Security Affairs

DECEMBER 17, 2023

Hunters International ransomware gang claims to have hacked the Fred Hutch Cancer Center New NKAbuse malware abuses NKN decentralized P2P network protocol Snatch ransomware gang claims the hack of the food giant Kraft Heinz Multiple flaws in pfSense firewall can lead to arbitrary code execution BianLian, White Rabbit, and Mario Ransomware Gangs Spotted (..)

Data breaches 124

Data breaches Cybercrime Firewall Ransomware 124

Security Affairs

FEBRUARY 23, 2025

from Bybit, it is the largest cryptocurrency heist ever Apple removes iCloud encryption in UK following backdoor demand B1acks Stash released 1 Million credit cards U.S. Every week the best security articles from Security Affairs are free in your email box. Lazarus APT stole $1.5B

Scams 66

Scams Malware Encryption Phishing 66

Security Affairs

MARCH 13, 2025

The threat actors use PsExec to execute scripts, enable RDP access, and modify firewall rules. Ransom demands are posted on the site, with direct hyperlinks to Medusa affiliated cryptocurrency wallets. Victims can additionally pay $10,000 USD in cryptocurrency to add a day to the countdown timer.

Ransomware 70

Ransomware Encryption Cryptocurrency Insurance 70

Security Affairs

OCTOBER 14, 2018

Earlier August, experts uncovered a massive crypto jacking campaign that was targeting MikroTik routers to inject a Coinhive cryptocurrency mining script in the web traffic. In September thousands of unpatched MikroTik Routers were involved in new cryptocurrency mining campaigns.

Cryptocurrency 111

Cryptocurrency System Administration Advertising Hacking 111

Security Affairs

MAY 28, 2025

Darktrace researchers discovered a new botnet called PumaBot targets Linux-based IoT devices, using SSH brute-force attacks to steal credentials, spread malware, and mine cryptocurrency. Finally, secure SSH access by limiting exposure of port 22 with strict firewall rules.

Surveillance 71

Surveillance IoT Malware Manufacturing 71

Security Affairs

JANUARY 13, 2024

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

VPN 131

VPN Cybercrime Ransomware Hacking 131

Security Affairs

JANUARY 12, 2025

CISA adds Oracle WebLogic Server and Mitel MiCollab flaws to its Known Exploited Vulnerabilities catalog Threat actors breached the Argentinas airport security police (PSA) payroll Moxa router flaws pose serious risks to industrial environmets US adds Tencent to the list of companies supporting Chinese military Eagerbee backdoor targets govt entities (..)

Data breaches 61

Data breaches Phishing Social Engineering Engineering 61

Security Affairs

JANUARY 31, 2021

The cybercrime group Rocke is using a new piece of cryptojacking malware called Pro-Ocean to target vulnerable Apache ActiveMQ, Oracle WebLogic, and Redis intalls. The malware is an evolution of a Monero cryptocurrency miner that was first spotted by Unit 42 researchers in 2019. Luoxk, BillGates, XMRig, and Hashfish).

Malware 121

Malware Cryptocurrency Firewall Cybercrime 121

Security Affairs

MARCH 21, 2023

Cryptocurrency ATM maker General Bytes suffered a security breach over the weekend, the hackers stole $1.5M worth of cryptocurrency. Cryptocurrency ATM manufacturers General Bytes suffered a security incident that resulted in the theft of $1.5M worth of cryptocurrency. Attackers also stole funds in other cryptocurrencies.

Cryptocurrency 98

Cryptocurrency VPN Manufacturing Firewall 98

Security Affairs

MARCH 5, 2023

The experts pointed out that the Colour-Blind malware “points to the democratization of cybercrime” allowing threat actors to develop their own variants based on the shared source code. . “The malware triggers multiple subprocesses, including threads for cookies, passwords and cryptocurrency wallet theft.”

Malware 98

Malware Cryptocurrency Passwords Cybercrime 98

Security Affairs

DECEMBER 11, 2022

Samsung S22 hacked Sophos fixed a critical flaw in its Sophos Firewall version 19.5 Samsung S22 hacked Sophos fixed a critical flaw in its Sophos Firewall version 19.5

Firewall 100

Firewall Banking Hacking DDOS 100

Security Affairs

SEPTEMBER 25, 2022

builder Over 39K unauthenticated Redis services on the internet targeted in cryptocurrency campaign Hackers stole $160 Million from Crypto market maker Wintermute U.S. builder Over 39K unauthenticated Redis services on the internet targeted in cryptocurrency campaign Hackers stole $160 Million from Crypto market maker Wintermute U.S.

Cryptocurrency 100

Cryptocurrency Data breaches DNS DDOS 100

eSecurity Planet

NOVEMBER 16, 2021

HTML smuggling is an evasive technique that uses legitimate HTML5 or JavaScript features to make its way past firewalls and other security technologies. In this way, rather than having to directly maneuver malicious code through a network, the malware instead is built locally, already behind a firewall. What Is HTML Smuggling?

Firewall 123

Firewall Ransomware Banking Malware 123

Security Affairs

DECEMBER 10, 2023

Hacktivists hacked an Irish water utility and interrupted the water supply 5Ghoul flaws impact hundreds of 5G devices with Qualcomm, MediaTek chips Norton Healthcare disclosed a data breach after a ransomware attack Bypassing major EDRs using Pool Party process injection techniques Founder of Bitzlato exchange has pleaded for unlicensed money transmitting (..)

Ransomware 126

Ransomware Data breaches Hacking Financial Services 126

Security Affairs

JANUARY 4, 2023

Researchers discovered a new Linux malware developed with the shell script compiler ( shc ) that was used to deliver a cryptocurrency miner. “Administrators should also use security programs such as firewalls for servers accessible from outside to restrict access by attackers. ” reads the report published by ASEC.

Malware 98

Malware DDOS Cryptocurrency Firewall 98

Security Affairs

JUNE 4, 2023

Xplain hack impacted the Swiss cantonal police and Fedpol Zyxel published guidance for protecting devices from ongoing attacks Kimsuky APT poses as journalists and broadcast writers in its attacks New Linux Ransomware BlackSuit is similar to Royal ransomware CISA adds Progress MOVEit Transfer zero-day to its Known Exploited Vulnerabilities catalog (..)

Spyware 98

Spyware Hacking Malware Social Engineering 98

SecureList

FEBRUARY 16, 2021

While the resource was down, cryptocurrency newbies were invited to download a copy of Bitcoin Core via a torrenting service. Cybercriminals used the names of well-known APT groups to intimidate victims, demanded ransoms in cryptocurrency, and carried out demonstration attacks to back up their threats.

DDOS 145

DDOS Cryptocurrency Marketing Internet 145

Security Affairs

JUNE 19, 2024

A malware campaign targets publicly exposed Docker API endpoints to deliver cryptocurrency miners and other payloads. Researchers at Datadog uncovered a new cryptojacking campaign linked to the attackers behind Spinning YARN campaign. The threat actors target publicly exposed and unsecured Docker API endpoints for initial access.

Internet 136

Internet Internet Malware Architecture 136

SiteLock

AUGUST 27, 2021

In it, we identified the trends, threats, and innovations in cybercrime that small businesses need to know about in order to keep their websites secure. At the beginning of last year, many predicted that cryptocurrency mining would be one of the year’s biggest cybersecurity risks. Remove any unnecessary or outdated plug-ins.

Cybersecurity 98

Cybersecurity Engineering Firewall Malware 98

Webroot

FEBRUARY 11, 2021

While cybersecurity advice is often focused on technology like endpoint protection, firewalls and anti-virus, it’s important to remember that behind every breach is a human. This is a scam that’s been around for years and since no one can reverse a cryptocurrency transaction, it’s very likely here to stay.

Scams 119

Scams Phishing Firewall Social Engineering 119

Security Affairs

AUGUST 21, 2022

The scripts will also infect the victim’s computer with the Raccoon Stealer info-stealing trojan which allows operators to steal login credentials, cookies, auto-fill data, and credit cards saved on web browsers, along with cryptocurrency wallets.

DDOS 98

DDOS Malware Antivirus Firewall 98

SecureList

NOVEMBER 25, 2024

Another example seen this year was KV-Botnet , which was deployed on vulnerable firewalls, routers and IP cameras and used to conceal the malicious activities of Volt Typhoon, the actor behind it. This is particularly notable in the case of Lazarus APT, specifically its attacks against cryptocurrency investors in May.

IoT 119

IoT Energy and Utilities Phishing Cryptocurrency 119

Digital Shadows

NOVEMBER 26, 2024

The proliferation of cybercrime guides on forums and a 7% rise in insider threat content, driven by significant financial incentives, highlight the growing complexity of cybersecurity challenges. The proliferation of these guides enables more individuals to enter the cybercrime arena.

Cyber Attacks 59

Cyber Attacks Phishing Ransomware Cyber Insurance 59

SiteLock

AUGUST 27, 2021

This makes stealthy attacks incredibly popular in the cybercrime community. An increase in stealthy cybercrime means SMB website owners must educate themselves and take proactive measures to guard against these types of attacks. Implement a web application firewall. Stealthy Cybersecurity Risks for SMBs. Ransomware.

Small Business 98

Small Business Cybersecurity Phishing DDOS 98

Security Affairs

AUGUST 5, 2021

The shell-script we analysed (hash: 28e9b06e5a4606c9d806092a8ad78ce2ea7aa1077a08bcf3ec1d8e3d19714f08) involved several defense evasive techniques like firewall altering, disabling monitoring agents which we have detailed in our previous blog. The miner disables the hardware prefetcher by using MSR to boost the mining process. Conclusion.

Malware 111

Malware Architecture Firewall Cryptocurrency 111

Digital Shadows

OCTOBER 29, 2024

Whether they’re nation-state actors, cybercrime groups, or hacktivists, understanding who these groups are and how they operate is the first step in fortifying your cybersecurity posture. The ransomware’s open-source nature also serves as a gateway for budding threat actors to enter cybercrime.

Ransomware 88

Ransomware Encryption Technology Cybercrime 88

eSecurity Planet

FEBRUARY 16, 2021

For access to the decryption key, the victim must make prompt payment, often in cryptocurrency shielding the attacker’s identity. The Ryuk ransomware family spawned in 2018 from a sophisticated Russia-based cybercrime group. Attackers will inform the victim that their data is encrypted.

Ransomware 97

Ransomware Backups Software Encryption 97

Digital Shadows

OCTOBER 29, 2024

Whether they’re nation-state actors, cybercrime groups, or hacktivists, understanding who these groups are and how they operate is the first step in fortifying your cybersecurity posture. The ransomware’s open-source nature also serves as a gateway for budding threat actors to enter cybercrime.

Ransomware 52

Ransomware Encryption Technology Cybercrime 52

Digital Shadows

NOVEMBER 26, 2024

The proliferation of cybercrime guides on forums and a 7% rise in insider threat content, driven by significant financial incentives, highlight the growing complexity of cybersecurity challenges. The proliferation of these guides enables more individuals to enter the cybercrime arena.

Cyber Attacks 52

Cyber Attacks Phishing Ransomware Cyber Insurance 52

Spinone

OCTOBER 13, 2020

Ransom payments are generally demanded in the form of untraceable cryptocurrency such as Bitcoin. It has been noted that paying a ransom demand only encourages this type of cybercrime and funds it. Use firewalls to block known malicious connections and IP addresses. Just the ransom payment alone can be tremendously expensive.

Ransomware 52

Ransomware Backups Data breaches Encryption 52

Security Affairs

APRIL 28, 2024

Hackers may have accessed thousands of accounts on the California state welfare platform Brokewell Android malware supports an extensive set of Device Takeover capabilities Experts warn of an ongoing malware campaign targeting WP-Automatic plugin Cryptocurrencies and cybercrime: A critical intermingling Kaiser Permanente data breach may have impacted (..)

Cybercrime 126

Cybercrime Spyware Data breaches Antivirus 126

SecureList

NOVEMBER 8, 2021

The new attack, as described by the researchers, targets security devices located between the client and the server (so-called middleboxes) — firewalls, load balancers, network address translators (NAT), deep packet inspection (DPI) tools and others. Sentencing will not take place until January 2022.

DDOS 144

DDOS Marketing Cryptocurrency IoT 144

eSecurity Planet

OCTOBER 21, 2022

This note will provide instructions on how to pay the ransom, usually through difficult-to-trace means like cryptocurrency. The Ransom Note: The ransomware notifies its victims of the infection via a.txt file on the infected device or a pop-up.

Malware 75

Malware Adware Spyware Antivirus 75

Security Affairs

MARCH 16, 2025

Attacks on Middle Eastern countries Ballista New IoT Botnet Targeting Thousands of TP-Link Archer Routers Microsoft patches Windows Kernel zero-day exploited since 2023 Trump Cryptocurrency Delivers ConnectWise RAT EMERGING THREATS LockBit 4.0

Malware 71

Malware Spyware IoT Firewall 71

SecureList

MAY 7, 2025

The Radar/Dispossessor operation was disrupted by the FBI in August 2024, and German authorities seized 47 cryptocurrency exchanges linked to ransomware laundering. The proliferation of large language models (LLMs) tailored for cybercrime will further amplify ransomware’s reach and impact.

Ransomware 73

Ransomware Manufacturing Encryption Backups 73