Advertising, Hacking and Information Security

Web Hacking Service ‘Araneida’ Tied to Turkish IT Firm

Krebs on Security

DECEMBER 19, 2024

Cyber threat analysts at Silent Push said they recently received reports from a partner organization that identified an aggressive scanning effort against their website using an Internet address previously associated with a campaign by FIN7 , a notorious Russia-based hacking group. ” Orn advertising Araneida Scanner in Feb.

Hacking

Hacking Cybercrime Advertising Data breaches

Cybercrime group FIN7 advertises new EDR bypass tool on hacking forums

Security Affairs

JULY 18, 2024

The cybercrime group FIN7 is advertising a security evasion tool in multiple underground forums, cybersecurity company SentinelOne warns. SentinelOne researchers warn that the financially motivated group FIN7 is using multiple pseudonyms to advertise a security evasion tool in several criminal underground forums.

Advertising

Advertising Cybercrime Hacking Ransomware

BadBox 2.0 botnet infects millions of IoT devices worldwide, FBI warns

Security Affairs

JUNE 9, 2025

Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, botnet) Indicators of BADBOX 2.0

IoT

IoT Internet Internet Advertising

Ukraine President enforces Information Security Strategy

CyberSecurity Insiders

DECEMBER 29, 2021

Amid extreme concerns related to cyber warfare from Russia, Ukraine’s President Volodymyr Zelensky announced a new information security strategy policy was launched and came into effect early this week. The post Ukraine President enforces Information Security Strategy appeared first on Cybersecurity Insiders.

Information Security

Information Security Cryptocurrency Scams Cyber Attacks

Meet the Administrators of the RSOCKS Proxy Botnet

Krebs on Security

JUNE 22, 2022

last week said they dismantled the “ RSOCKS ” botnet, a collection of millions of hacked devices that were sold as “proxies” to cybercriminals looking for ways to route their malicious traffic through someone else’s computer. Authorities in the United States, Germany, the Netherlands and the U.K.

Advertising

Advertising Cybercrime System Administration Hacking

LeakedSource Owner Quit Ashley Madison a Month Before 2015 Hack

Krebs on Security

JULY 18, 2023

[This is Part III in a series on research conducted for a recent Hulu documentary on the 2015 hack of marital infidelity website AshleyMadison.com.] LeakedSource was advertised on a number of popular cybercrime forums as a service that could help hackers break into valuable or high-profile accounts. Abusewith[.]us 2, 2014.

Hacking

Hacking Accountability Data breaches Marketing

Law enforcement seized the domains of HeartSender cybercrime marketplaces

Security Affairs

FEBRUARY 2, 2025

A joint law enforcement operation led to the seizure of 39 domains tied to a Pakistan-based HeartSender cybercrime group (aka Saim Raza and Manipulators Team) known for selling hacking and fraud tools. The HeartSender group advertised its tools as fully undetectable by antispam software.

Cybercrime

Cybercrime Advertising Phishing Hacking

BunnyLoader, a new Malware-as-a-Service advertised in cybercrime forums

Security Affairs

OCTOBER 3, 2023

Zscaler ThreatLabz researchers discovered a new malware-as-a-service (MaaS) that is called BunnyLoader, which has been advertised for sale in multiple cybercrime forums since September 4, 2023. Cybersecurity researchers spotted a new malware-as-a-service (MaaS) called BunnyLoader that’s appeared in the threat landscape.

Advertising

Advertising Cybercrime Malware Cryptocurrency

FTC charged Avast with selling users’ browsing data to advertising companies

Security Affairs

FEBRUARY 22, 2024

The antivirus firm is accused of selling the data to advertising companies without user consent. According to the complaint, the cybersecurity firm was advertising its products as privacy-friendly. “Respondents sold the browsing information that they purported to protect, in many instances without notice to users.”

Advertising

Advertising Antivirus Data collection Software

Banshee macOS stealer supports new evasion mechanisms

Security Affairs

JANUARY 10, 2025

In August 2024, Russian crooks advertised a macOS malware called BANSHEE Stealer that can target both x86_64 and ARM64 architectures. The malicious code was advertised on cybercrime forums for $3,000 per month. The malware can collect cookies, logins and browsing history, but from Safari only cookies can be collected.

Malware

Malware Advertising Antivirus Cybercrime

FBI warns of malicious free online document converters spreading malware

Security Affairs

MARCH 24, 2025

” Fake file converters and download tools may perform advertised tasks but can provide resulting files containing hidden malware, giving criminals access to victims’ devices. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking, free online document converters)

Malware

Malware Scams Identity Theft Antivirus

DoJ seized credit card marketplace PopeyeTools and charges its administrators

Security Affairs

NOVEMBER 24, 2024

To advertise the marketplace, PopeyeTools allegedly promised to refund or replace purchased credit cards that were no longer valid at the time of sale. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, newsletter)

Cybercrime

Cybercrime Cryptocurrency Banking Accountability

Canadian authorities arrested alleged Snowflake hacker

Security Affairs

NOVEMBER 5, 2024

Canadian authorities arrested a suspect linked to multiple hacks following a breach of cloud data platform Snowflake earlier this year. “Canadian authorities have arrested a man suspected of being behind a string of hacks involving as many as 165 customers of Snowflake Inc., Charges remain undisclosed.

Unstructured Data

Unstructured Data Media Cybercrime Hacking

REvil ransomware gang hacked gaming firm Gaming Partners International

Security Affairs

OCTOBER 31, 2020

The REvil ransomware operators made the headlines again, this time the gang claims to have hacked the Gaming Partners International (GPI). “Absolutely all servers and working computers of the company are hacked and encrypted. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Hacking

Hacking Ransomware Advertising Encryption

Administrator of RSOCKS Proxy Botnet Pleads Guilty

Krebs on Security

JANUARY 24, 2023

The plea comes just months after Emelyantsev was extradited from Bulgaria, where he told investigators, “America is looking for me because I have enormous information and they need it.” “Thanks to you, we are now developing in the field of information security and anonymity!,” Kloster’s blog enthused. “We

Cybercrime

Cybercrime Advertising IoT Malware

15 SpyLoan Android apps found on Google Play had over 8 million installs

Security Affairs

NOVEMBER 30, 2024

Some of the malicious apps were promoted through deceptive advertising on social media. ” Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, Google Play) Some apps were suspended by Google from Google Play while others were updated by the developers.

Social Engineering

Social Engineering Media Mobile Scams

Security Affairs newsletter Round 494 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

OCTOBER 20, 2024

CISA adds Fortinet products and Ivanti CSA bugs to its Known Exploited Vulnerabilities catalog Nation-state actor exploited three Ivanti CSA zero-days Dutch police dismantled dual dark web market ‘Bohemia/Cannabia’ macOS HM Surf flaw in TCC allows bypass Safari privacy settings Iran-linked actors target critical infrastructure organizations (..)

Data breaches

Data breaches Cybercrime Cyber Insurance Marketing

Dutch police dismantled dual dark web market ‘Bohemia/Cannabia’

Security Affairs

OCTOBER 14, 2024

Some sellers on Bohemia advertised they were shipping the products from the Netherlands. ” Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, dark web) million euros.

Marketing

Marketing Cybercrime DDOS Cryptocurrency

Crooks hacked Mandiant X account to push cryptocurrency scam

Security Affairs

JANUARY 4, 2024

The X account of cybersecurity giant Mandiant was hacked, attackers used it to impersonate the Phantom crypto wallet and push a cryptocurrency scam. Crooks hacked the X account of cybersecurity firm Mandiant and used it to impersonate the Phantom crypto platform and share a cryptocurrency scam.

Cryptocurrency

Cryptocurrency Scams Accountability Hacking

Atomic macOS Stealer is advertised on Telegram for $1,000 per month

Security Affairs

APRIL 29, 2023

Atomic macOS Stealer is a new information stealer targeting macOS that is advertised on Telegram for $1,000 per month. Cyble Research and Intelligence Labs (CRIL) recently discovered a Telegram channel advertising a new information-stealing malware, named Atomic macOS Stealer (AMOS).

Advertising

Advertising Passwords Malware Password Management

HP Device Manager flaws expose Windows systems to hack

Security Affairs

OCTOBER 4, 2020

Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. SecurityAffairs – hacking, HP). The post HP Device Manager flaws expose Windows systems to hack appeared first on Security Affairs. Pierluigi Paganini.

Hacking

Hacking Accountability Passwords InfoSec

Phishing-as-a-Service Rockstar 2FA continues to be prevalent

Security Affairs

NOVEMBER 29, 2024

Authors advertise Rockstar 2FA as a phishing-as-a-service toolkit that bypasses 2FA, harvests cookies, and features FUD links, antibot tools, and custom themes. ” Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, phishing)

Phishing

Phishing Accountability Authentication Advertising

North Korea-linked APT37 exploited IE zero-day in a recent attack

Security Affairs

OCTOBER 19, 2024

” APT37 compromised the online advertising agency behind the Toast ad program to carry out a supply chain attack. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, APT)

Internet

Internet Internet Engineering Malware

FBI and CISA joint alert blames Russia’s Energetic Bear APT for US government networks hack

Security Affairs

OCTOBER 23, 2020

.” ~ Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. SecurityAffairs – hacking, Energetic Bear). Pierluigi Paganini.

Government

Government Hacking Advertising Passwords

Amid an Embarrassment of Riches, Ransom Gangs Increasingly Outsource Their Work

Krebs on Security

OCTOBER 8, 2020

There’s an old adage in information security: “Every company gets penetration tested, whether or not they pay someone for the pleasure.” ” Many organizations that do hire professionals to test their network security posture unfortunately tend to focus on fixing vulnerabilities hackers could use to break in.

Cybercrime

Cybercrime Malware Ransomware Penetration Testing

Russians charged with hacking Mt. Gox exchange and operating BTC-e

Security Affairs

JUNE 9, 2023

Two Russian nationals have been charged with the hack of the cryptocurrency exchange Mt. Russian nationals Alexey Bilyuchenko (43) and Aleksandr Verner (29) have been charged with the hack of the cryptocurrency exchange Mt. Gox ) The post Russians charged with hacking Mt. Gox in 2011 and money laundering. ” reads the DoJ.

Hacking

Hacking Cryptocurrency Advertising Banking

X Account of leading cybersecurity firm Mandiant was hacked because not adequately protected

Security Affairs

JANUARY 11, 2024

The X account of cybersecurity firm Mandiant was likely hacked through a brute-force password attack, the company revealed. Last week, threat actors hacked the X account of cybersecurity firm Mandiant and used it to impersonate the Phantom crypto platform and share a cryptocurrency scam. ” the company said on X.

Accountability

Accountability Hacking Cryptocurrency Cybersecurity

Dutch Police shut down bulletproof hosting provider Zservers and seized 127 servers

Security Affairs

FEBRUARY 17, 2025

Alexander Igorevich Mishinand Aleksandr Sergeyevich Bolshakovare the two Russian nationals and administrators of Zservers. “ Zservers , headquartered in Barnaul, Russia, has advertised BPH services on known cybercriminal forums to evade law enforcement investigations and takedowns, as well as scrutiny from cybersecurity firms.

Cybercrime

Cybercrime Ransomware Hacking Advertising

A data breach broker is selling account databases of 17 companies

Security Affairs

NOVEMBER 1, 2020

The threat actor is advertising the stolen data since October 28 on a hacker forum. The availability of the huge trove of account data was first reported by BleepingComputer , the threat actor told them that it is only acting as a broker and did not hack the seventeen companies. SecurityAffairs – hacking, account databases).

Data breaches

Data breaches Accountability Advertising Passwords

USPS Site Exposed Data on 60 Million Users

Krebs on Security

NOVEMBER 21, 2018

The API in question was tied to a Postal Service initiative called “ Informed Visibility ,” which according to the USPS is designed to let businesses, advertisers and other bulk mail senders “make better business decisions by providing them with access to near real-time tracking data” about mail campaigns and packages.

Accountability

Accountability Authentication Identity Theft Advertising

Researchers found alleged sensitive documents of NATO and Turkey

Security Affairs

OCTOBER 12, 2020

It is unclear if the threat actors acted for cyber espionage purposes or hacktivism, the content of the message advertising the leak suggests that it was the work of hacktivists, but we cannot exclude that it is the result of a nation-state actor. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Advertising

Advertising Manufacturing Hacking Cyber Attacks

U.S. and Australian police arrested Firebird RAT author and operator

Security Affairs

APRIL 14, 2024

The Australian man developed and sold Firebird to customers on a dedicated hacking forum. The RAT allowed customers to access and control their victims’ computers remotely, its author advertised its stealing capabilities. The Australian man faces twelve counts of computer offenses. ” reported the DoJ.

Computers and Electronics

Computers and Electronics Advertising Cryptocurrency Malware

Hackers stole a six-figure amount from Swiss universities

Security Affairs

OCTOBER 5, 2020

Threat actors have hacked at least three Swiss universities, including the University of Basel and managed to drain employee salary transfers. According to our information, several universities in Switzerland have been affected,” explained Martina Weiss, Secretary General of the Rectors’ Conference of the Swiss Universities. .

Advertising

Advertising Phishing Cybercrime Hacking

Someone emptied a $1 billion BitCoin wallet ahead of Presidential Election

Security Affairs

NOVEMBER 4, 2020

It is still unclear if the funds were transferred by the owner themselves, or if someone has hacked the wallet. The wallet was monitored since 2015 because it was associated with hacking activities, it had been “ dormant ” since 2015. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Cryptocurrency

Cryptocurrency Passwords Advertising Hacking

Irish Data Protection Commission (DPC) fined Meta €251 million for a 2018 data breach

Security Affairs

DECEMBER 18, 2024

The hackers did not affect Facebook-owned Messenger, Messenger Kids, Instagram, WhatsApp, Oculus, Workplace, Pages, payments, third-party apps or advertising or developer accounts, the company said. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking, Meta)

Data breaches

Data breaches Accountability Risk Advertising

Increased GDPR Enforcement Highlights the Need for Data Security

Security Affairs

NOVEMBER 18, 2024

Amazon: €746 Million ($781 Million), 2021 In 2021, Amazon received a hefty fine for failing to secure proper consent for advertising cookies. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, GDPR )

Data privacy

Data privacy Risk Surveillance Government

Hackers claim to have compromised 50,000 home cameras and posted footage online

Security Affairs

OCTOBER 19, 2020

A hacker collective claims to have hacked over 50,000 home security cameras and published their footage online, some of them on adult sites. A group of hackers claims to have compromised over 50,000 home security cameras and published their private footage online. SecurityAffairs – hacking, IP cameras).

IoT

IoT Internet Internet Hacking

Crazy Evil gang runs over 10 highly specialized social media scams

Security Affairs

FEBRUARY 3, 2025

Crazy Evil actively recruits affiliates by advertising its cybercriminal network with specific skill requirements. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,cybercrime) Crazy Evil has earned over $5 million through phishing scams since 2021.

Scams

Scams Media Cryptocurrency Cybercrime

Second-ever UEFI rootkit used in North Korea-themed attacks

Security Affairs

OCTOBER 5, 2020

A China-linked threat actor used UEFI malware based on code from Hacking Team in attacks aimed at organizations with an interest in North Korea. The experts were investigating several suspicious UEFI firmware images when discovered four components, some of which were borrowing the source code a Hacking Team spyware. Pierluigi Paganini.

Firmware

Firmware Spyware Surveillance Hacking

New ATM Malware family emerged in the threat landscape

Security Affairs

MAY 27, 2024

Experts warn of a new ATM malware family that is advertised in the cybercrime underground, it was developed to target Europe. A threat actor is advertising a new ATM malware family that claims to be able of compromised 99% of devices in Europe. The threat actors also give customers a test payload option valid for three days.

Malware

Malware Banking Advertising Cybercrime

The British government aims at improving its offensive cyber capability

Security Affairs

OCTOBER 13, 2020

The news is not surprising for people working in the cyber security sector, the British military claims to have had an offensive cyber capability for a decade. Intelligence experts pointed out that the British government already conducted offensive hacking operations, including the one that targeted the ISIS in 2017.

Government

Government Advertising Hacking Cyber Attacks

Staples discloses data breach exposing customer order data

Security Affairs

SEPTEMBER 14, 2020

Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. SecurityAffairs – hacking, Staples). The post Staples discloses data breach exposing customer order data appeared first on Security Affairs. Pierluigi Paganini.

Data breaches

Data breaches Retail Identity Theft Advertising

Threat actors attempted to capitalize CrowdStrike incident

Security Affairs

JULY 20, 2024

HijackLoader, advertised as a private crypting service called ASMCrypt, is a modular, multi-stage loader designed to evade detection. The domains were used to advertise services to companies affected by the issue in return for a cryptocurrency payment.

Malware

Malware Advertising Cryptocurrency Hacking

Crooks target DeepSeek users with fake sponsored Google ads to deliver malware

Security Affairs

MARCH 27, 2025

The researchers recommend avoiding clicking on sponsored search results and always verifying the advertiser by checking the details behind the URL to ensure it’s the legitimate brand owner. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,Deepseek)

Malware

Malware Data collection Advertising Media

Web Hacking Service ‘Araneida’ Tied to Turkish IT Firm

Cybercrime group FIN7 advertises new EDR bypass tool on hacking forums

Trending Sources

BadBox 2.0 botnet infects millions of IoT devices worldwide, FBI warns

Ukraine President enforces Information Security Strategy

Meet the Administrators of the RSOCKS Proxy Botnet

LeakedSource Owner Quit Ashley Madison a Month Before 2015 Hack

Law enforcement seized the domains of HeartSender cybercrime marketplaces

BunnyLoader, a new Malware-as-a-Service advertised in cybercrime forums

FTC charged Avast with selling users’ browsing data to advertising companies

Banshee macOS stealer supports new evasion mechanisms

FBI warns of malicious free online document converters spreading malware

DoJ seized credit card marketplace PopeyeTools and charges its administrators

Canadian authorities arrested alleged Snowflake hacker

REvil ransomware gang hacked gaming firm Gaming Partners International

Administrator of RSOCKS Proxy Botnet Pleads Guilty

15 SpyLoan Android apps found on Google Play had over 8 million installs

Security Affairs newsletter Round 494 by Pierluigi Paganini – INTERNATIONAL EDITION

Dutch police dismantled dual dark web market ‘Bohemia/Cannabia’

Crooks hacked Mandiant X account to push cryptocurrency scam

Atomic macOS Stealer is advertised on Telegram for $1,000 per month

HP Device Manager flaws expose Windows systems to hack

Phishing-as-a-Service Rockstar 2FA continues to be prevalent

North Korea-linked APT37 exploited IE zero-day in a recent attack

FBI and CISA joint alert blames Russia’s Energetic Bear APT for US government networks hack

Amid an Embarrassment of Riches, Ransom Gangs Increasingly Outsource Their Work

Russians charged with hacking Mt. Gox exchange and operating BTC-e

X Account of leading cybersecurity firm Mandiant was hacked because not adequately protected

Dutch Police shut down bulletproof hosting provider Zservers and seized 127 servers

A data breach broker is selling account databases of 17 companies

USPS Site Exposed Data on 60 Million Users

Researchers found alleged sensitive documents of NATO and Turkey

U.S. and Australian police arrested Firebird RAT author and operator

Hackers stole a six-figure amount from Swiss universities

Someone emptied a $1 billion BitCoin wallet ahead of Presidential Election

Irish Data Protection Commission (DPC) fined Meta €251 million for a 2018 data breach

Increased GDPR Enforcement Highlights the Need for Data Security

Hackers claim to have compromised 50,000 home cameras and posted footage online

Crazy Evil gang runs over 10 highly specialized social media scams

Second-ever UEFI rootkit used in North Korea-themed attacks

New ATM Malware family emerged in the threat landscape

The British government aims at improving its offensive cyber capability

Staples discloses data breach exposing customer order data

Threat actors attempted to capitalize CrowdStrike incident

Crooks target DeepSeek users with fake sponsored Google ads to deliver malware

Stay Connected