Bite Sized Cyber Crime

NFC has allowed for payments to be easier than ever, but it was only a matter of time before this method was exploited by threat actors. A bold, new real time malware that leverages NFC has been making rounds.

Sources: https://pastebin.com/QgquMLj8

The CVE program is essential for tracking vulnerabilities all across the technology industry, but what happens when funding is cut? Let's talk about what's been going on with the CVE program.

Sources: https://pastebin.com/QPVXe6kD

You're always told to never plug in a random flash drive because it may have malware on it, but is that really a thing? The answer is yes, and it can potentially compromise a military mission.

Sources: https://pastebin.com/LURNpcH5

Tax season is a stressful time for many in the US, and this creates the perfect opportunity for a number of scams against virtually anyone living in the US. Be aware of fake documents, fake filing services, and unusual emails.

Sources: https://pastebin.com/zJQGMndk

A hacker claimed to have stolen 6 million lines of data from Oracle, which Oracle swiftly denied. However when security firms received data samples and showed them to customers, the data was confirmed to be real.

Sources: https://pastebin.com/6WnaeYZs

Google, though a tech giant, has lagged behind Amazon and Microsoft when it comes to cloud computing, but this bold new acquisition could bridge that gap... or introduce legal troubles.

Sources: https://pastebin.com/004Wu6hv

Elon Musk has become a controversial political figure, leaving little surprise that one of his projects, the X platform, became a target for a hacktivist group, leaving the major social media platform down from a DDoS attack.

Sources: https://pastebin.com/Pa6b0nrm

Ransomware groups sometimes run into issues, like being blocked by security tools, and often have to pivot. Some techniques are less conventional than others, but are just as destructive. Here's how a webcam led to ransomware being deployed org wide.

Sources: https://pastebin.com/FHxVYgBg

Building access management is an important part of physical security that has only become more intelligent. However, with all the data on these systems that exist on employees it is important that they are properly secured. Recently, 49,000 systems were found unsecured on the open internet with data viewable, and sometimes modifiable.

Sources: https://pastebin.com/8feGBvEu

Government contractors are expected to follow certain compliance policies, so what happens when a company lies about compliance? Hefty fines tend to follow.

Sources: https://pastebin.com/vJPEikD9

SWATting is a dangerous crime that involves making extreme police reports against people to illicit a response from the SWAT team. This has resulted in innocent people being killed or injured. One teen turned making these reports into a business and was recently sentenced to 4 years in prison for it. Learn about his crimes and methodology today.

Sources: https://pastebin.com/ET9xMi85

Recently a new crypto stealing malware was found in apps on both the Google Play, and the famously restrictive Apple App Store, but it seems not to be its own app, but rather something inserted into existing apps at a later time to steal passphrases for crypto wallets from images on devices.

Sources: https://pastebin.com/fHgDP4fg

Recently a brand new generative AI model came out of nowhere and blew up overnight. There are a lot of controversies and concerns surrounding this model, providing more efficient AI but also bringing a lot of data sensitivity risks and topics of government censorship to the forefront.

Sources: https://pastebin.com/WRGERYCE

Pwn2Own by TrendMicro's Zero Day Initiative is a hacking contest where people try to hack "up to date" products to discover zero day vulnerabilities in them and win cash prizes for doing so. The automotive version of this contest not only involved cars themselves, but chargers for electric vehicles.

Sources: https://pastebin.com/4siwYEYK

Job offer scams are sadly rather common, but most of the time it's a waste of time or an identity theft scam rather than a scam that installs unauthorized crypto miners on your devices. A new scam email impersonating Crowdstrike that is targeting developers does just that.

Sources: https://pastebin.com/Lpg673yh

The US Department of Treasury was targeted in a suspected state-sponsored hack. No ransomware was deployed, though the threat actors compromised machines remotely, linked to a BeyondTrust data breach and accessed many unclassified documents.

Sources: https://pastebin.com/rUi3Wdxg

Deepfakes and AI image and video generation have become nearly indistinguishable from real people to the naked eye. This creates a problem when it comes to identity verification that involves previously very difficult to fake Face ID systems. Recently a deep web identity fraud database was being build was scraped data and images with the intention to target financial accounts.

Sources: https://pastebin.com/X7acHzs9

The healthcare industry remains one of the top targeted by hackers, and even the biggest healthcare organizations are not safe.

Sources: https://pastebin.com/UgauFXsL

In 1999 one of the most infamous viruses was released on the world, slowing down email systems and causing chaos in the corporate world and among personal computer users.

Sources: https://pastebin.com/FgE9ETKk