2012, Accountability, Hacking and Malware

Giving a Face to the Malware Proxy Service ‘Faceless’

Krebs on Security

APRIL 18, 2023

For the past seven years, a malware-based proxy service known as “ Faceless ” has sold anonymity to countless cybercriminals. The proxy lookup page inside the malware-based anonymity service Faceless. Image: spur.us. as a media sharing device on a local network that was somehow exposed to the Internet.

Malware

Malware Passwords Accountability Advertising

U.S., U.K. Sanction 7 Men Tied to Trickbot Hacking Group

Krebs on Security

FEBRUARY 9, 2023

Authorities in the United States and United Kingdom today levied financial sanctions against seven men accused of operating “ Trickbot ,” a cybercrime-as-a-service platform based in Russia that has enabled countless ransomware attacks and bank account takeovers since its debut in 2016. companies and government entities.

Hacking

Hacking Cybercrime Ransomware Government

Ask Fitis, the Bear: Real Crooks Sign Their Malware

Krebs on Security

JUNE 1, 2023

This post is a deep dive on “ Megatraffer ,” a veteran Russian hacker who has practically cornered the underground market for malware focused code-signing certificates since 2015. More recently, it appears Megatraffer has been working with ransomware groups to help improve the stealth of their malware. account on Carder[.]su

Malware

Malware Cybercrime Software Antivirus

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

The Olympics: a timeline of scams, hacks, and malware

Malwarebytes

JULY 28, 2021

And while actual, measurable cyberrattacks and hacks surrounding The Olympics did not truly get rolling until 2008 in Beijing, The Olympic games have traditionally been quite the target for malicious acts of all kinds, dating back years. It was also the first major Olympics event where organizers braced for hacking related impact.

Scams

Scams Hacking Malware Mobile

Chinese Antivirus Firm Was Part of APT41 ‘Supply Chain’ Attack

Krebs on Security

SEPTEMBER 17, 2020

Justice Department this week indicted seven Chinese nationals for a decade-long hacking spree that targeted more than 100 high-tech and online gaming companies. The government alleges the men used malware-laced phishing emails and “supply chain” attacks to steal data from companies and their customers.

Antivirus

Antivirus Hacking Government Software

Who’s Behind the Botnet-Based Service BHProxies?

Krebs on Security

FEBRUARY 24, 2023

The Mylobot malware includes more than 1,000 hard-coded and encrypted domain names, any one of which can be registered and used as control networks for the infected hosts. BHProxies has authored 129 posts on Black Hat World since 2012, and their last post on the forum was in December 2022. The website BHProxies[.]com

Accountability

Accountability Advertising Marketing Malware

Ukrainian national faces up to 20 years in prison for his role in Zeus, IcedID malware schemes

Security Affairs

FEBRUARY 17, 2024

Ukrainian national Vyacheslav Igorevich Penchukov has pleaded guilty to his key roles in the Zeus and IcedID malware operations. Vyacheslav Igorevich Penchukov was a leader of two prolific malware groups that infected thousands of computers with malicious software.

Malware

Malware Cybercrime Banking Hacking

Yevgeniy Nikulin, Russian hacker behind Dropbox and LinkedIn hacks found guilty

Security Affairs

JULY 11, 2020

The Russian hacker Yevgeniy Nikulin found guilty for LinkedIn, Dropbox, and Formspring data breach back in 2012 and the sale of their users’ data. A jury found Russian hacker Yevgeniy Nikulin guilty for the hack of LinkedIn, Dropbox, and Formspring back in 2012 and for the sale of the stolen data on cybercrime black marketplaces.

Hacking

Hacking Cybercrime Data breaches Advertising

Russian author of NeverQuest banking malware gets 4 Years in U.S. Prison

Security Affairs

NOVEMBER 22, 2019

The Russian hacker who created and used Neverquest banking malware has finally been sentenced to 4 years in prison by a US District Court. The Russian hacker was suspected of being the author of the Neverquest malware , aka Vawtrak malware, and the person who administrated the control infrastructure.

Banking

Banking Malware Advertising Passwords

Alleged FruitFly malware creator ruled incompetent to stand trial

Malwarebytes

JANUARY 16, 2024

The university was notified by an undisclosed third party, who provided information to help the team find and identify the malware. Together, CWRU and the FBI were able to identify that an IP address with which the malware was communicating had also been used to access the alumni email account of a man called Phillip Durachinsky.

Malware

Malware Passwords Identity Theft Data collection

Microsoft Issues Emergency Fix for IE Zero Day

Krebs on Security

DECEMBER 19, 2018

Satnam Narang , senior research engineer at Tenable , said the vulnerability affects the following installations of IE: Internet Explorer 11 from Windows 7 to Windows 10 as well as Windows Server 2012, 2016 and 2019; IE 9 on Windows Server 2008; and IE 10 on Windows Server 2012.

Internet

Internet Internet Engineering Software

Actions Target Russian Govt. Botnet, Hydra Dark Market

Krebs on Security

APRIL 7, 2022

The DOJ said it did not seek to disinfect compromised devices; instead, it obtained court orders to remove the Cyclops Blink malware from its “command and control” servers — the hidden machines that allowed the attackers to orchestrate the activities of the botnet. energy facilities. ” HYDRA. ” HYDRA. .

Marketing

Marketing Energy and Utilities Malware Ransomware

Russian national Yevgeniy Aleksandrovich Nikulin sentenced to 88 months in prison

Security Affairs

SEPTEMBER 30, 2020

Russian national Yevgeniy Aleksandrovich Nikulin was sentenced to 88 months in prison for hacking LinkedIn, Dropbox, and Formspring in 2012. The Russian national Yevgeniy Aleksandrovich Nikulin was sentenced to 88 months in prison in the United States for hacking LinkedIn, Dropbox, and Formspring in 2012.

Identity Theft

Identity Theft Cybercrime Advertising Hacking

North Korea ScarCruft APT used previously undetected Dolphin Backdoor against South Korea

Security Affairs

DECEMBER 1, 2022

ScarCruft has been active since at least 2012, it made the headlines in early February 2018 when researchers revealed that the APT group leveraged a zero-day vulnerability in Adobe Flash Player to deliver malware to South Korean users. SecurityAffairs – hacking, Dolphin backdoor). ” reads the post published by ESET.

Accountability

Accountability Malware Cyber Attacks Media

Hacking News Roundup: Even 'Fast Company' Isn't Safe

SecureWorld News

SEPTEMBER 30, 2022

A personal Google account was the culprit, according to Cisco Security Incident Response. The Yanluowang group is linked to "Evil Corp," the Lapsus$ gang (responsible for a recent Uber attack ), and FiveHands malware. Here's an article we ran in February about a Deadbolt decryption key being released. Cisco reports stolen data.

Adware

Adware Hacking Ransomware Retail

Law enforcement seized the website selling the NetWire RAT and arrested a Croatian man

Security Affairs

MARCH 10, 2023

The NetWire Remote Access Trojan (RAT) is available for sale on cybercrime forums since 2012, it allows operators to steal sensitive data from the infected systems. DomainTools further shows this email address was used to register one other domain in 2012: wwlabshosting[.]com, ” reads the press release published DoJ.

Malware

Malware Cybercrime Data breaches Internet

Meet Ika & Sal: The Bulletproof Hosting Duo from Hell

Krebs on Security

JANUARY 8, 2024

As detailed in my 2014 book, Spam Nation , Spamdot was home to crooks controlling some of the world’s nastiest botnets, global malware contagions that went by exotic names like Rustock , Cutwail , Mega-D , Festi , Waledac , and Grum. bank accounts. And there were many good reasons to support this conclusion.

Cybercrime

Cybercrime Banking Computers and Electronics DDOS

Facebook links cyberespionage group APT32 to Vietnamese IT firm

Security Affairs

DECEMBER 11, 2020

Facebook has suspended some accounts linked to APT32 that were involved in cyber espionage campaigns to spread malware. Facebook has suspended several accounts linked to the APT32 cyberespionage that abused the platform to spread malware. The company also blocked the domains used by the group.

Retail

Retail Malware Mobile Accountability

Lockbit ransomware gang claims to have breached the Italian Revenue Agency

Security Affairs

JULY 25, 2022

The ransomware gang Lockbit claims to have hacked the Italian Revenue Agency (Agenzia delle Entrate) and added the government agency to the list of victims reported on its dark web leak site. It has its own statute and specific regulations governing administration and accounting. SecurityAffairs – hacking, Lockbit).

Ransomware

Ransomware Government Scams Hacking

Canada Charges Its “Most Prolific Cybercriminal”

Krebs on Security

DECEMBER 8, 2021

There is a now-dormant Myspace account for a Matthew Philbert from Orleans, a suburb of Ottawa, Ontario. The information tied to the Myspace account matches the age and town of the defendant. The Myspace account was registered under the nickname “ Darkcloudowner ,” and to the email address dark_cl0ud6@hotmail.com.

Cybercrime

Cybercrime Ransomware Accountability Advertising

US deported NeverQuest operator Stanislav Vitaliyevich Lisov to Russia

Security Affairs

JUNE 21, 2020

The United States has deported the author of NeverQuest banking malware, the computer programmer Stanislav Vitaliyevich Lisov to Russia. . The Russian hacker was suspected of being the author of the Neverquest malware , aka Vawtrak malware, and the person who administrated the control infrastructure. Pierluigi Paganini.

Banking

Banking Malware Advertising Hacking

Mitsubishi Electric Corp. was hit by a new cyberattack

Security Affairs

NOVEMBER 20, 2020

20 said they were checking the 8,653 accounts of those it has business transactions with to determine if information related to bank accounts of the other parties as well as other information leaked.” Data exposed after the incident data includes names, addresses, and phone numbers of account holders. Pierluigi Paganini.

Banking

Banking Cyber Attacks Accountability Media

Threat actors are offering for sale 550 million stolen user records

Security Affairs

MAY 15, 2020

Data appears to come from past data breaches, the oldest one dates back as 2012 while the latest one dates April 2020. cyber #cybersecurity @BleepinComputer #malware pic.twitter.com/CtnppIyhxn — Cyble (@AuCyble) May 14, 2020. million April 2018 Netlog.com (Twoo.com) 57 million November 2012 Dubsmash.com Phone numbers 47.1

Data breaches

Data breaches Advertising Passwords Hacking

MY TAKE: Iran’s cyber retaliation for Soleimani assassination continues to ramp up

The Last Watchdog

FEBRUARY 3, 2020

Samide and other experts say what’s coming next is very likely to be a series of varied attacks as combatants on all sides leverage footholds gained from ongoing intelligence gathering and malware planting. It’s notable that hacks to gain access to, and maintain control of, industrial control systems are a recurring theme in cyber warfare.

Energy and Utilities

Energy and Utilities Malware Hacking Passwords

Analyzing attacks conducted by North Korea-linked ARCHIPELAGO APT group

Security Affairs

APRIL 6, 2023

Google experts are tracking ARCHIPELAGO since 2012 and have observed the group targeting individuals with expertise in North Korea policy issues. The threat actor employed malware like BabyShark that were hosted on Google Drive in the form of blank files or ISO image files.

Phishing

Phishing Media Passwords Malware

North Korea-linked ScarCruft APT uses large LNK files in infection chains

Security Affairs

MAY 2, 2023

North Korea-linked ScarCruft APT group started using oversized LNK files to deliver the RokRAT malware starting in early July 2022. The infection chain used by the threat actors relies on large LNK files running PowerShell, leading to the execution of the previously undetected malware. ” concludes the report.

Malware

Malware Education Media Phishing

New Version of Meduza Stealer Released in Dark Web

Security Affairs

DECEMBER 29, 2023

Altogether, Meduza makes a great competitor to Azorult , Redline , Racoon , and Vidar Stealer used by cybercriminals for account takeover (ATO), online-banking theft, and financial fraud. Presently, Meduza password stealer supports Windows Server 2012/2016/2019/2022 and Windows 10/11.

Password Management

Password Management Cryptocurrency Passwords Authentication

A Deep Dive Into the Residential Proxy Service ‘911’

Krebs on Security

JULY 18, 2022

re network uses at least two free VPN services to lure its users to install a malware-like software that achieves persistence on the user’s computer,” the researchers wrote. The website’s copyright suggests the ExE Bucks affiliate program dates back to 2012. “The 911[.]re A cached copy of flashupdate[.]net

VPN

VPN Computers and Electronics Antivirus Software

Belarusian authorities seized XakFor, one of the largest Russian-speaking hacker sites

Security Affairs

SEPTEMBER 8, 2019

Ministry of Internal Affairs announced that Belarusian police have seized and shutdown XakFor, one of the largest hacking forums on the internet. net), a popular hacking forum a place frequented by hackers, malware authors, scammers and cybercriminals. SecurityAffairs – XakFor forum , malware). Pierluigi Paganini.

Advertising

Advertising Malware Cybercrime Hacking

Author of NeverQuest botnet pleads guilty to bank fraud

Security Affairs

FEBRUARY 26, 2019

The Russian hacker Stanislav Vitaliyevich Lisov pleads guilty to bank fraud after running a botnet that spread ‘NeverQuest’ malware for three years. The man has pled guilty to one count of conspiracy to commit computer hacking in Manhattan Federal Court, he faces a sentence of up to five years in prison. “Geoffrey S.

Banking

Banking Malware Advertising Accountability

British Court rejects the US’s request to extradite Julian Assange

Security Affairs

JANUARY 4, 2021

“Taking account of all of the information available to him, he considered Mr Assange’s risk of suicide to be very high should extradition become imminent. SecurityAffairs – hacking, Julian Assange). This was a well-informed opinion carefully supported by evidence and explained over two detailed reports.”

Government

Government Risk Passwords Hacking

Cybercriminals are Oversharing with Social Media Data Breaches

SiteLock

AUGUST 27, 2021

Peace stole data from over 360 million Myspace accounts. The stolen data was several years old, but it is still valuable on the dark web because people often reuse passwords for multiple sites and accounts, from online banking to eCommerce accounts. In 2012, LinkedIn was hit with a breach and more than 6.5

Data breaches

Data breaches Media Passwords Accountability

‘LuminosityLink RAT’ Author Pleads Guilty

Krebs on Security

JULY 16, 2018

A 21-year-old Kentucky man has pleaded guilty to authoring and distributing a popular hacking tool called “ LuminosityLink ,” a malware strain that security experts say was used by thousands of customers to gain unauthorized access to tens of thousands of computers across 78 countries worldwide.

Marketing

Marketing Advertising Accountability Malware

Microsoft releases On-premises Mitigation Tool (EOMT) tool to fix ProxyLogon issues

Security Affairs

MARCH 16, 2021

The IT giant reported that at least one China linked APT group, tracked as HAFNIUM , chained these vulnerabilities to access on-premises Exchange servers to access email accounts, and install backdoors to maintain access to victim environments. SecurityAffairs – hacking, Microsoft Exchange). Pierluigi Paganini.

Small Business

Small Business Manufacturing Banking Hacking

Is there a link between Microsoft Exchange exploits and PoC code the company shared with partner security firms?

Security Affairs

MARCH 16, 2021

The IT giant reported that at least one China linked APT group, tracked as HAFNIUM , chained these vulnerabilities to access on-premises Exchange servers to access email accounts, and install backdoors to maintain access to victim environments. a MAPP partner company based in China, for leaking data related to CVE-2012-0002.

Antivirus

Antivirus Cyber Attacks Hacking Accountability

A new Adwind variant involved in attacks on US petroleum industry

Security Affairs

OCTOBER 1, 2019

The malware is distributed via a malspam campaign, the spam messages come with malicious attachments or include URL to malicious content. Adwind is could infect all the major operating systems, including Windows, Mac, Linux, and Android, it is available in the cybercrime underground as a malware-as-a-service (MaaS) model.

Malware

Malware Advertising DDOS Cybercrime

3 Zero-Day in SonicWall Enterprise Email Security Appliances actively exploited

Security Affairs

APRIL 21, 2021

The three vulnerabilities addressed by the security vendor are: CVE-2021-20021 : Email Security Pre-Authentication Administrative Account Creation: A vulnerability in the SonicWall Email Security version 10.0.9.x x allows an attacker to create an administrative account by sending a crafted HTTP request to the remote host.

Authentication

Authentication Accountability Encryption Hacking

Tank, the leader of the Zeus cybercrime gang, was arrested by the Swiss police

Security Affairs

NOVEMBER 17, 2022

In 2012, the Ukrainian national Vyacheslav Igorevich Penchukov was accused of being a member of a cybercrime gang known as JabberZeus Crew. At the time, DoJ accused Penchukov of coordinating the exchange of stolen banking credentials and money mules and received alerts once a bank account had been compromised. Pierluigi Paganini.

Cybercrime

Cybercrime Banking Identity Theft Hacking

Microsoft Patch Tuesday for August 2019 patch 93 bugs, including 2 dangerous wormable issues

Security Affairs

AUGUST 14, 2019

A wormable flaw could be exploited by malware to propagate from vulnerable computer to vulnerable computer without any user interaction. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This issue reminds us of the flaw exploited by the Stuxnet malware back in 2010.

Authentication

Authentication Advertising Internet Internet

Platinum APT and leverages steganography to hide C2 communications

Security Affairs

JUNE 6, 2019

In June 2018, experts at Kaspersky were investigating attacks against government and military entities in South and Southeast Asian countries, The experts tracked the campaign as EasternRoppels, they speculate it may have started as far back as 2012. According to the experts, the backdoor might have been active since at least 2012. . “We

Encryption

Encryption Government Advertising Cyber Attacks

Google introduced G Suite alerts for state-sponsored attacks

Security Affairs

AUGUST 3, 2018

“We’re adding a feature in the Admin console that can alert admins if we believe a user’s account has been targeted by a government-backed attack. “It does not necessarily mean that the account has been compromised or that there was a widespread attack on an organization.” . .”

Accountability

Accountability Advertising Government Phishing

North Korea-linked ScarCruft APT adds Bluetooth Harvester to its arsenal

Security Affairs

MAY 14, 2019

ScarCruft has been active since at least 2012, it made the headlines in early February 2018 when researchers revealed that the APT group leveraged a zero-day vulnerability in Adobe Flash Player to deliver malware to South Korean users. This malware is responsible for stealing Bluetooth device information.”

Malware

Malware Advertising Government Manufacturing

10 Simple Principles for Software Supply Chain Risk Management

SecureWorld News

JUNE 22, 2022

GAO (Government Accountability Office) called out four national security agencies over the inadequacies of their supply chain security practices. However, the impact of targeted supply chain attacks didn't really hit the papers until eight years later, with the SolarWinds/Orion hack.

Software

Software Risk Hacking Accountability

Analyzing the APT34’s Jason project

Security Affairs

JUNE 6, 2019

Security expert Marco Ramilli has analyzed the recently leaked APT34 hacking tool tracked as Jason – Exchange Mail BF. Jason is a graphic tool implemented to perform Microsoft exchange account brute-force in order to “harvest” the highest possible emails and accounts information. Michael Lortz. WebService.dll assemply version.

Computers and Electronics

Computers and Electronics Penetration Testing DNS Passwords

Giving a Face to the Malware Proxy Service ‘Faceless’

U.S., U.K. Sanction 7 Men Tied to Trickbot Hacking Group

Webinars

Trending Sources

Ask Fitis, the Bear: Real Crooks Sign Their Malware

Webinars

The Olympics: a timeline of scams, hacks, and malware

Chinese Antivirus Firm Was Part of APT41 ‘Supply Chain’ Attack

Who’s Behind the Botnet-Based Service BHProxies?

Ukrainian national faces up to 20 years in prison for his role in Zeus, IcedID malware schemes

Yevgeniy Nikulin, Russian hacker behind Dropbox and LinkedIn hacks found guilty

Russian author of NeverQuest banking malware gets 4 Years in U.S. Prison

Alleged FruitFly malware creator ruled incompetent to stand trial

Microsoft Issues Emergency Fix for IE Zero Day

Actions Target Russian Govt. Botnet, Hydra Dark Market

Russian national Yevgeniy Aleksandrovich Nikulin sentenced to 88 months in prison

North Korea ScarCruft APT used previously undetected Dolphin Backdoor against South Korea

Hacking News Roundup: Even 'Fast Company' Isn't Safe

Law enforcement seized the website selling the NetWire RAT and arrested a Croatian man

Meet Ika & Sal: The Bulletproof Hosting Duo from Hell

Facebook links cyberespionage group APT32 to Vietnamese IT firm

Lockbit ransomware gang claims to have breached the Italian Revenue Agency

Canada Charges Its “Most Prolific Cybercriminal”

US deported NeverQuest operator Stanislav Vitaliyevich Lisov to Russia

Mitsubishi Electric Corp. was hit by a new cyberattack

Threat actors are offering for sale 550 million stolen user records

MY TAKE: Iran’s cyber retaliation for Soleimani assassination continues to ramp up

Analyzing attacks conducted by North Korea-linked ARCHIPELAGO APT group

North Korea-linked ScarCruft APT uses large LNK files in infection chains

New Version of Meduza Stealer Released in Dark Web

A Deep Dive Into the Residential Proxy Service ‘911’

Belarusian authorities seized XakFor, one of the largest Russian-speaking hacker sites

Author of NeverQuest botnet pleads guilty to bank fraud

British Court rejects the US’s request to extradite Julian Assange

Cybercriminals are Oversharing with Social Media Data Breaches

‘LuminosityLink RAT’ Author Pleads Guilty

Microsoft releases On-premises Mitigation Tool (EOMT) tool to fix ProxyLogon issues

Is there a link between Microsoft Exchange exploits and PoC code the company shared with partner security firms?

A new Adwind variant involved in attacks on US petroleum industry

3 Zero-Day in SonicWall Enterprise Email Security Appliances actively exploited

Tank, the leader of the Zeus cybercrime gang, was arrested by the Swiss police

Microsoft Patch Tuesday for August 2019 patch 93 bugs, including 2 dangerous wormable issues

Platinum APT and leverages steganography to hide C2 communications

Google introduced G Suite alerts for state-sponsored attacks

North Korea-linked ScarCruft APT adds Bluetooth Harvester to its arsenal

10 Simple Principles for Software Supply Chain Risk Management

Analyzing the APT34’s Jason project

Stay Connected