Krebs on Security

SEPTEMBER 30, 2023

. “Snatch threat actors have been observed purchasing previously stolen data from other ransomware variants in an attempt to further exploit victims into paying a ransom to avoid having their data released on Snatch’s extortion blog,” the FBI/CISA alert reads. was also used to register an account at the online game stalker[.]so

Ransomware 218

Ransomware Accountability Cybercrime Backups 218

Krebs on Security

JULY 29, 2019

Marcus Hutchins , the “accidental hero” who helped arrest the spread of the global WannaCry ransomware outbreak in 2017, will receive no jail time for his admitted role in authoring and selling malware that helped cyberthieves steal online bank account credentials from victims, a federal judge ruled Friday.

Banking 193

Banking Malware Government Education 193

Security Affairs

MAY 27, 2022

This exposure of sensitive credential and network access information, especially privileged user accounts, could lead to subsequent cyber attacks against individual users or affiliated organizations.” In 2017, crooks launched a phishing campaign against universities to compromise.edu accounts. To nominate, please visit:?.

Cybercrime 129

Cybercrime Education Accountability Phishing 129

Security Affairs

MAY 4, 2023

The group is also the author of the NotPetya ransomware that hit hundreds of companies worldwide in June 2017. ” CERT-UA urges Ukrainian critical organizations using multi-factor authentication for VPN accounts, network segmentation and filtering of incoming, outgoing and inter-segment information flows.

VPN 85

VPN Education Accountability Cyber Attacks 85

Security Affairs

APRIL 10, 2023

MERCURY (aka MuddyWater , SeedWorm and TEMP.Zagros ) has been active since at least 2017, in January 2022 the USCYBERCOM has officially linked the Iran-linked APT group to Iran’s Ministry of Intelligence and Security (MOIS). Threat actors masqueraded the attacks as a standard ransomware operation.

Ransomware 87

Ransomware Cybercrime VPN Education 87

Krebs on Security

APRIL 19, 2019

Marcus Hutchins, a 24-year-old blogger and malware researcher arrested in 2017 for allegedly authoring and selling malware designed to steal online banking credentials, has pleaded guilty to criminal charges of conspiracy and to making, selling or advertising illegal wiretapping devices. It remains unclear when he will be sentenced.

Banking 176

Banking Malware Advertising Government 176

Duo's Security Blog

SEPTEMBER 14, 2021

Adoption of two-factor authentication has substantially increased since we began conducting this research in 2017. Other factors, such as push notifications and security keys, are more effective in preventing account takeovers. In addition, they are also often used as the recovery mechanism for other online accounts.”

Password Management 99

Password Management Passwords Authentication Accountability 99

Troy Hunt

SEPTEMBER 11, 2018

What it boiled down to was the account arguing with a journalist (pro tip: avoid arguing being a dick to those in a position to write publicly about you!) that no, you didn't just need a username and birth date to reset the account password. So I wrote a blog post. — Timothy Dutton (@ravenstar68) December 17, 2017.

Media 261

Media Accountability Passwords Mobile 261

Security Affairs

OCTOBER 12, 2023

The Balada injector is a malware family that has been active since 2017. The Balada Injector malware campaign performed a series of attacks targeting both the vulnerability in the tagDiv Composer plugin and blog administrators of already infected sites.” The malware supports multiple attack vectors and persistence mechanisms.

Malware 113

Malware Hacking Accountability Cybercrime 113

Security Affairs

APRIL 20, 2023

In Q1 2023, threat actors linked to Russia’s military intelligence service focused their phishing campaigns on Ukraine, with the country accounting for over 60% of observed Russian targeting. The group is also the author of the NotPetya ransomware that hit hundreds of companies worldwide in June 2017.

Phishing 86

Phishing Education Accountability Telecommunications 86

Security Affairs

APRIL 12, 2023

In April 2017, security vulnerabilities in the Hyundai Blue Link mobile apps could have allowed hackers to locate, unlock and start vehicles of the carmaker.

Data breaches 91

Data breaches Media Manufacturing Education 91

Security Affairs

JANUARY 15, 2024

The Balada injector is a malware family that has been active since 2017. It checks up to 3 levels above the current directory, looking for the root directory of the current site and any other sites that may share the same server account.” The malware supports multiple attack vectors and persistence mechanisms.

Malware 110

Malware Hacking Accountability Information Security 110

Security Affairs

MAY 2, 2023

Previously seen to be exploited in the wild through 2017 and on-going.” ” continues the advisory.

Authentication 98

Authentication Retail Surveillance Education 98

Malwarebytes

JANUARY 16, 2024

On January 4, 2017, Case Western Reserve University (CWRU), located in Cleveland, Ohio, became aware of an infection on more than 100 of its computers. On January 10 2017, and unaware of this ongoing investigation, Malwarebytes became aware of the Mac version of the malware that would become known as FruitFly.

Malware 86

Malware Passwords Identity Theft Data collection 86

Security Affairs

APRIL 19, 2023

“APT28 has been known to access vulnerable routers by using default and weak SNMP community strings, and by exploiting CVE-2017-6742 (Cisco Bug ID: CSCve54313) as published by Cisco.” UK and US agencies are warning of Russia-linked APT28 group exploiting vulnerabilities in Cisco networking equipment.

Malware 84

Malware Firmware Government Education 84

Security Affairs

APRIL 30, 2023

Blogger Awards 2022 – VOTE FOR YOUR WINNERS Vote for me in the sections: The Teacher – Most Educational Blog The Entertainer – Most Entertaining Blog The Tech Whizz – Best Technical Blog Best Social Media Account to Follow (@securityaffairs) Please nominate Security Affairs as your favorite blog.

System Administration 90

System Administration Government Phishing Malware 90

Malwarebytes

OCTOBER 20, 2022

The Microsoft Security Response Center blog reports that researchers reported a misconfigured Microsoft endpoint on September 24. From its writeup: "…after reviewing their blog post, we first want to note that SOCRadar has greatly exaggerated the scope of this issue. Assessing the impact.

Data breaches 89

Data breaches Accountability Risk 89

Krebs on Security

MAY 28, 2020

The ad campaign follows a similar initiative launched in late 2017 that academics say measurably dampened demand for such services by explaining that their use to harm others is illegal and can land potential customers in jail. For example, search in Google for the terms “booter” or “stresser” from a U.K.

Cybercrime 240

Cybercrime DDOS Advertising Hacking 240

Troy Hunt

JANUARY 5, 2018

My Twitter account reflects my personality. Plus, I spend a bunch of time talking about the year that was in 2017. I had a pretty crazy 2017 (I hope my video commentary gives you a bit more of a sense of how I feel about the year). pic.twitter.com/Td7OPJCUNZ — Troy Hunt (@troyhunt) January 2, 2018. References.

Accountability 109

Accountability 109

Security Affairs

APRIL 24, 2023

Truebot has been active since 2017 and some researchers linked it to the Russian Silence Group , while a recent investigation linked it to threat actor TA505 (aka Evil Corp). .” The researchers noticed that the domain hosting the tools employed in the attack, windowservicecemter[.]com, com, was registered on April 12, 2023.

Cybercrime 73

Cybercrime Software Education Ransomware 73

Security Affairs

AUGUST 15, 2022

More details + TTPs in this MSTIC blog: [link] — Microsoft Security Intelligence (@MsftSecIntel) August 15, 2022. SEABORGIUM has been active since at least 2017, its campaigns involve persistent phishing and credential theft campaigns leading to intrusions and data theft. .

Phishing 88

Phishing Accountability Hacking Surveillance 88

Krebs on Security

FEBRUARY 12, 2019

11, when the company’s Twitter account started fielding reports from users who said they were no longer receiving messages. VFEmail’s Twitter account responded that “external facing systems, of differing OS’s and remote authentication, in multiple data centers are down.” 9], username “aktv.”).

Hacking 249

Hacking DDOS Backups Accountability 249

Security Affairs

JUNE 8, 2022

“Upon gaining an initial foothold into a telecommunications organization or network service provider, PRC state-sponsored cyber actors have identified critical users and infrastructure including systems critical to maintaining the security of authentication, authorization, and accounting. To nominate, please visit:?. Pierluigi Paganini.

Telecommunications 95

Telecommunications Authentication Passwords Accountability 95

Adam Levin

SEPTEMBER 28, 2018

This allowed them to steal Facebook access tokens which they could then use to take over people’s accounts.” According to Facebook’s blog , the attack exploited a complex interaction of multiple issues in the social media site’s code that stemmed from a change made to a video uploading feature in July 2017.

Accountability 100

Accountability Hacking Media Authentication 100

Security Affairs

APRIL 6, 2022

“Hydra quickly rose to become the most prominent Russian-language darknet market after the closure of a key competitor in 2017. The German authorities reported that around 17 million customers and over 19,000 seller accounts were registered on the Hydra Market. ” reported Blockchain analytics firm Elliptic.

Marketing 89

Marketing Cybercrime Advertising Hacking 89

Malwarebytes

MAY 7, 2021

If you use a Google account, it may soon be mandatory to sign up to Google’s two-step verification program. As recently as 2017, a tiny amount of GMail users made use of its two-step options. With so much valuable data stuffed inside Google accounts, it’s beyond time to ensure they’re locked down properly.

Passwords 101

Passwords Password Management Backups Accountability 101

Krebs on Security

JANUARY 25, 2022

27 — Thanksgiving Day weekend — Jim got a series of rapid-fire emails from MSF saying they’ve received his loan application, that they’d approved it, and that the funds requested were now available at the bank account specified in his MSF profile. Then on Nov. Take a look at that 546.56 A portion of the Jan.

Financial Services 217

Financial Services Banking Accountability Identity Theft 217

Krebs on Security

JULY 30, 2020

Traditional payment cards encode cardholder account data in plain text on a magnetic stripe, which can be read and recorded by skimming devices or malicious software surreptitiously installed in payment terminals. Newer, chip-based cards employ a technology known as EMV that encrypts the account data stored in the chip.

Banking 360

Banking Malware Encryption Accountability 360

Security Affairs

APRIL 15, 2023

The WordPress sets only exposed user names and avatar pictures, but all four Siemens WordPress-based subdomains were vulnerable to a flaw that WordPress itself fixed in 2017, leaving researchers wondering whether there are more severe vulnerabilities on these sites.

Manufacturing 97

Manufacturing IoT Technology Authentication 97

Security Affairs

APRIL 2, 2023

The group is also the author of the NotPetya ransomware that hit hundreds of companies worldwide in June 2017. In 2022, the Russian APT used multiple wipers in attacks aimed at Ukraine, including AwfulShred , CaddyWiper , HermeticWiper , Industroyer2 , IsaacWiper , WhisperGate , Prestige , RansomBoggs , and ZeroWipe.

Energy and Utilities 84

Energy and Utilities Media Hacking Education 84

Security Affairs

APRIL 1, 2023

Google TAG shared indicators of compromise (IoCs) for both campaigns.

Spyware 79

Spyware Surveillance Mobile Education 79

Krebs on Security

MARCH 2, 2020

A search on the ing.equipepro@gmail.com address at 4iq.com — a service that indexes account details like usernames and passwords exposed in Web site data breaches — shows this email address was used to register an account at the computer hacking forum cracked[.]to There is a third Skype account nicknamed “Fatal.001”

DNS 258

DNS Penetration Testing Malware Hacking 258

Security Affairs

APRIL 8, 2022

Iarmak and his conspirators compromised millions of financial accounts, causing over a billion dollars in losses to Americans and costs to America’s economy,” said Assistant Attorney General Kenneth A. FIN7 is suspected to have hit more than 100 US businesses, causing more than $1 billion in losses. Polite, Jr. ” continues DoJ.

Cybercrime 104

Cybercrime Hacking Software Phishing 104

Malwarebytes

OCTOBER 29, 2021

This blog post was authored by Hasherezade. Twice in the past ( 2017 , 2018 ) we published a Capture-The-Flag challenge dedicated to aspiring malware analysts. Submissions to both contests should be sent as a private message to the Twitter account: @hasherezade. All the solvers are going to be listed in our hall of fame.

Malware 110

Malware Education Accountability 110

Krebs on Security

MAY 18, 2020

biz , which frequently blogs about security weaknesses in popular malware tools. His final post on Exploit in May 2017 somewhat jokingly indicated he was joining an upstart ransomware affiliate program. 2016 and July 2017 that sought to corner the increasingly lucrative and competitive market for ransomware-as-a-service offerings. .

Malware 314

Malware Cybercrime Ransomware Marketing 314

Security Affairs

JANUARY 29, 2021

Microsoft Threat Intelligence Center (MSTIC) attributes this campaign with high confidence to ZINC, a DPRK-affiliated and state-sponsored group, based on observed tradecraft, infrastructure, malware patterns, and account affiliations.” Attackers used Twitter profiles for sharing links to a blog under their control ( br0vvnn[.]io

Malware 112

Malware Antivirus Hacking Accountability 112

Elie

SEPTEMBER 8, 2017

This blog post shed light on the inner workings of the ransomsphere economics and exposes which cybercriminal groups are the biggest earners. This is the second blog post in my series about ransomware economics. previous blog post about our methodology. final blog post. The first post. final post.

Ransomware 110

Ransomware Marketing Backups Encryption 110