U.S. DoJ Dismantles Warzone RAT Infrastructure, Arrests Key Operators
The U.S. Justice Department (DoJ) on Friday announced the seizure of online infrastructure that was used to sell a remote access trojan (RAT) called Warzone RAT
Theft in cybersecurity covers stolen data, credentials, devices, and funds, often creating risks of unauthorized access, fraud, and privacy loss.
Search across headline titles and summaries.
Background for this topic.
Unauthorized taking or copying of information, credentials, intellectual property, or digital assets is cyber theft. News under this tag may involve stolen passwords, payment data, personal information, source code, cloud tokens, cryptocurrency, or sensitive business files. Theft can result from phishing, malware, compromised accounts, insider access, exposed storage, or the loss of an unencrypted device; the relevant issue is the unauthorized acquisition or control of an asset, whether or not the attacker also alters systems.
Security teams should identify where valuable data and credentials are stored, restrict access by role, require strong authentication, encrypt data at rest and in transit, and monitor unusual downloads or transfers. Vulnerability management matters when flaws expose databases, endpoints, or cloud services to unauthorized retrieval. After suspected theft, preserving logs, revoking tokens and credentials, determining what was accessed or copied, and assessing privacy or notification obligations are central to containing the incident and measuring its impact.
The U.S. Justice Department (DoJ) on Friday announced the seizure of online infrastructure that was used to sell a remote access trojan (RAT) called Warzone RAT
The Canadian government plans to ban the Flipper Zero and similar devices after tagging them as tools thieves can use to steal cars. [...]
That listing for a gig that looked too good to be true may have been carrying SQL injection code Singapore-based infosec firm Group-IB has detected a group that spent the last two months of 2023 stealing personal info from websites operated by jobs boards and retailers websites across Asia.…
Car maker Hyundai Motor Europe suffered a Black Basta ransomware attack, with the threat actors claiming to have stolen three terabytes of corporate data. [...]
The fake app looks similar to the legitimate LastPass app in its branding, and it could be stealing users' credentials.
LastPass is warning that a fake copy of its app is being distributed on the Apple App Store, likely used as a phishing app to steal users' credentials. [...]
A tangled web of attackers use various social media tactics to propagate the novel threat, which has several execution methods and exfiltrates data to Telegram.
A new password-stealing malware named Ov3r_Stealer is spreading through fake job advertisements on Facebook, aiming to steal account credentials and cryptocurrency. [...]
HHS OCR Says a Malicious Worker Stole and Sold Patient Information in 2013HHS has fined a New York City medical center $4.75 million to settle potential HIPAA violations discovered during an investigation into a hospital insider who sold patient data to identity thieves in 2013. The hospital said it has beefed up its security and privacy since the incident occurred.
The cyberattackers used SQL injection and XSS to target 65 retail companies and job recruiters, stealing databases with unique emails and other sensitive records.
Threat actors are leveraging bogus Facebook job advertisements as a lure to trick prospective targets into installing a new Windows-based stealer malware codenamed Ov3r_Stealer
A new report suggests nearly 2 million UK adults have had their identity stolen and used by fraudsters to open a financial account in 2023
Employment agencies and retail companies chiefly located in the Asia-Pacific (APAC) region have been targeted by a previously undocumented threat actor known as ResumeLooters since early 2023 with the goal of stealing sensitive data
Group-IB uncovers mass data theft campaign from Chinese-speaking ResumeLooters hackers
A threat group named 'ResumeLooters' has stolen the personal data of over two million job seekers after compromising 65 legitimate job listing and retail sites using SQL injection and cross-site scripting (XSS) attacks. [...]
Hewlett Packard Enterprise (HPE) is investigating a potential new breach after a threat actor put allegedly stolen data up for sale on a hacking forum, claiming it contains HPE credentials and other sensitive information. [...]
Crypto theft, sextortion tactics, swattings, and ransomware: teenagers are increasingly taking up cybercrime for fun and profit — and experts credit an array of contributing factors.
PLUS: more glibc vulns discovered; DraftKings hacker sentenced; and a hefty dose of critical vulnerabilities Infosec In Brief The recent indictment of a massive SIM-swapping ring may mean convicted crypto conman Sam Bankman-Fried is innocent of at least one allegation still hanging over his head: The theft of more than $400 million in crypto hacked from wallets belonging to his crypto firm, FTX, just before it declared bankruptcy.…