Cybercrime, Hacking, Passwords and VPN - Cyber Security Informer

FBI: Compromised US academic credentials available on various cybercrime forums

Security Affairs

MAY 27, 2022

The FBI warns organizations in the higher education sector of credentials sold on cybercrime forums that can allow threat actors to access their networks. In May 2021, over 36,000 email and password combinations for.edu email accounts were offered for sale on a publically available instant messaging platform. Pierluigi Paganini.

Cybercrime

Cybercrime Education Accountability Phishing

15 billion credentials available in the cybercrime marketplaces

Security Affairs

JULY 9, 2020

More than 15 billion username and passwords are available on cybercrime marketplaces, including over 5 billion unique credentials, states the experts. According to the company, most of the username and password combinations are available for free, and 5 billion of the above credentials are “unique.” Pierluigi Paganini.

Cybercrime

Cybercrime Antivirus Marketing Accountability

Who and What is Behind the Malware Proxy Service SocksEscort?

Krebs on Security

JULY 25, 2023

Researchers this month uncovered a two-year-old Linux-based remote access trojan dubbed AVrecon that enslaves Internet routers into botnet that bilks online advertisers and performs password-spraying attacks. Usually, these users have no idea their systems are compromised.

Malware

Malware VPN Internet Internet

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Cisco was hacked by the Yanluowang ransomware gang

Security Affairs

AUGUST 10, 2022

Upon achieving an MFA push acceptance, the attacker had access to the VPN in the context of the targeted user. “Initial access to the Cisco VPN was achieved via the successful compromise of a Cisco employee’s personal Google account. SecurityAffairs – hacking, Yanluowang ransomware). Pierluigi Paganini.

Ransomware

Ransomware Hacking VPN Phishing

Okta warns of unprecedented scale in credential stuffing attacks on online services

Security Affairs

APRIL 28, 2024

From March 18, 2024, to April 16, 2024, Duo Security and Cisco Talos observed large-scale brute-force attacks against a variety of targets, including VPN services, web application authentication interfaces and SSH services.

VPN

VPN Accountability Firewall Data breaches

UNC2465 cybercrime group launched a supply chain attack on CCTV vendor

Security Affairs

JUNE 17, 2021

UNC2465 cybercrime group that is affiliated with the Darkside ransomware gang has infected with malware the website of a CCTV camera vendor. Experts noticed that in this supply chain attack, UNC2465 did not deliver the Darkside ransomware as the final payload, but they not exclude that the cybercrime group could move to a new RaaS operation.

Cybercrime

Cybercrime Ransomware Antivirus Software

Giving a Face to the Malware Proxy Service ‘Faceless’

Krebs on Security

APRIL 18, 2023

Riley Kilmer is co-founder of Spur.us , a company that tracks thousands of VPN and proxy networks, and helps customers identify traffic coming through these anonymity services. ” MRMURZA Faceless is a project from MrMurza , a particularly talkative member of more than a dozen Russian-language cybercrime forums over the past decade.

Malware

Malware Passwords Accountability Advertising

Yevgeniy Nikulin, Russian hacker behind Dropbox and LinkedIn hacks found guilty

Security Affairs

JULY 11, 2020

A jury found Russian hacker Yevgeniy Nikulin guilty for the hack of LinkedIn, Dropbox, and Formspring back in 2012 and for the sale of the stolen data on cybercrime black marketplaces. The Russian man stole roughly 117 million user records, including usernames, passwords, and emails. SecurityAffairs – hacking, cybercrime).

Hacking

Hacking Cybercrime Data breaches Advertising

Akira ransomware targets Finnish organizations

Security Affairs

JANUARY 13, 2024

NAS (Network-Attached Storage) servers that are often used for backups on the network have been hacked and wiped, as have automatic tape backup devices, and in almost every case we know of, all backups have been lost. Cisco investigated the hacking campaign with the help of Rapid7. concludes the alert.

Ransomware

Ransomware Backups VPN Authentication

A Deep Dive Into the Residential Proxy Service ‘911’

Krebs on Security

JULY 18, 2022

911 says its network is made up entirely of users who voluntarily install its “free VPN” software. In this scenario, users indeed get to use a free VPN service, but they are often unaware that doing so will turn their computer into a proxy that lets others use their Internet address to transact online. “The 911[.]re

VPN

VPN Computers and Electronics Antivirus Software

7 Cyber Safety Tips to Outsmart Scammers

Webroot

FEBRUARY 26, 2024

Cybercrime isn’t just a futuristic Hollywood plotline, it’s a real threat that targets everyone—from wide-eyed kids to seasoned adults and wise grandparents. They’ll try to sweet-talk you into clicking on suspicious links or divulging sensitive information like passwords or credit card details. And guess what?

Scams

Scams VPN Passwords Phishing

Wazawaka Goes Waka Waka

Krebs on Security

FEBRUARY 14, 2022

In January, KrebsOnSecurity examined clues left behind by “ Wazawaka ,” the hacker handle chosen by a major ransomware criminal in the Russian-speaking cybercrime scene. 26, 2020, a new user named Biba99 registered on the English language cybercrime forum RaidForums. This post is an attempt to remedy that.

VPN

VPN Ransomware Cybercrime Accountability

Who is Watching You and Why?

Approachable Cyber Threats

OCTOBER 5, 2023

“Why do hackers want to hack our webcams?” Hackers may also access webcams to perform other types of cybercrime, such as identity theft, fraud, or extortion. Use strong passwords : Choosing a robust password that cannot be easily guessed is one of the most important actions that can be taken.

Passwords

Passwords Identity Theft VPN Authentication

Akira ransomware targets Finnish organizations

Security Affairs

JANUARY 13, 2024

NAS (Network-Attached Storage) servers that are often used for backups on the network have been hacked and wiped, as have automatic tape backup devices, and in almost every case we know of, all backups have been lost. Cisco investigated the hacking campaign with the help of Rapid7. concludes the alert.

Ransomware

Ransomware Backups VPN Authentication

The Importance of Data Security and Privacy for Individuals and Businesses in the Digital Age

IT Security Guru

MARCH 28, 2023

Having a cybersecurity plan ensures that you remain protected against data breaches, phishing scams , and other cybercrimes. One thing you should know here is that simple passwords are easier to crack; therefore, setting up a complex password is necessary. A VPN removes your IP address and switches your location.

VPN

VPN Passwords Internet Internet

Iranian threat actors attempt to buy stolen data of US organizations, FBI warns

Security Affairs

NOVEMBER 11, 2021

Iranian nation-state actors are attempting to buy info available for sale in the cybercrime underground to launch attacks against US organizations. “ This actor has also demonstrated interest in obtaining unauthorized access to SCADA systems using common default passwords.” SecurityAffairs – hacking, Iran).

VPN

VPN Cybercrime Passwords Firewall

Who Is the Network Access Broker ‘Babam’?

Krebs on Security

DECEMBER 3, 2021

More commonly, that access is purchased from a cybercriminal broker who specializes in acquiring remote access credentials — such as usernames and passwords needed to remotely connect to the target’s network. Verified was hacked at least twice in the past five years, and its user database posted online. com and wwwpexpay[.]com.

Ransomware

Ransomware Passwords Accountability Cybercrime

Voice Phishers Targeting Corporate VPNs

Krebs on Security

AUGUST 19, 2020

But one increasingly brazen group of crooks is taking your standard phishing attack to the next level, marketing a voice phishing service that uses a combination of one-on-one phone calls and custom phishing sites to steal VPN credentials from employees. SCHOOL OF HACKS. The employee phishing page bofaticket[.]com. Image: urlscan.io.

Phishing

Phishing VPN Social Engineering Media

Microsoft disrupts China-based hacking group Nickel

Malwarebytes

DECEMBER 7, 2021

Microsoft has taken control of 42 web domains that a hacking group was using to try to breach its targets. Sadly, any setback to the Chinese hacking group or others will likely be temporary as the hackers will find and build new infrastructure to use in forthcoming attacks. An overview of Chinese hacking groups and their aliases.

Hacking

Hacking Malware Surveillance Data collection

A chink in the armor of China-based hacking group Nickel

Malwarebytes

DECEMBER 7, 2021

Microsoft has taken control of 42 web domains that a hacking group was using to try to breach its targets. Sadly, any setback to the Chinese hacking group or others will likely be temporary as the hackers will find and build new infrastructure to use in forthcoming attacks. An overview of Chinese hacking groups and their aliases.

Hacking

Hacking Malware Surveillance Data collection

Daixin Team targets health organizations with ransomware, US agencies warn

Security Affairs

OCTOBER 22, 2022

US government agencies warned that the Daixin Team cybercrime group is actively targeting the U.S. CISA, the FBI, and the Department of Health and Human Services (HHS) warned that the Daixin Team cybercrime group is actively targeting U.S. The threat actors obtained the VPN credentials through phishing attacks.

Ransomware

Ransomware VPN Cybercrime Accountability

Security Affairs newsletter Round 377

Security Affairs

AUGUST 7, 2022

Greek intelligence service used surveillance malware to spy on a journalist, Reuters reports Slack resets passwords for about 0.5% of its users due to the exposure of salted password hashes Twitter confirms zero-day used to access data of 5.4 SecurityAffairs – hacking, newsletter). Pierluigi Paganini.

Spyware

Spyware Manufacturing Small Business Surveillance

Russian national Yevgeniy Aleksandrovich Nikulin sentenced to 88 months in prison

Security Affairs

SEPTEMBER 30, 2020

Russian national Yevgeniy Aleksandrovich Nikulin was sentenced to 88 months in prison for hacking LinkedIn, Dropbox, and Formspring in 2012. The Russian national Yevgeniy Aleksandrovich Nikulin was sentenced to 88 months in prison in the United States for hacking LinkedIn, Dropbox, and Formspring in 2012. Pierluigi Paganini.

Identity Theft

Identity Theft Cybercrime Advertising Hacking

Is Your Small Business Safe Against Cyber Attacks?

CyberSecurity Insiders

MARCH 21, 2021

All businesses online and brick-and-mortar must have a cyber security plan in place because it is crucial for keeping your user data including passwords, and credit card numbers, secure and protected. . Some key points in a cyber security plan that you must consider are as follows: Strong passwords . Two-factor authentication .

Small Business

Small Business Cyber Attacks VPN Backups

Akira ransomware attack on Tietoevry disrupted the services of many Swedish organizations

Security Affairs

JANUARY 24, 2024

The ransomware attack reported in late 2023, targeted organizations’ networks using poorly secured VPN gateway on Cisco ASA or FTD devices. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking , Akira ransomware attack)

Ransomware

Ransomware VPN Government Retail

A week in security (June 7 – June 13)

Malwarebytes

JUNE 14, 2021

Can two VPN “wrongs” make a right? Last week on Malwarebytes Labs: Amazon SIdewalk starts sharing your WiFi data tomorrow, thanks White hat, black hat, grey hat hackers: what’s the difference ? Stay safe, everyone! The post A week in security (June 7 – June 13) appeared first on Malwarebytes Labs.

Cybercrime

Cybercrime Scams VPN Phishing

New AVrecon botnet remained under the radar for two years while targeting SOHO Routers

Security Affairs

JULY 14, 2023

Lumen Black Lotus Labs uncovered a long-running hacking campaign targeting SOHO routers with a strain of malware dubbed AVrecon. Threat actors behind the campaign aimed at building a botnet to use for a range of criminal activities from password spraying to digital advertising fraud. ” reads the analysis published by Lumen.

Malware

Malware Advertising Cybercrime Passwords

Crooks stole more than $1.5M worth of Bitcoin from General Bytes ATMs

Security Affairs

MARCH 21, 2023

The attackers were able to send funds from hot wallets and download user names and password hashes. “Please keep your CAS behind a firewall and VPN. Terminals should also connect to CAS via VPN. With VPN/Firewall attackers from open internet cannot access your server and exploit it. ” continues the notice.

Cryptocurrency

Cryptocurrency VPN Manufacturing Firewall

North Korean Hackers Expose Own IP Addresses in JumpCloud Breach

SecureWorld News

JULY 25, 2023

A recent report from Mandiant sheds light on the hacking unit operated by North Korea's Reconnaissance General Bureau (RGB), which primarily targets cryptocurrency companies in an effort to fund the country's sanctioned nuclear weapons program. North Korean threat actors have been linked to a breach of enterprise software company JumpCloud.

Cryptocurrency

Cryptocurrency VPN Cybercrime Engineering

Who is Watching You and Why?

Approachable Cyber Threats

OCTOBER 5, 2023

“Why do hackers want to hack our webcams?” Hackers may also access webcams to perform other types of cybercrime, such as identity theft, fraud, or extortion. Use strong passwords : Choosing a robust password that cannot be easily guessed is one of the most important actions that can be taken.

Passwords

Passwords Identity Theft VPN Authentication

Security Affairs most-read cyber stories of 2021

Security Affairs

JANUARY 1, 2022

The popular whistleblower Edward Snowden recommends customers of ExpressVPN VPN service to stop using it. email and password pairs leaked online. The Largest compilation of emails and passwords (COMB), more than 3.2 billion login credentials, has been leaked on a popular hacking forum. COMB breach: 3.2B ransomware attack.

Hacking

Hacking VPN Passwords Ransomware

How did the DOJ Recover Million$ of the Colonial Pipeline Ransom?

SecureWorld News

JUNE 8, 2021

Department of Justice (DOJ) made a surprise announcement this week: it was able to recover more than $2 million worth of ransom money Colonial Pipeline paid to a cybercrime gang. For example, an employee using the same password for multiple accounts. An outdated VPN account that had its password leaked on the dark web.

Ransomware

Ransomware Passwords VPN Accountability

Experts found 10 malicious packages on PyPI used to steal developers’ data

Security Affairs

AUGUST 10, 2022

py file downloads and executes a malicious script that searches for local passwords and uploads them using a discord web hook. Free-net-vpn and Free-net-vpn2 are malicious packages developed to target environment variables. Free-net-vpn and Free-net-vpn2 are malicious packages developed to target environment variables.

VPN

VPN Passwords Cyber threats Software

BlackCat Ransomware gang breached over 60 orgs worldwide

Security Affairs

APRIL 25, 2022

ALPHV has been advertising the BlackCat Ransomware-as-a-Service (RaaS) on the cybercrime forums XSS and Exploit since early December. Regularly back up data, air gap, and password-protect backup copies offline. Regularly change passwords to network systems and accounts, and avoid reusing passwords for different accounts.

Ransomware

Ransomware Antivirus Passwords Malware

The Have I Been Pwned service now includes 441K accounts stolen by RedLine malware

Security Affairs

DECEMBER 31, 2021

The RedLine malware allows operators to steal several information, including credentials, credit card data, cookies, autocomplete information stored in browsers, cryptocurrency wallets, credentials stored in VPN clients and FTP clients. The data included usernames, email addresses and plain text passwords.” Pierluigi Paganini.

Accountability

Accountability Malware Data breaches Passwords

FBI issued a flash alert about Netwalker ransomware attacks

Security Affairs

AUGUST 2, 2020

“Two of the most common vulnerabilities exploited by actors using Netwalker are Pulse Secure VPN (CVE-2019-11510) and Telerik UI (CVE-2019-18935).” “Two of the most common vulnerabilities exploited by actors using Netwalker are Pulse Secure VPN (CVE-2019-11510) and Telerik UI (CVE-2019-18935).”

Ransomware

Ransomware VPN Advertising Government

Security Affairs newsletter Round 402 by Pierluigi Paganini

Security Affairs

JANUARY 15, 2023

Most internet-exposed Cacti servers exposed to hacking French CNIL fined Tiktok $5.4 Most internet-exposed Cacti servers exposed to hacking French CNIL fined Tiktok $5.4 SecurityAffairs – hacking, newsletter). Follow me on Twitter: @securityaffairs and Facebook and Mastodon. Pierluigi Paganini.

Small Business

Small Business Password Management VPN Healthcare

CISA publishes malware analysis reports on samples targeting Pulse Secure devices

Security Affairs

AUGUST 26, 2021

Threat actors are targeting Pulse Connect Secure VPN devices exploiting multiple flaws, including CVE-2021-22893 and CVE-2021-22937. Ivanti fixed this critical code execution issue in Pulse Connect Secure VPN early this month. SecurityAffairs – hacking, Pulse Secure). The flaw received a CVSS score of 9.1, Pierluigi Paganini.

Malware

Malware VPN Authentication Hacking

Microsoft issues targeted notification to hospitals vulnerable to Ransomware attacks

Security Affairs

APRIL 2, 2020

Microsoft is sending notifications to dozens of hospitals about vulnerable VPN devices and gateways exposed online in their network. Microsoft is warning dozens of hospitals of the risks of ransomware attacks due to insecure VPN devices and gateways exposed online. ” reads the post published by Microsoft.

Ransomware

Ransomware VPN Healthcare Cyber Attacks

FBI and CISA warn of attacks by Rhysida ransomware gang

Security Affairs

NOVEMBER 15, 2023

VPNs, RDPs) to gain initial access to the target network and maintain persistence. The group relied on compromised credentials to authenticate to internal VPN access points. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, ransomware)

Ransomware

Ransomware Manufacturing Healthcare Education

FIN8-linked actor targets Citrix NetScaler systems

Security Affairs

AUGUST 29, 2023

Citrix reported that successful exploitation requires that the appliance is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server. The attackers obtained encrypted passwords from NetScaler ADC configuration files, and the decryption key was stored on the ADC appliance. php) on victim machines.

VPN

VPN Ransomware DNS Malware

National Small Business Week: 10 Best Practices for Small Business Cybersecurity

CyberSecurity Insiders

SEPTEMBER 14, 2021

Use of a VPN – virtual private networks (VPN) create a secure connection to other networks over the internet. At the most basic level, it’s critical to change default passwords on routers at home and in the workplace. Beware passwords – passwords remain the weakest link for most organizations.

Small Business

Small Business Cybersecurity Passwords Education

Hackers are targeting teleworkers with vishing campaign, CISA and FBI warn

Security Affairs

AUGUST 21, 2020

Hackers aim at collecting login credentials for networks of the target organizations, then they attempt to monetize their efforts by selling access to corporate resources in the cybercrime underground. “The actors then convinced the targeted employee that a new VPN link would be sent and required their login, including any 2FA or OTP.”

Social Engineering

Social Engineering VPN Phishing Authentication

New Checkmate ransomware target QNAP NAS devices

Security Affairs

JULY 8, 2022

The Taiwanese vendor QNAP is warning of a new family of ransomware targeting its NAS devices using weak passwords. Threat actors are targeting devices exposed online with the SMB service enabled, they perform brute-force attacks against accounts using weak passwords. SecurityAffairs – hacking, Checkmate ransomware).

Ransomware

Ransomware Encryption Passwords Internet

FBI: Compromised US academic credentials available on various cybercrime forums

15 billion credentials available in the cybercrime marketplaces

Webinars

Trending Sources

Who and What is Behind the Malware Proxy Service SocksEscort?

Webinars

Cisco was hacked by the Yanluowang ransomware gang

Okta warns of unprecedented scale in credential stuffing attacks on online services

UNC2465 cybercrime group launched a supply chain attack on CCTV vendor

Giving a Face to the Malware Proxy Service ‘Faceless’

Yevgeniy Nikulin, Russian hacker behind Dropbox and LinkedIn hacks found guilty

Akira ransomware targets Finnish organizations

A Deep Dive Into the Residential Proxy Service ‘911’

7 Cyber Safety Tips to Outsmart Scammers

Wazawaka Goes Waka Waka

Who is Watching You and Why?

Akira ransomware targets Finnish organizations

The Importance of Data Security and Privacy for Individuals and Businesses in the Digital Age

Iranian threat actors attempt to buy stolen data of US organizations, FBI warns

Who Is the Network Access Broker ‘Babam’?

Voice Phishers Targeting Corporate VPNs

Microsoft disrupts China-based hacking group Nickel

A chink in the armor of China-based hacking group Nickel

Daixin Team targets health organizations with ransomware, US agencies warn

Security Affairs newsletter Round 377

Russian national Yevgeniy Aleksandrovich Nikulin sentenced to 88 months in prison

Is Your Small Business Safe Against Cyber Attacks?

Akira ransomware attack on Tietoevry disrupted the services of many Swedish organizations

A week in security (June 7 – June 13)

New AVrecon botnet remained under the radar for two years while targeting SOHO Routers

Crooks stole more than $1.5M worth of Bitcoin from General Bytes ATMs

North Korean Hackers Expose Own IP Addresses in JumpCloud Breach

Who is Watching You and Why?

Security Affairs most-read cyber stories of 2021

How did the DOJ Recover Million$ of the Colonial Pipeline Ransom?

Experts found 10 malicious packages on PyPI used to steal developers’ data

BlackCat Ransomware gang breached over 60 orgs worldwide

The Have I Been Pwned service now includes 441K accounts stolen by RedLine malware

FBI issued a flash alert about Netwalker ransomware attacks

Security Affairs newsletter Round 402 by Pierluigi Paganini

CISA publishes malware analysis reports on samples targeting Pulse Secure devices

Microsoft issues targeted notification to hospitals vulnerable to Ransomware attacks

FBI and CISA warn of attacks by Rhysida ransomware gang

FIN8-linked actor targets Citrix NetScaler systems

National Small Business Week: 10 Best Practices for Small Business Cybersecurity

Hackers are targeting teleworkers with vishing campaign, CISA and FBI warn

New Checkmate ransomware target QNAP NAS devices

Stay Connected