Security News

ResumeLooters target job search sites in extensive data heist
2024-02-06 10:37

Group-IB identified a large-scale malicious campaign primarily targeting job search and retail websites of companies in the Asia-Pacific region. ResumeLooters is confirmed to have stolen several databases containing 2,079,027 unique emails and other records, such as names, phone numbers, dates of birth, and information about job seekers' experience and employment history.

Microsoft sheds some light on Russian email heist – and how to learn from Redmond's mistakes
2024-01-27 00:32

Microsoft, a week after disclosing that Kremlin-backed spies broke into its network and stole internal emails and files from its executives and staff, has now confirmed the compromised corporate account used in the genesis of the heist didn't even have multi-factor authentication enabled. On Thursday, Redmond admitted Midnight Blizzard - a Moscow-supported espionage team also known as APT29 or Cozy Bear - "Utilized password spray attacks that successfully compromised a legacy, non-production test tenant account that did not have multifactor authentication enabled."

Akira ransomware gang says it stole passport scans from Lush in 110 GB data heist
2024-01-26 12:25

The Akira ransomware gang is claiming responsiblity for the "Cybersecurity incident" at British bath bomb merchant. Akira says it has stolen 110 GB of data from the UK-headquartered global cosmetics giant, which has more than 900 stores worldwide, allegedly including "a lot of personal documents" such as passport scans.

North Korea's Cyber Heist: DPRK Hackers Stole $600 Million in Cryptocurrency in 2023
2024-01-08 04:59

Threat actors affiliated with the Democratic People's Republic of Korea (also known as North Korea) have plundered at least $600 million in cryptocurrency in 2023. The DPRK "was responsible for...

X-ploited: Mandiant restores hijacked Twitter account after attempted crypto heist
2024-01-04 20:00

Miscreants took over security giant Mandiant's Twitter account for several hours on Wednesday in an attempt to steal cryptocurrency, then trolled the Google-owned security shop, telling its admins to change the password. "We are aware of the incident that impacted the Mandiant X account and are conducting a thorough investigation," a spokesperson told The Register.

Ex-Navy IT manager gets 5 years in slammer for 2018 database heist
2023-10-19 14:01

While still a chief petty officer, Marquis Hooper accessed a database containing millions of records and over the course of five months sold details of more than 9,000 people online. Prosecutors said the total sum generated by Hooper and his wife, Natasha Chalk, co-defendant in the case and former Navy reservist, reached the equivalent of $160,000 in Bitcoin.

Chinese snoops stole 60K State Department emails in that Microsoft email heist
2023-09-28 23:13

Chinese snoops stole about 60,000 State Department emails when they broke into Microsoft-hosted Outlook and Exchange Online accounts belonging to US government officials over the summer. "No classified systems were hacked," said State Department spokesperson Matthew Miller during a press briefing Thursday.

Mixin suspends deposits and withdrawals after $200m cryptocurrency heist
2023-09-25 18:34

Mixin Network confirmd on Monday that it has "Temporarily suspended" all deposit and withdrawal services after hackers broke into a database and stole about $200 million in funds from the Hong-Kong based cryptocurrency firm. In a statement posted on the social media platform formerly known as Twitter, the digital biz said the incident happened early Saturday morning, when "The database of Mixin Network's cloud service provider was attacked by hackers. After initial verification, the funds involved are approximately US$200 million."

Nigerian man pleads guilty to attempted $6 million BEC email heist
2023-09-22 19:24

Kosi Goodness Simon-Ebo, a 29-year-old Nigerian national extradited from Canada to the United States last April, pleaded guilty to wire fraud and money laundering through business email compromise. According to the plea agreement, the scammers had a high success ratio of roughly 1 to 7, making one million out of the almost seven million they attempted to steal.

North Korea's Lazarus Group Suspected in $31 Million CoinEx Heist
2023-09-17 06:32

The North Korea-affiliated Lazarus Group has stolen nearly $240 million in cryptocurrency since June 2023, marking a significant escalation of its hacks. According to multiple reports from Certik, Elliptic, and ZachXBT, the infamous hacking group is said to be suspected behind the theft of $31 million in digital assets from the CoinEx exchange on September 12, 2023.