Krebs on Security

APRIL 3, 2024

Roughly nine years ago, KrebsOnSecurity profiled a Pakistan-based cybercrime group called “ The Manipulaters ,” a sprawling web hosting network of phishing and spam delivery platforms. In 2019, The Manipulaters failed to renew their core domain name — manipulaters[.]com ” A number of questions, indeed.

Phishing 218

Phishing Cybercrime Malware Advertising 218

Security Affairs

OCTOBER 15, 2019

Chinese-speaking cybercrime gang Rocke that carried out several large-scale cryptomining campaigns, has now using news tactics to evade detection. Chinese-speaking cybercrime gang Rocke, that carried out several large-scale cryptomining campaigns in past , has now using news tactics to evade detection.

Cybercrime 64

Cybercrime DNS Malware Advertising 64

Security Affairs

JUNE 20, 2022

The developers behind the BRATA Android malware have implemented additional features to avoid detection. The operators behind the BRATA Android malware have implemented more features to make their attacks stealthy. “TAs are modifying their code in order to tailor their malware on specific banking institutions.

Malware 104

Malware Banking Antivirus Phishing 104

Security Affairs

DECEMBER 12, 2021

Russian national Oleg Koshkin was convicted in January for charges related to the operation of a malware crypting service used by the Kelihos botnet to obfuscate malware and evade detection. He has been in custody since 2019, when he was arrested in California. ” reads the press release published by DoJ.

Antivirus 93

Antivirus Malware Cybercrime Cyber threats 93

Krebs on Security

JULY 18, 2022

These services can be used in a legitimate manner for several business purposes — such as price comparisons or sales intelligence — but they are massively abused for hiding cybercrime activity because they can make it difficult to trace malicious traffic to its original source. “The 911[.]re Image: University of Sherbrooke.

VPN 300

VPN Computers and Electronics Antivirus Software 300

Security Affairs

JANUARY 6, 2023

Antivirus firm Bitdefender released a decryptor for the MegaCortex ransomware allowing its victims to restore their data for free. Antivirus firm Bitdefender released a decryptor for the MegaCortex ransomware , which can allow victims of the group to restore their data for free. The group typically asked ransoms between $20,000 to $5.8

Ransomware 98

Ransomware Antivirus Encryption Backups 98

Krebs on Security

SEPTEMBER 30, 2023

GandCrab dissolved in July 2019, and is thought to have become “ REvil ,” one of the most ruthless and rapacious Russian ransomware groups of all time. In April 2020, Truniger was banned from two of the top Russian cybercrime forums, where members from both forums confirmed that Semen7907 was one of Truniger’s known aliases.

Ransomware 215

Ransomware Accountability Cybercrime Backups 215

Security Affairs

AUGUST 3, 2020

He had no previous criminal records at the time of the arrest, but it is known to be a member of a cybercrime forum to become an affiliate for the GandCrab ransomware operation. He allegedly subscribed the GandCrab ransomware-as-a-service to create his own version of the malware and spread it running a spam campaign.

Ransomware 125

Ransomware Advertising Malware Hacking 125

Security Affairs

DECEMBER 29, 2019

Experts uncovered a new tool dubbed BIOLOAD used by the FIN7 cybercrime group used as a dropper for a new variant of the Carbanak backdoor. The BIOLOAD loader shares similarities with BOOSTWRITE , another loader associated with the FIN7 group that is able to drop the malware directly in memory. ” Fortinet concludes.

Cybercrime 64

Cybercrime Antivirus Identity Theft Advertising 64

Security Affairs

DECEMBER 26, 2022

Cybersecurity researchers exposed new evasion techniques adopted by an advanced malware downloader called GuLoader. CrowdStrike researchers d a detailed multiple evasion techniques implemented by an advanced malware downloader called GuLoader (aka CloudEyE ). ” reads the analysis published by CrowdStrike.

Malware 98

Malware Antivirus Hacking Cybersecurity 98

Security Affairs

APRIL 17, 2019

A new variant of the HawkEye data stealer emerges in the threat landscape as part of ongoing malware distribution campaigns. New malware campaigns leveraging a new variant of the HawkEye data stealer have been observed by experts at Talos. has been under active development since at least 2013. ” continues the analysis. .

Antivirus 87

Antivirus Malware Advertising Passwords 87

Security Affairs

NOVEMBER 19, 2019

Ransomware accounted for over half of all malicious mailings in H1 2019, Troldesh aka Shade being the most popular tool among cybercriminals. To bypass antivirus systems, hackers send out malicious emails in non-working hours with delayed activation. Another trend was disguising malware in emails. rar archive files.

Ransomware 72

Ransomware Antivirus Malware Banking 72

Security Affairs

APRIL 27, 2020

The cybercrime gang also apologized for the damages they have caused their victims. The Shade infections increased during October 2018, keeping a constant trend until the second half of December 2018, taking a break around Christmas, and then resuming in mid-January 2019 doubled in size.

Ransomware 126

Ransomware Advertising Antivirus Education 126

Krebs on Security

SEPTEMBER 6, 2021

In May 2015, KrebsOnSecurity briefly profiled “ The Manipulaters ,” the name chosen by a prolific cybercrime group based in Pakistan that was very publicly selling spam tools and a range of services for crafting, hosting and deploying malicious email. One of several current Fudtools sites run by The Manipulaters. FAIL BY NUMBERS.

Software 235

Software Phishing Cybercrime Accountability 235

Security Affairs

JANUARY 6, 2023

“The attack is similar to the one in the summer of 2019, when four other hospitals in Romania were targeted. In 2019 other four hospitals in Romania suffered ransomware attacks that were attributed to the PHOBOS extortion group. ” reported the website Romania Insider. I cannot say more at the moment.

Ransomware 90

Ransomware Antivirus Media Encryption 90

Security Affairs

SEPTEMBER 20, 2019

Cofense researchers spotted a phishing campaign that is targeting taxpayers in the United States to infect them with the Amadey malware. Security experts at Cofense uncovered a phishing campaign that is targeting taxpayers in the United States attempting to infect them with a new piece of malware named Amadey.

Phishing 85

Phishing Social Engineering Malware Advertising 85

Security Affairs

MARCH 17, 2021

According to the experts, the first infections were observed in late 2019, victims reported their files were encrypted by a strain of malware. Operators behind the Pysa ransomware, also employed a version of the PowerShell Empire penetration-testing tool, they were able to stop antivirus products. This new version used the.

Education 101

Education Ransomware Encryption Antivirus 101

Security Affairs

NOVEMBER 11, 2021

181024 CVE-2019-19824 TOTOLINK Realtek SDK based routers, this affects A3002RU through 2.0.0, BotenaGo was written in Golang (Go) and at the time of the report published by the experts, it had a low antivirus (AV) detection rate (6/62). “To deliver its exploit, the malware first queries the target with a simple “GET” request.

IoT 127

IoT Firmware Malware Wireless 127

Identity IQ

AUGUST 20, 2021

Truth be told: cybercrimes against students continue to rise, especially against those who report to university campuses and use university resources. According to BlueVoyant’s Cybersecurity in Higher Education 2021 report , ransomware attacks on colleges increased twofold between 2019 and 2020. Digital Security and Online Privacy.

Identity Theft 98

Identity Theft Passwords Education Banking 98

Security Affairs

DECEMBER 19, 2022

Botnet operators use to spread the malware via cracked or pirated software and pay-per-install (PPI) schemes. Researchers believe that at least five different merchants and exchanges were used to fund the Glupteba addresses since 2019. “For this campaign we were not able to find any samples for 3 of the addresses we gathered. .

DNS 103

DNS Antivirus Cryptocurrency Software 103

Security Affairs

MARCH 19, 2020

” According to the experts, the first infections were observed in late 2019, victims reported their files were encrypted by a strain of malware. Operators behind the Pysa ransomware, also employed a version of the PowerShell Empire penetration-testing tool, they were able to stop antivirus products. Pierluigi Paganini.

Government 112

Government Ransomware Encryption Penetration Testing 112

Security Affairs

JUNE 12, 2019

FireEye documented obfuscation techniques used by the group in June 2017 and the involvement of PUNCHTRACK POS-scraping malware. The ShellTea backdoor was analyzed by researchers Root9b in June 2017, the malware was used by threat actors to deliver the PoC malware. ” reads the analysis published by Morphisec.

Hacking 79

Hacking Malware Advertising Retail 79

Security Affairs

DECEMBER 26, 2022

Cybersecurity researchers exposed new evasion techniques adopted by an advanced malware downloader called GuLoader. CrowdStrike researchers d a detailed multiple evasion techniques implemented by an advanced malware downloader called GuLoader (aka CloudEyE ). ” reads the analysis published by CrowdStrike.

Malware 52

Malware Antivirus Hacking Cybersecurity 52

Security Affairs

APRIL 21, 2019

Locked Shields 2019 – Chapeau, France wins Cyber Defence Exercise. CVE-2019-0803 Windows flaw exploited to deliver PowerShell Backdoor. Analyzing OilRigs malware that uses DNS Tunneling. Operator of Codeshop Cybercrime Marketplace Sentenced to 90 months in prison. Blue Cross of Idaho data breach, 5,600 customers affected.

Computers and Electronics 63

Computers and Electronics Spyware Data breaches Advertising 63

Security Affairs

MARCH 18, 2023

.” The Lockbit gang has been active since at least 2019 and today it is one of the most active ransomware groups offering a Ransomware-as-a-Service (RaaS) model. ransomware is a modular malware that is more evasive than its previous versions, its shared similarities with Blackmatter and Blackcat ransomware. The LockBit 3.0

Ransomware 89

Ransomware Penetration Testing Encryption Accountability 89

Security Affairs

SEPTEMBER 16, 2019

The experts discovered that digital certificates are then used to spread malware, mainly adware. Threat actors sign their malware with legitimate digital certificates to avoid detection. The researchers provided evidence that the threat actors sold the purchased certificates to a cybercrime gang that used them to spread malware.

Adware 82

Adware Advertising Marketing Antivirus 82

Malwarebytes

MARCH 22, 2021

The PRODAFT Threat Intelligence Team has published a report (pdf) that gives an unusually clear look at the size and structure of organized cybercrime. It also found evidence of WastedLocker malware and other TTPs that matched with both EvilCorp and SolarWinds. EvilCorp is the name of a vast, international cybercrime network.

Cybercrime 125

Cybercrime Malware Social Engineering Marketing 125

Security Affairs

JUNE 23, 2020

Fxmsp gained worldwide fame in May 2019, after it was reported that the networks belonging to leading antivirus software companies had been compromised. Fxmsp took his first steps in the cybercrime scene in September 2016 when he registered on an underground forum, fuckav[.]ru. Fxmsp’s public activity culminated in April 2019.

Antivirus 92

Antivirus Advertising Hacking Banking 92

Krebs on Security

JULY 28, 2022

” Microleaves has long been classified by antivirus companies as adware or as a “potentially unwanted program” (PUP), the euphemism that antivirus companies use to describe executable files that get installed with ambiguous consent at best, and are often part of a bundle of software tied to some “free” download.

Advertising 212

Advertising Software Computers and Electronics Internet 212

Security Affairs

APRIL 10, 2019

SI-LAB detected hundreds of users that were impacted by this malware between March 18th and 26th of 2019. The last days of March 2019 are making headlines due to a targeted cyber attack involving a new variant of infamous EMOTET malware. CSIRT emite actualización de la Alerta de Ciberseguridad por Malware EMOTET.

Banking 62

Banking Malware Antivirus Cyber threats 62

The Last Watchdog

JUNE 21, 2020

Balaban This ransomware was doing the rounds over spam generated by the Gameover ZeuS botnet, which had been originally launched in 2011 as a toolkit for stealing victim’s banking credentials and was repurposed for malware propagation. Forward outlook Ransomware is a dynamic and increasingly hybrid segment of cybercrime.

Ransomware 243

Ransomware Hacking Encryption Penetration Testing 243

Security Affairs

JANUARY 26, 2020

Citrix releases permanent fixes for CVE-2019-19781 flaw in ADC 11.1 Malware attack took down 600 computers at Volusia County Public Library. Chinese hackers exploited a Trend Micro antivirus zero-day used in Mitsubishi Electric hack. Bot list with Telnet credentials for more than 500,000 servers and IoT devices leaked online.

Data breaches 80

Data breaches Advertising Antivirus DDOS 80

Security Affairs

AUGUST 28, 2019

The French police force, National Gendarmerie, announced to have neutralized the Retadup malware on over 850,000 computers taking over its C2 server. The operation allowed the France law enforcement agency to remotely disinfect more than 850,000 computers worldwide with the help of Avast malware researchers. Une #PremièreMondiale !

Malware 89

Malware Advertising Antivirus Cryptocurrency 89

Security Affairs

FEBRUARY 17, 2019

New Linux coin miner kills competing malware to maximize profits. Experts found a way to create a super-malware implanted in SGX-enclaves. Microsoft Patch Tuesday updates for February 2019 fixes IE Zero-Day. Experts spotted a new strain of Shlayer macOS Malware. Google open sourced the ClusterFuzz fuzzing platform.

Advertising 69

Advertising Antivirus Malware Backups 69

Spinone

OCTOBER 10, 2019

Their main focus is on cybercrime investigations. Threat Post Threat Post is a portal, with news about everything related to recurring cybersecurity themes: attacks, cloud security, malware and ransomware, vulnerabilities, and so on. Antivirus Software 2019 The primary focus of this blog is antivirus software.

Cybersecurity 56

Cybersecurity IoT Antivirus Education 56

Fox IT

NOVEMBER 16, 2020

TA505 is a sophisticated and innovative threat actor, with plenty of cybercrime experience, that engages in targeted attacks across multiple sectors and geographies for financial gain. In the Netherlands, TA505 is notorious for their involvement on the Maastricht University incident in December 2019. Introduction. TA505 Packer.

Malware 75

Malware Ransomware Encryption Cybercrime 75

IT Security Guru

JULY 19, 2021

Although cybercrime as a whole has seen a rise during the pandemic, arguably ransomware has been one of the more successful and lucrative attack types. Our own research report, the State of Encrypted Attacks Report 2020 , found that there had been a 500 per cent rise in ransomware compared to 2019.

Ransomware 96

Ransomware Digital transformation Antivirus DDOS 96