2010, Information Security, Malware and Phishing

2010

Information Security

Malware

Phishing

Full(z) House Magecart group mix phishing and MiTM in its attacks

Security Affairs

NOVEMBER 26, 2019

A group under the Magecart umbrella adopted a new tactic that leverages on MiTM and phishing attacks to target sites using external payment processors. Security firms have monitored the activities of a dozen groups at least since 2010. Card skimming to sell credit card information on their carding store named “CardHouse.”.

Phishing

Phishing Cybercrime Advertising Software

Microsoft seized 42 domains used by the China-linked APT15 cyberespionage group

Security Affairs

DECEMBER 7, 2021

APT15 has been active since at least 2010, it conducted cyber espionage campaigns against targets worldwide in several industries, including defense, high tech, energy, government, aerospace, and manufacturing. “The Microsoft Digital Crimes Unit (DCU) has disrupted the activities of a China-based hacking group that we call Nickel.

VPN

VPN Manufacturing Government Hacking

Join 29,000+

Insiders

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Trending Sources

Dragon Breath APT uses double-dip DLL sideloading strategy

Security Affairs

MAY 7, 2023

Most of the victims are Chinese-speaking Windows users engaged in online gambling, the APT group relies on Telegram to distribute the malware. How the user first encountered the site, whether through phishing or SEO poisoning or some other method, is beyond the scope of this investigation.” ” concludes the post.

Malware

Malware Cryptocurrency Encryption Phishing

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

A new variant of Asruex Trojan exploits very old Office, Adobe flaws

Security Affairs

AUGUST 23, 2019

Malware researchers at Trend Micro discovered a new variant of the Asruex Trojan that exploits old Microsoft Office and Adobe vulnerabilities to infect Windows and Mac systems. CVE-2010-2883 is a stack buffer overflow flaw that could be exploited by attackers to execute arbitrary code or trigger a denial of service condition. .

Malware

Malware Spyware Advertising Encryption

Microsoft sued North Korea-linked Thallium group

Security Affairs

DECEMBER 30, 2019

Microsoft sued Thallium North Korea-linked APT for hacking into its customers’ accounts and networks via spear-phishing attacks. Microsoft sued a North Korea-linked cyber espionage group tracked as Thallium for hacking into its customers’ accounts and networks via spear-phishing attacks. 27 in the U.S.

Computers and Electronics

Computers and Electronics Phishing Accountability Malware

Crooks leverages.htaccess injector on Joomla and WordPress sites for malicious redirects

Security Affairs

MAY 27, 2019

The website was used by attackers to redirect traffic to advertising sites that attempted to deliver malware. Sucuri spotted threat actors abusing the URL redirect function of the.htaccess file to redirect visitors of compromised websites to phishing sites, sites delivering malware, or simply to generate impressions.

Advertising

Advertising Malware Antivirus Software

Bulletproof VPN services took down in a global police operation

Security Affairs

DECEMBER 22, 2020

VPN bulletproof services are widely adopted by cybercrime organizations to carry out malicious activities, including ransomware and malware attacks, e-skimming breaches, spear-phishing campaigns, and account takeovers. ” reads the press release published by the Europol. The services were offered for prices ranging from $1.3/day

VPN

VPN Cybercrime Advertising Accountability

Chinese LuckyMouse APT has been using a digitally signed network filtering driver in recent attacks

Security Affairs

SEPTEMBER 10, 2018

Security experts from Kaspersky have observed the LuckyMouse APT group (aka Emissary Panda , APT27 and Threat Group 3390) using a digitally signed 32- and 64-bit network filtering driver NDISProxy in recent attacks. The APT group has been active since at least 2010, the crew targeted U.S.

Advertising

Advertising Financial Services Malware Government

Experts believe the Magecart Group 5 could be linked to the Carbanak APT

Security Affairs

OCTOBER 22, 2019

Security experts linked the Magecart group 5 to the infamous Dridex banking Trojan and the Carbanak cybercrime group. Researchers at Malwarebytes found a link between a scheme associated with the Magecart group and Dridex phishing campaigns and the activities of the Carbanak group. .

Cybercrime

Cybercrime Phishing Advertising Banking

Cloud Hopper operation hit 8 of the world’s biggest IT service providers

Security Affairs

JUNE 27, 2019

Even is HPE has been hacked multiple times since 2010, most of the hack occurred between 2015 and 2017. APT10 hackers also targeted the customers of the IT companies stealing plans, blueprints, personal information, and other data. ” continues the report.

Identity Theft

Identity Theft Hacking System Administration Advertising

Cyber Security Roundup for April 2021

Security Boulevard

MARCH 31, 2021

roundup of UK focused Cyber and Information Security News, Blog Posts, Reports and general Threat Intelligence from the previous calendar month, March 2021. conduct employee phishing tests. conduct employee phishing tests. CopperStealer Malware infected up to 5,000 hosts per day over the First Three Months of 2021.

Energy and Utilities

Energy and Utilities Ransomware Banking Hacking

FBI and DHS CISA issue alerts on e-skimming attacks

Security Affairs

OCTOBER 23, 2019

“The bad actor may have gained access via a phishing attack targeting your employees—or through a vulnerable third-party vendor attached to your company’s server.” Security firms have monitored the activities of a dozen groups at least since 2010. . ” reads the alert published by the FBI.

Social Engineering

Social Engineering Advertising Software Firewall

Fullz House hacked the website of Boom! Mobile provider to steal credit cards

Security Affairs

OCTOBER 6, 2020

The Fullz House group was first spotted by security experts at RiskIQ in November 2019, when it was using phishing and web skimming for its attacks. Since August-September of 2019, the group started using a hybrid technique that leverages on MiTM and phishing attacks to target sites using external payment processors.

Mobile

Mobile Hacking Wireless Advertising

Data of 2 million MyFreeCams users sold on a hacker forum

Security Affairs

JANUARY 22, 2021

The investigation conducted by MyFreeCams revealed that data were stolen in “a security incident that occurred more than ten years ago in June 2010.” The company added that it has secured its infrastructure shortly after the attack occurred fixing the issue exploited by the threat actors. ” continues CyberNews.

Passwords

Passwords Marketing Accountability Cryptocurrency

EP 49: LoL

ForAllSecure

JUNE 21, 2022

So I started thinking about other ways to hide messages or even how to get malware onto a system without it being detected. Vamosi: Welcome to the hacker mind and original podcast from for all secure. Vamosi: Living off the land or fireless malware is a threat actor leveraging the utilities readily available on a system.

Ransomware

Ransomware Marketing Software Antivirus

Cyber Security Informer

Full(z) House Magecart group mix phishing and MiTM in its attacks

Microsoft seized 42 domains used by the China-linked APT15 cyberespionage group

Webinars

Trending Sources

Dragon Breath APT uses double-dip DLL sideloading strategy

Webinars

A new variant of Asruex Trojan exploits very old Office, Adobe flaws

Microsoft sued North Korea-linked Thallium group

Crooks leverages.htaccess injector on Joomla and WordPress sites for malicious redirects

Bulletproof VPN services took down in a global police operation

Chinese LuckyMouse APT has been using a digitally signed network filtering driver in recent attacks

Experts believe the Magecart Group 5 could be linked to the Carbanak APT

Cloud Hopper operation hit 8 of the world’s biggest IT service providers

Cyber Security Roundup for April 2021

FBI and DHS CISA issue alerts on e-skimming attacks

Fullz House hacked the website of Boom! Mobile provider to steal credit cards

Data of 2 million MyFreeCams users sold on a hacker forum

EP 49: LoL

Stay Connected