Security Affairs

JANUARY 13, 2024

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

VPN 107

VPN Cybercrime Ransomware Hacking 107

Krebs on Security

MAY 22, 2023

Social networks are constantly battling inauthentic bot accounts that send direct messages to users promoting scam cryptocurrency investment platforms. Chaput said that at one point last week the volume of bot accounts being registered for the crypto spam campaign started overwhelming the servers that handle new signups at Mastodon.social.

Scams 243

Scams DDOS Cryptocurrency Accountability 243

Security Affairs

OCTOBER 22, 2022

US government agencies warned that the Daixin Team cybercrime group is actively targeting the U.S. CISA, the FBI, and the Department of Health and Human Services (HHS) warned that the Daixin Team cybercrime group is actively targeting U.S. The threat actors obtained the VPN credentials through phishing attacks. administrative?accounts,

Ransomware 68

Ransomware VPN Cybercrime Accountability 68

The Last Watchdog

OCTOBER 24, 2022

. • Create security awareness for employees. One of the most important ways to protect against data breaches is to increase employee security awareness. Employees are the first line of defense against cybercrime and should understand how to recognize phishing emails and what to do if they suspect them. Use a corporate VPN.

Passwords 214

Passwords Security Awareness Data breaches Cybersecurity 214

Security Affairs

APRIL 7, 2024

Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Data breaches 100

Data breaches Small Business Hacking Malware 100

Security Affairs

AUGUST 10, 2022

The investigation conducted by Cisco Security Incident Response (CSIRT) and Cisco Talos revealed that threat actors compromised a Cisco employee’s credentials after they gained control of a personal Google account where credentials saved in the victim’s browser were being synchronized. ” continues the analysis.

Ransomware 126

Ransomware Hacking VPN Phishing 126

Security Affairs

APRIL 23, 2022

The popular investigator and journalist Brian Krebs first surmised that the LAPSUS$ gang has breached T-Mobile after he reviewed a copy of the private chat messages between members of the cybercrime group. Telegram channels that were restricted to the core seven members of the group – Source KrebsonSecurity. ” wrote Krebs.

Mobile 96

Mobile VPN Social Engineering Telecommunications 96

Security Affairs

APRIL 21, 2024

The cybersecurity researchers observed threat actors obtaining initial access to organizations through a virtual private network (VPN) service without multifactor authentication (MFA) configured. In some attacks, threat actors created an administrative account named itadm.

Ransomware 105

Ransomware Encryption Antivirus VPN 105

Security Affairs

SEPTEMBER 8, 2021

The threat actor leaked a list containing approximately 500,000 Fortinet VPN credentials that can allow threat actors to breach the networks of the organizations that use the compromised VPN appliances and perform malicious activities such as dropping a ransomware or stealing sensitive data.

VPN 90

VPN Ransomware Hacking Accountability 90

Security Affairs

OCTOBER 3, 2019

Cybercrime is a prolific business, criminal organizations continues to make profits with illegal activities in the cyberspace, but police are ready to contrast them. With this resource, it was possible to buy activated accounts in large numbers to various mail resources, social networks, payment systems and more. “Cyber ??

Cybercrime 88

Cybercrime VPN Advertising Accountability 88

Security Affairs

APRIL 2, 2020

Microsoft is sending notifications to dozens of hospitals about vulnerable VPN devices and gateways exposed online in their network. Microsoft is warning dozens of hospitals of the risks of ransomware attacks due to insecure VPN devices and gateways exposed online. ” reads the post published by Microsoft.

Ransomware 106

Ransomware VPN Healthcare Cyber Attacks 106

Security Affairs

APRIL 10, 2023

. “DEV-1084 was then later observed leveraging highly privileged compromised credentials to perform en masse destruction of resources, including server farms, virtual machines, storage accounts, and virtual networks, and send emails to internal and external recipients.” Both groups used MULLVAD VPN.

Ransomware 86

Ransomware Cybercrime VPN Education 86

Security Affairs

NOVEMBER 4, 2020

KPOT Stealer is a “stealer” malware that focuses on exfiltrating account information and other data from web browsers, instant messengers, email, VPN, RDP, FTP, cryptocurrency, and gaming software. The KPOT Stealer was written in C/C++, it was offered in the cybercrime underground as a Malware-as-a-Service (MaaS).

Ransomware 135

Ransomware Malware Advertising Cybercrime 135

Security Affairs

JULY 11, 2020

A jury found Russian hacker Yevgeniy Nikulin guilty for the hack of LinkedIn, Dropbox, and Formspring back in 2012 and for the sale of the stolen data on cybercrime black marketplaces. Nikulin also hacked into an employee account of a Formspring engineer and used it to access the company network between June 13, 2012, and June 29, 2012.

Hacking 78

Hacking Cybercrime Data breaches Advertising 78

Security Affairs

APRIL 19, 2024

In December 2023, Microsoft first noticed that to conceal malicious traffic, the threat actor routes it through compromised small office and home office (SOHO) network devices, including routers, firewalls, and VPN hardware. The group also relies on customized versions of open-source tools for C2 communications and to stay under the radar.

Energy and Utilities 98

Energy and Utilities Telecommunications Technology VPN 98

Security Affairs

APRIL 25, 2022

ALPHV has been advertising the BlackCat Ransomware-as-a-Service (RaaS) on the cybercrime forums XSS and Exploit since early December. The FBI is seeking any information that can be shared related to the operations of the BlackCat ransomware operation. Only use secure networks and avoid using public Wi-Fi networks.

Ransomware 105

Ransomware Antivirus Passwords Malware 105

Security Affairs

AUGUST 7, 2022

The post Security Affairs newsletter Round 377 appeared first on Security Affairs. Greek intelligence service used surveillance malware to spy on a journalist, Reuters reports Slack resets passwords for about 0.5% of its users due to the exposure of salted password hashes Twitter confirms zero-day used to access data of 5.4

Spyware 122

Spyware Manufacturing Small Business Surveillance 122

Security Affairs

AUGUST 21, 2020

Hackers aim at collecting login credentials for networks of the target organizations, then they attempt to monetize their efforts by selling access to corporate resources in the cybercrime underground. “The actors then convinced the targeted employee that a new VPN link would be sent and required their login, including any 2FA or OTP.”

Social Engineering 117

Social Engineering VPN Phishing Authentication 117

Security Affairs

MAY 9, 2023

Researchers warn of a new ransomware family called CACTUS that exploits known vulnerabilities in VPN appliances to gain initial access to victims’ networks. The ransomware identifies user accounts by viewing successful logins in Windows Event Viewer, it also uses a modified variant of the open-source PSnmap Tool.

Ransomware 73

Ransomware VPN Antivirus Encryption 73

Security Affairs

SEPTEMBER 12, 2022

The investigation conducted by Cisco Security Incident Response (CSIRT) and Cisco Talos revealed that threat actors compromised a Cisco employee’s credentials after they gained control of a personal Google account w here credentials saved in the victim’s browser were being synchronized.

Ransomware 99

Ransomware VPN Authentication Phishing 99

Security Affairs

MARCH 19, 2022

Review domain controllers, servers, workstations, and active directories for new or unrecognized user accounts. Audit user accounts with administrative privileges and configure access controls with least privilege in mind. Avoid reusing passwords for multiple accounts. Consider installing and using a VPN.

Ransomware 97

Ransomware DDOS Passwords Backups 97

Security Affairs

MAY 8, 2023

Threat actors are using emails sent from compromised accounts with the subject “bill/payment” with an attachment in the form of a ZIP archive. The threat actors allegedly obtained access to Ukraine’s public networks by using compromised VPN credentials. We are in the final!

Malware 91

Malware Phishing VPN Accountability 91

Security Affairs

FEBRUARY 10, 2023

.” The threat actor used multiple tools in the delivery stage, including Traffic Distribution System (TDS), malicious, some of which can be purchased from other threat actors in the cybercrime ecosystem. It can steal crypto wallets, steam accounts, passwords from browsers, FTP clients, chat clients (e.g.

Malware 81

Malware Phishing Spyware Cybercrime 81

Security Affairs

JANUARY 21, 2022

Researchers from Kaspersky Lab have uncovered multiple spyware campaigns that target industrial firms to steal email account credentials and carry out fraudulent activities. Threat actors sent spear-phishing messages from compromised corporate accounts to their contacts, the email carry malicious attachments.

Spyware 86

Spyware Accountability Social Engineering Phishing 86

Security Affairs

OCTOBER 24, 2021

Supply-chain attack on NPM Package UAParser, which has millions of daily downloads Facebook SSRF Dashboard allows hunting SSRF vulnerabilities Groove ransomware group calls on other ransomware gangs to hit US public sector DarkSide ransomware operators move 6.8M

Artificial Intelligence 59

Artificial Intelligence Ransomware Hacking VPN 59

Security Affairs

NOVEMBER 15, 2023

VPNs, RDPs) to gain initial access to the target network and maintain persistence. The group relied on compromised credentials to authenticate to internal VPN access points. PuTTY.exe Rhysida actors have been observed creating Secure Shell (SSH) PuTTy connections for lateral movement.

Ransomware 115

Ransomware Manufacturing Healthcare Education 115

Security Affairs

JULY 8, 2022

Threat actors are targeting devices exposed online with the SMB service enabled, they perform brute-force attacks against accounts using weak passwords. Preliminary investigation indicates that Checkmate attacks via SMB services exposed to the internet, and employs a dictionary attack to break accounts with weak passwords.”

Ransomware 92

Ransomware Encryption Passwords Internet 92

Security Affairs

JANUARY 23, 2022

from the Lympo NTF platform. from the Lympo NTF platform.

VPN 78

VPN Ransomware Spyware DDOS 78

Security Affairs

JANUARY 15, 2023

Most internet-exposed Cacti servers exposed to hacking French CNIL fined Tiktok $5.4

Small Business 87

Small Business Password Management VPN Healthcare 87

Security Affairs

APRIL 3, 2022

Anonymous leaked 15 GB of data allegedly stolen from the Russian Orthodox Church UK Police charges two teenagers for their alleged role in the Lapsus$ extortion group Beastmode Mirai botnet now includes exploits for Totolink routers Ukraine intelligence leaks names of 620 alleged Russian FSB agents Critical CVE-2022-1162 flaw in GitLab allowed threat (..)

Firewall 77

Firewall Hacking DDOS VPN 77

Security Affairs

JANUARY 27, 2020

This successful operation is just one example of how law enforcement are working with industry partners, adapting and applying new technologies to aid investigations and ultimately reduce the global impact of cybercrime,» concluded Mr Jones.” INTERPOL’s Director of Cybercrime. ” Craig Jones. ” Idam Wasiadi.

Cybercrime 72

Cybercrime Marketing eCommerce Mobile 72

Security Affairs

JANUARY 3, 2021

HackerOne announces first bug hunter to earn more than $2M in bug bounties SolarWinds releases updated advisory for SUPERNOVA backdoor Vermont Hospital confirmed the ransomware attack E-commerce app 21 Buttons exposes millions of users data Finland confirms that hackers breached MPs emails accounts Multi-platform card skimmer targets Shopify, BigCommerce, (..)

Data breaches 95

Data breaches Mobile VPN Firewall 95

Security Affairs

MARCH 8, 2022

Monitor cyber threat reporting regarding the publication of compromised VPN login credentials and change passwords and settings. Audit user accounts with administrative privileges and configure access controls with least privilege in mind. Consider adding an email banner to emails received from outside your organization.

Ransomware 83

Ransomware Financial Services Passwords VPN 83

Security Affairs

SEPTEMBER 7, 2020

The attack took place over the weekend, the closure of the BancoEstado breaches was announced by the bank through its Twitter account. The REvil ransomware gang is one of the most active groups, in the past, the operators have targeted Pulse Secure and Citrix VPN and enterprise gateway systems as entry points.

Banking 110

Banking Ransomware Advertising VPN 110

Security Affairs

JANUARY 22, 2023

The Irish DPC fined WhatsApp €5.5M

Data breaches 89

Data breaches Retail Malware VPN 89

Malwarebytes

MAY 28, 2021

Wizard Spider is a cybercrime group affiliated with a what is sometimes called the Ransomware Cartel , a collective of underground groups identified by threat intelligence company Analyst1. Use strong passwords and regularly change passwords to network systems and accounts, implementing the shortest acceptable timeframe for password changes.

Healthcare 112

Healthcare Ransomware Encryption Passwords 112

Security Affairs

MARCH 23, 2022

Yesterday the cybercrime gang leaked 37GB of source code stolen from Microsoft’s Azure DevOps server. Microsoft has now confirmed that the attackers have compromised the account of one of its employees gaining limited access to source code repositories. No customer code or data was involved in the observed activities.

Accountability 100

Accountability VPN Social Engineering Hacking 100