2019, Cybercrime, Information Security and Passwords

UNC2465 cybercrime group launched a supply chain attack on CCTV vendor

Security Affairs

JUNE 17, 2021

UNC2465 cybercrime group that is affiliated with the Darkside ransomware gang has infected with malware the website of a CCTV camera vendor. ” The SMOKEDHAM backdoor was associated by FireEye to the activity of the UNC2465 group that dates back to at least April 2019 and is considered a DARKSIDE RaaS affiliate.

Cybercrime

Cybercrime Ransomware Antivirus Software

The ‘Groove’ Ransomware Gang Was a Hoax

Krebs on Security

NOVEMBER 2, 2021

22 on RAMP , a new and fairly exclusive Russian-language darknet cybercrime forum. ” In the first week of September, Groove posted on its darknet blog nearly 500,000 login credentials for customers of Fortinet VPN products, usernames and passwords that could be used to remotely connect to vulnerable systems. .”

Ransomware

Ransomware Cybercrime VPN Media

CVE-2019-1132 Windows Zero-Day exploited by Buhtrap Group in government attack

Security Affairs

JULY 11, 2019

The CVE-2019-1132 flaw addressed by Microsoft this month was exploited by Buhtrap threat actor to target a government organization in Eastern Europe. Microsoft Patch Tuesday updates for July 2019 address a total of 77 vulnerabilities, including two privilege escalation flaws actively exploited in the wild. ” continues the report.

Government

Government Advertising Passwords Banking

Raccoon Malware, a success case in the cybercrime ecosystem

Security Affairs

FEBRUARY 24, 2020

The Raccoon stealer was first spotted in April 2019, it was designed to steal victims’ credit card data, email credentials, cryptocurrency wallets, and other sensitive data. And this goes beyond usernames and passwords to information that can get them immediate financial gain like credit card information and cryptocurrency wallets.”

Cybercrime

Cybercrime Malware Cryptocurrency Advertising

New GoDaddy data breach impacted 1.2 million customers

Security Affairs

NOVEMBER 22, 2021

.” said Demetrius Comes, GoDaddy’s Chief Information Security Officer. Using a compromised password, an unauthorized third party accessed the provisioning system in our legacy code base for Managed WordPress.” The original WordPress Admin password that was set at the time of provisioning was exposed.

Data breaches

Data breaches Passwords Accountability Phishing

New Version of Meduza Stealer Released in Dark Web

Security Affairs

DECEMBER 29, 2023

On Christmas Eve, Resecurity’s HUNTER unit spotted the author of perspective password stealer Meduza has released a new version (2.2). Presently, Meduza password stealer supports Windows Server 2012/2016/2019/2022 and Windows 10/11.

Password Management

Password Management Cryptocurrency Passwords Authentication

US Feds arrested two men involved in the Warzone RAT operation

Security Affairs

FEBRUARY 12, 2024

. “According to court documents authorizing the seizures, the Warzone RAT provided cybercriminals the ability to browse victim file systems, take screenshots, record keystrokes, steal victim usernames and passwords, and watch victims through their web cameras, all without the victims’ knowledge or permission.”

Malware

Malware Hacking Cybercrime Advertising

Iranian threat actors attempt to buy stolen data of US organizations, FBI warns

Security Affairs

NOVEMBER 11, 2021

The Federal Bureau of Investigation (FBI) issued a private industry notification (PIN) to warn private industry partners that Iran-linked threat actors are attempting to buy stolen information belonging to US businesses and organizations abroad. ” reads an excerpt from the alert shared by TheRecord.

VPN

VPN Cybercrime Passwords Firewall

Dutch Police arrests 3 men involved in a massive extortion scheme. One of them is an ethical hacker

Security Affairs

FEBRUARY 27, 2023

Compromised data include names, addresses, telephone numbers, dates of birth, bank account numbers, credit cards, passwords, license plates, citizen service numbers or passport data. “You don’t just get access to information at DIVD, so he played it very cleverly,” the anonymous source told NOS.

Cybercrime

Cybercrime Identity Theft Hacking Scams

European police arrested tens of members of two SIM Hijacking Gangs

Security Affairs

MARCH 13, 2020

European authorities dismantled two cybercrime organizations responsible for stealing millions through SIM hijacking. European authorities managed to dismantle the operations of two cybercrime gangs responsible for stealing millions through SIM hijacking. SecurityAffairs – SIM Hijacking, cybercrime). million). .

Banking

Banking Cybercrime Mobile Accountability

NightLion hacker is selling details of 142 million MGM Resorts hotel guests

Security Affairs

JULY 14, 2020

The MGM Resorts 2019 data breach is much larger than initially thought, a hacker is offering for sale details of 142 million MGM hotel guests on the dark web. Bad news for the guests of the MGM Resorts, the 2019 data breach suffered by the company is much larger than initially reported. ” reported ZDNet.

Data breaches

Data breaches Advertising Hacking Cybercrime

Experts detailed a previously undetected VMware ESXi backdoor

Security Affairs

DECEMBER 13, 2022

CVE-2019-5544 and CVE-2020-3992 ) in ESXi’s OpenSLP service. The webserver accepts password-protected POST requests from the attackers, each request can include a base-64 encoded command payload or launch a reverse shell on the host. “The hashed password in vmtools.py local.sh , which is executed at startup.

Passwords

Passwords Hacking Cybercrime Information Security

Samsung suffered a new data breach

Security Affairs

NOVEMBER 16, 2023

Samsung Electronics suffered a data breach that exposed the personal information of some of its customers to an unauthorized individual. The security breach was discovered on November 13, 2023, and impacted customers who made purchases from the Samsung UK online store between July 1, 2019, and June 30, 2020.

Data breaches

Data breaches eCommerce Hacking Authentication

Silent Night Zeus botnet available for sale in underground forums

Security Affairs

MAY 23, 2020

The source code of the Zeus Trojan is available in the cybercrime underground since 2011 allowing crooks to develop their own release since. On Dec 23 2019, this variant of Zloader was observed being distributed by the RIG Exploit Kit, experts observed small campaigns, likely for testing purposes.

Banking

Banking Advertising Malware Cybercrime

Retro video game website Emuparadise suffered a data breach

Security Affairs

JUNE 10, 2019

HIBP received the data from dehashed.com on June 9th, 2019, exposed info includes mail addresses, IP address, usernames and passwords stored as salted MD5 hashes. million email addresses, IP address, usernames and passwords stored as salted MD5 hashes. . ” states Have I Been Pwned.

Data breaches

Data breaches Advertising Cybercrime Passwords

Data from Sephora and StreetEasy data breaches added to HIBP

Security Affairs

OCTOBER 7, 2019

The StreetEasy data breach took place in the mid-2016 and exposed 988k records that included names, usernames, email addresses and SHA-1 password hashes. The data has been available for sale in the cybercrime underground since February. Impacted data includes names, usernames, email addresses and SHA-1 password hashes.

Data breaches

Data breaches Passwords Advertising Cybercrime

A new wave of ech0raix ransomware attacks targets QNAP NAS devices

Security Affairs

DECEMBER 27, 2021

“It is important to note that there is a free decryptor for files locked with an older version (before July 17th, 2019) of eCh0raix ransomware. The Taiwanese vendor was informed of ongoing eCh0raix ransomware attacks that infected QNAP NAS devices using weak passwords. TXTT” extension. 024 ($1,200) up to.06 and 1.0.6).”

Ransomware

Ransomware Encryption Manufacturing Hacking

LeakedSource Owner Quit Ashley Madison a Month Before 2015 Hack

Krebs on Security

JULY 18, 2023

In 2019, a Canadian company called Defiant Tech Inc. com , a service that sold access to billions of passwords and other data exposed in countless data breaches. LeakedSource was advertised on a number of popular cybercrime forums as a service that could help hackers break into valuable or high-profile accounts.

Hacking

Hacking Accountability Data breaches Marketing

New eCh0raix ransomware variant targets NAS devices from both QNAP and Synology vendors

Security Affairs

AUGUST 10, 2021

The eCh0raix ransomware has been active since at least 2019, when eExperts from security firms Intezer and Anomali separately discovered sample of the ransomware targeting Network Attached Storage (NAS) devices. The Taiwanese vendor was informed of ongoing eCh0raix ransomware attacks that infected QNAP NAS devices using weak passwords.

Ransomware

Ransomware Encryption Firmware Passwords

Dariy Pankov, the NLBrute malware author, pleads guilty

Security Affairs

SEPTEMBER 15, 2023

The man listed the credentials of more than 35,000 compromised computers for sale and according to the investigators, he obtained more than $350,000 in illicit proceeds between 2016 and 2019. The powerful malware was capable of compromising protected computers by decrypting login credentials, such as passwords.

Malware

Malware Marketing Passwords Hacking

Mozi P2P Botnet also targets Netgear, Huawei, and ZTE devices

Security Affairs

AUGUST 20, 2021

Mozi is an IoT botnet that borrows the code from Mirai variants and the Gafgyt malware , it appeared on the threat landscape in late 2019. According to the researchers, in the last months of 2019, the botnet was mainly involved in DDoS attacks. Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

IoT

IoT DNS Manufacturing Firmware

TrueFire Guitar tutoring website was hacked, financial data might have been exposed

Security Affairs

MARCH 18, 2020

While we do not store credit card information on our website, it appears that the unauthorized person gained access to the website and could have accessed the data of consumers who made payment card purchases while that data was being entered, between August 3, 2019 and January 14, 2020.” SecurityAffairs – TrueFire, cybercrime).

Hacking

Hacking Data breaches Advertising Accountability

CERT France – Pysa ransomware is targeting local governments

Security Affairs

MARCH 19, 2020

” According to the experts, the first infections were observed in late 2019, victims reported their files were encrypted by a strain of malware. “ “The password database was leaked shortly before the attack. SecurityAffairs – Pysa ransomware, cybercrime). The malicious code appended the extension.

Government

Government Ransomware Encryption Penetration Testing

NetWalker ransomware operators have made $25 million since March 2020

Security Affairs

AUGUST 4, 2020

NetWalker ransomware operators continue to be very active, according to McAfee the cybercrime gang has earned more than $25 million since March 2020. The malware has been active at least since August 2019, over the months the NetWalker ransomware was made available through a ransomware-as-a-service (RaaS) model attracting criminal affiliates.

Ransomware

Ransomware VPN Cybercrime Advertising

Dissecting the malicious arsenal of the Makop ransomware gang

Security Affairs

MARCH 14, 2023

Figure.NET flags (left) and obfuscation pattern (right) The tool is designed for two main purposes: generating comb lists of local windows user names and potential passwords, and testing them locally. The tool is able to automatically retrieve local users from groups, filter for administration, and then test the password.

Ransomware

Ransomware Software System Administration Encryption

Two PoS Malware used to steal data from more than 167,000 credit cards

Security Affairs

OCTOBER 25, 2022

The crooks did not use sophisticated techniques to compromise the targets, they were able to gain access to the PoS systems through brute-force attacks on Virtual Network Computing (VNC) and Remote Desktop Protocol (RDP) services protected by easy-to-guess passwords. in” by the user cartonash.

Malware

Malware Cybercrime Banking Marketing

Law enforcement agencies dismantled the illegal botnet proxy service IPStorm

Security Affairs

NOVEMBER 15, 2023

The IPStorm botnet was first uncovered in May 2019 while targeting Windows systems, not experts from Intezer reported that the bot evolved to infect other platforms, including Android, Linux, and Mac devices. Makinin controlled these infected devices as part of an extensive botnet, which is a network of compromised devices.”

Hacking

Hacking Cryptocurrency Cyber Attacks Advertising

Customers of 7-Eleven Japan lost $500,000 due to a flaw in the mobile app

Security Affairs

JULY 7, 2019

Cyber criminals have exploited an unproperly implemented password reset process in 7-Eleven to make unwanted charges on 900 customers’ accounts. “Knowing the email address, date of birth, and phone number, it turned out that a third party could change the 7pay 7-Eleven app password. 7-Eleven Inc.

Mobile

Mobile Passwords Accountability Advertising

Highly evasive cryptocurrency miner targets macOS

Security Affairs

FEBRUARY 24, 2023

. “We observed that the torrent was uploaded by a user with a yearslong track record of uploading pirated macOS software torrents, many of which were among the most widely shared versions for their respective titles” The Jamf’s report revealed that the tainted app was distributed through Pirate Bay since at least 2019.

Cryptocurrency

Cryptocurrency Malware Software Passwords

A disgruntled developer is the alleged source of the leak of the Lockbit 3.0 builder

Security Affairs

SEPTEMBER 22, 2022

The gang has been active since at least 2019 and today it is one of the most active ransomware gangs. The builder is contained in a password-protected 7z archive, “LockBit3Builder.7z,” The latest version of the encryptor, version 3.0 , was released by the gang in June. According to the gang, LockBit 3.0 Ransomware.

Ransomware

Ransomware Hacking Passwords Accountability

A new Zerobot variant spreads by exploiting Apache flaws

Security Affairs

DECEMBER 22, 2022

Experts observed the bot attempting to gain access to the device by using a combination of eight common usernames and 130 passwords for IoT devices over SSH and telnet on ports 23 and 2323. Adopt a comprehensive IoT security solution. Zerobot was also observed spreading by exploiting dozens of vulnerabilities, the version Zerobot 1.1

IoT

IoT DDOS Malware Firmware

Maastricht University finally paid a 30 bitcoin ransom to crooks

Security Affairs

FEBRUARY 9, 2020

In December 2019, Maastricht University (UM) announced that ransomware infected almost all of its Windows systems on December 23. “Since the cyber attack on 23 December 2019, UM has been working hard: on the one hand, to repair the damage and, on the other hand, to make education and research p ossible again as soon as p ossible.”

Ransomware

Ransomware Cyber Attacks Architecture Backups

New Linux malware targets WordPress sites by exploiting 30 bugs

Security Affairs

DECEMBER 30, 2022

WordPress Ultimate FAQ (vulnerabilities CVE-2019-17232 and CVE-2019-17233). The researchers recommend admins of WordPress sites to keep all the components of the CMS up-to-date, and also urge to use strong and unique logins and passwords for their accounts. Total Donations Plugin. Post Custom Templates Lite. WP Live Chat.

Malware

Malware Hacking Accountability Phishing

Telehealth: A New Frontier in Medicine—and Security

SecureList

FEBRUARY 1, 2022

times against 2019. This was based on an analysis of information published on the dark web. In 2021, HIPAA noted 642 data leaks from medical organizations versus 512 in 2019. Let’s see if there are any informational security issues with these wearables. Source: HIPAA Journal.

Phishing

Phishing Healthcare IoT Authentication

Ransomware Revival: Troldesh becomes a leader by the number of attacks

Security Affairs

NOVEMBER 19, 2019

Ransomware accounted for over half of all malicious mailings in H1 2019, Troldesh aka Shade being the most popular tool among cybercriminals. The first half of 2019 saw a 10-fold increase in the number of password-protected objects, such as documents and archive files, being used to deliver malware. The revival of ransomware.

Ransomware

Ransomware Antivirus Malware Banking

Security Affairs newsletter Round 253

Security Affairs

MARCH 1, 2020

FBI recommends using passphrases instead of complex passwords. FireEye Mandiant M-Trends 2020 report: 500+ new Malware strains in 2019. Raccoon Malware, a success case in the cybercrime ecosystem. ObliqueRAT, a new malware employed in attacks on government targets in Southeast Asia. Lampion malware v2 February 2020.

Banking

Banking Malware Advertising Ransomware

Bitcoin Miner [oom_reaper] targets QNAP NAS devices

Security Affairs

DECEMBER 7, 2021

Use stronger passwords for your administrator and other user accounts. The Taiwanese vendor was informed of ongoing eCh0raix ransomware attacks that infected QNAP NAS devices using weak passwords. QNAP recommends customers the following actions to protect their devices: Update QTS or QuTS hero to the latest version.

Cryptocurrency

Cryptocurrency Ransomware Malware Passwords

Ragnar Locker ransomware group breached at least 52 organizations across 10 critical infrastructure sectors

Security Affairs

MARCH 8, 2022

The ransomware operation has been active since late December 2019, this is the second time that the FBI first shares IoC related to RagnarLocker operation, the FBI first became aware of this threat in April 2020. Secure your back-ups and ensure data is not accessible for modification or deletion from the system where the data resides.

Ransomware

Ransomware Financial Services VPN Passwords

Black Hat USA 2021 Network Operations Center

Cisco Security

AUGUST 12, 2021

We also deployed the profile to connect to the SSID reserved for the conference administration, by MAC address, with a unique sixteen-character password for each iPad, for connecting to the Commscope Ruckus access points. Threat Grid (Secure Malware Analytics). AMP for Endpoints (Secure Endpoint). CyberCrime Tracker.

DNS

DNS Firewall Phishing Mobile

The alleged author of NLBrute Malware was extradited to US from Georgia

Security Affairs

FEBRUARY 23, 2023

The powerful malware was capable of compromising protected computers by decrypting login credentials, such as passwords.” The man listed the credentials of more than 35,000 compromised computers for sale and according to the investigators, he obtained more than $350,000 in illicit proceeds between 2016 and 2019.

Malware

Malware Marketing Passwords Hacking

Ticketmaster will pay $10 Million fine over hacking a competitor

Security Affairs

JANUARY 2, 2021

The attacks aimed at stealing information to gain an advantage over CrowdSurge, which was acquired by Warner Music Group (WMG) in 2017. “Ticketmaster Used Passwords Unlawfully Retained by a Former Employee of a Competitor to Access Computer Systems in Scheme to “Choke Off” the Victim’s Business” wrote the DoJ.

Hacking

Hacking Passwords Accountability Cybercrime

Fxmsp: the untold story of infamous seller of access to corporate networks who made at least USD 1.5 mln

Security Affairs

JUNE 23, 2020

Fxmsp gained worldwide fame in May 2019, after it was reported that the networks belonging to leading antivirus software companies had been compromised. Fxmsp took his first steps in the cybercrime scene in September 2016 when he registered on an underground forum, fuckav[.]ru. Fxmsp’s public activity culminated in April 2019.

Antivirus

Antivirus Advertising Hacking Banking

EnemyBot malware adds new exploits to target CMS servers and Android devices

Security Affairs

MAY 30, 2022

The researchers attribute the botnet to the cybercrime group Keksec which focuses on DDoS-based extortion. It uses a list of hardcoded username/password combinations to login into devices in the attempt to access systems using weak or default credentials. The botnet targets multiple architectures, including arm, bsd, x64, and x86.

Malware

Malware DDOS IoT Cybercrime

LockBit ransomware gang claims to have stolen data from PayBito crypto exchange

Security Affairs

FEBRUARY 5, 2022

The group also claims to have stolen email and password hashes that can be easily decrypted due to the use of a “weak hash algorithm.” The LockBit ransomware gang has been active since September 2019, in June 2021 the group announced the LockBit 2.0 The group also stole the admin’s personal data.

Ransomware

Ransomware Cryptocurrency Hacking Advertising

UNC2465 cybercrime group launched a supply chain attack on CCTV vendor

The ‘Groove’ Ransomware Gang Was a Hoax

Trending Sources

CVE-2019-1132 Windows Zero-Day exploited by Buhtrap Group in government attack

Raccoon Malware, a success case in the cybercrime ecosystem

New GoDaddy data breach impacted 1.2 million customers

New Version of Meduza Stealer Released in Dark Web

US Feds arrested two men involved in the Warzone RAT operation

Iranian threat actors attempt to buy stolen data of US organizations, FBI warns

Dutch Police arrests 3 men involved in a massive extortion scheme. One of them is an ethical hacker

European police arrested tens of members of two SIM Hijacking Gangs

NightLion hacker is selling details of 142 million MGM Resorts hotel guests

Experts detailed a previously undetected VMware ESXi backdoor

Samsung suffered a new data breach

Silent Night Zeus botnet available for sale in underground forums

Retro video game website Emuparadise suffered a data breach

Data from Sephora and StreetEasy data breaches added to HIBP

A new wave of ech0raix ransomware attacks targets QNAP NAS devices

LeakedSource Owner Quit Ashley Madison a Month Before 2015 Hack

New eCh0raix ransomware variant targets NAS devices from both QNAP and Synology vendors

Dariy Pankov, the NLBrute malware author, pleads guilty

Mozi P2P Botnet also targets Netgear, Huawei, and ZTE devices

TrueFire Guitar tutoring website was hacked, financial data might have been exposed

CERT France – Pysa ransomware is targeting local governments

NetWalker ransomware operators have made $25 million since March 2020

Dissecting the malicious arsenal of the Makop ransomware gang

Two PoS Malware used to steal data from more than 167,000 credit cards

Law enforcement agencies dismantled the illegal botnet proxy service IPStorm

Customers of 7-Eleven Japan lost $500,000 due to a flaw in the mobile app

Highly evasive cryptocurrency miner targets macOS

A disgruntled developer is the alleged source of the leak of the Lockbit 3.0 builder

A new Zerobot variant spreads by exploiting Apache flaws

Maastricht University finally paid a 30 bitcoin ransom to crooks

New Linux malware targets WordPress sites by exploiting 30 bugs

Telehealth: A New Frontier in Medicine—and Security

Ransomware Revival: Troldesh becomes a leader by the number of attacks

Security Affairs newsletter Round 253

Bitcoin Miner [oom_reaper] targets QNAP NAS devices

Ragnar Locker ransomware group breached at least 52 organizations across 10 critical infrastructure sectors

Black Hat USA 2021 Network Operations Center

The alleged author of NLBrute Malware was extradited to US from Georgia

Ticketmaster will pay $10 Million fine over hacking a competitor

Fxmsp: the untold story of infamous seller of access to corporate networks who made at least USD 1.5 mln

EnemyBot malware adds new exploits to target CMS servers and Android devices

LockBit ransomware gang claims to have stolen data from PayBito crypto exchange

Stay Connected