Krebs on Security

JULY 25, 2023

Now new findings reveal that AVrecon is the malware engine behind a 12-year-old service called SocksEscort , which rents hacked residential and small business devices to cybercriminals looking to hide their true location online. Image: Lumen’s Black Lotus Labs. Usually, these users have no idea their systems are compromised.

Malware 203

Malware VPN Internet Internet 203

Security Affairs

JANUARY 1, 2022

Which are the most-read cyber stories of 2021? The popular whistleblower Edward Snowden recommends customers of ExpressVPN VPN service to stop using it. billion login credentials, has been leaked on a popular hacking forum. Hacking Nespresso machines to have unlimited funds to purchase coffee. ransomware attack.

Hacking 97

Hacking VPN Passwords Ransomware 97

Security Affairs

JANUARY 21, 2024

Admin of the BreachForums hacking forum sentenced to 20 years supervised release Russia-linked Midnight Blizzard APT hacked Microsoft corporate emails VF Corp December data breach impacts 35 million customers China-linked APT UNC3886 exploits VMware zero-day since 2021 Ransomware attacks break records in 2023: the number of victims rose by 128% U.S.

Artificial Intelligence 98

Artificial Intelligence VPN Hacking Firewall 98

Security Affairs

NOVEMBER 8, 2023

Chatham-Kent Health Alliance reported that threat actors had access to data belonging to 1446 employees who worked in the hospital as of February 2021. In October, CISA, the FBI, and the Department of Health and Human Services (HHS) warned that the Daixin Team cybercrime group is actively targeting U.S.

Ransomware 115

Ransomware Healthcare VPN Insurance 115

Krebs on Security

JULY 18, 2022

911 says its network is made up entirely of users who voluntarily install its “free VPN” software. In this scenario, users indeed get to use a free VPN service, but they are often unaware that doing so will turn their computer into a proxy that lets others use their Internet address to transact online. “The 911[.]re

VPN 304

VPN Computers and Electronics Antivirus Software 304

Malwarebytes

MARCH 15, 2021

In addition, we tune in to a special presentation from Adam Kujawa about the 2021 State of Malware report , which analyzed the top cybercrime goals of 2020 amidst the global pandemic. The post The Malwarebytes 2021 State of Malware report: Lock and Code S02E04 appeared first on Malwarebytes Labs.

Malware 58

Malware VPN Cybercrime Encryption 58

Security Affairs

DECEMBER 14, 2023

anti-cybercrime (Ofac).” The authorities reported that from June 2021 through at least November 2022, threat actors targeted a wide range of businesses and critical infrastructure sectors, including Government Facilities, Communications, Critical Manufacturing, Information Technology, and especially Healthcare and Public Health (HPH).

Ransomware 115

Ransomware Cryptocurrency Cybercrime VPN 115

Security Affairs

JANUARY 12, 2022

The RedLine malware allows operators to steal several information, including credentials, credit card data, cookies, autocomplete information stored in browsers, cryptocurrency wallets, credentials stored in VPN clients and FTP clients. 2021-11-26 04:34:54 2021-11-26 10:05:15 149.154.167.91 154.167.91 Pierluigi Paganini.

Malware 133

Malware Manufacturing Cryptocurrency Cybercrime 133

Security Affairs

MAY 9, 2021

Experts found critical authentication bypass flaw in HPE Edgeline Infrastructure Manager UNC2529, a new sophisticated cybercrime gang that targets U.S. Experts found critical authentication bypass flaw in HPE Edgeline Infrastructure Manager UNC2529, a new sophisticated cybercrime gang that targets U.S. Pierluigi Paganini.

Data breaches 89

Data breaches DDOS VPN Hacking 89

Security Affairs

AUGUST 26, 2021

Threat actors are targeting Pulse Connect Secure VPN devices exploiting multiple flaws, including CVE-2021-22893 and CVE-2021-22937. CVE-2021-22893 is a buffer overflow issue in Pulse Connect Secure Collaboration Suite prior b9.1R11.4 SecurityAffairs – hacking, Pulse Secure). The flaw received a CVSS score of 9.1,

Malware 130

Malware VPN Authentication Hacking 130

Security Affairs

JANUARY 14, 2022

The gang was also providing VPN-like services used by other cybercriminal organizations to carry out malicious activities used to deliver malware to the target organization. SecurityAffairs – hacking, IKEA). Source SSU. ” continues the press release. ” continues the press release. Pierluigi Paganini.

Ransomware 115

Ransomware DDOS Telecommunications Malware 115

Security Affairs

SEPTEMBER 8, 2021

The ransomware group has been active since August 2021 and implement a double extortion model like other gangs. SongBird also created a post on the RAMP forum that includes a link to a file containing the Fortinet VPN accounts. SecurityAffairs – hacking, Groove gang). 2,959 out of 22,500 victims are US entities.

VPN 93

VPN Ransomware Hacking Accountability 93

Krebs on Security

APRIL 18, 2023

Riley Kilmer is co-founder of Spur.us , a company that tracks thousands of VPN and proxy networks, and helps customers identify traffic coming through these anonymity services. ” MRMURZA Faceless is a project from MrMurza , a particularly talkative member of more than a dozen Russian-language cybercrime forums over the past decade.

Malware 234

Malware Passwords Accountability Advertising 234

Security Affairs

JULY 14, 2023

Lumen Black Lotus Labs uncovered a long-running hacking campaign targeting SOHO routers with a strain of malware dubbed AVrecon. The malware was spotted the first time in May 2021, but has been operating under the radar for more than two years. “Based on information associated with their x.509 ” continues the report.

Malware 83

Malware Advertising Cybercrime Passwords 83

Security Affairs

JULY 18, 2021

Read more at [link] #Cybersecurity #InfoSec #Ransomware — US-CERT (@USCERT_gov) July 15, 2021. Other groups targeted known vulnerabilities in SonicWall devices in the past, such as the UNC2447 cybercrime gang that exploited the CVE-2021-20016 zero-day bug in SonicWall SMA 100 Series VPN appliances to deliver the FiveHands ransomware.

Ransomware 117

Ransomware Firmware Mobile InfoSec 117

Security Affairs

AUGUST 8, 2021

Ivanti fixed a critical code execution issue in Pulse Connect Secure VPN RansomEXX ransomware leaks files stolen from Italian luxury brand Zegna VMware addresses critical flaws in its products CVE-2021-20090 actively exploited to target millions of IoT devices worldwide RansomEXX ransomware hit computer manufacturer and distributor GIGABYTE.

VPN 99

VPN Ransomware Manufacturing IoT 99

Security Affairs

JUNE 20, 2021

SecurityAffairs – hacking, newsletter ). Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the international press subscribe here. Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Data breaches 100

Data breaches DDOS Small Business Ransomware 100

Security Affairs

JULY 9, 2021

The systems at the company were infected with the Phoenix Locker, a variant of ransomware tracked as Hades that was part of the arsenal of the cybercrime group known as Evil Corp. “The investigation revealed that the threat actor accessed certain CNA systems at various times from March 5, 2021 to March 21, 2021.

Data breaches 142

Data breaches Insurance Ransomware Identity Theft 142

Security Affairs

DECEMBER 18, 2022

SecurityAffairs – hacking, newsletter). Samba addressed multiple high-severity vulnerabilities Former Twitter employee sentenced to 3.5 years in jail for spying on behalf of Saudi Arabia Social Blade discloses security breach Data of 5.7M Samba addressed multiple high-severity vulnerabilities Former Twitter employee sentenced to 3.5

Data breaches 93

Data breaches Hacking DDOS VPN 93

Security Affairs

APRIL 19, 2024

The Volt Typhoon group has been active since at least mid-2021 it carried out cyber operations against critical infrastructure. A Chinese Foreign Ministry spokesperson recently stated that the Volt Typhoon activity is not associated with Beijing, but linked it to a cybercrime operation.

Energy and Utilities 99

Energy and Utilities Telecommunications Technology VPN 99

Security Affairs

DECEMBER 31, 2021

The RedLine malware allows operators to steal several information, including credentials, credit card data, cookies, autocomplete information stored in browsers, cryptocurrency wallets, credentials stored in VPN clients and FTP clients. Internationally sourced data, exfiltrated in Sept and Aug 2021. Pierluigi Paganini.

Accountability 133

Accountability Malware Data breaches Passwords 133

Security Affairs

JULY 6, 2022

.” These upgrades prove that Hive is one of the fastest evolving ransomware families in the cybercrime ecosystem. The Hive ransomware operation has been active since June 2021, it provides Ransomware-as-a-Service Hive and adopts a double-extortion model threatening to publish data stolen from the victims on their leak site (HiveLeaks).

Encryption 117

Encryption Ransomware Cybercrime Malware 117

Security Affairs

DECEMBER 3, 2022

SecurityAffairs – hacking, newsletter). Follow me on Twitter: @securityaffairs and Facebook and Mastodon. Pierluigi Paganini. The post Security Affairs newsletter Round 396 appeared first on Security Affairs.

Spyware 94

Spyware Data breaches VPN Hacking 94

Krebs on Security

DECEMBER 3, 2021

Since the beginning of 2020, Babam has set up numerous auctions on the Russian-language cybercrime forum Exploit , mainly selling virtual private networking (VPN) credentials stolen from various companies. Verified was hacked at least twice in the past five years, and its user database posted online. com and wwwpexpay[.]com.

Ransomware 296

Ransomware Passwords Accountability Cybercrime 296

Krebs on Security

MAY 22, 2023

This email address is also connected to accounts on several Russian cybercrime forums, including “ __edman__ ,” who had a history of selling “logs” — large amounts of data stolen from many bot-infected computers — as well as giving away access to hacked Internet of Things (IoT) devices.

Scams 243

Scams DDOS Cryptocurrency Accountability 243

Security Affairs

JULY 31, 2022

The DawDropper apps are masqueraded as productivity and utility apps such as document scanners, VPN services, QR code readers, and call recorders. “In the latter part of 2021, we found a malicious campaign that uses a new dropper variant that we have dubbed as DawDropper. SecurityAffairs – hacking, Android).

Banking 118

Banking Malware VPN Hacking 118

Security Affairs

JANUARY 26, 2023

The authorities reported that from June 2021 through at least November 2022, threat actors targeted a wide range of businesses and critical infrastructure sectors, including Government Facilities, Communications, Critical Manufacturing, Information Technology, and especially Healthcare and Public Health (HPH).

Ransomware 92

Ransomware VPN Manufacturing Healthcare 92

Security Affairs

JANUARY 23, 2022

SecurityAffairs – hacking, newsletter). If you want to also receive for free the newsletter with the international press subscribe here. from the Lympo NTF platform. from the Lympo NTF platform. Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

VPN 80

VPN Ransomware Spyware DDOS 80

Security Affairs

AUGUST 10, 2022

Free-net-vpn and Free-net-vpn2 are malicious packages developed to target environment variables. Free-net-vpn and Free-net-vpn2 are malicious packages that target environment variables. SecurityAffairs – hacking, PyPI). Test-async downloads and executes malicious payloads. Pierluigi Paganini.

VPN 95

VPN Passwords Cyber threats Software 95

Security Affairs

AUGUST 29, 2023

Citrix reported that successful exploitation requires that the appliance is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server. Then threat actors sent data as an image file to a web-accessible path: cp /var/tmp/test.tar.gz /netscaler/ns_gui/vpn/medialogininit.png. php) on victim machines.

VPN 105

VPN Ransomware DNS Malware 105

SecureList

NOVEMBER 23, 2021

Then we will go through the key events of 2021 relating to attacks on financial organizations. Analysis of forecasts for 2021. The COVID-19 pandemic is likely to cause a massive wave of poverty, and that invariably translates into more people resorting to crime, including cybercrime. We also saw attackers relying on 0-days.

Cryptocurrency 106

Cryptocurrency Banking Cybercrime Ransomware 106

Security Affairs

DECEMBER 22, 2022

The most recent variant spotted by Microsoft spreads by exploiting vulnerabilities in Apache and Apache Spark ( CVE-2021-42013 and CVE-2022-33891 respectively) and also supports new DDoS attack capabilities. SecurityAffairs – hacking, botnet). “Since the release of Zerobot 1.1, ” reads the analysis published by Microsoft.

IoT 116

IoT DDOS Malware Firmware 116

Security Affairs

MAY 17, 2022

The Facestealer spyware was first spotted on July 2021 by Dr. Web researchers, the development team behind the threat has frequently changed its code. Most of the malicious apps were VPN software (42), followed by Camera (20), and Photo Editing (13). The apps deceive users into subscribing to paid services or clicking on ads.

Spyware 90

Spyware Cryptocurrency VPN Malware 90

Security Affairs

JULY 31, 2023

The AVRecon botnet relies on compromised small office/home office (SOHO) routers since at least May 2021. 509 certificates, we assess that some of these second stage C2s have been active since at least October 2021. The researchers identified 41,000 nodes communicating with second-stage C2s within a 28-day window.

Malware 92

Malware Small Business Advertising Passwords 92

Security Affairs

NOVEMBER 14, 2021

SecurityAffairs – hacking, newsletter). Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here. Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Spyware 53

Spyware Data breaches Ransomware Retail 53

Security Affairs

OCTOBER 25, 2022

The Hive ransomware operation has been active since June 2021, it provides Ransomware-as-a-Service Hive and adopts a double-extortion model threatening to publish data stolen from the victims on their leak site (HiveLeaks). SecurityAffairs – hacking, Tata Power). key files. Follow me on Twitter: @securityaffairs and Facebook.

Ransomware 89

Ransomware Data breaches Cyber Attacks Engineering 89

SecureWorld News

JUNE 8, 2021

Department of Justice (DOJ) made a surprise announcement this week: it was able to recover more than $2 million worth of ransom money Colonial Pipeline paid to a cybercrime gang. Colonial Pipeline's CEO made the decision to pay the ransom just hours after learning of the May 7, 2021, attack against the company. How did the U.S.

Ransomware 111

Ransomware Passwords VPN Accountability 111