Optimizing the Privacy-Utility Balance Using Synthetic Data and Configurable Perturbation Pipelines

This paper explores the strategic use of modern synthetic data generation and advanced data perturbation techniques to enhance security, maintain analytical utility, and improve operational efficiency when managing large datasets, with a particular focus on the Banking, Financial Services, and...

A Comprehensive Survey of Cybercrimes in India over the Last Decade

Since the 1990s, the integration of technology into daily life has led to the creation of an extensive network of interconnected devices, transforming how individuals and organizations operate. However, this digital transformation has also spurred the rise of cybercrime, criminal activities...

Beware: Fake CAPTCHA Campaign Spreads Lumma Stealer in Multi-Industry Attacks

Cybersecurity researchers are calling attention to a new malware campaign that leverages fake CAPTCHA verification checks to deliver the infamous Lumma information stealer. "The campaign is global, with Netskope Threat Labs tracking victims targeted in Argentina, Colombia, the United States, the...

Chinese Hackers Using Deepfakes in Advanced Mobile Banking Malware Attacks

A Chinese-speaking threat actor codenamed GoldFactory has been attributed to the development of highly sophisticated banking trojans, including a previously undocumented iOS malware called GoldPickaxe that's capable of harvesting identity documents, facial recognition data, and intercepting SMS...

Banking Sector Targeted in Open-Source Software Supply Chain Attacks

Cybersecurity researchers said they have discovered what they say is the first open-source software supply chain attacks specifically targeting the banking sector. "These attacks showcased advanced techniques, including targeting specific components in web assets of the victim bank by attaching...

Microsoft Uncovers Banking AitM Phishing and BEC Attacks Targeting Financial Giants

Banking and financial services organizations are the targets of a new multi-stage adversary-in-the-middle AitM phishing and business email compromise BEC attack, Microsoft has revealed. "The attack originated from a compromised trusted vendor and transitioned into a series of AiTM attacks and...

MoleRats APT Launches Spy Campaign on Bankers, Politicians, Journalists

Malicious files doctored up to look like legitimate content related to the Israeli-Palestine conflict are being used to target prominent Palestinians, as well as activists and journalists in Turkey, with spyware. That’s according to a disclosure from Zscaler, which attributes the cyberattacks to...

Molerats Hackers Hiding New Espionage Attacks Behind Public Cloud Infrastructure

An active espionage campaign has been attributed to the threat actor known as Molerats that abuses legitimate cloud services like Google Drive and Dropbox to host malware payloads and for command-and-control and the exfiltration of data from targets across the Middle East. The cyber offensive is...

Phishing Campaign Leverages WOFF Obfuscation and Telegram Channels for Communication

FireEye Email Security recently encountered various phishing campaigns, mostly in the Americas and Europe, using source code obfuscation with compromised or bad domains. These domains were masquerading as authentic websites and stole personal information such as credit card data. The stolen...

Spam and phishing in Q3 2018

Quarterly highlights Personal data in spam We have often said that personal data is candy on a stick to fraudsters and must be kept safe that is, not given out on dubious websites. It can be used to gain access to accounts and in targeted attacks and ransomware campaigns. In Q3, we registered a...

Despite Ringleader’s Arrest, Cobalt Group Still Active

Evidence has surfaced that the Cobalt Group – the threat actors behind widespread attacks on banks and ATM jackpotting campaigns across Europe – is continuing to operate, despite the arrest of its accused ringleader in March. The Cobalt Group, first burst on the scene in 2016: in a single night,...

Targeted Attacks against Banks in the Middle East

Introduction In the first week of May 2016, FireEye’s DTI identified a wave of emails containing malicious attachments being sent to multiple banks in the Middle East region. The threat actors appear to be performing initial reconnaissance against would-be targets, and the attacks caught our...

Targeted Attacks against Banks in the Middle East

UPDATE Dec. 8, 2017: We now attribute this campaign to APT34, a suspected Iranian cyber espionage threat group that we believe has been active since at least 2014. Learn more about APT34 and their late 2017 targeting of a government organization in the Middle East. Introduction In the first week ...

trs某系统任意文件下载漏洞第二弹

简要描述： 感觉挺严重的问题，存在的地方包括但是不局限银行、政府等行业。 详细说明： exp inforadar/jsp/util/filedownload.jsp?filePath=../../../../../../../etc/passwd exp2 http://inforadar.trs.com.cn/jsp/util/filedownload.jsp?filePath=c:%5Cboot.ini%00.xml 官方网站需要加个截断，就可以了 应该是神马雷达系统。 很多地方都有这问题。 但是google找不到多少个，因为很多都是二次开发，目录明改变了。 比如招行。。。...

Fraud-as-a-Service of Zeus Malware advertised on social network

Cyber crime enterprise is showing a growing interest in monetization of botnets, the most targeted sector in recent months is banking. One of most active malware that still menaces Banking sector is the popular Zeus. Zeus is one of the oldest, it is active since 2007, and most prolific malware th...

ISPA to launch cyber security code of practice in SA

ISPA to launch cyber security code of practice in SA South Africa's Internet Service Providers' Association ISPA has teamed with Australia's Internet Industry Association to develop a new voluntary industry code of practice to improve cybersecurity for end users. Known as the 'icode', and develop...