Krebs on Security

JANUARY 24, 2023

The plea comes just months after Emelyantsev was extradited from Bulgaria, where he told investigators, “America is looking for me because I have enormous information and they need it.” “Thanks to you, we are now developing in the field of information security and anonymity! Kloster’s blog enthused. “We

Cybercrime 227

Cybercrime Advertising IoT Malware 227

Security Affairs

MAY 1, 2023

T-Mobile disclosed the second data breach of 2023, threat actors had access to the personal information of hundreds of customers since February. T-Mobile suffered the second data breach of 2023, threat actors had access to the personal information of hundreds of customers starting in late February 2023.

Data breaches 67

Data breaches Mobile Identity Theft Accountability 67

Krebs on Security

NOVEMBER 16, 2023

In a 2,200-page report, Finnish authorities laid out how they connected the extortion spree to Kivimäki, a notorious hacker who was convicted in 2015 of perpetrating tens of thousands of cybercrimes, including data breaches, payment fraud, operating a botnet and calling in bomb threats.

Cybercrime 219

Cybercrime Hacking Data breaches Banking 219

BH Consulting

NOVEMBER 22, 2023

Among them were: attacks against critical infrastructure, increasing regulation, the need for empathy from security pros, and – naturally – AI. From the off, 2023 struck a more downbeat tone than last year’s edition. Stuxnet in 2010 was the first the most recent was CosmicEnergy in 2023.

Cybercrime 64

Cybercrime Technology Cybersecurity Engineering 64

CyberSecurity Insiders

APRIL 7, 2023

Here are the latest threats and advisories for the week of April 7, 2023. By John Weiler Threat Advisories and Alerts Websites Built with Elementor Pro and WooCommerce under Attack Millions of WordPress websites using the popular Elementor Pro website builder and the WooCommerce plugin have been exposed to a serious security vulnerability.

Encryption 52

Encryption Ransomware Marketing Cybercrime 52

Security Affairs

APRIL 24, 2023

EvilExtractor is a new “all-in-one” info stealer for Windows that is being advertised for sale on dark web cybercrime forums. com, malicious activity increased significantly in March 2023. EvilExtractor is a modular info-stealer, it exfiltrates data via an FTP service. . ” reads the report published by Fortinet.

Cybercrime 83

Cybercrime Malware Education Phishing 83

Security Affairs

APRIL 30, 2023

ViperSoftX uses more sophisticated encryption and anti-analysis techniques Atomic macOS Stealer is advertised on Telegram for $1,000 per month CISA warns of a critical flaw affecting Illumina medical devices OpenAI reinstates ChatGPT service in Italy after meeting Garante Privacy’s demands Cisco discloses a bug in the Prime Collaboration Deployment (..)

Cybercrime 84

Cybercrime Malware Hacking Accountability 84

Security Affairs

MAY 12, 2023

What started as notes from Nigerian princes that needed large sums of money to help them get home has evolved into bad actors that use refined social engineering tactics to convince the receiver to unknowingly share important information. What Can We Expect in 2023? It’s not likely to stop there.

Phishing 84

Phishing Social Engineering Small Business B2B 84

Security Affairs

APRIL 2, 2023

Nominate here: [link] Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, newsletter) The post Security Affairs newsletter Round 413 by Pierluigi Paganini – International edition appeared first on Security Affairs.

Spyware 80

Spyware Surveillance Artificial Intelligence Data breaches 80

Security Affairs

MARCH 6, 2024

Researchers warn that the cybercrime groups GhostSec and Stormous have joined forces in a new ransomware campaign. The group is not linked to the hacktivist group Ghost Security Group, which primarily focuses on counterterrorism efforts and targets pro-ISIS websites. is written in Go, it was announced in November 2023.

Ransomware 110

Ransomware Encryption Cybercrime Hacking 110

Krebs on Security

APRIL 27, 2023

This misconfigured Salesforce Community site from the state of Vermont was leaking pandemic assistance loan application data, including names, SSNs, email address and bank account information. That data later wound up for sale on a top cybercrime forum. Huntington Bank has disabled the leaky TCF Bank Salesforce website. ”

Banking 302

Banking Government Information Security Authentication 302

Security Affairs

APRIL 18, 2023

A new malware, dubbed Domino, developed by the FIN7 cybercrime group has been used by the now-defunct Conti ransomware gang. IBM Security X-Force researchers recently discovered a new malware family, called Domino, which was created by developers associated with the FIN7 cybercriminal group (tracked by X-Force as ITG14).

Ransomware 73

Ransomware Cybercrime Malware Education 73

Security Affairs

MAY 3, 2023

” reads the Meta’s Q1 2023 Security Reports. ” said Meta Chief Information Security Officer Guy Rosen. For example, we’ve seen threat actors create malicious browser extensions available in official web stores that claim to offer ChatGPT-related tools.” “ChatGPT is the new crypto.”

Malware 91

Malware Education Accountability Media 91

Security Affairs

MAY 1, 2023

While investigating the malware distribution, the researchers noticed the use of an infrastructure known to belong to cybercrime group TA505. Earlier 2023, Elastic Security Labs observed multiple infections with an interesting attach chain that lead to the execution of the LOBSHOT malware.

Malware 83

Malware Cybercrime Banking Software 83

Security Affairs

APRIL 16, 2023

patrickwardle cc @cyb3rops pic.twitter.com/SMuN3Rmodl — MalwareHunterTeam (@malwrhunterteam) April 15, 2023 The discovery is disconcerting and demonstrates the effort of the group to expand its operation targeting also Apple systems. Anyway, the archive in which this sample was included shown bundled date as March 20.

Encryption 95

Encryption Architecture Ransomware Education 95

Security Affairs

APRIL 27, 2023

Microsoft is attributing the recently reported attacks exploiting the CVE-2023-27350 and CVE-2023-27351 vulnerabilities in print management software PaperCut to deliver Clop ransomware to the threat actor tracked as Lace Tempest (overlaps with FIN11 and TA505).

Ransomware 78

Ransomware Education Media Malware 78

Security Affairs

MAY 21, 2023

Please vote for Security Affairs ( [link] ) as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS Vote for me in the sections where is reported Securityaffairs or my name Pierluigi Paganini Please nominate Security Affairs as your favorite blog.

Data breaches 83

Data breaches Cybercrime Ransomware Passwords 83

Security Affairs

APRIL 21, 2023

The security breach was detected on March 17, 2003 and according to the company the intrusion begun on or about March 6, 2023. “On March 17, 2023, the ABA observed unusual activity on its network. million members impacted appeared first on Security Affairs. The organization on Thursday began notifying members.

Data breaches 85

Data breaches Passwords Education Accountability 85

Security Affairs

MAY 15, 2023

Cisco Talos researchers recently discovered a new ransomware operation called RA Group that has been active since at least April 22, 2023. A sample of the ransomware analyzed by Talos is written in C++ and was compiled on April 23, 2023. The group has already compromised three organizations in the U.S. and one in South Korea.

Ransomware 79

Ransomware Encryption Cybercrime Insurance 79

Security Affairs

APRIL 5, 2023

The STYX marketplace was launched at the beginning of 2023. This platform is specifically designed to facilitate financial crime, providing cybercriminals with a range of services, including stolen financial data, credit card information, forged documents, money laundering services, victim reconnaissance ‘lookups’, and more.

Banking 74

Banking Cybercrime Accountability Risk 74

Security Affairs

APRIL 11, 2023

On January 13, 2023, Yum! Now the company, which owns the KFC, Pizza Hut, and Taco Bell brands, disclosed a data breach and revealed that ransomware actors have stolen personally identifiable information (PII) of an unspecified number of individuals. “As we announced publicly in mid-January, Yum!

Data breaches 89

Data breaches Identity Theft Education Ransomware 89

Security Affairs

APRIL 7, 2023

The group published a series of screenshots of the company’s CTMS and ERP databases The Money Message group threatens to publish the stolen files by Wednesday, April 12, 2023, if the company will not pay the ransom. Today MSI confirmed the security breach, it confirmed that threat actors had access to some of its information service systems.

Ransomware 82

Ransomware Firmware Hacking Manufacturing 82

Security Affairs

APRIL 1, 2023

On March 29, 2023, The Lock Bit ransomware gang announced the hack of the South Korean National Tax Service. The group added the South Korean agency to its Tor leak site and announced the release of stolen data by April 1st, 2023 in case the ransom was not paid.

Identity Theft 82

Identity Theft Ransomware Scams Education 82

Security Affairs

APRIL 25, 2023

Mirai botnet started exploiting the CVE-2023-1389 vulnerability (aka ZDI-CAN-19557/ZDI-23-451 ) in TP-Link Archer A21 in recent attacks. Last week, the Zero Day Initiative (ZDI) threat-hunting team observed the Mirai botnet attempting to exploit the CVE-2023-1389 vulnerability (aka ZDI-CAN-19557/ZDI-23-451, CVSS v3: 8.8)

DDOS 86

DDOS Engineering Firmware Architecture 86

Security Affairs

APRIL 5, 2023

For some, a cyber criminal matches some of the Hollywood tropes: a person sitting alone in a dimly lit room, furiously mashing on a keyboard to steal information from a person or company. Those days are behind us, however, as cybercrime is establishing itself as a business in and of itself.

Energy and Utilities 72

Energy and Utilities Cyber threats Risk Cyber Risk 72

Security Affairs

APRIL 23, 2023

Nominate here: [link] Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, newsletter ) The post Security Affairs newsletter Round 416 by Pierluigi Paganini – International edition appeared first on Security Affairs.

Spyware 68

Spyware Ransomware Malware Data breaches 68

Security Affairs

APRIL 14, 2023

The cyber attack was discovered on Tuesday, April 11, 2023, it is investigating the incident with the help of cybersecurity experts. “On April 11, 2023, Cornwall Community Hospital (CCH) identified a network issue, which an investigation has revealed to be a cyber incident. ” reads a statement published by the hospital.

Healthcare 73

Healthcare Cyber Attacks Education Media 73

Security Affairs

APRIL 18, 2023

1/4 pic.twitter.com/7JjOSbYEBx — ESET Research (@ESETresearch) April 17, 2023 The RedLine is an info stealing malware written in.NET that is active since at least early 2020. While this doesn’t affect the actual back-end servers, it will force the RedLine operators to distribute new panels to their customers.

Malware 82

Malware Education Media Authentication 82

Security Affairs

APRIL 3, 2023

” reads the status page of the company on April 2, 2023. “On March 26, 2023, Western Digital identified a network security incident involving Western Digital’s systems. “We are working to restore service. We apologize for any inconvenience. Next update will be posted on Monday, April 3.

Wireless 84

Wireless Education Ransomware Media 84

Security Affairs

MAY 14, 2023

Please vote for Security Affairs ( [link] ) as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS Vote for me in the sections where is reported Securityaffairs or my name Pierluigi Paganini Please nominate Security Affairs as your favorite blog.

Data breaches 84

Data breaches DDOS Artificial Intelligence Ransomware 84

Security Affairs

MAY 17, 2023

The role of an initial access broker is essential in the cybercrime ecosystem, these actors facilitate the sale or exchange of compromised or stolen initial access to computer networks or systems. The report published by the experts provides evidence of continuous discussion of attacks on energy companies on dark web forums.

Energy and Utilities 85

Energy and Utilities Cybercrime Data collection VPN 85

Security Affairs

APRIL 6, 2023

The group published a series of screenshots of the company’s CTMS and ERP databases The Money Message group threatens to publish the stolen files by Wednesday, April 12, 2023, if the company will not pay the ransom. BleepingComputer reported that the ransomware gang has demanded a ransom payment of $4,000,000.

Hacking 73

Hacking Ransomware Manufacturing Education 73

Security Affairs

APRIL 6, 2023

Also, the popular Emotet has a prominent place in this listing, as it returns a few months later in December 2022, and is a threat to keep under the radar during 2023. He is also a founding member and Pentester at CSIRT.UBI and founder of the security computer blog seguranca–informatica.pt.

Threat Reports 76

Threat Reports Phishing Malware Banking 76

Security Affairs

MAY 9, 2023

A DDoS botnet dubbed AndoryuBot has been observed exploiting an RCE, tracked as CVE-2023-25717, in Ruckus access points. FortiGuard Labs researchers have recently observed a spike in attacks attempting to exploit the Ruckus Wireless Admin remote code execution vulnerability tracked as CVE-2023-25717.

DDOS 94

DDOS Wireless Architecture Advertising 94

Security Affairs

MAY 16, 2023

The company revealed to have detected a “targeted cyberattack” on its facilities, it has launched an investigation into the security breach to determine if attackers exfiltrated some data. Lacroix plans to resume production on May 22, 2023. The company said that some local infrastructures have been encrypted.

Manufacturing 80

Manufacturing Ransomware Cyber Attacks Backups 80

Security Affairs

NOVEMBER 20, 2023

pic.twitter.com/Wdj7VfkWXa — British Library (@britishlibrary) November 20, 2023 The library plans to partially restore many services in the next few weeks, but it believes that some disruption may persist for longer. The report includes IOCs and TTPs identified through investigations as recently as September 2023.

Ransomware 107

Ransomware Cyber Attacks Manufacturing Healthcare 107

Security Affairs

MAY 12, 2023

The FBI and CISA issued a joint advisory warning that the Bl00dy Ransomware group is actively targeting the education sector by exploiting the PaperCut remote-code execution vulnerability CVE-2023-27350. According to the FBI, threat actors started exploiting the CVE-2023-27350 flaw in mid-April 2023 and the attacks are still ongoing.

Education 77

Education Ransomware Encryption Malware 77