2017, Cybercrime, Information Security and Internet

FBI: Compromised US academic credentials available on various cybercrime forums

Security Affairs

MAY 27, 2022

The FBI warns organizations in the higher education sector of credentials sold on cybercrime forums that can allow threat actors to access their networks. Crooks obtain the information by conducting spear-phishing and ransomware attacks, or other means. ” reads the alert published by the FBI. Pierluigi Paganini.

Cybercrime

Cybercrime Education Accountability Phishing

TheMoon bot infected 40,000 devices in January and February

Security Affairs

MARCH 26, 2024

The activity of the TheMoon botnet was first spotted in 2014, and since 2017 its operators added to the code of the bot at least 6 IoT device exploits. The researchers believe that the malware connects the NTP to verify the infected device’s internet connection and confirm it is not operating within a sandbox environment.

IoT

IoT Cybercrime Internet Internet

Meet the Administrators of the RSOCKS Proxy Botnet

Krebs on Security

JUNE 22, 2022

.” The DOJ’s statement doesn’t mention that RSOCKS has been in operation since 2014, when access to the web store for the botnet was first advertised on multiple Russian-language cybercrime forums. “Thanks to you, we are now developing in the field of information security and anonymity!,”

Advertising

Advertising Cybercrime System Administration Hacking

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

FBI, CISA alert warns of imminent ransomware attacks on healthcare sector

Security Affairs

OCTOBER 29, 2020

The government agencies receive information about imminent attacks, threat actors are using the TrickBot botnet to deliver the infamous ransomware to the infected systems. “CISA, FBI, and HHS have credible information of an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers.

Healthcare

Healthcare Ransomware Cybercrime Advertising

Telstra Telecom discloses data breach impacting former and current employees

Security Affairs

OCTOBER 5, 2022

Narelle Devine, the company’s chief information security officer for the Asia Pacific region, added that no customer account information was stored on the third-party platform. It seems that the security breach also impacted other companies. to several other organisations.

Data breaches

Data breaches Telecommunications Accountability Information Security

German BKA arrested the alleged operator of Deutschland im Deep Web darknet market

Security Affairs

OCTOBER 30, 2022

The Darknet marketplace was a crucial service for drug trafficking in the cybercrime underground for several years. . As a result, the darkweb marketplace was shut down in 2017 by the BKA also arrested its operator and sentenced him to seven years in prison in 2018. “The arrest took place on Tuesday, October 25.

Marketing

Marketing Cybercrime Mobile Internet

A new Zerobot variant spreads by exploiting Apache flaws

Security Affairs

DECEMBER 22, 2022

Microsoft Threat Intelligence Center (MSTIC) researchers discovered a new variant of the Zerobot botnet (aka ZeroStresser) that was improved with the capabilities to target more Internet of Things (IoT) devices. The IT giant is tracking this cluster of threat activity as DEV-1061. “Since the release of Zerobot 1.1,

IoT

IoT DDOS Malware Firmware

EnemyBot malware adds new exploits to target CMS servers and Android devices

Security Affairs

MAY 30, 2022

The researchers attribute the botnet to the cybercrime group Keksec which focuses on DDoS-based extortion. The botnet was first discovered by Fortinet in March, the DDoS botnet targeted several routers and web servers by exploiting known vulnerabilities. The botnet targets multiple architectures, including arm, bsd, x64, and x86.

Malware

Malware DDOS IoT Cybercrime

Creator of multiple IoT botnets, including Satori, pleaded guilty

Security Affairs

SEPTEMBER 4, 2019

On August 2018, Schuchman has been indicted on federal computer hacking charges after rival hackers fingered him as the creator of a Mirai variant dubbed Satori that infected at least 500,000 internet routers around the word. Schuchman , Vamp, and Drake created the Satori botnet in between July and August 2017. Pierluigi Paganini.

IoT

IoT DDOS Internet Internet

Developer of DDoS Mirai based botnets sentenced to prison

Security Affairs

JUNE 26, 2020

On August 2018, Schuchman has been indicted on federal computer hacking charges after rival hackers fingered him as the creator of a Mirai variant dubbed Satori that infected at least 500,000 internet routers around the word. Schuchman, Vamp, and Drake created the Satori botnet in between July and August 2017.

DDOS

DDOS IoT Advertising Internet

COVID-19 Has United Cybersecurity Experts, But Will That Unity Survive the Pandemic?

Krebs on Security

APRIL 15, 2020

The Coronavirus has prompted thousands of information security professionals to volunteer their skills in upstart collaborative efforts aimed at frustrating cybercriminals who are seeking to exploit the crisis for financial gain. “I’ve never seen this volume of phishing,” Rogers told Reuters. “I

Cybersecurity

Cybersecurity Cyber threats Government Phishing

LeakedSource Owner Quit Ashley Madison a Month Before 2015 Hack

Krebs on Security

JULY 18, 2023

LeakedSource was advertised on a number of popular cybercrime forums as a service that could help hackers break into valuable or high-profile accounts. LeakedSource also tried to pass itself off as a legal, legitimate business that was marketing to security firms and professionals. us, but denied being the operator of LeakedSource.

Hacking

Hacking Accountability Data breaches Marketing

Source code of Dharma ransomware now surfacing on public hacking forums

Security Affairs

MARCH 29, 2020

. “Several ransomware experts who spoke with ZDNet today said the sale of the Dharma ransomware code would most likely result in its eventual leak on the public internet, and to a wider audience.” ” The availability of the source code online will allow threat actors to create their own versions and start distributing them.

Ransomware

Ransomware Hacking Advertising Malware

Enemybot, a new DDoS botnet appears in the threat landscape

Security Affairs

APRIL 17, 2022

The researchers attribute the botnet to the cybercrime group Keksec which focuses on DDoS-based extortion. Researchers from Fortinet discovered a new DDoS botnet, tracked as Enemybot, that has targeted several routers and web servers by exploiting known vulnerabilities. Upon installing the threat, the bot drops a file in /tmp/.pwned

DDOS

DDOS Architecture Malware Cybercrime

TrueBot infections were observed in Clop ransomware attacks

Security Affairs

DECEMBER 11, 2022

Truebot has been active since 2017 and some researchers linked it to the Silence Group , while a recent investigation linked it to threat actor TA505 (aka Evil Corp). Cisco Talos researchers reported an increase in TrueBot infections, threat actors have shifted from using malicious emails as their primary attack vector to other techniques.

Ransomware

Ransomware Malware Internet Internet

Marcus Hutchins sentenced to supervised release, no jail for the expert

Security Affairs

JULY 27, 2019

In August 2017, he was arrested in Las Vegas after attending the Def Con hacking conference and was detained by the FBI in the state of Nevada. In August 2017, Marcus Hutchins pleaded not guilty to charges of creating and selling malware at a hearing in Milwaukee, Wisconsin. SecurityAffairs – Marcus Hutchins, cybercrime).

Banking

Banking Malware Advertising Cybercrime

New Pro-Ocean crypto-miner targets Apache ActiveMQ, Oracle WebLogic, and Redis installs

Security Affairs

JANUARY 31, 2021

The cybercrime group Rocke is using a new piece of cryptojacking malware called Pro-Ocean to target vulnerable Apache ActiveMQ, Oracle WebLogic, and Redis intalls. In our analysis, we found Pro-Ocean targeting Apache ActiveMQ (CVE-2016-3088), Oracle WebLogic (CVE-2017-10271) and Redis (unsecure instances).”

Malware

Malware Cryptocurrency Firewall Cybercrime

Wannacry, the hybrid malware that brought the world to its knees

Security Affairs

OCTOBER 31, 2022

In the early afternoon of Friday 12 May 2017, the media broke the news of a global computer security attack carried out through a malicious code capable of encrypting data residing in information systems and demanding a ransom in cryptocurrency to restore them, the Wannacry ransomware. About the author: Salvatore Lombardo.

Malware

Malware Computers and Electronics Encryption Ransomware

BotenaGo botnet targets millions of IoT devices using 33 exploits

Security Affairs

NOVEMBER 11, 2021

CVE-2017-6077 NETGEAR DGN2200 devices with firmware through 10.0.0.50 Affected models that are end-of-support: NSA210, NSA220, NSA220+, NSA221, NSA310, NSA310S, NSA320, NSA320S, NSA325 and NSA325v2 CVE-2017-18368 ZyXEL P660HN-T1A v1 TCLinux Fw $7.3.15.0 Ax with firmware 1.04b12 and earlier CVE-2016-1555 Netgear WN604 before 3.3.3

IoT

IoT Firmware Malware Wireless

One of the hackers behind EtherDelta hack also involved in TalkTalk hack

Security Affairs

SEPTEMBER 21, 2019

US authorities have indicted two men for hacking the exchange EtherDelta in December 2017, one of them was also accused of TalkTalk hack. US authorities have indicted two men, Elliot Gunton and Anthony Tyler Nashatka, for hacking the cryptocurrency exchange EtherDelta in 2017. Six days later, on December 19, 2017.

Hacking

Hacking DNS Cryptocurrency Accountability

Harvard Business Publishing licensee hit by ransomware

Security Affairs

OCTOBER 9, 2022

The oldest entry goes as far back as 2017, and it is unclear how long this instance had been open prior to the Cybernews discovery. The dataset also contained payment logs with emails, dates, bank names, phone numbers, and internet protocol (IP) addresses. The 3.9GB-strong database held information from 2017 onwards.

Ransomware

Ransomware Passwords Encryption Identity Theft

US DoJ announced to have shut down the Russian RSOCKS Botnet

Security Affairs

JUNE 18, 2022

The operators behind the RSOCKS botnet offered their clients access to IP addresses assigned to devices that had been compromised to route internet traffic. The initial undercover purchase in early 2017 identified approximately 325,000 compromised victim devices throughout the world with numerous devices located within San Diego County.”

Computers and Electronics

Computers and Electronics Internet Internet Manufacturing

TinyNuke banking malware targets French organizations

Security Affairs

DECEMBER 13, 2021

The banking malware re-emerged after its activity significantly dropped in 2019, threat actors are using it to steal credentials and other private information and deliver additional payloads. The TinyNuke malware was first spotted in 2017, but its activity reached its peak in 2018.

Banking

Banking Malware Manufacturing Business Services

Cybercriminal greeners from Iran attack companies worldwide for financial gain

Security Affairs

AUGUST 24, 2020

All the affected organizations had hosts with Internet-facing RDP and weak credentials. It was revealed that the operators scanned ranges of IPs for hosts with Internet-facing RDP and weak credentials in Russia , Japan , China , and India. In some attacks, they attempted to elevate privileges using exploit for CVE-2017-0213.

Threat Detection

Threat Detection Ransomware Advertising Cybercrime

8220 Gang Cloud Botnet infected 30,000 host globally

Security Affairs

JULY 21, 2022

The 8220 group has been active since at least 2017, the threat actors are Chinese-speaking and the names of the group come from the port number 8220 used by the miner to communicate with the C2 servers. The 8220 Gang selects victims by identifying them through their internet accessibility. PwnRig cryptocurrency miner execution.

Cryptocurrency

Cryptocurrency Malware Internet Internet

New MATA Multi-platform malware framework linked to NK Lazarus APT

Security Affairs

JULY 23, 2020

The hackers targeted unnamed companies in software development, e-commerce, and an internet service provider around the world, including Poland, Germany, Turkey, Korea, Japan, and India. According to the experts from Kaspersky that first analyzed the framework, the MATA campaign has been active at least since April of 2018.

Malware

Malware Ransomware Advertising Encryption

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

The Last Watchdog

JUNE 21, 2020

The above-mentioned AIDS Trojan hailing from the distant pre-Internet era was the progenitor of the trend, but its real-world impact was close to zero. The WannaCry and NotPetya outbreaks in May and June 2017, respectively, were the most devastating in history. pharma giant ExecuPharm.

Ransomware

Ransomware Hacking Encryption Penetration Testing

Crooks turn victims into money mules via confidence/romance scams

Security Affairs

AUGUST 6, 2019

In 2017, according to the number of complaints filed with the FBI’s Internet Crime Complaint Center (IC3), the number of victims of confidence/romance fraud was more than 15,000. SecurityAffairs – money mules, cybercrime). .” Crooks use online dating sites to trick victims that they are U.S. members deployed overseas.

Scams

Scams Banking Accountability Advertising

The Cost of Dealing With a Cybersecurity Attack in These 4 Industries

Security Affairs

AUGUST 21, 2019

Many brands recognize that keeping their machines connected to the internet can assist them with tracking trends, avoiding downtime and more. Although those make up a small percentage of overall attacks, they took 500 times longer to resolve in 2017 than the previous year. Doing so often requires substantial financial resources.

Cybersecurity

Cybersecurity Retail Manufacturing Advertising

Mirai V3G4 botnet exploits 13 flaws to target IoT devices

Security Affairs

FEBRUARY 16, 2023

Below is the list of vulnerabilities exploited by V3G4: CVE-2012-4869 : FreePBX Elastix Remote Command Execution Vulnerability Gitorious Remote Command Execution Vulnerability CVE-2014-9727 : FRITZ!Box

IoT

IoT DDOS Encryption Malware

Exposed: the threat actors who are poisoning Facebook

Security Affairs

MAY 26, 2022

Facebook has long been a happy hunting ground for online crooks, who take great pleasure in turning unwary members of the internet community into their prey. phishing scam on its Messenger service that had been doing the rounds since at least 2017.

Scams

Scams Phishing Media Passwords

DoJ sentenced Russian ‘King of Fraud’ behind the fraud scheme 3ve to 10 years

Security Affairs

NOVEMBER 11, 2021

3ve has been active since at least 2014 and experts observed a peak in its activity in 2017. . “To create the illusion that human internet users were viewing the advertisements loaded onto these spoofed webpages, Zhukov and his co-conspirators programmed the bots to appear and behave like human internet users.”

Advertising

Advertising Mobile Internet Internet

Exclusive interview with the Powerful Greek Army (PGA) hacker group

Security Affairs

FEBRUARY 3, 2022

We were inactive for many years, for example, we stopped in 2017 and after 2-3 years we came back in 2020, because all of us have been around and done things that only a few people can imagine, with different and many alias and nicknames. Last but not least, nothing is safe on the internet.

Hacking

Hacking Banking Education Government

Hundreds of thousands of routers exposed to Eternal Silence campaign via UPnP?

Security Affairs

JANUARY 31, 2022

The report highlighted that over 23 million IPs related to Portable UPnP SDK were vulnerable to remote code execution just through a single UDP packet, over 6,900 product versions from over 1,500 vendors were vulnerable through UPnP due to the exposure of UPnP SOAP service to the internet. ” continues Akamai.

Internet

Internet Internet Firmware Hacking

Group-IB presents its annual report on global threats to stability in cyberspace

Security Affairs

NOVEMBER 29, 2019

The new “ Hi-Tech Crime Trends 2019/2020 ” report describes attacks on various industries and critical infrastructure facilities, as well as campaigns aimed at destabilization of the Internet in certain countries. Internet destabilization at state level. SecurityAffairs – cybercrime, hacking). Pierluigi Paganini.

Banking

Banking Telecommunications Marketing Internet

Vast Voter Data Leaks Cast Shadow Over Indonesia ’s 2024 Presidential Election

Security Affairs

JANUARY 12, 2024

Thus, Resecurity is specifically concerned that both foreign and domestic threat actors may exploit the sensitive personally identifying information (PII) of Indonesian voters obtained from various network intrusions to stage targeted information-warfare campaigns during the 2024 Indonesian election and beyond.

Identity Theft

Identity Theft Cyber threats Marketing Risk

Australian man charged with creating and selling the Imminent Monitor spyware

Security Affairs

AUGUST 1, 2022

The Australian Federal Police (AFP) launched an investigation into the case, codenamed Cepheus, in 2017 after it received information about a “suspicious RAT” from cybersecurity firm Palo Alto Networks and the U.S. The authorities believe the man earned between $300,000 and $400,000 from selling the malware.

Spyware

Spyware Malware Cybercrime Hacking

DOJ indicts Fxmsp hacker for selling access to hacked businesses

Security Affairs

JULY 8, 2020

The name Fxmsp refers a high-profile Russian- and English-speaking hacking group focused on breaching high-profile private corporate and government information. Since March 2019, Fxmsp announced in cybercrime forums the availability of information stolen from major antivirus companies located in the U.S. Attorney Brian T.

Hacking

Hacking Antivirus Advertising Cybercrime

Ransomware world in 2021: who, how and why

SecureList

MAY 12, 2021

They interact with each other through internet handles, paying for services with cryptocurrency. Hackers who are on the lookout for publicly disclosed vulnerabilities (1-days) in internet facing software, such as VPN appliances or email gateways. In this regard, darknet forum offers have not changed much compared to 2017.

Ransomware

Ransomware Encryption Malware Cybercrime

US DoJ seizes $3.36B Bitcoin from Silk Road hacker

Security Affairs

NOVEMBER 8, 2022

“JAMES ZHONG pled guilty to committing wire fraud in September 2012 when he unlawfully obtained over 50,000 Bitcoin from the Silk Road dark web internet marketplace. In August 2017, Bitcoin split into two cryptocurrencies, traditional Bitcoin and Bitcoin Cash (“BCH”). ” reads the press release published by DoJ.

Cryptocurrency

Cryptocurrency Internet Internet Hacking

Threat intel is a game changer, if only firms can figure out how to bake it into cyber programs

SC Magazine

FEBRUARY 1, 2021

More businesses are moving online , cybercrime like ransomware continues its meteoric rise , and state-backed advanced persistent threat groups are targeting the weakest links in the hardware and software supply chains to compromise targets downstream. Microsoft).

Cyber threats

Cyber threats CISO Media Retail

The Hacker Mind Podcast: Hacking Diversity

ForAllSecure

APRIL 7, 2021

Vamosi: And three years later cybercrime magazine released a similar study showing there remains a shortage of 3.5 I've got a lot of industry certifications, but having all those paper degrees proved to be a poor equivalent to having actual hands on experience in information security. Vamosi: So what am I missing here.

Hacking

Hacking InfoSec Cybersecurity Engineering

The Hacker Mind Podcast: Hacking Diversity

ForAllSecure

APRIL 7, 2021

Vamosi: And three years later cybercrime magazine released a similar study showing there remains a shortage of 3.5 I've got a lot of industry certifications, but having all those paper degrees proved to be a poor equivalent to having actual hands on experience in information security. Vamosi: So what am I missing here.

Hacking

Hacking InfoSec Cybersecurity Engineering

Lotsy group targets Italian and Spanish-speaking users

Security Affairs

AUGUST 2, 2019

Since the start of their operations in summer 2017, the design and general appearance of their fake websites remain very similar. For example, if your address is internet-shop.com, cybercriminals can register the following domain names: internet.shop.com or internet shop.com and deceive people using your brand name.

Scams

Scams Retail Advertising Media

FBI: Compromised US academic credentials available on various cybercrime forums

TheMoon bot infected 40,000 devices in January and February

Webinars

Trending Sources

Meet the Administrators of the RSOCKS Proxy Botnet

Webinars

FBI, CISA alert warns of imminent ransomware attacks on healthcare sector

Telstra Telecom discloses data breach impacting former and current employees

German BKA arrested the alleged operator of Deutschland im Deep Web darknet market

A new Zerobot variant spreads by exploiting Apache flaws

EnemyBot malware adds new exploits to target CMS servers and Android devices

Creator of multiple IoT botnets, including Satori, pleaded guilty

Developer of DDoS Mirai based botnets sentenced to prison

COVID-19 Has United Cybersecurity Experts, But Will That Unity Survive the Pandemic?

LeakedSource Owner Quit Ashley Madison a Month Before 2015 Hack

Source code of Dharma ransomware now surfacing on public hacking forums

Enemybot, a new DDoS botnet appears in the threat landscape

TrueBot infections were observed in Clop ransomware attacks

Marcus Hutchins sentenced to supervised release, no jail for the expert

New Pro-Ocean crypto-miner targets Apache ActiveMQ, Oracle WebLogic, and Redis installs

Wannacry, the hybrid malware that brought the world to its knees

BotenaGo botnet targets millions of IoT devices using 33 exploits

One of the hackers behind EtherDelta hack also involved in TalkTalk hack

Harvard Business Publishing licensee hit by ransomware

US DoJ announced to have shut down the Russian RSOCKS Botnet

TinyNuke banking malware targets French organizations

Cybercriminal greeners from Iran attack companies worldwide for financial gain

8220 Gang Cloud Botnet infected 30,000 host globally

New MATA Multi-platform malware framework linked to NK Lazarus APT

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

Crooks turn victims into money mules via confidence/romance scams

The Cost of Dealing With a Cybersecurity Attack in These 4 Industries

Mirai V3G4 botnet exploits 13 flaws to target IoT devices

Exposed: the threat actors who are poisoning Facebook

DoJ sentenced Russian ‘King of Fraud’ behind the fraud scheme 3ve to 10 years

Exclusive interview with the Powerful Greek Army (PGA) hacker group

Hundreds of thousands of routers exposed to Eternal Silence campaign via UPnP?

Group-IB presents its annual report on global threats to stability in cyberspace

Vast Voter Data Leaks Cast Shadow Over Indonesia ’s 2024 Presidential Election

Australian man charged with creating and selling the Imminent Monitor spyware

DOJ indicts Fxmsp hacker for selling access to hacked businesses

Ransomware world in 2021: who, how and why

US DoJ seizes $3.36B Bitcoin from Silk Road hacker

Threat intel is a game changer, if only firms can figure out how to bake it into cyber programs

The Hacker Mind Podcast: Hacking Diversity

The Hacker Mind Podcast: Hacking Diversity

Lotsy group targets Italian and Spanish-speaking users

Stay Connected