Advertising, Authentication, Cybercrime and Passwords

The Rise of One-Time Password Interception Bots

Krebs on Security

SEPTEMBER 29, 2021

In February, KrebsOnSecurity wrote about a novel cybercrime service that helped attackers intercept the one-time passwords (OTPs) that many websites require as a second authentication factor in addition to passwords. agency — advertised a web-based bot designed to trick targets into giving up OTP tokens.

Passwords

Passwords Mobile Authentication Banking

A Year Later, Cybercrime Groups Still Rampant on Facebook

Krebs on Security

APRIL 8, 2019

Almost exactly one year ago, KrebsOnSecurity reported that a mere two hours of searching revealed more than 100 Facebook groups with some 300,000 members openly advertising services to support all types of cybercrime, including spam, credit card fraud and identity theft. Facebook responded by deleting those groups.

Cybercrime

Cybercrime Passwords Identity Theft Accountability

FBI Seizes Bot Shop ‘Genesis Market’ Amid Arrests Targeting Operators, Suppliers

Krebs on Security

APRIL 4, 2023

Several domain names tied to Genesis Market , a bustling cybercrime store that sold access to passwords and other data stolen from millions of computers infected with malicious software, were seized by the Federal Bureau of Investigation (FBI) today. ” a cybercrime forum ad for Genesis enthused. 21, 2023. .”

Marketing

Marketing Cybercrime Passwords Banking

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Russian Cybercrime group is exploiting Zerologon flaw, Microsoft warns

Security Affairs

OCTOBER 10, 2020

Microsoft has uncovered Zerologon attacks that were allegedly conducted by the infamous TA505 Russia-linked cybercrime group. Microsoft spotted a series of Zerologon attacks allegedly launched by the Russian cybercrime group tracked as TA505 , CHIMBORAZO and Evil Corp. Pierluigi Paganini. SecurityAffairs – hacking, Zerologon).

Cybercrime

Cybercrime Security Intelligence Authentication Banking

‘The Manipulaters’ Improve Phishing, Still Fail at Opsec

Krebs on Security

APRIL 3, 2024

Roughly nine years ago, KrebsOnSecurity profiled a Pakistan-based cybercrime group called “ The Manipulaters ,” a sprawling web hosting network of phishing and spam delivery platforms. Manipulaters advertisement for “Office 365 Private Page with Antibot” phishing kit sold on the domain heartsender,com.

Phishing

Phishing Cybercrime Malware Advertising

Ask Fitis, the Bear: Real Crooks Sign Their Malware

Krebs on Security

JUNE 1, 2023

Code-signing certificates are supposed to help authenticate the identity of software publishers, and provide cryptographic assurance that a signed piece of software has not been altered or tampered with. One of Megatraffer’s ads on an English-language cybercrime forum. Part of Megatraffer’s ad. Image: Ke-la.com. ru in 2008.

Malware

Malware Cybercrime Software Antivirus

Meet Ika & Sal: The Bulletproof Hosting Duo from Hell

Krebs on Security

JANUARY 8, 2024

In 2020, the United States brought charges against four men accused of building a bulletproof hosting empire that once dominated the Russian cybercrime industry and supported multiple organized cybercrime groups. From January 2005 to April 2013, there were two primary administrators of the cybercrime forum Spamdot (a.k.a

Cybercrime

Cybercrime Banking Computers and Electronics DDOS

FBI Arrests Alleged Owner of Deer.io, a Top Broker of Stolen Accounts

Krebs on Security

MARCH 10, 2020

District Court for the Southern District of California allege Firsov was the administrator of deer.io, an online platform that hosted more than 24,000 shops for selling stolen and/or hacked usernames and passwords for a variety of top online destinations. ” A Google Translate version of that advertisement is here (PDF).

Accountability

Accountability Advertising Hacking Cybercrime

Ad Network Sizmek Probes Account Breach

Krebs on Security

MARCH 13, 2019

Online advertising firm Sizmek Inc. [ NASDAQ: SZMK ] says it is investigating a security incident in which a hacker was reselling access to a user account with the ability to modify ads and analytics for a number of big-name advertisers. ” PASSWORD SPRAYING.

Accountability

Accountability Passwords Advertising Penetration Testing

DEV-1101 AiTM phishing kit is fueling large-scale phishing campaigns

Security Affairs

MARCH 14, 2023

Microsoft warns of large-scale phishing attacks orchestrated with an open-source adversary-in-the-middle (AiTM) phishing kit available in the cybercrime ecosystem Adversary-in-the-middle (AiTM) phishing kits are becoming an essential technology in the cybercrime ecosystem that is used by multiple threat actors to launch phishing attacks.

Phishing

Phishing Cybercrime Authentication Mobile

7 Cyber Safety Tips to Outsmart Scammers

Webroot

FEBRUARY 26, 2024

Cybercrime isn’t just a futuristic Hollywood plotline, it’s a real threat that targets everyone—from wide-eyed kids to seasoned adults and wise grandparents. They’ll try to sweet-talk you into clicking on suspicious links or divulging sensitive information like passwords or credit card details. And guess what?

Scams

Scams VPN Passwords Phishing

US citizens lost more than $68M to SIM swap attacks in 2021, FBI warns

Security Affairs

FEBRUARY 10, 2022

The FBI recommends individuals take the following precautions: Do not advertise information about financial assets, including ownership or investment of cryptocurrency, on social media websites and forums. Do not provide your mobile number account information over the phone to representatives that request your account password or pin.

Mobile

Mobile Cryptocurrency Authentication Accountability

Threat actors are actively exploiting Zerologon flaw, Microsoft warns

Security Affairs

OCTOBER 30, 2020

The Netlogon service is an Authentication Mechanism used in the Windows Client Authentication Architecture which verifies logon requests, and it registers, authenticates, and locates Domain Controllers. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Authentication

Authentication Advertising Architecture Cybercrime

FBI shuts down the Russian-based hacker platform DEER.IO

Security Affairs

MARCH 26, 2020

that is hosting various cybercrime products and services were being sold. The Russian man also advertised the platform on other hacking forums. store used by hackers to offer for sale thousands of compromised accounts, including gamer accounts and PII files containing user names, passwords, U.S. Pierluigi Paganini.

Cybercrime

Cybercrime Advertising Hacking Accountability

Hacker hijacked Orange Spain RIPE account causing internet outage to company customers

Security Affairs

JANUARY 4, 2024

RPKI adds a layer of security to BGP by cryptographically binding IP address prefixes to the entities that hold the legitimate right to advertise them. “We encourage account holders to please update their passwords and enable multi-factor authentication for their accounts.

Internet

Internet Internet Accountability Passwords

NightLion hacker is selling details of 142 million MGM Resorts hotel guests

Security Affairs

JULY 14, 2020

At the time, ZDNet validated the authenticity of the data contacting past guests of the hotel, including international business travelers, reporters attending tech conferences and CEOs attending business meetings. The company excluded that hackers have stolen financial and payment card data or passwords. ” reported ZDNet.

Data breaches

Data breaches Advertising Hacking Cybercrime

Facebook, Instagram, TikTok and Twitter Target Resellers of Hacked Accounts

Krebs on Security

FEBRUARY 4, 2021

Facebook said it targeted a number of accounts tied to key sellers on OGUsers, as well as those who advertise the ability to broker stolen account sales. Like most cybercrime forums, OGUsers is overrun with shady characters who are there mainly to rip off other members. THE MIDDLEMEN. WHAT YOU CAN DO.

Accountability

Accountability Hacking Media Mobile

CryptoCore hacker group stole over $200M from cryptocurrency exchanges

Security Affairs

JUNE 24, 2020

The CryptoCore group, aks Crypto-gang, “Dangerous Password”, and “Leery Turtle” has been active since 2018. The spear-phishing messages attempt to trick the victims into installing malware on their computer that allows attacker to steal or obtain access to a password manager account.

Cryptocurrency

Cryptocurrency Phishing Accountability Passwords

Hackers abusing the Ngrok platform phishing attacks

Security Affairs

FEBRUARY 16, 2021

Experts provided a list of ngrok -based attacks conducted by cybercrime organizations and nation-stated actors such as Fox Kitten and Pioneer Kitten APT groups. links used in darkweb markets/leaks and cybercrime forums by different threat actors such as BIN CARDERS, Telegram- carder data, and linlogpass.” Pierluigi Paganini.

Phishing

Phishing Cybercrime Mobile Internet

CISA’s advisory warns of notable increase in LokiBot malware

Security Affairs

SEPTEMBER 22, 2020

The malware is able to steal sensitive information (a variety of credentials, including FTP credentials, stored email passwords, passwords stored in the browser, as well as a whole host of other credentials) . If these services are required, use strong passwords or Active Directory authentication. Pierluigi Paganini.

Malware

Malware Passwords Advertising Antivirus

Caffeine, a new Phishing-as-a-Service toolkit available in the underground

Security Affairs

OCTOBER 11, 2022

.” The toolkit provides templates for a broad range of targets, including Chinese and Russian organizations, which is quite uncommon in the cybercrime ecosystem. Caffeine is advertised on multiple cybercrime underground forums, its subscription models are more expensive compared with other PhaaS platforms.

Phishing

Phishing Cybercrime Accountability Advertising

BlackCat Ransomware gang breached over 60 orgs worldwide

Security Affairs

APRIL 25, 2022

ALPHV has been advertising the BlackCat Ransomware-as-a-Service (RaaS) on the cybercrime forums XSS and Exploit since early December. Regularly back up data, air gap, and password-protect backup copies offline. Use multifactor authentication where possible. Implement the shortest acceptable timeframe for password changes.

Ransomware

Ransomware Antivirus Passwords Malware

Taiwanese vendor QNAP issues advisory on Zerologon flaw

Security Affairs

OCTOBER 22, 2020

The Netlogon service is an Authentication Mechanism used in the Windows Client Authentication Architecture which verifies logon requests, and it registers, authenticates, and locates Domain Controllers. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Authentication

Authentication Advertising Architecture Cybercrime

Statc Stealer, a new sophisticated info-stealing malware

Security Affairs

AUGUST 10, 2023

The malicious code also targets cryptocurrency wallets and can capture credentials, passwords, and even data from messaging apps like Telegram. The infection chain starts when victims are tricked into clicking on an ads that appears like an authentic Google advertisement. The user inadvertently downloads the Initial Sample file.

Malware

Malware Encryption Advertising Cryptocurrency

European police arrested tens of members of two SIM Hijacking Gangs

Security Affairs

MARCH 13, 2020

European authorities dismantled two cybercrime organizations responsible for stealing millions through SIM hijacking. European authorities managed to dismantle the operations of two cybercrime gangs responsible for stealing millions through SIM hijacking. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Banking

Banking Cybercrime Mobile Accountability

New Coronavirus-themed campaign spread Lokibot worldwide

Security Affairs

APRIL 4, 2020

177] that uses the World Health Organization (WHO) trademark in an attempt to convince recipients of its authenticity.” The malicious code was initially advertised on many hacking forums for up to $300, later other threat actors started offering it for less than $80 in the cybercrime underground. xyz/copy/five/fre.php.

Advertising

Advertising Malware Passwords Cybercrime

FBI arrested a Russian citizen suspected to be the mastermind of Deer.io

Security Affairs

MARCH 10, 2020

The Russian man also advertised the platform on other hacking forums. Individuals can also buy computer files, financial information, PII, and usernames and passwords taken from computers infected with malicious software (malware) located both in the U.S. platform, offered data were authentic according to the feds. storefront.”

Accountability

Accountability Advertising Passwords Hacking

Erbium info-stealing malware, a new option in the threat landscape

Security Affairs

SEPTEMBER 27, 2022

The Malware-as-a-Service (MaaS) was advertised on a Dark Web forum by a Russian-speaking threat actor. Collecting user credentials, such as passwords, from a range of popular chat and email programs, as well as web browsers. Ability to collect data of Authentication (2FA) and password-managing software.

Malware

Malware Password Management Authentication Passwords

Information Stealing Malware on the Rise, Uptycs Study Shows

SecureWorld News

JULY 27, 2023

Some highlights include: Stealers are primarily sold on cybercrime forums. This demonstrates a focus on collecting data from multi-factor authentication tools. They are often spread by malicious advertising, spam, and compromised accounts. Their logs are sold on instant messaging platforms such as Telegram and Discord.

Malware

Malware Social Engineering Passwords Spyware

Security Affairs newsletter Round 253

Security Affairs

MARCH 1, 2020

FBI recommends using passphrases instead of complex passwords. Raccoon Malware, a success case in the cybercrime ecosystem. New strain of Cerberus Android banking trojan can steal Google Authenticator codes. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Lampion malware v2 February 2020.

Banking

Banking Malware Advertising Ransomware

Crooks offered for sale private messages for 81k Facebook accounts

Security Affairs

NOVEMBER 3, 2018

The BBC Russian Service investigated the alleged data breach along with cybersecurity firm Digital Shadows and determined they are authentic. FBSaler advertised the data on an underground hacking forum called BlackHatWorld and provided a link to a site named FBServer where sample data was posted. ” states the BBC.

Accountability

Accountability Advertising Cybercrime Hacking

Spanish police dismantled SIM swapping gang who stole money from victims’ bank accounts

Security Affairs

FEBRUARY 10, 2022

The FBI recommends individuals take the following precautions: Do not advertise information about financial assets, including ownership or investment of cryptocurrency, on social media websites and forums. Do not provide your mobile number account information over the phone to representatives that request your account password or pin.

Banking

Banking Accountability Mobile Cryptocurrency

FBI issued a flash alert about Netwalker ransomware attacks

Security Affairs

AUGUST 2, 2020

Use two-factor authentication with strong passwords. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. ” continues the alert. Consider installing and using a VPN. The FBI advises victims not to pay the ransom.

Ransomware

Ransomware VPN Advertising Government

What the Marriott Breach Says About Security

Krebs on Security

DECEMBER 1, 2018

Marriott is offering affected consumers a year’s worth of service from a company owned by security firm Kroll that advertises the ability to scour cybercrime underground markets for your data. Should you take them up on this offer? TOUGH TRADE-OFFS.

Passwords

Passwords Accountability Malware Phishing

Avoslocker ransomware gang targets US critical infrastructure

Security Affairs

MARCH 19, 2022

AvosLocker operators already advertised in the past a Linux variant, dubbed AvosLinux, of their malware claiming it was able to support Linux and ESXi servers. Regularly back up data, password protect backup copies offline. Use multifactor authentication where possible. Avoid reusing passwords for multiple accounts.

Ransomware

Ransomware DDOS Passwords Backups

Hackers are targeting teleworkers with vishing campaign, CISA and FBI warn

Security Affairs

AUGUST 21, 2020

Hackers aim at collecting login credentials for networks of the target organizations, then they attempt to monetize their efforts by selling access to corporate resources in the cybercrime underground. Improve 2FA and OTP messaging to reduce confusion about employee authentication attempts. Pierluigi Paganini.

Social Engineering

Social Engineering VPN Phishing Authentication

A Cyber Security Checklist for the Modern Small Business [Top 8 Tips]

SiteLock

AUGUST 27, 2021

This is especially true today considering the fact that cybercrime continues to be a serious threat for businesses and users. When cybercrime happens to your company website, you can lose money, credibility, and customers. Today, generic passwords like “password123!” Security is one of the most important aspects of any website.

Small Business

Small Business Passwords Backups Firewall

Customers of 7-Eleven Japan lost $500,000 due to a flaw in the mobile app

Security Affairs

JULY 7, 2019

Cyber criminals have exploited an unproperly implemented password reset process in 7-Eleven to make unwanted charges on 900 customers’ accounts. “Knowing the email address, date of birth, and phone number, it turned out that a third party could change the 7pay 7-Eleven app password. 7-Eleven Inc. Pierluigi Paganini.

Mobile

Mobile Passwords Accountability Advertising

How to Secure Your Business Social Media Accounts

BH Consulting

AUGUST 31, 2023

billion people are on social media , and businesses have come to rely on these channels in their everyday operations as a form of advertising, recruiting and more. According to figures from Gitnux , the cost of cybercrime on social media is $3.25 So in this blog, I’ll talk about the risks and steps to mitigate them. More than 4.7

Media

Media Accountability Authentication Passwords

Twitter confirms zero-day used to access data of 5.4 million accounts

Security Affairs

AUGUST 5, 2022

The vulnerability allows any party without any authentication to obtain a twitter ID (which is almost equal to getting the username of an account) of any user by submitting a phone number/email even though the user has prohibitted this action in the privacy settings. The seller claimed that the database was containing data (i.e.

Accountability

Accountability Data breaches Authentication Media

Colocation data centers giant Equinix data hit by Netwalker Ransomware

Security Affairs

SEPTEMBER 10, 2020

The popular cybercrime gang is demanding a $4.5 Use two-factor authentication with strong passwords. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. ” reads the statement. Pierluigi Paganini.

Ransomware

Ransomware VPN Data breaches Advertising

FBI IC3 warns of cyber attacks exploiting Remote Desktop Protocol (RDP)

Security Affairs

SEPTEMBER 29, 2018

The IC3 warns of the following vulnerabilities: Weak passwords. The alert includes the audit of network for systems using RDP for remote communication, limiting the use of the Remote Desktop Protocol, keeping systems up to date, and implements multi-factor authentication wherever possible. Pierluigi Paganini.

Cyber Attacks

Cyber Attacks Advertising Internet Internet

TroyStealer – A new info stealer targeting Portuguese Internet users

Security Affairs

JUNE 13, 2020

The world of cybercrime is changing, and more and more malware variants have spread every day. The malware gathers login information, like usernames and passwords stored on web-browsers, which it sends to another system via email. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. h/t: abuse.ch.

Internet

Internet Internet Malware Banking

Voice Phishers Targeting Corporate VPNs

Krebs on Security

AUGUST 19, 2020

Time is of the essence in these attacks because many companies that rely on VPNs for remote employee access also require employees to supply some type of multi-factor authentication in addition to a username and password — such as a one-time numeric code generated by a mobile app or text message.

Phishing

Phishing VPN Social Engineering Media

The Rise of One-Time Password Interception Bots

A Year Later, Cybercrime Groups Still Rampant on Facebook

Webinars

Trending Sources

FBI Seizes Bot Shop ‘Genesis Market’ Amid Arrests Targeting Operators, Suppliers

Webinars

Russian Cybercrime group is exploiting Zerologon flaw, Microsoft warns

‘The Manipulaters’ Improve Phishing, Still Fail at Opsec

Ask Fitis, the Bear: Real Crooks Sign Their Malware

Meet Ika & Sal: The Bulletproof Hosting Duo from Hell

FBI Arrests Alleged Owner of Deer.io, a Top Broker of Stolen Accounts

Ad Network Sizmek Probes Account Breach

DEV-1101 AiTM phishing kit is fueling large-scale phishing campaigns

7 Cyber Safety Tips to Outsmart Scammers

US citizens lost more than $68M to SIM swap attacks in 2021, FBI warns

Threat actors are actively exploiting Zerologon flaw, Microsoft warns

FBI shuts down the Russian-based hacker platform DEER.IO

Hacker hijacked Orange Spain RIPE account causing internet outage to company customers

NightLion hacker is selling details of 142 million MGM Resorts hotel guests

Facebook, Instagram, TikTok and Twitter Target Resellers of Hacked Accounts

CryptoCore hacker group stole over $200M from cryptocurrency exchanges

Hackers abusing the Ngrok platform phishing attacks

CISA’s advisory warns of notable increase in LokiBot malware

Caffeine, a new Phishing-as-a-Service toolkit available in the underground

BlackCat Ransomware gang breached over 60 orgs worldwide

Taiwanese vendor QNAP issues advisory on Zerologon flaw

Statc Stealer, a new sophisticated info-stealing malware

European police arrested tens of members of two SIM Hijacking Gangs

New Coronavirus-themed campaign spread Lokibot worldwide

FBI arrested a Russian citizen suspected to be the mastermind of Deer.io

Erbium info-stealing malware, a new option in the threat landscape

Information Stealing Malware on the Rise, Uptycs Study Shows

Security Affairs newsletter Round 253

Crooks offered for sale private messages for 81k Facebook accounts

Spanish police dismantled SIM swapping gang who stole money from victims’ bank accounts

FBI issued a flash alert about Netwalker ransomware attacks

What the Marriott Breach Says About Security

Avoslocker ransomware gang targets US critical infrastructure

Hackers are targeting teleworkers with vishing campaign, CISA and FBI warn

A Cyber Security Checklist for the Modern Small Business [Top 8 Tips]

Customers of 7-Eleven Japan lost $500,000 due to a flaw in the mobile app

How to Secure Your Business Social Media Accounts

Twitter confirms zero-day used to access data of 5.4 million accounts

Colocation data centers giant Equinix data hit by Netwalker Ransomware

FBI IC3 warns of cyber attacks exploiting Remote Desktop Protocol (RDP)

TroyStealer – A new info stealer targeting Portuguese Internet users

Voice Phishers Targeting Corporate VPNs

Stay Connected