Accountability, Antivirus, Cybercrime and Information Security

15 billion credentials available in the cybercrime marketplaces

Security Affairs

JULY 9, 2020

More than 15 billion username and passwords are available on cybercrime marketplaces, including over 5 billion unique credentials, states the experts. The credentials are sold for an average of $15.43, the most expensive pairs relate to banking and financial services accounts, with an average price of nearly $71. Pierluigi Paganini.

Cybercrime

Cybercrime Antivirus Marketing Accountability

Info stealers and how to protect against them

Security Affairs

DECEMBER 18, 2023

They may use various tactics to evade antivirus and other security measures. Bank logs : These are sets of data containing sensitive information about a bank account. Cashout : The term “cashout” refers to the process of extracting money from compromised bank accounts.

Banking

Banking Cybercrime Malware Accountability

BlackCat Ransomware gang breached over 60 orgs worldwide

Security Affairs

APRIL 25, 2022

ALPHV has been advertising the BlackCat Ransomware-as-a-Service (RaaS) on the cybercrime forums XSS and Exploit since early December. The FBI is seeking any information that can be shared related to the operations of the BlackCat ransomware operation. Review antivirus logs for indications they were unexpectedly turned off.

Ransomware

Ransomware Antivirus Passwords Malware

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Akira ransomware received $42M in ransom payments from over 250 victims

Security Affairs

APRIL 21, 2024

Following initial access, threat actors were observed exploiting domain controller’ functions by generating new domain accounts to establish persistence. In some attacks, threat actors created an administrative account named itadm. The operators frequently disable security software to evade detection and for lateral movement.

Ransomware

Ransomware Encryption Antivirus VPN

Cactus ransomware gang claims the Schneider Electric hack

Security Affairs

JANUARY 30, 2024

The ransomware identifies user accounts by viewing successful logins in Windows Event Viewer, it also uses a modified variant of the open-source PSnmap Tool. Once the malware has escalated the privileges on a machine, the threat actors use a batch script to uninstall popular antivirus solutions installed on the machine.

Ransomware

Ransomware Hacking Data breaches Digital transformation

Russian nation sentenced to 48 months in prison for helping Kelihos Botnet to evade detection

Security Affairs

DECEMBER 12, 2021

“A Russian national was sentenced today to 48 months in prison for operating a “crypting” service used to conceal the Kelihos malware from antivirus software, which enabled hackers to systematically infect approximately hundreds of thousands of victim computers around the world with malicious software, including ransomware.”

Antivirus

Antivirus Malware Cybercrime Cyber threats

SharkBot Banking Trojan spreads through fake AV apps on Google Play

Security Affairs

APRIL 9, 2022

Experts discovered malicious Android apps on the Google Play Store masqueraded as antivirus solutions spreading the SharkBot Trojan. Sharkbot is an information stealer steals used by crooks to siphon credentials and banking information. .” ” reads the analysis published by the experts.

Banking

Banking Antivirus Malware Accountability

YoWhatsApp, unofficial WhatsApp Android app spreads the Triada Trojan

Security Affairs

OCTOBER 13, 2022

Kaspersky researchers discovered an unofficial WhatsApp Android application named ‘YoWhatsApp’ that steals access keys for users’ accounts. “To use the WhatsApp mod, users need to log in to their account of the legitimate app. steals WhatsApp keys, allowing threat actors to take over users’ accounts.

Mobile

Mobile Accountability Advertising Antivirus

Avoslocker ransomware gang targets US critical infrastructure

Security Affairs

MARCH 19, 2022

Install and regularly update antivirus software on all hosts, and enable real time detection. Review domain controllers, servers, workstations, and active directories for new or unrecognized user accounts. Audit user accounts with administrative privileges and configure access controls with least privilege in mind.

Ransomware

Ransomware DDOS Passwords Backups

FBI and CISA published a new advisory on AvosLocker ransomware

Security Affairs

OCTOBER 13, 2023

bat) scripts [T1059.003] for lateral movement, privilege escalation, and disabling antivirus software. The advisory also recommends organizations exercise, test, and validate their security program against the threat behaviors mapped to the MITRE ATT&CK for Enterprise framework in this advisory. Notepad++, RDP Scanner, and 7zip.

Ransomware

Ransomware System Administration Antivirus Malware

New Windows Meduza Stealer targets tens of crypto wallets and password managers

Security Affairs

JULY 3, 2023

“What’s more concerning is that a large portion of antivirus software has proven ineffective against the Meduza stealer binary, either failing to detect it statically or dynamically” reads the analysis published by Uptycs. ” The administrator offers access to the stolen data through a management console.

Password Management

Password Management Passwords Malware Antivirus

Ranzy Locker ransomware hit tens of US companies in 2021

Security Affairs

OCTOBER 26, 2021

Install and regularly update antivirus software on all hosts, and enable real time detection. Review domain controllers, servers, workstations, and active directories for new or unrecognized user accounts. Audit user accounts with administrative privileges and configure access controls with least privilege in mind.

Ransomware

Ransomware Firmware Antivirus Accountability

New Agenda Ransomware appears in the threat landscape

Security Affairs

AUGUST 27, 2022

The investigation into the incident revealed that threat actor used a public-facing Citrix server as a point of entry, they likely used a valid account to access this server and perform lateral movements inside the victim’s network. The ransomware was employed in a targeted attack against one of the company’s customers.

Ransomware

Ransomware Encryption Accountability Antivirus

Tens of malicious NPM packages caught hijacking Discord servers

Security Affairs

DECEMBER 9, 2021

The libraries allow stealing Discord access tokens and environment variables from systems running giving the attackers full access to the victim’s Discord account. JFrog researchers have discovered 17 malicious packages in the NPM (Node.js package manager) repository that were developed to hijack Discord servers. ” concludes the report.

Antivirus

Antivirus Malware Accountability Firewall

Threat actors target crypto and NFT communities with Babadeda crypter

Security Affairs

NOVEMBER 26, 2021

Babadeda is able to bypass antivirus solutions. According to the researchers, this crypto-malware was recently employed in several campaigns to deliver information stealers, RATs, and ransomware like LockBit. Threat actors are attempting to exploit the booming market for NFTs and crypto games.

Cryptocurrency

Cryptocurrency Malware Antivirus Phishing

Security Affairs newsletter Round 285

Security Affairs

OCTOBER 11, 2020

ransomware displays ransom note in innovative way Carnival confirms data breach as a result of the August ransomware attack Google enhances malware protection for accounts enrolled in Advanced Protection Program (APP) Russian Cybercrime group is exploiting Zerologon flaw, Microsoft warns.

Advertising

Advertising Antivirus Data privacy Ransomware

New CACTUS ransomware appeared in the threat landscape

Security Affairs

MAY 9, 2023

CACTUS essentially encrypts itself, making it harder to detect and helping it evade antivirus and network monitoring tools,” Laurie Iacono, Associate Managing Director for Cyber Risk at Kroll, told Bleeping Computer. The binary is deployed using a specific flag that allows its execution, while the ZIP archive is removed.

Ransomware

Ransomware VPN Antivirus Encryption

The U.S. CISA and FBI warn of Royal ransomware operation

Security Affairs

MARCH 3, 2023

“After gaining access to victims’ networks, Royal actors disable antivirus software and exfiltrate large amounts of data before ultimately deploying the ransomware and encrypting the systems.” In one confirmed case, the actors used a legitimate admin account to remotely log on to the domain controller [T1078].

Ransomware

Ransomware Healthcare Antivirus Encryption

Lemon Group gang pre-infected 9 million Android devices for fraudulent activities

Security Affairs

MAY 19, 2023

The Lemon Group cybercrime ring has reportedly pre-installed malware known as Guerilla on almost 9 million Android devices. A cybercrime group tracked has Lemon Group has reportedly pre-installed malware known as Guerilla on almost 9 million Android devices. The threat actors infected at least 8.9 231 banking malware.

Mobile

Mobile Advertising Malware Cybercrime

15 Best Cybersecurity Blogs To Read

Spinone

OCTOBER 10, 2019

Here you can find security-related news on many topics: Apps, IoT, Cloud, and much more. DarkReading Twitter account has more than 200k followers, a very solid number for the cybersecurity industry. Krebs on Security One of the best cybersecurity blogs offering unique insights. Their main focus is on cybercrime investigations.

Cybersecurity

Cybersecurity IoT Antivirus Education

SharkBot, a new Android Trojan targets banks in Europe

Security Affairs

NOVEMBER 15, 2021

The trojan allows to hijack users’ mobile devices and steal funds from online banking and cryptocurrency accounts. Once the banking Trojan is installed on the victim’s device, threat actors can steal sensitive banking information through the abuse of Accessibility Services (i.e.

Banking

Banking Mobile Social Engineering Malware

CERT France – Pysa ransomware is targeting local governments

Security Affairs

MARCH 19, 2020

According to the report issued by the CERT-FR, operators behind the Pysa ransomware launched brute-force attacks against management consoles and Active Directory accounts. “Brute force connection attempts on a supervisory console have been observed, as well as on several ACTIVE DIRECTORY accounts. ” continues the alert.

Government

Government Ransomware Encryption Penetration Testing

A new SharkBot variant bypassed Google Play checks again

Security Affairs

SEPTEMBER 5, 2022

While previous variants of the dropper relied on Accessibility permissions to automatically install the Sharkbot malware, this new one asks the victim to install the malware as a fake update for the antivirus. The trojan allows to hijack users’ mobile devices and steal funds from online banking and cryptocurrency accounts.

Banking

Banking Malware Mobile Accountability

BlackByte ransomware breached at least 3 US critical infrastructure organizations

Security Affairs

FEBRUARY 14, 2022

Install and regularly update antivirus software on all hosts, and enable real time detection. Review domain controllers, servers, workstations, and active directories for new or unrecognized user accounts. Audit user accounts with administrative privileges and configure access controls with least privilege in mind.

Ransomware

Ransomware Accountability Firmware Antivirus

US govt agencies released a joint alert on the Lockbit 3.0 ransomware

Security Affairs

MARCH 18, 2023

ransomware include remote desktop protocol (RDP) exploitation, drive-by compromise, phishing campaigns, abuse of valid accounts, and exploitation of public-facing applications. is capable of bypassing User Account Control (UAC) to execute code with elevated privileges via elevated Component Object Model (COM) Interface.

Ransomware

Ransomware Penetration Testing Encryption Accountability

US authorities charged Dridex gang members for stealing over $100 Million

Security Affairs

DECEMBER 7, 2019

“According to the indictment, Bugat is a malware specifically crafted to defeat antivirus and other protective measures employed by victims. ” According to the indictment, the criminal duo used the stolen banking credentials to make unauthorized transfers from the victims’ bank accounts to bank accounts owned by “money mules.”

Banking

Banking Malware Cybercrime Accountability

Ransomware Revival: Troldesh becomes a leader by the number of attacks

Security Affairs

NOVEMBER 19, 2019

Ransomware accounted for over half of all malicious mailings in H1 2019, Troldesh aka Shade being the most popular tool among cybercriminals. To bypass antivirus systems, hackers send out malicious emails in non-working hours with delayed activation. Links account for 29%, while attachments—for 71%. rar archive files.

Ransomware

Ransomware Antivirus Malware Banking

FBI warns of PYSA Ransomware attacks against Education Institutions in US and UK

Security Affairs

MARCH 17, 2021

According to the report issued by the CERT-FR, operators behind the Pysa ransomware launched brute-force attacks against management consoles and Active Directory accounts. Once compromised the target network, attackers attempt to exfiltrate the company’s accounts and passwords database. newversion file extension instead of .

Education

Education Ransomware Encryption Antivirus

Belarussian authorities arrested GandCrab ransomware distributor

Security Affairs

AUGUST 3, 2020

He had no previous criminal records at the time of the arrest, but it is known to be a member of a cybercrime forum to become an affiliate for the GandCrab ransomware operation. The authorities did not reveal the name of the man, they arrested him in Gomel (Belarus). reads the translation of the ad.

Ransomware

Ransomware Advertising Malware Hacking

Fxmsp: the untold story of infamous seller of access to corporate networks who made at least USD 1.5 mln

Security Affairs

JUNE 23, 2020

Fxmsp gained worldwide fame in May 2019, after it was reported that the networks belonging to leading antivirus software companies had been compromised. Fxmsp took his first steps in the cybercrime scene in September 2016 when he registered on an underground forum, fuckav[.]ru. Geography and victims. First steps. The big fish.

Antivirus

Antivirus Advertising Hacking Banking

BRATA Android Malware evolves and targets the UK, Spain, and Italy

Security Affairs

JUNE 20, 2022

These two permissions allows the operators to receive and read the victim’s sms while performing a phishing attack and takeover the victims’ account. ” Security Affairs is one of the finalists for the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS. ” concludes the report.

Malware

Malware Banking Antivirus Phishing

ViperSoftX uses more sophisticated encryption and anti-analysis techniques

Security Affairs

APRIL 29, 2023

ViperSoftX also checks for active antivirus products running on the machine. One of the key steps performed by the malware before downloading a first-stage PowerShell loader is a series of anti-virtual machine, anti-monitoring, and anti-malware checks. If all checks pass, the loader decrypts and executes a second-stage PowerShell script.

Encryption

Encryption Malware Cryptocurrency Software

City of Dallas shut down IT services after ransomware attack

Security Affairs

MAY 4, 2023

After gaining access to victims’ networks, Royal actors disable antivirus software and exfiltrate large amounts of data before ultimately deploying the ransomware and encrypting the systems.” reads the alert. Royal operators have demanded ransom ranging from approximately $1 million to $11 million USD worth of Bitcoin.

Ransomware

Ransomware Healthcare Education Encryption

Wannacry, the hybrid malware that brought the world to its knees

Security Affairs

OCTOBER 31, 2022

Although this transaction was absolutely transparent and traceable, it did not allow the account holder to be traced, precisely because of the typical peculiarities of digital currency: anonymity, transparency, speed and non-repudiation. In fact, the familiar red lock screen launched by the @WanaDecryptor@.exe How did the contagion stop?

Malware

Malware Computers and Electronics Encryption Ransomware

Cybercriminal greeners from Iran attack companies worldwide for financial gain

Security Affairs

AUGUST 24, 2020

For instance, to disable built-in antivirus software, the attackers used Defender Control and Your Uninstaller. As the attackers usually need several attempts to brute force passwords and gain access to the RDP, it is important to enable account lockout policies by limiting the number of failed login attempts per user.

Threat Detection

Threat Detection Ransomware Advertising Cybercrime

Cyber Security Roundup for April 2021

Security Boulevard

MARCH 31, 2021

roundup of UK focused Cyber and Information Security News, Blog Posts, Reports and general Threat Intelligence from the previous calendar month, March 2021. Stay safe and secure. Reducing Human Error Security Threats with Remote Workforce. Cybercrime to cost over $10 Trillion by 2025. How not to disclosure a Hack.

Energy and Utilities

Energy and Utilities Ransomware Banking Hacking

Top Cybersecurity Accounts to Follow on Twitter

eSecurity Planet

DECEMBER 3, 2021

Here are the top Twitter accounts to follow for the latest commentary, research, and much-needed humor in the ever-evolving information security space. Brian Krebs is an independent investigative reporter known for his coverage of technology, malware , data breaches , and cybercrime developments. Graham Cluley | @gcluley.

Accountability

Accountability Cybersecurity Penetration Testing InfoSec

Hundreds of C-level executives credentials available for $100 to $1500 per account

Security Affairs

NOVEMBER 28, 2020

A credible threat actor is offering access to the email accounts of hundreds of C-level executives for $100 to $1500 per account. Access to the email accounts of hundreds of C-level executives is available on the Exploit.in for $100 to $1500 per account. Exploit.in ” reported ZDNet.

Accountability

Accountability Cybercrime Hacking Retail

Pirate Ship Sailing to Developing World: Group-IB Uncovers Real Captains of Online Piracy Crew

Security Affairs

JULY 28, 2020

The purpose of this report is to deliver a devastating blow to cybercrime by uncovering key organizations sponsoring pirates and exposing the entire criminal structure of online piracy. In view of this, the expanded version of this report has been provided to international law enforcement agencies. million.

Marketing

Marketing Banking Advertising Cybercrime

[SI-LAB] EMOTET spread in Chile impacted hundreds of users and targeted financial and banking services

Security Affairs

APRIL 10, 2019

That file was delivered via malscam campaigns around the world and its source-code is obfuscated in order to evade antivirus detection and complicate its analysis. When the malware is executed without any restrictions, i.e., upon a non-virtualized environment, some information from the victim’s computer is send to C2 server.

Banking

Banking Malware Antivirus Cyber threats

How to Protect Your Business Data with Cyber security

CyberSecurity Insiders

NOVEMBER 25, 2021

5 Cyber Security Best Practices to Protect Your Business Data. Today, any company can fall victim to cybercrime, which has become a major problem around the world. That’s why large, medium-sized, and small businesses need to become more proactive in their approach to cyber security. . . Source [link]. Back Up Your Data.

Computers and Electronics

Computers and Electronics Cyber Attacks Data breaches Passwords

New ransomware trends in 2023

SecureList

MAY 11, 2023

The second-largest category of cases consisted of compromised accounts and malicious emails. Trend 2: Driver abuse Abusing a vulnerable driver for malicious purposes may be an old trick in the book, but it still works well, especially on antivirus (AV) drivers.

Ransomware

Ransomware Malware Architecture Telecommunications

How to Avoid Phishing Attacks

Spinone

JANUARY 9, 2019

Tried and true means to steal information What exactly is “phishing”? Unknowingly, the end user has given the hacker access to a potentially privileged account password. As with any security solution, there is never a “silver bullet” that is the end all to all other security mechanisms.

Phishing

Phishing Scams Firewall Antivirus

Phishers prefer Tesla, top 3 malware strains in Coronavirus phishing campaigns

Security Affairs

APRIL 9, 2020

It’s worth noting that.rar also became the second commonly used format to deliver archived malware in H1 2019 and accounted for 25% of all archived malicious files detected by Group-IB’s CERT in the first half of 2019. Unless behavioral analytics is employed, such malware is likely to remain undetected.

Phishing

Phishing Malware Spyware DDOS

15 billion credentials available in the cybercrime marketplaces

Info stealers and how to protect against them

Webinars

Trending Sources

BlackCat Ransomware gang breached over 60 orgs worldwide

Webinars

Akira ransomware received $42M in ransom payments from over 250 victims

Cactus ransomware gang claims the Schneider Electric hack

Russian nation sentenced to 48 months in prison for helping Kelihos Botnet to evade detection

SharkBot Banking Trojan spreads through fake AV apps on Google Play

YoWhatsApp, unofficial WhatsApp Android app spreads the Triada Trojan

Avoslocker ransomware gang targets US critical infrastructure

FBI and CISA published a new advisory on AvosLocker ransomware

New Windows Meduza Stealer targets tens of crypto wallets and password managers

Ranzy Locker ransomware hit tens of US companies in 2021

New Agenda Ransomware appears in the threat landscape

Tens of malicious NPM packages caught hijacking Discord servers

Threat actors target crypto and NFT communities with Babadeda crypter

Security Affairs newsletter Round 285

New CACTUS ransomware appeared in the threat landscape

The U.S. CISA and FBI warn of Royal ransomware operation

Lemon Group gang pre-infected 9 million Android devices for fraudulent activities

15 Best Cybersecurity Blogs To Read

SharkBot, a new Android Trojan targets banks in Europe

CERT France – Pysa ransomware is targeting local governments

A new SharkBot variant bypassed Google Play checks again

BlackByte ransomware breached at least 3 US critical infrastructure organizations

US govt agencies released a joint alert on the Lockbit 3.0 ransomware

US authorities charged Dridex gang members for stealing over $100 Million

Ransomware Revival: Troldesh becomes a leader by the number of attacks

FBI warns of PYSA Ransomware attacks against Education Institutions in US and UK

Belarussian authorities arrested GandCrab ransomware distributor

Fxmsp: the untold story of infamous seller of access to corporate networks who made at least USD 1.5 mln

BRATA Android Malware evolves and targets the UK, Spain, and Italy

ViperSoftX uses more sophisticated encryption and anti-analysis techniques

City of Dallas shut down IT services after ransomware attack

Wannacry, the hybrid malware that brought the world to its knees

Cybercriminal greeners from Iran attack companies worldwide for financial gain

Cyber Security Roundup for April 2021

Top Cybersecurity Accounts to Follow on Twitter

Hundreds of C-level executives credentials available for $100 to $1500 per account

Pirate Ship Sailing to Developing World: Group-IB Uncovers Real Captains of Online Piracy Crew

[SI-LAB] EMOTET spread in Chile impacted hundreds of users and targeted financial and banking services

How to Protect Your Business Data with Cyber security

New ransomware trends in 2023

How to Avoid Phishing Attacks

Phishers prefer Tesla, top 3 malware strains in Coronavirus phishing campaigns

Stay Connected