer named "PureCoder" for a one-month plan since at least March 2021, PureCrypter is advertised as the "Only crypter in the market that uses offline and online delivery technique."
"The rise and proliferation of cryptocurrency has also provided attackers with a new method of financial extraction." The targeting of sensitive cryptocurrency data by threat actors was recently echoed by the Microsoft 365 Defender Research Team, which warned about the emerging threat of cryware wherein private keys, seed phrases, and wallet addresses are plundered with the goal of siphoning virtual currencies by means of fraudulent transfers.
The policy for the first time directs that good-faith security research should not be charged. Good faith security research means accessing a computer solely for purposes of good-faith testing, investigation, and/or correction of a security flaw or vulnerability, where such activity is carried out in a manner designed to avoid any harm to individuals or the public, and where the information derived from the activity is used primarily to promote the security or safety of the class of devices, machines, or online services to which the accessed computer belongs, or those who use such devices, machines, or online services.
US prosecutors have accused an American citizen of illegally funneling more than $10 million in Bitcoin into an economically sanctioned country. It's said the resulting criminal charges of sanctions busting through the use of cryptocurrency are the first of their kind to be brought in the US. Under the United States' International Emergency Economic Powers Act, it is illegal for a citizen or institution within the US to transfer funds, directly or indirectly, to a sanctioned country, such as Iran, Cuba, North Korea, or Russia.
A flaw detected in the browser version of the Ever Surf cryptocurrency wallet could have given hackers who exploited it full control over a targeted user's wallet, say threat hunters at Check Point Research. "Despite the fact that Surf uses reliable cryptographic libraries for the key derivation and the encryption, the sensitive data in the web version of Surf doesn't appear to have adequate protection."
The number of phishing attacks worldwide jumped 29 percent last year as threat actors countered stronger enterprise defenses with newer methods, according to researchers with Zscaler's ThreatLabz research team. While the United States remained the country with the most phishing attempts, others are seeing faster growth in the number of incidents - exploiting new vectors like SMS and lowering the barrier of entry for launching attacks through pre-built tools made available on the market.