steal
-
Blog
Russian hackers use RDP proxies to steal data in MiTM attacks
The Russian hacking group tracked as APT29 (aka “Midnight Blizzard”) is using a network of 193 remote desktop protocol proxy servers to perform man-in-the-middle (MiTM) attacks to steal data and credentials and to install malicious payloads. The MiTM attacks utilized the PyRDP red team proxy tool to scan the victims’ filesystems, steal data in the background, and remotely execute rogue applications…
Read More » -
Blog
LastPass breach comes back to haunt users as hackers steal $12 million in cryptocurrency
A major data breach at password manager firm LastPass in 2022 is still causing mayhem two years later, with cyber criminals using stolen information to carry out further attacks. According to data collated by crypto investigator ZachXBT, hackers stole $12.38 million in cryptocurrency from LastPass users on 16 and 17 December. The attackers drained nearly 150 individual victim addresses, according…
Read More » -
Blog
New fake Ledger data breach emails try to steal crypto wallets
A new Ledger phishing campaign is underway that pretends to be a data breach notification asking you to verify your recovery phrase, which is then stolen and used to steal your cryptocurrency. Ledger is a hardware cryptocurrency wallet that allows you to store, manage, and sell cryptocurrency. The funds in these wallets are secured using 24-word recovery phrases or 12…
Read More » -
Blog
The 10th Gen iPad Is an Absolute Steal at $250 Right Now
We may earn a commission from links on this page.Deal pricing and availability subject to change after time of publication. Apple products can be pretty hard to score a good deal on, and you’ll often have to settle on a minor discount if you’re going to get a discount at all. But Amazon’s current sale on the 10th Generation iPad…
Read More » -
Blog
Chinese hackers exploit Fortinet VPN zero-day to steal credentials
Chinese threat actors use a custom post-exploitation toolkit named ‘DeepData’ to exploit a zero-day vulnerability in Fortinet’s FortiClient Windows VPN client that steal credentials. The zero-day allows the threat actors to dump the credentials from memory after the user authenticated with the VPN device Volexity researchers report that they discovered this flaw earlier this summer and reported it to Fortinet, but…
Read More » -
Blog
Fraud network uses 4,700 fake shopping sites to steal credit cards
A financially motivated Chinese threat actor dubbed “SilkSpecter” is using thousands of fake online stores to steal the payment card details of online shoppers in the U.S. and Europe. The fraud campaign started in October 2024, offering steep discounts for the upcoming Black Friday shopping period that usually sees elevated shopping activity. EclecticIQ threat researcher Arda Buyukkaya, who discovered the…
Read More » -
Blog
MA tax preparer and accountant pays ransom after hackers steal private info of 70K clients
Massachusetts accounting firm Bookkeeping & Business Services (BBS) this week confirmed it notified 70,168 people about a December 2023 data breach that compromised clients’ private medical and tax information. What info was compromised depends on whether the victim is a medical billing client or tax preparation client. For tax preparation clients, the breached info can include: Name Social Security number…
Read More » -
Blog
Nokia investigates breach after hacker claims to steal source code
Nokia is investigating whether a third-party vendor was breached after a hacker claimed to be selling the company’s stolen source code. “Nokia is aware of reports that an unauthorized actor has alleged to have gained access to certain third-party contractor data and possibly data of Nokia,” the company told BleepingComputer. “Nokia takes this allegation seriously and we are investigating. To…
Read More » -
Blog
LastPass warns of fake support centers trying to steal customer data
LastPass is warning about an ongoing campaign where scammers are writing reviews for its Chrome extension to promote a fake customer support phone number. However, this phone number is part of a much larger campaign to trick callers into giving scammers remote access to their computers, as discovered by BleepingComputer. LastPass is a popular password manager that utilizes a LastPass Chrome…
Read More » -
Blog
Chinese hackers use Quad7 botnet to steal credentials
Microsoft warns that Chinese threat actors use the Quad7 botnet, compromised of hacked SOHO routers, to steal credentials in password-spray attacks. Quad7, also known as CovertNetwork-1658 or xlogin, is a botnet first discovered by security researcher Gi7w0rm that consists of compromised SOHO routers. Later reports by Sekoia and Team Cymru reported that the threat actors are targeting routers and networking devices from TP-Link,…
Read More »