2017, Cybercrime, Information Security and Passwords

FBI: Compromised US academic credentials available on various cybercrime forums

Security Affairs

MAY 27, 2022

The FBI warns organizations in the higher education sector of credentials sold on cybercrime forums that can allow threat actors to access their networks. Crooks obtain the information by conducting spear-phishing and ransomware attacks, or other means. ” reads the alert published by the FBI. Pierluigi Paganini.

Cybercrime

Cybercrime Education Accountability Phishing

Admins of Genesis Market marketplace sold their infrastructure on a hacker forum

Security Affairs

JULY 17, 2023

In April, the FBI seized the Genesis Market , a black marketplace for stolen credentials that was launched in 2017. As reported by BleepingComputer , on June 28, the alleged admin of Genesis Market (GenesisStore) announced on a cybercrime forum that the platform was available for sale.

Marketing

Marketing Accountability Cybercrime Passwords

LeakedSource Owner Quit Ashley Madison a Month Before 2015 Hack

Krebs on Security

JULY 18, 2023

com , a service that sold access to billions of passwords and other data exposed in countless data breaches. LeakedSource was advertised on a number of popular cybercrime forums as a service that could help hackers break into valuable or high-profile accounts. In 2019, a Canadian company called Defiant Tech Inc.

Hacking

Hacking Accountability Data breaches Marketing

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

TA547 targets German organizations with Rhadamanthys malware

Security Affairs

APRIL 12, 2024

TA547 is a financially motivated threat actor that has been active since at least November 2017, it was observed conducting multiple campaigns to deliver a variety of Android and Windows malware, including DanaBot , Gootkit , Lumma stealer , NetSupport RAT , Ursnif , and ZLoader.

Malware

Malware Social Engineering Retail Engineering

EnemyBot malware adds new exploits to target CMS servers and Android devices

Security Affairs

MAY 30, 2022

The researchers attribute the botnet to the cybercrime group Keksec which focuses on DDoS-based extortion. It uses a list of hardcoded username/password combinations to login into devices in the attempt to access systems using weak or default credentials. The botnet targets multiple architectures, including arm, bsd, x64, and x86.

Malware

Malware DDOS IoT Cybercrime

A new Zerobot variant spreads by exploiting Apache flaws

Security Affairs

DECEMBER 22, 2022

Experts observed the bot attempting to gain access to the device by using a combination of eight common usernames and 130 passwords for IoT devices over SSH and telnet on ports 23 and 2323. Adopt a comprehensive IoT security solution. Zerobot was also observed spreading by exploiting dozens of vulnerabilities, the version Zerobot 1.1

IoT

IoT DDOS Malware Firmware

Defiant Tech firm who operated LeakedSource pleads guilty

Security Affairs

MAY 20, 2019

The LeakedSource website was launched in late 2015, in January 2017 the popular data breach notification website has been raided by feds. LeakedSource was also cracking the associated passwords when it was possible. “I am immensely proud of this outcome as combatting cybercrime is an operational priority for us.”

Cybercrime

Cybercrime Data breaches Advertising Passwords

Ticketmaster will pay $10 Million fine over hacking a competitor

Security Affairs

JANUARY 2, 2021

The attacks aimed at stealing information to gain an advantage over CrowdSurge, which was acquired by Warner Music Group (WMG) in 2017. “Ticketmaster Used Passwords Unlawfully Retained by a Former Employee of a Competitor to Access Computer Systems in Scheme to “Choke Off” the Victim’s Business” wrote the DoJ.

Hacking

Hacking Passwords Accountability Cybercrime

Data from Sephora and StreetEasy data breaches added to HIBP

Security Affairs

OCTOBER 7, 2019

The StreetEasy data breach took place in the mid-2016 and exposed 988k records that included names, usernames, email addresses and SHA-1 password hashes. The data has been available for sale in the cybercrime underground since February. Impacted data includes names, usernames, email addresses and SHA-1 password hashes.

Data breaches

Data breaches Passwords Advertising Cybercrime

Enemybot, a new DDoS botnet appears in the threat landscape

Security Affairs

APRIL 17, 2022

The researchers attribute the botnet to the cybercrime group Keksec which focuses on DDoS-based extortion. It uses a list of hardcoded username/password combinations to login into devices in the attempt to access systems using weak or default credentials. The botnet targets multiple architectures, including arm, bsd, x64, and x86.

DDOS

DDOS Architecture Malware Cybercrime

Harvard Business Publishing licensee hit by ransomware

Security Affairs

OCTOBER 9, 2022

In total, the database leaked over 152,000 pieces of information pertaining to customers, such as emails, names, links to LinkedIn, Twitter, and Facebook profiles, and hashed passwords. The instance also contained 15 employee emails, names, and passwords protected by a weak SHA1-128bit hash. Dangerous leak.

Ransomware

Ransomware Passwords Encryption Identity Theft

NightLion hacker is selling details of 142 million MGM Resorts hotel guests

Security Affairs

JULY 14, 2020

“The new finding came to light over the weekend after a hacker put up for sale the hotel’s data in an ad published on a dark web cybercrime marketplace.” The hacker claims to have obtained the database from the hack of the DataViper monitoring service operated by the security firm Night Lion Security.

Data breaches

Data breaches Advertising Hacking Cybercrime

Two PoS Malware used to steal data from more than 167,000 credit cards

Security Affairs

OCTOBER 25, 2022

MajikPOS PoS malware was first spotted by Trend Micro in early 2017, when it was used to target businesses in North America and Canada. On July 18, 2019, the source code for MajikPOS (aka MagicPOS) was offered for sale on the cybercrime forum “exploit[.]in” MajikPOS is written using the “.NET

Malware

Malware Cybercrime Banking Marketing

Developer of DDoS Mirai based botnets sentenced to prison

Security Affairs

JUNE 26, 2020

Schuchman, Vamp, and Drake created the Satori botnet in between July and August 2017. The first Satori iteration targeted devices running with factory-settings or protected with easy-to-guess passwords, the bot infected over 100,000 devices in its first month. the man also claimed that the botnet was capable of DDoS attacks of 1Tbps.

DDOS

DDOS IoT Advertising Internet

Creator of multiple IoT botnets, including Satori, pleaded guilty

Security Affairs

SEPTEMBER 4, 2019

Schuchman , Vamp, and Drake created the Satori botnet in between July and August 2017. The first Satori iteration targeted devices running with factory-settings or protected with easy -to-guess passwords, the bot infected over 100,000 devices in its first month. SecurityAffairs – Satori, cybercrime). Pierluigi Paganini.

IoT

IoT DDOS Internet Internet

Delaware County, Pennsylvania, opted to pay 500K ransom to DoppelPaymer gang

Security Affairs

NOVEMBER 30, 2020

BleepingComputer was informed that the Delaware County was hit by the DoppelPaymer ransomware gang. “BleepingComputer was also told that the ransomware gang advised Delaware County to change all of their passwords and modify their Windows domain configuration to include safeguards from the Mimikatz program.”

Computers and Electronics

Computers and Electronics Ransomware Insurance Cybercrime

China-linked APT10 Target Taiwan’s financial trading industry

Security Affairs

FEBRUARY 22, 2022

The group (also known as Cicada, Stone Panda , MenuPass group, Bronze Riverside, and Cloud Hopper ) has been active at least since 2009, in April 2017 experts from PwC UK and BAE Systems uncovered a widespread hacking campaign, tracked as Operation Cloud Hopper , targeting managed service providers (MSPs) in multiple countries worldwide. .”

Technology

Technology Hacking Passwords Software

One of the hackers behind EtherDelta hack also involved in TalkTalk hack

Security Affairs

SEPTEMBER 21, 2019

US authorities have indicted two men for hacking the exchange EtherDelta in December 2017, one of them was also accused of TalkTalk hack. US authorities have indicted two men, Elliot Gunton and Anthony Tyler Nashatka, for hacking the cryptocurrency exchange EtherDelta in 2017. Six days later, on December 19, 2017.

Hacking

Hacking DNS Cryptocurrency Accountability

Security Affairs newsletter Round 318

Security Affairs

JUNE 13, 2021

million customers impacted. million customers impacted.

Data breaches

Data breaches Hacking Cryptocurrency Scams

LockBit gang demands a $70 million ransom to the semiconductor manufacturing giant TSMC

Security Affairs

JULY 1, 2023

The group also plans to publish information that can allow a threat actor to access the company’s infrastructure. “In the case of payment refusal, also will be published points of entry into the network and passwords and logins company.” ” reads the announcement published by Lockbit operators on their leak site.

Manufacturing

Manufacturing Ransomware Hacking Security Awareness

Russian author of NeverQuest banking malware gets 4 Years in U.S. Prison

Security Affairs

NOVEMBER 22, 2019

Lisov was arrested in January 2017 at the Barcelona airport by the Guardia Civil. The banking trojan is able to record keystrokes, to steal passwords stored on the PC, and take screenshots and videos from the victims’ machine. LISOV had administrative-level access to those computer servers.”

Banking

Banking Malware Advertising Passwords

Group-IB experts record a massive surge of user data leaks form cryptocurrency exchanges

Security Affairs

AUGUST 7, 2018

Security experts from Group-IB, an international company specializing in preventing cyberattacks and developing information security solutions, has investigated user data leaks from cryptocurrency exchanges and has analyzed the nature of these incidents. In 2017, their number increased by 369% compared to 2016.

Cryptocurrency

Cryptocurrency Passwords Authentication Accountability

Exposed: the threat actors who are poisoning Facebook

Security Affairs

MAY 26, 2022

The only thing that’s juicy about such bogus links is the bundle of personal details you are giving up by clicking on them, because it won’t be the latest hot clip you’re sharing when you do – just your name, address, and passwords, which are then harvested for profit by the threat actor who has fooled you. Inside a criminal stronghold.

Scams

Scams Phishing Media Passwords

Fxmsp: the untold story of infamous seller of access to corporate networks who made at least USD 1.5 mln

Security Affairs

JUNE 23, 2020

Fxmsp took his first steps in the cybercrime scene in September 2016 when he registered on an underground forum, fuckav[.]ru. Fxmsp included one of his Jabber accounts, in his contact information on the forum which helped Group-IB researchers to establish his presumed identity. First steps. Proxy seller. Recommendations.

Antivirus

Antivirus Advertising Hacking Banking

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

The Last Watchdog

JUNE 21, 2020

The Archiveus Trojan from 2006 was the first one to use RSA cipher, but it was reminiscent of a proof of concept and used a static 30-digit decryption password that was shortly cracked. The WannaCry and NotPetya outbreaks in May and June 2017, respectively, were the most devastating in history. None of these early threats went pro.

Ransomware

Ransomware Hacking Encryption Penetration Testing

Cybercriminal greeners from Iran attack companies worldwide for financial gain

Security Affairs

AUGUST 24, 2020

In some attacks, they attempted to elevate privileges using exploit for CVE-2017-0213. As the attackers usually need several attempts to brute force passwords and gain access to the RDP, it is important to enable account lockout policies by limiting the number of failed login attempts per user.

Threat Detection

Threat Detection Ransomware Advertising Cybercrime

Group-IB: More than 70% of Russian banks are not ready for cyberattacks

Security Affairs

FEBRUARY 19, 2019

Group-IB , an international company that specializes in preventing cyberattacks , has conducted high-tech cybercrimes research based on an analysis of responses to information security incidents carried out by Group-IB Incident Response team in 2018. More information can be found here.

Banking

Banking Marketing Cybercrime Information Security

10 Mobile Encryption Apps for Digital Privacy Protection

Spinone

DECEMBER 24, 2018

According to Juniper Research , cybercrime is estimated to become a $2.1 Based on the “Key findings from the Global State of Information Security® Survey 2017” by PricewaterhouseCoopers , over 28 percent of respondents have become the victims of mobile hacking. trillion dollar issue by 2019.

Encryption

Encryption Mobile Computers and Electronics Government

Ransomware Revival: Troldesh becomes a leader by the number of attacks

Security Affairs

NOVEMBER 19, 2019

The first half of 2019 saw a 10-fold increase in the number of password-protected objects, such as documents and archive files, being used to deliver malware. In 2017, password-protected archives accounted for only 0.08% of all malicious objects.

Ransomware

Ransomware Antivirus Malware Banking

Texas man sentenced to 145 months in federal prison for hacking Los Angeles Superior Court

Security Affairs

OCTOBER 23, 2019

In July 2017, Aloba and his co-conspirators compromised the email account of a court employee and used it to send the phishing emails to coworkers. The malicious messages included links to a phishing website set up to request LASC users their email addresses and passwords. .” reads the press release published by the DoJ.

Hacking

Hacking Phishing Identity Theft Advertising

Top Cybersecurity Accounts to Follow on Twitter

eSecurity Planet

DECEMBER 3, 2021

Here are the top Twitter accounts to follow for the latest commentary, research, and much-needed humor in the ever-evolving information security space. Brian Krebs is an independent investigative reporter known for his coverage of technology, malware , data breaches , and cybercrime developments. Bruce Schneier | @schneierblog.

Accountability

Accountability Cybersecurity Penetration Testing InfoSec

Hundreds of C-level executives credentials available for $100 to $1500 per account

Security Affairs

NOVEMBER 28, 2020

The news reported by ZDnet is not surprising, I have discovered several times such kind of offer, but it is important to raise awareness on the cybercrime-as-a-service model that could rapidly enable threat actors to carry out malicious activities. Exploit.in

Accountability

Accountability Cybercrime Hacking Retail

DOJ indicts Fxmsp hacker for selling access to hacked businesses

Security Affairs

JULY 8, 2020

Turchin obtained credentials to target networks by launching spear-phishing attacks and brute-forcing the passwords of remote desktop servers exposed online. Once the hacker gained access to the network, the deployed password-stealing malware and remote access trojans (RATs) to harvest credentials and establish persistence in the system.

Hacking

Hacking Antivirus Advertising Cybercrime

Vast Voter Data Leaks Cast Shadow Over Indonesia ’s 2024 Presidential Election

Security Affairs

JANUARY 12, 2024

Thus, Resecurity is specifically concerned that both foreign and domestic threat actors may exploit the sensitive personally identifying information (PII) of Indonesian voters obtained from various network intrusions to stage targeted information-warfare campaigns during the 2024 Indonesian election and beyond.

Identity Theft

Identity Theft Cyber threats Marketing Risk

Australian man charged with creating and selling the Imminent Monitor spyware

Security Affairs

AUGUST 1, 2022

The Australian Federal Police (AFP) launched an investigation into the case, codenamed Cepheus, in 2017 after it received information about a “suspicious RAT” from cybersecurity firm Palo Alto Networks and the U.S. The authorities believe the man earned between $300,000 and $400,000 from selling the malware.

Spyware

Spyware Malware Cybercrime Hacking

U.S. authorities sanction six Nigerian nationals for BEC and Romance Fraud

Security Affairs

JUNE 20, 2020

The crooks exploited online tools and technology along with social engineering tactics to target the victims and steal usernames, passwords, and bank accounts. From September 2015 to June 2017, Olorunyomi and an accomplice engaged in a romance fraud scheme that resulted in losses of more than $1 million. Pierluigi Paganini.

Social Engineering

Social Engineering Scams Small Business Banking

Unveiling the Balada injector: a malware epidemic in WordPress

Security Affairs

JUNE 14, 2023

Cybersecurity firm Sucuri has been tracking Balada Injector activity since 2017 but has only recently given this long-running campaign its name. Balada activity has been associated with well over 100 unique domains since 2017. Organizations should also enforce a strong password policy (complexity, 16+ characters, etc.),

Malware

Malware DNS Software Penetration Testing

Microsoft warns of growing DoppelPaymer Ransomware threat

Security Affairs

NOVEMBER 21, 2019

Use a safe and password-protected internet connection. The TA505 cybercrime group that is known for the distribution of the Dridex Trojan and the Locky ransomware , in mid-2017 released the BitPaymer ransomware (aka FriedEx) that was used in attacks against high profile targets and organizations.

Ransomware

Ransomware Social Engineering Malware Advertising

Black Hat Asia 2022 Continued: Cisco Secure Integrations

Cisco Security

MAY 27, 2022

CyberCrime Tracker. Since 2017 (starting in Black Hat USA – Las Vegas), Cisco Umbrella has provided DNS security to the Black Hat attendee network, added layers of traffic visibility previously not seen. Now, logging into Meraki only requires an email address and no password or additional DUO push. alphaMountain.ai

Malware

Malware Accountability DNS Technology

Detecting and Preventing Insider Threats in the Cloud

McAfee

SEPTEMBER 19, 2019

For example, in a recent lawsuit that Google subsidiary Waymo filed against Uber in February 2017, the company alleges that a former Google employee downloaded 14,000 sensitive documents related to self-driving car technology before leaving the company. The Global State of Information Security Survey 2018. Sources: 1.

Threat Detection

Threat Detection Accountability Risk Data breaches

Corporate Involvement in International Cybersecurity Treaties

Schneier on Security

MAY 6, 2022

Since he first gave a speech on the topic in 2017, Microsoft President Brad Smith has become almost synonymous with the term “Digital Geneva Convention.” It’s not real to the older military veterans, or to the even older politicians who confuse Facebook with TikTok and use the same password for everything.

Cybersecurity

Cybersecurity Government Internet Internet

FBI: Compromised US academic credentials available on various cybercrime forums

Admins of Genesis Market marketplace sold their infrastructure on a hacker forum

Webinars

Trending Sources

LeakedSource Owner Quit Ashley Madison a Month Before 2015 Hack

Webinars

TA547 targets German organizations with Rhadamanthys malware

EnemyBot malware adds new exploits to target CMS servers and Android devices

A new Zerobot variant spreads by exploiting Apache flaws

Defiant Tech firm who operated LeakedSource pleads guilty

Ticketmaster will pay $10 Million fine over hacking a competitor

Data from Sephora and StreetEasy data breaches added to HIBP

Enemybot, a new DDoS botnet appears in the threat landscape

Harvard Business Publishing licensee hit by ransomware

NightLion hacker is selling details of 142 million MGM Resorts hotel guests

Two PoS Malware used to steal data from more than 167,000 credit cards

Developer of DDoS Mirai based botnets sentenced to prison

Creator of multiple IoT botnets, including Satori, pleaded guilty

Delaware County, Pennsylvania, opted to pay 500K ransom to DoppelPaymer gang

China-linked APT10 Target Taiwan’s financial trading industry

One of the hackers behind EtherDelta hack also involved in TalkTalk hack

Security Affairs newsletter Round 318

LockBit gang demands a $70 million ransom to the semiconductor manufacturing giant TSMC

Russian author of NeverQuest banking malware gets 4 Years in U.S. Prison

Group-IB experts record a massive surge of user data leaks form cryptocurrency exchanges

Exposed: the threat actors who are poisoning Facebook

Fxmsp: the untold story of infamous seller of access to corporate networks who made at least USD 1.5 mln

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

Cybercriminal greeners from Iran attack companies worldwide for financial gain

Group-IB: More than 70% of Russian banks are not ready for cyberattacks

10 Mobile Encryption Apps for Digital Privacy Protection

Ransomware Revival: Troldesh becomes a leader by the number of attacks

Texas man sentenced to 145 months in federal prison for hacking Los Angeles Superior Court

Top Cybersecurity Accounts to Follow on Twitter

Hundreds of C-level executives credentials available for $100 to $1500 per account

DOJ indicts Fxmsp hacker for selling access to hacked businesses

Vast Voter Data Leaks Cast Shadow Over Indonesia ’s 2024 Presidential Election

Australian man charged with creating and selling the Imminent Monitor spyware

U.S. authorities sanction six Nigerian nationals for BEC and Romance Fraud

Unveiling the Balada injector: a malware epidemic in WordPress

Microsoft warns of growing DoppelPaymer Ransomware threat

Black Hat Asia 2022 Continued: Cisco Secure Integrations

Detecting and Preventing Insider Threats in the Cloud

Corporate Involvement in International Cybersecurity Treaties

Stay Connected