A massive global multi-million dollar scam, operating since 2019, has been uncovered. The number of victims is in the range of tens of thousands. Thought to be originated from Russia, the gang operates an extensive network of fake dating and customer support websites, using them to charge credit cards bought on the dark web.By acting in this way, the charges

Australian mobile operator Optus is investigating a security breach after they spotted “unauthorized access” to former and current customers’ personal data. Optus immediately shut down the attack and is currently working with the Australian Cyber Security Center to mitigate any risks to customers.An official statement issued on Optus’ website informed

On Tuesday, September 20, 2022, The Securities and Exchange Commission (SEC) revealed that Morgan Stanley financial services corporation will be sanctioned with a $35M fine.Morgan Stanley Smith Barney, the wealth & asset management division of Morgan Stanley, was accused of “extensive failures” in protecting important data that led to the exposure of 15

BlackCat ransomware isn’t showing signs of slowing down. The gang has released a new version of their data exfiltration tool, used for performing double-extortion attacks.The group, considered a successor to Darkside and BlackMatter, is one of the most sophisticated and technically advanced RaaS (Ransomware-as-a-Service) operations.New Features AddedAccordin

The LockBit ransomware operation takes a severe blow after a developer has leaked online the builder of their newest ransomware encryptor. The encryptor, codenamed LockBit Black, was officially released in June, after being in tests for two months.Compared with the old version, the newest version of the encryptor boasted new anti-analysis features, a ransomw

LinkedIn Smart Link feature is used by threat actors to launch a phishing campaign with the purpose of stealing credit card details from the victims.Abusing this feature, cybercriminals managed to bypass email security and skillfully divert subscribers to a phishing page.Smart Link enables business users to send large documents in a single link, also providi

Netflix is one of the most popular video streaming platforms in the world, with over 200 million paying subscribers. The large number of subscribers has attracted threat groups that are looking to score with a social engineering campaign.Scammers send phishing emails trying to convince Netflix users that their account is somehow in jeopardy, and rectifying t

Cyble Research and Intelligence Labs (CRIL) discovered multiple fake Zoom sites created to spread malware among Zoom users.The sites were created with a similar user interface and disguised the malware as Zoom’s legitime application.The whole discovery was triggered by a tweet mentioning the apparition of those sites:Malware @Zoom downloads

American video game publishing house 2K Games confirms that they have been the victims of a cyberattack. The hackers targeted 2K’s help desk platform and used it to reach customers with fake support tickets, pushing malware through embedded links. 2K’s support account took to Twitter to address the ongoing situation after BleepingComputer broke the story on

The New York Racing Association disclosed that, on June 30th, a cyberattack impacted IT operations, website availability, and compromised member data. NYRA is operating the three largest thoroughbred horse racing tracks in New York, namely the Aqueduct Racetrack, the Belmont Park, and the Saratoga Race Course.The Hive ransomware group, which was recently res

New York-based company, Empress EMS (Emergency Medical Services), has disclosed through an official notification that it’s been the victim of a ransomware attack on July 14, 2022.Further investigations found that the intruder gained access to the company’s systems on May 26, 2022. On the 13th of July, “a small subset of files” was exfiltrated by the attacker

The European Commission has suggested a new “EU Cyber Resilience Act.” The act intends to protect customers and companies who purchase or use goods and software that include a digital component.Device manufacturers with poor cybersecurity policies and features risk paying fines if the new regulation is enacted.What Is The Act Affecting? By introd

Over 50,000 people’s personal information was compromised as a result of a cyberattack on Revolut. After a Revolut employee fell for a phishing scam last Sunday night, the app-based transactions startup experienced a data breach.An unauthorized third party gained access to some of their details, including contact and transaction information, during the

In an update to the notification regarding the cyberattack suffered in August, LastPass, one of the most widely used password management programs in the world, shared the conclusion of the investigation following the attack.The company’s investigation was performed in conjunction with cybersecurity firm Mandiant and shows that the threat actors had had acces

American Airlines notified its clients on Friday, September 16th, that they have been the victims of a cyberattack after a number of employees’ email accounts were compromised.The airline explained in its notification letter that it has no evidence the exposed data was misused.What Happened?American Airlines discovered that in July 2022 an unauthorized actor