< ciso
brief />
Tag Banner

All news with #insider threat tag

132 articles · page 5 of 7

Dutch Hacker Sentenced to Seven Years for Port Hacks

🔒 The Amsterdam Court of Appeal sentenced a 44‑year‑old Dutch national to seven years in prison for breaching IT systems at the ports of Rotterdam, Barendrecht and Antwerp to facilitate drug trafficking. The court found he gained access after employees introduced USB sticks containing malware, enabling installation of a remote access tool, data exfiltration and interception. An appeal arguing unlawful interception of Sky ECC communications was rejected, as the defence failed to substantiate procedural violations. He was acquitted on one large cocaine import charge but upheld on hacking, facilitating the importation of 210 kg of cocaine, and attempted extortion.
read more →

Smashing Security Podcast 449: Romance Scams, Job Market

🎧 In episode 449 of the Smashing Security podcast, Graham Cluley examines an actual romance-fraud handbook that includes scripts, personality “types,” corporate jargon and a seven-day plan to convince victims to hand over cryptocurrency. Guest Lesley Carhart delivers a stark reality check on the shrinking entry-level cybersecurity job market and the hazards of automated CV screening. The show also features ThreatLocker CEO Danny Jenkins discussing how misconfigurations drive breaches and how default-deny approaches work in practice.
read more →

Coinbase Insider Arrested in India Over Customer Data Leak

🔒 A former Coinbase customer service agent was arrested in Hyderabad, India, after allegedly accepting bribes from criminal gangs to access and sell sensitive customer records, Coinbase CEO Brian Armstrong announced. The incident, disclosed in May 2025, involved compromised support staff leaking data on nearly 70,000 customers, including IDs and financial details. Coinbase refused a US $20 million ransom and instead committed that sum to a reward fund while cooperating with law enforcement.
read more →

Former Coinbase Support Agent Arrested in India After Breach

🔒 A former Coinbase customer support agent was arrested in Hyderabad after investigators linked the individual to a scheme that helped hackers access a company database earlier this year. Coinbase CEO Brian Armstrong said additional arrests are expected. The incident, tied to outsourced agents at TaskUs, affected about 69,500 customers and involved a $20 million ransom demand.
read more →

Amazon Blocks 1,800+ Job Applications Tied to North Korea

🛡️ Amazon's chief security officer Stephen Schmidt says the company has blocked more than 1,800 job applications since April 2024 that are suspected to originate from North Korean agents, with linked submissions increasing roughly 27% per quarter in 2025. Amazon combines AI-based analysis with manual review—searching for links to at-risk institutions, application anomalies, and geographic inconsistencies—and verifies identities via background checks, references, and structured interviews. Recurring trends include increasingly sophisticated identity theft, hijacked LinkedIn profiles, fake U.S. educational credentials, and the use of "laptop farms" to simulate local presence; even phone numbers formatted with a country code of "1" can be a red flag. Amazon says the purpose appears to be securing remote employment to funnel income to North Korea's weapons program and urges industry peers to tighten identity verification and report suspicious activity to authorities such as the FBI.
read more →

Coupang breach affects 33.7M users, raises data risks

🔒 Coupang disclosed a data breach impacting 33.7 million customer accounts, exposing names, phone numbers, email addresses, delivery address books and purchase histories. The company detected unusual activity on November 6, confirmed a breach on November 18 and publicly disclosed the incident on November 29; attackers had access from June 24 to November 8. A former employee who retained access keys is the prime suspect. The incident highlights gaps where non‑mandated data remained unencrypted and underscores the need for stronger voluntary protections.
read more →

Doublespeed Phone Farm Hacked, AI Ad Accounts Exposed

🔓 Doublespeed, a startup backed by Andreessen Horowitz (a16z), was breached, exposing its operation of hundreds of AI-generated social media accounts and a phone farm controlling more than 1,000 smartphones. The anonymous intruder said they reported a vulnerability to Doublespeed on October 31 and still have access to the company's backend, including the device fleet. The compromise reveals promoted products often lacked required advertising disclosures and raises concerns about platform abuse and regulatory compliance.
read more →

Cybercriminals Recruiting Insiders in Finance, Telecom, Tech

🔒 Cyber criminals are increasingly recruiting insiders at banks, telecoms, and tech firms to obtain network and cloud access. Darknet adverts offer payouts ranging from $3,000 to $15,000 for account credentials or direct access, and threat actors target crypto exchanges, banks, and major cloud providers. Effective prevention requires employee education, enforced access controls, and active darknet monitoring.
read more →

Coupang Breach Linked to Former Employee's System Access

🔍 Coupang has tied a major data breach exposing 33.7 million customers to a former employee who retained access after leaving the company. The intrusion occurred on June 24, 2025 and was discovered by Coupang on November 18; the company disclosed the incident on December 1 and later said the stolen data had not been published online. Police raided Coupang offices to collect logs, credentials and other records during an independent probe, and the CEO resigned amid the fallout. Authorities warn the firm could face liability if negligence or other violations are found, while the breach has prompted widespread phishing and impersonation reports across South Korea.
read more →

Imposter for Hire: Fake Employees Gaining Access Now

🔍 Microsoft Incident Response details a real-world intrusion where operatives posed as legitimate remote hires to gain trusted access. Attackers used low-cost PiKVM hardware to create persistent, out-of-band control of employer-issued workstations and bypassed normal EDR and onboarding controls. DART used telemetry from Microsoft Entra ID, Microsoft Defender, and bespoke forensic tools to trace activity to the North Korean group Jasper Sleet, contain the compromise, and restore affected systems. The report emphasizes strengthening vetting, enforcing least privilege, and monitoring for unauthorized IT devices.
read more →

Cyber 'Tax' Drives SMBs to Raise Prices After Breaches

🔔 The Identity Theft Resource Center's 2025 Business Impact Report found that 81% of US small businesses experienced a data or security breach in the past year, and 38% raised prices as a result. Respondents attributed 41% of incidents to AI-enabled attacks, while external actors and malicious insiders were cited by 43% and 42% respectively. The ITRC warns that adoption of protections such as MFA is falling and advises SMBs to focus on people, process and technology defenses including out-of-band verification and AI-driven detection tools.
read more →

From Essay Mills to Drones: Ties Between Nerdify and Synergy

🔎 A sprawling academic cheating network branded around Nerdify and related sites has generated nearly $25 million by selling finished essays and homework while posing as tutoring. The operation repeatedly recreated Google Ads accounts and new domains to evade ad bans, routing work to low-cost writers across Kenya, the Philippines, Pakistan, Russia and Ukraine. Investigations link the essay-mill operators to entrepreneurs with corporate ties to Synergy, Russia's largest private university, which is also implicated in drone development for the Russian military.
read more →

Senate Finds Widespread Use of Non-Approved Messaging Apps

📱 The Senate Committee on Armed Services concluded that unsecured use of non‑approved messaging apps is a wider problem in the Department of Defense. It found that Secretary Pete Hegseth violated policy by sharing operational details on Signal from a personal device two hours before a strike and inadvertently added a journalist to the group. The reports cite broader “shadow communications,” limited audit evidence, and recommend approved alternatives, training, and tighter authority controls.
read more →

Contractors Accused of Wiping 96 Government Databases

🧾 Two Virginia brothers, former federal contractors Muneeb and Sohaib Akhter, have been charged with conspiring to steal sensitive data and deleting roughly 96 government databases after being fired. Prosecutors allege the deletions occurred in February 2025 and that Muneeb also stole IRS and EEOC information for hundreds of individuals. One minute after deleting a DHS database he reportedly asked an AI tool how to clear system logs. Authorities say the pair wiped devices, destroyed evidence, and face multiple federal charges including computer fraud and aggravated identity theft.
read more →

Coupang Confirms 33.7M Customer Records Exposed in Breach

⚠️ Coupang has confirmed unauthorized access to delivery-related personal information affecting an estimated 33.7 million customers, including names, email addresses and phone numbers. The company says payment details and login credentials were not accessed, and it has blocked the access route and strengthened internal monitoring. Seoul police have identified a suspect, believed to be a former employee who has left South Korea, and are analysing server logs while tracking an IP address tied to the incident.
read more →

When Hackers Wear Suits: Preventing Insider Impersonation

🛡️ The hiring pipeline is being exploited by sophisticated threat actors who create fake personas—complete with fabricated resumes, AI-generated videos, and stolen identities—to secure privileged remote roles inside organizations. Once hired these imposters can exfiltrate data, plant backdoors, or extort employers, making the risk especially acute for MSPs that manage multiple clients. Strengthening HR verification, staged access provisioning, hardware-based MFA, network segmentation, and ongoing security awareness training are essential to mitigate this insider impersonation threat.
read more →

Smashing Security #445: Broadcast Hacks and Insider Risk

🧟 In episode 445 of the Smashing Security podcast, Graham Cluley and guest Dan Raywood review a decade of insecure broadcast infrastructure that has allowed attackers to hijack TV and radio, issue fake emergency alerts, and even replace sermons with explicit content. They also examine an alleged insider leak at a cybersecurity firm that raises urgent questions about trusted access and internal controls. The discussion highlights persistent vulnerabilities in broadcast hardware and the broader implications for public safety and incident response.
read more →

SLSH Resurgence: ShinySp1d3r RaaS Ahead of Holidays

⚠️ Unit 42 documents a renewed campaign by the Scattered LAPSUS$ Hunters (SLSH) that combines a supply-chain driven data theft affecting Gainsight/Salesforce integrations with the emergence of a new Windows-focused ransomware-as-a-service, ShinySp1d3r. The actors publicly threatened mass ransomware deployment and set a leak deadline while also actively recruiting insiders and claiming hundreds of additional victim accesses. Organizations should prioritize rotating exposed tokens, enforcing strong insider controls, and engaging incident response if they suspect compromise.
read more →

CrowdStrike Fires Insider Allegedly Sharing Internal Data

🔒 CrowdStrike said it fired a “suspicious insider” after screenshots of company resources—including an Okta dashboard for internal access—appeared in a public Telegram channel run by Scattered Lapsus$ Hunters. The hackers claimed the material came from a Salesforce-ecosystem breach involving vendor Gainsight, a claim CrowdStrike denied. The company told TechCrunch investigators the images were produced when an employee shared pictures of their screen externally, that its systems were not compromised, and that customers remained protected. CrowdStrike has referred the matter to law enforcement.
read more →

CrowdStrike Insider Shared Screenshots with Hackers

🔒 CrowdStrike confirmed that an insider shared screenshots taken on internal systems with external threat actors but stressed that its systems were not breached and customer data remained protected. The company said it identified and terminated the suspicious employee after an internal investigation and has referred the matter to law enforcement. CrowdStrike declined to name the responsible group or the insider's motives, while screenshots surfaced on Telegram attributed to several extortion-focused collectives.
read more →