Latest Security News Collection
01
The Rise of QR Phishing: How Scammers Exploit QR Codes and How to Stay Safe
#QRPhishing #PhishingAttack #DigitalSafety #CyberThreats #ScamAlert #Malware #DataProtection #OnlineSecurity #StaySafe #CyberAwareness #TechSafety #cybercrime #cybersecurity
QR codes have become a convenient tool for accessing websites, payment platforms, and digital menus. However, their growing popularity has attracted cybercriminals who exploit them in a wave of phishing attacks known as “QR phishing” or “quishing.” These attacks trick users into scanning malicious QR codes that can steal personal information, install malware, or redirect to fraudulent websites.
Cybercriminals manipulate QR codes by placing fake codes over legitimate ones in public spaces or sending them via email or text messages, claiming to be from trusted sources. These messages often create a sense of urgency, convincing users to scan the code and unknowingly hand over their private information. To stay safe, it’s crucial to verify the source of a QR code before scanning and be aware of these increasingly sophisticated scams.
→ Read more on hackread.com
02
Third-Party Attacks Lead to Significant Financial Losses in 2024
#ThirdPartyAttacks #FinancialLosses #Ransomware #CyberRisk #VendorSecurity #InsuranceClaims #CyberIncidents #DigitalSecurity #CyberThreats #ResilienceReport #InterconnectedSystems #cybercrime #cybersecurity
In 2024, third-party attacks became a major driver of financial losses from cyber incidents, according to cyber risk management firm Resilience. These attacks accounted for 31% of all client insurance claims and 23% of material losses, a significant increase from 2023. The rise in third-party risks highlights the vulnerabilities created by interconnected systems and reliance on external vendors.
Ransomware was the biggest cause of losses, with attacks on vendors making up 42% of third-party claims. The attack on automotive software firm CDK, which affected thousands of car dealerships, exemplifies the financial impact. Vendor security failings, such as the CrowdStrike global outage, also contributed to material claims. This trend is prompting insurance companies to adjust their underwriting practices regarding third-party risk.
Overall, ransomware remained the top cause of material losses, with 62% of claims related to ransomware incidents. Despite this, there are signs that ransomware frequency may be declining in broader markets.
→ Read more on infosecurity-magazine.com
03
Medusa Ransom Gang Mistakenly Targets Aurora, Nebraska Instead of Colorado
#MedusaRansomGang #Ransomware #CyberSecurity #AuroraNebraska #DataBreach #CyberThreats #DigitalSecurity #CyberCrime #PersonalInformation #MunicipalSecurity #CyberAwareness #RansomwareAttack
In a recent blunder, the Medusa ransomware gang claimed to have attacked the City of Aurora, Colorado, but the posted samples actually belonged to Aurora, Nebraska. While this mix-up is fortunate for officials in Colorado, it spells trouble for the small Nebraska city with a population of just 4,704. Medusa claims to have stolen server files, including 2024 bank statements, city budget info, contracts, invoices, and personal information of residents or employees. Despite the mistake, the gang has not disclosed the exact amount of data taken. This incident highlights the ongoing threat of ransomware attacks on municipalities, regardless of their size.
→ Read more on cybernews.com
04
Germany Loses €267 Billion to Financial Crime in 2024
#FinancialCrime #PhishingEmails #BioCatch #OnlineBanking #Germany #DigitalTrust #AI #FraudPrevention #CyberThreats #EconomicLoss #DigitalFinance #cybercrime #cybersecurity
Financial crime in Germany continues to rise, with phishing emails playing a central role, according to BioCatch’s latest study, “Fraud Trends in Online Banking in Germany 2025.” The study reveals that Germany ranked fourth in Europe for online banking fraud cases, with economic losses amounting to €267 billion in 2024. Alarmingly, Germany was the second most targeted country globally for phishing attacks, generating 14% of all phishing emails worldwide.
Mathias Schollmeyer, CISSP at BioCatch Germany, highlighted the far-reaching consequences of this trend, noting a loss of trust in digital services due to the increase in phishing attacks. The study also found that 32% of Germans perceive artificial intelligence (AI) as a risk, while only 21% see it as an opportunity. As the financial sector becomes more digital, it is crucial for consumers to stay informed about current fraud schemes and for banks and regulatory authorities to implement effective protective measures.
→ Read more on it-daily.net
05
Qilin Ransomware Gang Claims Responsibility for Lee Enterprises Attack
#QilinRansomware #CyberAttack #LeeEnterprises #Ransomware #DataBreach #DigitalSecurity #CyberThreats #MediaIndustry #DataProtection #CyberCrime #RansomwareAttack#CyberCrime #cybersecurity
The Qilin ransomware gang has taken credit for a recent cyberattack on Lee Enterprises, which caused significant disruptions at dozens of local newspapers. The American media company, which owns around 350 weekly and specialty publications across 25 states, revealed that the attack impacted business applications and operations, affecting at least 75 newspapers. The attackers encrypted files and exfiltrated information, indicating a ransomware attack.
On February 27, the Qilin group announced on its Tor-based leak website that it was behind the attack, claiming to have stolen 350 Gb of files, including investor records, financial arrangements, payments to journalists, and personal information. The gang threatened to leak the stolen data on March 5 unless a ransom is paid, publishing samples of the data to demonstrate their claims.
→ Read more on securityweek.com
06
Unstoppable Info-Stealer Malware Exposes Millions of Victims
#InfoStealerMalware #CyberSecurity #DataBreach #HaveIBeenPwned #TroyHunt #AlienTxtbase #CredentialTheft #CyberThreats #DigitalSecurity #Malware #PrivacyBreach #CyberCrime #StolenData
A government tip-off has led to the discovery of 284 million unique email addresses and countless passwords stolen by credential-stealing malware, now added to the privacy-breach-notification service Have I Been Pwned (HIBP). HIBP founder Troy Hunt revealed that an unnamed agency alerted him to the trove after he analysed a separate massive collection of info-stealer logs in January. The data, linked to a Telegram channel called Alien Txtbase, includes 1.5TB of stolen information from millions of infected devices. Hunt added 244 million new compromised passwords to Pwned Passwords and updated frequency counts for an additional 199 million passwords. This staggering collection highlights the scale of the threat posed by info-stealer malware.
→ Read more on theregister.com
07
Massive Security Flaws in Building Access Systems Uncovered
#BuildingSecurity #AccessManagement #ModatStudy #SecurityFlaws #CyberThreats #DataProtection #GlobalSecurity #ITSecurity #UnauthorizedAccess #DigitalSafety #SecurityBreach#cybercrime #cybersecurity
A recent study by IT security consultancy Modat has revealed significant security flaws in building access systems worldwide. The study found around 49,000 misconfigured Access Management Systems (AMS) across various regions and sectors, including construction, healthcare, education, manufacturing, the oil industry, and government facilities. These flaws allow cybercriminals to easily gain access to buildings and sensitive data.
AMS authenticate users with methods like passwords, biometrics, or multi-factor authentication and authorize access based on set policies. When these systems fail, they pose two major risks: unauthorized access to buildings and unauthorized access to sensitive data. The study highlights that most cases are concentrated in Europe, the USA, the Middle East, and North Africa, with Italy, Mexico, and Vietnam having the highest number of faulty devices.
→ Read more on heise.de
08
Hacker Behind Over 90 High-Profile Data Leaks Arrested in Thailand
#DataBreach #CyberSecurity #HackerArrest #ALTDOS #DESORDEN #GHOSTR #0mid16B #DarkWeb #DataLeak #CyberCrime #PersonalData #LawEnforcement #CyberThreats
Singaporean and Thai law enforcement have arrested a 39-year-old man in Bangkok, suspected of executing over 90 high-profile data breaches worldwide. Operating under aliases such as ALTDOS, DESORDEN, GHOSTR, and 0mid16B, the hacker has been active in the Asia-Pacific region since 2021. His activities compromised over 13 terabytes of personal data, which he sold on the dark web. The victims include companies in healthcare, retail, finance, logistics, insurance, and recruitment sectors across multiple countries. During the arrest, authorities seized laptops, electronic devices, and luxury goods purchased with proceeds from the stolen data. Unlike ransomware actors, the hacker leaked data to media outlets or regulatory bodies, increasing reputational and financial damage to businesses. He also contacted affected customers to pressure companies into submission and occasionally encrypted victim databases for further control.
→ Read more on therecord.media
09
The Rise of AI-Powered Travel Scams: What You Need to Know
#AITravelScams #CyberSecurity #TravelSafety #Phishing #Deepfake #FakeBookings #FraudPrevention #DigitalSecurity #eSIM #SafeTravel #CyberThreats #AI
In recent years, cybercriminals have increasingly utilised artificial intelligence (AI) to create sophisticated travel scams, making it harder for travellers to distinguish between genuine and fake offers. Common tactics include AI-generated fake booking websites, deepfake customer service calls, AI-assisted phishing emails, and fraudulent travel agencies. This article explores these methods and provides practical advice on how to identify and protect yourself from such deceptions.
AI enhances these scams by analysing large datasets to generate tailored fraud attempts that are harder to detect. AI-generated images and texts appear more authentic, gaining the trust of victims. To ensure safe browsing while travelling, it is crucial to have a secure and reliable internet connection. Public Wi-Fi networks at airports, hotels, or cafes pose high security risks, as they are often unencrypted and easily targeted by cybercriminals. Using an eSIM offers a stable and protected connection, regardless of your location.
→ Read more on zdnet.de
10
Lee Enterprises Cyberattack Expected to Have Material Financial Impact
#LeeEnterprises #CyberAttack #Ransomware #DataBreach #FinancialImpact #NewspaperIndustry #DigitalSecurity #BusinessContinuity #CyberInsurance #DataProtection #CyberThreats#CyberCrime #cybersecurity
Lee Enterprises, a major U.S. newspaper chain, has revealed that a cyberattack on February 3 encrypted critical applications and exfiltrated data, likely impacting its financial condition. The attack delayed print publication distribution and affected billing, collections, and vendor payments. While the company did not explicitly call it a ransomware attack, the incident bears the hallmarks of one. Lee Enterprises is investigating whether sensitive data was compromised and has notified law enforcement and relevant agencies. The company is manually processing transactions and using alternative distribution methods to maintain operations. A comprehensive cyber insurance policy is in place to cover incident response, forensic investigation, regulatory fines, and business interruption.
→ Read more on cybersecuritydive.com
+49 89 360 5310 | security-awareness@metafinanz.de
The editors are not responsible for the content of each article.