Blog - Cyber Security Informer

You Can Now Ask Google to Remove Your Phone Number, Email or Address from Search Results

Krebs on Security

APRIL 29, 2022

Google said this week it is expanding the types of data people can ask to have removed from search results, to include personal contact information like your phone number, email address or physical address. Google has for years accepted requests to remove certain sensitive data such as bank account or credit card numbers from search results.

Identity Theft

Identity Theft Cybercrime Retail Hacking

Malicious ad served inside Bing's AI chatbot

Malwarebytes

SEPTEMBER 27, 2023

In February 2023, Microsoft disclosed its new AI-assisted search engine, Bing Chat, powered by OpenAI's GPT-4. Even though Google has been dominating the search industry for years, this event was significant enough to generate not only interest but also plant the seed for a possible change in the balance in the future.

Malware

Malware Software Advertising Engineering

Thousands of Sites Hacked in Massive Google SEO Poisoning Campaign

Heimadal Security

NOVEMBER 10, 2022

This week, almost 15,000 sites were compromised during a massive black hat search engine optimization (SEO) campaign. The post Thousands of Sites Hacked in Massive Google SEO Poisoning Campaign appeared first on Heimdal Security Blog. The websites would redirect the visitors to face Q&A discussion forums.

Hacking

Hacking Engineering Cybersecurity

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

McAfee Enterprise Defender Blog | CISA Alert: MS Exchange & Fortinet Vulnerabilities

McAfee

NOVEMBER 25, 2021

In this blog I want to show you how you can operationalize the data linked to this alert in MVISION Insights together with your investigation and protection capabilities to better protect your organization against this threat. Last September we hosted a webinar focused on threat intelligence and protection against hacking tools.

Encryption

Encryption Risk Ransomware Hacking

Calendar Meeting Links Used to Spread Mac Malware

Krebs on Security

FEBRUARY 28, 2024

A search in Google for a string of text from that script turns up a December 2023 blog post from cryptocurrency security firm SlowMist about phishing attacks on Telegram from North Korean state-sponsored hackers. “When the project team clicks the link, they encounter a region access restriction,” SlowMist wrote.

Malware

Malware Cryptocurrency Software Scams

New Ceeloader Malware Used By Russian-backed Advanced Persistent Threat (APT) Organization Nobelium

Heimadal Security

DECEMBER 7, 2021

Nobelium is a Russian-backed advanced persistent threat (APT) organization that achieved attention towards the end of 2020 after breaching SolarWinds’ software development supply chain to obtain access to espionage targets, and it continues to deploy creative approaches in its search for new victims. What Happened?

Malware

Malware Government Software Hacking

The Data Breach "Personal Stash" Ecosystem

Troy Hunt

JANUARY 29, 2024

LeakedSource services were often advertised on hacking forums and there was suspicion that its operators were actively looking to hack organizations whose data they could add to their database. You may only search information about yourself, or those you are authorized in writing to do so.

Data breaches

Data breaches Passwords Advertising Personal Security

Massive Black hat SEO campaign used +15K WordPress sites

Security Affairs

NOVEMBER 14, 2022

wp-blog-header.php. png files, then the malware uses the window.location.href function to redirect to a Google search result URL of a spam domain under his controlù. Sucuri experts have yet to discover how the WordPress websites employed in the campaign have been hacked. SecurityAffairs – hacking, WordPress).

Malware

Malware Hacking Engineering Information Security

Microsoft fixed Azure AD bug that led to Bing.com results manipulation and account takeover

Security Affairs

APRIL 3, 2023

One of these apps is a content management system (CMS) that powers Bing.com and allowed us to not only modify search results, but also launch high-impact XSS attacks on Bing users.” . “We found several high-impact, vulnerable Microsoft applications. ” reads the post published by security firm Wiz.

Accountability

Accountability Education Media Authentication

FakeBat delivered via several active malvertising campaigns

Malwarebytes

MARCH 12, 2024

February was a particularly busy month for search-based malvertising with the number of incidents we documented almost doubling. One malware family we have been tracking on this blog is FakeBat. All the incidents described in this blog have been reported to Google. Indicators of Compromise Hacked sites cecar[.]com[.]ar

DNS

DNS Malware Software Hacking

French Firms Rocked by Kasbah Hacker?

Krebs on Security

MARCH 2, 2020

A large number of French critical infrastructure firms were hacked as part of an extended malware campaign that appears to have been orchestrated by at least one attacker based in Morocco, KrebsOnSecurity has learned. com , an Arabic-language computer hacking forum. But he denied ever participating in illegal hacking activities.

DNS

DNS Penetration Testing Malware Hacking

Law enforcement seized the Genesis Market cybercrime marketplace

Security Affairs

APRIL 5, 2023

The authorities are searching for information about the administrators of the platform, a circumstance that suggests that the FBI has yet to identify them.

Marketing

Marketing Cybercrime Accountability Education

Ukrainian Police Nab Six Tied to CLOP Ransomware

Krebs on Security

JUNE 16, 2021

According to a statement and videos released today, the Ukrainian Cyber Police charged six defendants with various computer crimes linked to the CLOP gang, and conducted 21 searches throughout the Kyiv region. CLOP’s victim shaming blog on the deep web.

Ransomware

Ransomware Cybercrime Malware Encryption

Russian APT28 hacker accused of the NATO think tank hack in Germany

Security Affairs

JUNE 20, 2022

German investigators believe that Kozachek is a member of the Russia-linked APT28 group (aka Fancy Bear), which is the same group that hacked the German Bundestag in 2015. Kozachek hacked the computed of the NATO think tank in 2017 and installed a keylogger to spy on the organization. SecurityAffairs – hacking, APT28).

Hacking

Hacking Accountability Malware Cybersecurity

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

Krebs on Security

JANUARY 30, 2024

Sources close to the investigation tell KrebsOnSecurity the accused was a key member of a criminal hacking group blamed for a string of cyber intrusions at major U.S. Multiple security firms soon assigned the hacking group the nickname “ Scattered Spider.” 9, 2024, U.S. technology companies during the summer of 2022.

Social Engineering

Social Engineering Mobile Cybercrime Passwords

Windows Hello fingerprint authentication can be bypassed on popular laptops

Malwarebytes

NOVEMBER 24, 2023

If you like to read the full technical details, we happily refer you to the Blackwing researcher’s blog: A TOUCH OF PWN – PART I. This means that a separate chip stores the biometric credentials (in this case the fingerprints), making it almost impossible to hack into. For a less technical summary, carry on.

Authentication

Authentication Manufacturing Engineering Risk

Karma Catches Up to Global Phishing Service 16Shop

Krebs on Security

AUGUST 17, 2023

The INTERPOL statement says the platform sold hacking tools to compromise more than 70,000 users in 43 countries. ” According to the Indonesian security blog Cyberthreat.id , Saputra admitted being the administrator of 16Shop , but told the publication he handed the project off to others by early 2020.

Phishing

Phishing Passwords Internet Internet

BatLoader campaign impersonates ChatGPT and Midjourney to deliver Redline Stealer

Security Affairs

MAY 21, 2023

Researchers identified an ongoing BatLoader campaign relying on Google Search Ads to deliver rogue web pages for ChatGPT and Midjourney. In February 2023, eSentire reported another BatLoader campaign targeting users searching for AI tools. “Both AI services are extremely popular but lack first-party standalone apps (i.e.,

System Administration

System Administration Advertising Malware Hacking

UK Ad Campaign Seeks to Deter Cybercrime

Krebs on Security

MAY 28, 2020

The United Kingdom’s anti-cybercrime agency is running online ads aimed at young people who search the Web for services that enable computer crimes, specifically trojan horse programs and DDoS-for-hire services. For example, search in Google for the terms “booter” or “stresser” from a U.K.

Cybercrime

Cybercrime DDOS Advertising Hacking

Nitrogen shelling malware from hacked sites

Malwarebytes

JANUARY 31, 2024

Nitrogen is the name given to a campaign and associated malware that have been distributed via malicious search ads. In this blog post, we look at a recent Nitrogen campaign and specifically at how the initial payload is being served onto victims.

Malware

Malware Hacking System Administration Ransomware

Low sophistication OT breaches on the rise, with hackers learning from easy wins

SC Magazine

MAY 25, 2021

The low sophistication attacks, which are outlined by Mandiant in a new blog post released Tuesday, encompass simpler attacks, where actors with varying levels of skill and resources use common IT tools and techniques to gain access to and interact with exposed OT systems. ‘How do I make money off of this?'

Media

Media Internet Internet Engineering

Accused Russian RSOCKS Botmaster Arrested, Requests Extradition to U.S.

Krebs on Security

SEPTEMBER 24, 2022

Denis Emelyantsev , as the apparent owner of RSOCKS, a collection of millions of hacked devices that were sold as “proxies” to cybercriminals looking for ways to route their malicious traffic through someone else’s computer. ” Kloster’s blog even included a group photo of RSOCKS employees.

Cybercrime

Cybercrime Data breaches Malware Ransomware

Massive utility scam campaign spreads via online ads

Malwarebytes

FEBRUARY 15, 2024

In a recent investigation, we discovered a prolific campaign of fraudulent ads shown to users via Google searches. This blog post has two purposes: the first one is to draw awareness to this problem by showing how it works. Fraudulent utility scam ads The scam begins when a user searches for keywords related to their energy bill.

Scams

Scams Energy and Utilities Advertising Mobile

Threat actors target law firms with GootLoader and SocGholish malware

Security Affairs

MARCH 2, 2023

The attack chain starts with a user searching for specific information in a search engine. In the campaign blocked by eSentire, the threat actors compromised legitimate WordPress websites and added new blog posts without the knowledge of their admins. This forum hosted a ZIP archive that contains the malicious.js

Malware

Malware Ransomware Engineering Internet

NB65 group targets Russia with a modified version of Conti’s ransomware

Security Affairs

APRIL 10, 2022

NB65 hacking group created its ransomware based on the leaked source code of the Conti ransomware and targets Russia. According to BleepingComputer , NB65 hacking group is targeting Russian organizations with ransomware that they have developed using the leaked source code of the Conti ransomware. Why CTI is fun? Pierluigi Paganini.

Ransomware

Ransomware Hacking Encryption Cybersecurity

Experts warn of threat actors abusing Google Alerts to deliver unwanted programs

Security Affairs

FEBRUARY 21, 2021

Bad actors publish posts with titles containing popular keywords to allow Google Search to index the content. web pages, newspaper articles, blogs, or scientific research) that match the user’s search term(s). Upon indexing the content, Google Alerts will alert people who are searching those specific terms. .’

Malware

Malware Hacking Information Security

Experts warn of a new malvertising campaign spreading the ChromeLoader

Security Affairs

MAY 26, 2022

The malware is able to redirect the user’s traffic and hijacking user search queries to popular search engines, including Google, Yahoo, and Bing. sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog”). SecurityAffairs – hacking, chromeloader).

Malware

Malware Spyware Threat Detection Engineering

Lemon_Duck cryptomining botnet targets Docker servers

Security Affairs

APRIL 22, 2022

Later operators added to the Lemon_Duck miner a port scanning module that searches for Internet-connected Linux systems listening on the 22 TCP port used for SSH Remote Login, then launches SSH brute force attacks. The LemonDuck also performs lateral movements by searching for SSH keys on the filesystem. ” concludes the report.

Cryptocurrency

Cryptocurrency Malware Internet Internet

How Phishers Are Slinking Their Links Into LinkedIn

Krebs on Security

FEBRUARY 3, 2022

The trouble is, there’s little to stop criminals from leveraging newly registered or hacked LinkedIn business accounts to create their own ad campaigns using Slinks. This search via Urlscan reveals dozens of recent phishing attacks that have leveraged the Slinks feature.

Phishing

Phishing Marketing Scams Accountability

A new wave of DeadBolt Ransomware attacks hit QNAP NAS devices ?

Security Affairs

MARCH 22, 2022

Internet search engine Censys reported a new wave of DeadBolt ransomware attacks targeting QNAP NAS devices. Internet search engine Censys reported that QNAP devices were targeted in a new wave of DeadBolt ransomware attacks. In a blog post published on Monday, Censys said there had been 1,146 hacked devices on March 19.

Ransomware

Ransomware Firmware Internet Internet

Ukraine cyber police arrested a man for selling data of 300M people

Security Affairs

APRIL 28, 2023

362 (Unauthorized actions with information that is processed in computers, automated systems, computer networks or stored on carriers of such information, committed by a person who has the right to access it) of the Criminal Code of Ukraine and on the basis of a court order, law enforcement officers came to the person involved to conduct a search.”

Education

Education Accountability Banking Mobile

Experts explained how to hack a building controller widely adopted in Russia

Security Affairs

MARCH 24, 2022

A researcher discovered critical flaws that can be exploited by remote attackers to hack a building controller popular in Russia. A researcher has identified critical vulnerabilities that can allegedly be exploited to remotely hack a building controller predominantly used by organizations in Russia. ” wrote the expert.

Hacking

Hacking Firmware Internet Internet

SeaFlower campaign distributes backdoored versions of Web3 wallets to steal seed phrases

Security Affairs

JUNE 14, 2022

The fake sites are promoted via search engine poisoning, attackers mainly targeted Baidu and other Chinese search engines. sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog”) To nominate, please visit:? SecurityAffairs – hacking, SeaFlower campaign).

Engineering

Engineering Malware Hacking Cybersecurity

Russia-linked Sandworm APT uses WinRAR in destructive attacks on Ukraine’s public sector

Security Affairs

MAY 4, 2023

The attackers used a BAT script dubbed RoarBat that recursively searches for files with specific extensions (.doc,docx,rtf,txt,xls,xlsx,ppt,pptx,vsd,vsdx,pdf,png,jpeg,jpg,zip,rar,7z,mp4,sql CERT-UA started investigating the attack after it received information about an attack against an ICS system of one of the state organizations of Ukraine.

VPN

VPN Education Accountability Cyber Attacks

MobileIrony backdoor allows complete takeover of mobile security product and endpoints.

DoublePulsar

JULY 25, 2023

It became clear this was being exploited in the wild a few days ago, after the Norwegian government disclosed 12 of their ministries were hacked using this MobileIron zero day , and they had to tell Ivanti about the issue. In this blog we take a look at MobileIrony, aka CVE-2023–35078. What can customers learn?

Mobile

Mobile InfoSec Government Accountability

GUEST ESSAY: Threat hunters adapt personas, leverage AI to gather intel in the Dark Web

The Last Watchdog

JUNE 20, 2022

Once vetted and accepted, threat hunters will go into these message boards and communities and search for anything connected to your business, for example: •Corporate login credentials. Think of the Cybersixgill Portal as a complex search engine that can reach the deepest depths of the Underground.

Ransomware

Ransomware Marketing Data collection VPN

Iran-linked MERCURY APT behind destructive attacks on hybrid environments

Security Affairs

APRIL 10, 2023

The hackers abused Exchange Web Services to gain full access to email inboxes, then they were able to perform “thousands of search activities” and impersonate a high-ranking employee to send emails both internally and externally.

Ransomware

Ransomware Cybercrime VPN Education

FBI claims to have dismantled AlphV/Blackcat ransomware operation, but the group denies it

Security Affairs

DECEMBER 19, 2023

As outlined in a recently unsealed search warrant in the Southern District of Florida, the FBI has taken control of various websites operated by the group. “During this investigation, law enforcement gained visibility into the Blackcat Ransomware Group’s network,” reads an unsealed search warrant.

Ransomware

Ransomware Advertising Hacking Manufacturing

CVE-2022-20685 flaw in the Modbus preprocessor of the Snort makes it unusable

Security Affairs

APRIL 21, 2022

The software performs real-time traffic analysis and packet logging on Internet Protocol (IP) networks, protocol analysis, content searching and matching. SecurityAffairs – hacking, DoS). Snort is a free open source network intrusion detection system (IDS) and intrusion prevention system (IPS) which is currently developed by Cisco.

Engineering

Engineering Software Internet Internet

Meet the Administrators of the RSOCKS Proxy Botnet

Krebs on Security

JUNE 22, 2022

last week said they dismantled the “ RSOCKS ” botnet, a collection of millions of hacked devices that were sold as “proxies” to cybercriminals looking for ways to route their malicious traffic through someone else’s computer. Authorities in the United States, Germany, the Netherlands and the U.K.

Advertising

Advertising Cybercrime System Administration Hacking

Experts released PoC exploit code for critical VMware CVE-2022-22972 flaw

Security Affairs

MAY 26, 2022

Searching on Shodan.io sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog”). SecurityAffairs – hacking, VMWare). .” The experts pointed out that the CVE-2022-22972 issue is a relatively simple Host header manipulation vulnerability.

Authentication

Authentication Healthcare Education Cybersecurity

Hackers hit nine countries, expose 623,036 payment card records

SC Magazine

APRIL 8, 2021

Hackers are hacking hackers. Group-IB researchers on Thursday said in a blog that user data of the Swarmshop card shop – which trades in stolen personal and payment records – was leaked online on March 17 and posted on a different underground forum that contained 12,344 records of the card shop admininstrators, sellers and buyers.

Banking

Banking Hacking Insurance Accountability

A cracked copy of Brute Ratel post-exploitation tool leaked on hacking forums

Security Affairs

SEPTEMBER 29, 2022

The Brute Ratel post-exploitation toolkit has been cracked and now is available in the underground hacking and cybercrime communities. blog incoming pic.twitter.com/3NpUh2lOYF — Chetan Nayak (Author of Brute Ratel C4) (@NinjaParanoid) September 28, 2022. SecurityAffairs – hacking, Brute Ratel). ” wrote Thomas.

Hacking

Hacking Cybercrime Ransomware Antivirus

BlackCat (aka ALPHV) Ransomware is Increasing Stakes up to $2,5M in Demands

Security Affairs

JULY 11, 2022

BlackCat (aka ALPHV) Ransomware gang introduced an advanced search by stolen victim’s passwords, and confidential documents. They introduced an advanced search by stolen victim’s passwords, and confidential documents leaked in the TOR network. Additional info is available in the post published by Resecurity on its blog: [link].

Ransomware

Ransomware Passwords Data breaches Technology

You Can Now Ask Google to Remove Your Phone Number, Email or Address from Search Results

Malicious ad served inside Bing's AI chatbot

Webinars

Trending Sources

Thousands of Sites Hacked in Massive Google SEO Poisoning Campaign

Webinars

McAfee Enterprise Defender Blog | CISA Alert: MS Exchange & Fortinet Vulnerabilities

Calendar Meeting Links Used to Spread Mac Malware

New Ceeloader Malware Used By Russian-backed Advanced Persistent Threat (APT) Organization Nobelium

The Data Breach "Personal Stash" Ecosystem

Massive Black hat SEO campaign used +15K WordPress sites

Microsoft fixed Azure AD bug that led to Bing.com results manipulation and account takeover

FakeBat delivered via several active malvertising campaigns

French Firms Rocked by Kasbah Hacker?

Law enforcement seized the Genesis Market cybercrime marketplace

Ukrainian Police Nab Six Tied to CLOP Ransomware

Russian APT28 hacker accused of the NATO think tank hack in Germany

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

Windows Hello fingerprint authentication can be bypassed on popular laptops

Karma Catches Up to Global Phishing Service 16Shop

BatLoader campaign impersonates ChatGPT and Midjourney to deliver Redline Stealer

UK Ad Campaign Seeks to Deter Cybercrime

Nitrogen shelling malware from hacked sites

Low sophistication OT breaches on the rise, with hackers learning from easy wins

Accused Russian RSOCKS Botmaster Arrested, Requests Extradition to U.S.

Massive utility scam campaign spreads via online ads

Threat actors target law firms with GootLoader and SocGholish malware

NB65 group targets Russia with a modified version of Conti’s ransomware

Experts warn of threat actors abusing Google Alerts to deliver unwanted programs

Experts warn of a new malvertising campaign spreading the ChromeLoader

Lemon_Duck cryptomining botnet targets Docker servers

How Phishers Are Slinking Their Links Into LinkedIn

A new wave of DeadBolt Ransomware attacks hit QNAP NAS devices ?

Ukraine cyber police arrested a man for selling data of 300M people

Experts explained how to hack a building controller widely adopted in Russia

SeaFlower campaign distributes backdoored versions of Web3 wallets to steal seed phrases

Russia-linked Sandworm APT uses WinRAR in destructive attacks on Ukraine’s public sector

MobileIrony backdoor allows complete takeover of mobile security product and endpoints.

GUEST ESSAY: Threat hunters adapt personas, leverage AI to gather intel in the Dark Web

Iran-linked MERCURY APT behind destructive attacks on hybrid environments

FBI claims to have dismantled AlphV/Blackcat ransomware operation, but the group denies it

CVE-2022-20685 flaw in the Modbus preprocessor of the Snort makes it unusable

Meet the Administrators of the RSOCKS Proxy Botnet

Experts released PoC exploit code for critical VMware CVE-2022-22972 flaw

Hackers hit nine countries, expose 623,036 payment card records

A cracked copy of Brute Ratel post-exploitation tool leaked on hacking forums

BlackCat (aka ALPHV) Ransomware is Increasing Stakes up to $2,5M in Demands

Stay Connected