Cybercrime, Information Security, Passwords and VPN

FBI: Compromised US academic credentials available on various cybercrime forums

Security Affairs

MAY 27, 2022

The FBI warns organizations in the higher education sector of credentials sold on cybercrime forums that can allow threat actors to access their networks. In May 2021, over 36,000 email and password combinations for.edu email accounts were offered for sale on a publically available instant messaging platform. Pierluigi Paganini.

Cybercrime

Cybercrime Education Accountability Phishing

15 billion credentials available in the cybercrime marketplaces

Security Affairs

JULY 9, 2020

More than 15 billion username and passwords are available on cybercrime marketplaces, including over 5 billion unique credentials, states the experts. According to the company, most of the username and password combinations are available for free, and 5 billion of the above credentials are “unique.” Pierluigi Paganini.

Cybercrime

Cybercrime Antivirus Marketing Accountability

The ‘Groove’ Ransomware Gang Was a Hoax

Krebs on Security

NOVEMBER 2, 2021

22 on RAMP , a new and fairly exclusive Russian-language darknet cybercrime forum. ” In the first week of September, Groove posted on its darknet blog nearly 500,000 login credentials for customers of Fortinet VPN products, usernames and passwords that could be used to remotely connect to vulnerable systems. .”

Ransomware

Ransomware Cybercrime VPN Media

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Who and What is Behind the Malware Proxy Service SocksEscort?

Krebs on Security

JULY 25, 2023

Researchers this month uncovered a two-year-old Linux-based remote access trojan dubbed AVrecon that enslaves Internet routers into botnet that bilks online advertisers and performs password-spraying attacks. SocksEscort began in 2009 as “ super-socks[.]com

Malware

Malware VPN Internet Internet

GUEST ESSAY: Sure steps to achieve a robust employee cybersecurity awareness training regimen

The Last Watchdog

OCTOBER 24, 2022

Employee security awareness is the most important defense against data breaches. Related: Leveraging security standards to protect your company. It involves regularly changing passwords and inventorying sensitive data. As such, you should limit the amount of information that employees have access to. . This can be risky.

Passwords

Passwords Security Awareness Data breaches Cybersecurity

UNC2465 cybercrime group launched a supply chain attack on CCTV vendor

Security Affairs

JUNE 17, 2021

UNC2465 cybercrime group that is affiliated with the Darkside ransomware gang has infected with malware the website of a CCTV camera vendor. Experts noticed that in this supply chain attack, UNC2465 did not deliver the Darkside ransomware as the final payload, but they not exclude that the cybercrime group could move to a new RaaS operation.

Cybercrime

Cybercrime Ransomware Antivirus Software

Okta warns of unprecedented scale in credential stuffing attacks on online services

Security Affairs

APRIL 28, 2024

From March 18, 2024, to April 16, 2024, Duo Security and Cisco Talos observed large-scale brute-force attacks against a variety of targets, including VPN services, web application authentication interfaces and SSH services.

VPN

VPN Accountability Firewall Data breaches

Iranian threat actors attempt to buy stolen data of US organizations, FBI warns

Security Affairs

NOVEMBER 11, 2021

The Federal Bureau of Investigation (FBI) issued a private industry notification (PIN) to warn private industry partners that Iran-linked threat actors are attempting to buy stolen information belonging to US businesses and organizations abroad. ” reads an excerpt from the alert shared by TheRecord. Pierluigi Paganini.

VPN

VPN Cybercrime Passwords Firewall

Akira ransomware targets Finnish organizations

Security Affairs

JANUARY 13, 2024

.” The ransomware attack reported in late 2023, targeted organizations’ networks using poorly secured VPN gateway on Cisco ASA or FTD devices. The attackers exploited the vulnerability CVE-2023-20269 in Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD).

Ransomware

Ransomware Backups VPN Authentication

Daixin Team targets health organizations with ransomware, US agencies warn

Security Affairs

OCTOBER 22, 2022

US government agencies warned that the Daixin Team cybercrime group is actively targeting the U.S. CISA, the FBI, and the Department of Health and Human Services (HHS) warned that the Daixin Team cybercrime group is actively targeting U.S. The threat actors obtained the VPN credentials through phishing attacks.

Ransomware

Ransomware VPN Cybercrime Accountability

Akira ransomware targets Finnish organizations

Security Affairs

JANUARY 13, 2024

.” The ransomware attack reported in late 2023, targeted organizations’ networks using poorly secured VPN gateway on Cisco ASA or FTD devices. The attackers exploited the vulnerability CVE-2023-20269 in Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD).

Ransomware

Ransomware Backups VPN Authentication

Yevgeniy Nikulin, Russian hacker behind Dropbox and LinkedIn hacks found guilty

Security Affairs

JULY 11, 2020

A jury found Russian hacker Yevgeniy Nikulin guilty for the hack of LinkedIn, Dropbox, and Formspring back in 2012 and for the sale of the stolen data on cybercrime black marketplaces. The Russian man stole roughly 117 million user records, including usernames, passwords, and emails. SecurityAffairs – hacking, cybercrime).

Hacking

Hacking Cybercrime Data breaches Advertising

Microsoft issues targeted notification to hospitals vulnerable to Ransomware attacks

Security Affairs

APRIL 2, 2020

Microsoft is sending notifications to dozens of hospitals about vulnerable VPN devices and gateways exposed online in their network. Microsoft is warning dozens of hospitals of the risks of ransomware attacks due to insecure VPN devices and gateways exposed online. ” reads the post published by Microsoft.

Ransomware

Ransomware VPN Healthcare Cyber Attacks

Crooks stole more than $1.5M worth of Bitcoin from General Bytes ATMs

Security Affairs

MARCH 21, 2023

The attackers were able to send funds from hot wallets and download user names and password hashes. “Please keep your CAS behind a firewall and VPN. Terminals should also connect to CAS via VPN. With VPN/Firewall attackers from open internet cannot access your server and exploit it. ” continues the notice.

Cryptocurrency

Cryptocurrency VPN Manufacturing Firewall

Cisco was hacked by the Yanluowang ransomware gang

Security Affairs

AUGUST 10, 2022

Upon achieving an MFA push acceptance, the attacker had access to the VPN in the context of the targeted user. “Initial access to the Cisco VPN was achieved via the successful compromise of a Cisco employee’s personal Google account. ” reads the analysis published by Cisco Talos.

Ransomware

Ransomware Hacking VPN Phishing

BlackCat Ransomware gang breached over 60 orgs worldwide

Security Affairs

APRIL 25, 2022

ALPHV has been advertising the BlackCat Ransomware-as-a-Service (RaaS) on the cybercrime forums XSS and Exploit since early December. Regularly back up data, air gap, and password-protect backup copies offline. Regularly change passwords to network systems and accounts, and avoid reusing passwords for different accounts.

Ransomware

Ransomware Antivirus Passwords Malware

New AVrecon botnet remained under the radar for two years while targeting SOHO Routers

Security Affairs

JULY 14, 2023

Threat actors behind the campaign aimed at building a botnet to use for a range of criminal activities from password spraying to digital advertising fraud. This is a complex operation that infects small-office/home-office (SOHO) routers, deploying a Linux-based Remote Access Trojan (RAT) we’ve dubbed “AVrecon.””

Malware

Malware Advertising Cybercrime Passwords

Experts found 10 malicious packages on PyPI used to steal developers’ data

Security Affairs

AUGUST 10, 2022

py file downloads and executes a malicious script that searches for local passwords and uploads them using a discord web hook. Free-net-vpn and Free-net-vpn2 are malicious packages developed to target environment variables. Free-net-vpn and Free-net-vpn2 are malicious packages developed to target environment variables.

VPN

VPN Passwords Cyber threats Software

Akira ransomware attack on Tietoevry disrupted the services of many Swedish organizations

Security Affairs

JANUARY 24, 2024

The ransomware attack reported in late 2023, targeted organizations’ networks using poorly secured VPN gateway on Cisco ASA or FTD devices. The attackers exploited the vulnerability CVE-2023-20269 in Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD).

Ransomware

Ransomware VPN Government Retail

Security Affairs newsletter Round 377

Security Affairs

AUGUST 7, 2022

Greek intelligence service used surveillance malware to spy on a journalist, Reuters reports Slack resets passwords for about 0.5% of its users due to the exposure of salted password hashes Twitter confirms zero-day used to access data of 5.4

Spyware

Spyware Manufacturing Small Business Surveillance

Avoslocker ransomware gang targets US critical infrastructure

Security Affairs

MARCH 19, 2022

The report also includes a list of mitigation measures to increase the resilience of company networks: Implement a recovery plan to maintain and retain multiple copies of sensitive or proprietary data and servers in a physically separate, segmented, and secure location (i.e., Regularly back up data, password protect backup copies offline.

Ransomware

Ransomware DDOS Passwords Backups

The Have I Been Pwned service now includes 441K accounts stolen by RedLine malware

Security Affairs

DECEMBER 31, 2021

The RedLine malware allows operators to steal several information, including credentials, credit card data, cookies, autocomplete information stored in browsers, cryptocurrency wallets, credentials stored in VPN clients and FTP clients. The data included usernames, email addresses and plain text passwords.”

Accountability

Accountability Malware Data breaches Passwords

Hackers are targeting teleworkers with vishing campaign, CISA and FBI warn

Security Affairs

AUGUST 21, 2020

Hackers aim at collecting login credentials for networks of the target organizations, then they attempt to monetize their efforts by selling access to corporate resources in the cybercrime underground. “The actors then convinced the targeted employee that a new VPN link would be sent and required their login, including any 2FA or OTP.”

Social Engineering

Social Engineering VPN Phishing Authentication

FIN8-linked actor targets Citrix NetScaler systems

Security Affairs

AUGUST 29, 2023

Citrix reported that successful exploitation requires that the appliance is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server. The attackers obtained encrypted passwords from NetScaler ADC configuration files, and the decryption key was stored on the ADC appliance. php) on victim machines.

VPN

VPN Ransomware DNS Malware

FBI and CISA warn of attacks by Rhysida ransomware gang

Security Affairs

NOVEMBER 15, 2023

VPNs, RDPs) to gain initial access to the target network and maintain persistence. The group relied on compromised credentials to authenticate to internal VPN access points. .” Rhysida actors have been observed leveraging external-facing remote services (e.g.

Ransomware

Ransomware Manufacturing Healthcare Education

CISA publishes malware analysis reports on samples targeting Pulse Secure devices

Security Affairs

AUGUST 26, 2021

Threat actors are targeting Pulse Connect Secure VPN devices exploiting multiple flaws, including CVE-2021-22893 and CVE-2021-22937. CVE-2021-22893 is a buffer overflow issue in Pulse Connect Secure Collaboration Suite prior b9.1R11.4 Ivanti fixed this critical code execution issue in Pulse Connect Secure VPN early this month.

Malware

Malware VPN Authentication Hacking

Security Affairs most-read cyber stories of 2021

Security Affairs

JANUARY 1, 2022

The popular whistleblower Edward Snowden recommends customers of ExpressVPN VPN service to stop using it. The development team behind the Linux Mint distro has fixed a security flaw that could have allowed users to bypass the OS screensaver. email and password pairs leaked online. COMB breach: 3.2B

Hacking

Hacking VPN Passwords Ransomware

Colocation data centers giant Equinix data hit by Netwalker Ransomware

Security Affairs

SEPTEMBER 10, 2020

The popular cybercrime gang is demanding a $4.5 “Equinix is currently investigating a security incident we detected that involves ransomware on some of our internal systems.” Only use secure networks and avoid using public Wi-Fi networks. Consider installing and using a VPN. ” reads the statement.

Ransomware

Ransomware VPN Data breaches Advertising

New TA886 group targets companies with custom Screenshotter malware

Security Affairs

FEBRUARY 10, 2023

.” The threat actor used multiple tools in the delivery stage, including Traffic Distribution System (TDS), malicious, some of which can be purchased from other threat actors in the cybercrime ecosystem. It can steal crypto wallets, steam accounts, passwords from browsers, FTP clients, chat clients (e.g.

Malware

Malware Phishing Spyware Cybercrime

New Checkmate ransomware target QNAP NAS devices

Security Affairs

JULY 8, 2022

The Taiwanese vendor QNAP is warning of a new family of ransomware targeting its NAS devices using weak passwords. Threat actors are targeting devices exposed online with the SMB service enabled, they perform brute-force attacks against accounts using weak passwords. ” reads the advisory published by the vendor.

Ransomware

Ransomware Encryption Passwords Internet

A new Zerobot variant spreads by exploiting Apache flaws

Security Affairs

DECEMBER 22, 2022

Experts observed the bot attempting to gain access to the device by using a combination of eight common usernames and 130 passwords for IoT devices over SSH and telnet on ports 23 and 2323. Ensure secure configurations for devices: Change the default password to a strong one, and block SSH from external access.

IoT

IoT DDOS Malware Firmware

NetWalker ransomware operators have made $25 million since March 2020

Security Affairs

AUGUST 4, 2020

NetWalker ransomware operators continue to be very active, according to McAfee the cybercrime gang has earned more than $25 million since March 2020. The affiliates used to deliver the threat via brute-forcing attacks on RDP servers or exploiting known vulnerabilities in VPN servers and firewalls. continues the alert.

Ransomware

Ransomware VPN Cybercrime Advertising

Ragnar Locker ransomware group breached at least 52 organizations across 10 critical infrastructure sectors

Security Affairs

MARCH 8, 2022

Secure your back-ups and ensure data is not accessible for modification or deletion from the system where the data resides. Use multi-factor authentication with strong passwords, including for remote access services. Keep computers, devices, and applications patched and up-to-date.

Ransomware

Ransomware Financial Services Passwords VPN

Black Friday and Cyber Monday, crooks are already at work

Security Affairs

NOVEMBER 19, 2022

Add an extra layer of security and privacy to your device when shopping this Black Friday with Bitdefender Premium Security. The experts also published a guide for a secure holiday shopping. Safe shopping everyone!

Scams

Scams Retail Password Management Phishing

Experts link AVRecon bot to the malware proxy service SocksEscort

Security Affairs

JULY 31, 2023

Threat actors behind the campaign aimed at building a botnet to use for a range of criminal activities from password spraying to digital advertising fraud. The first activity is part of an advertising fraud effort, and the second activity is likely linked to password spraying attacks and/or data exfiltration.

Malware

Malware Small Business Advertising Passwords

Security Affairs newsletter Round 402 by Pierluigi Paganini

Security Affairs

JANUARY 15, 2023

Most internet-exposed Cacti servers exposed to hacking French CNIL fined Tiktok $5.4

Small Business

Small Business Password Management VPN Healthcare

Threat spotlight: Conti, the ransomware used in the HSE healthcare attack

Malwarebytes

MAY 28, 2021

Wizard Spider is a cybercrime group affiliated with a what is sometimes called the Ransomware Cartel , a collective of underground groups identified by threat intelligence company Analyst1. Use strong passwords and regularly change passwords to network systems and accounts, implementing the shortest acceptable timeframe for password changes.

Healthcare

Healthcare Ransomware Encryption Passwords

Crooks target Ukraine’s IT Army with a tainted DDoS tool

Security Affairs

MARCH 10, 2022

Threat actors are spreading password-stealing malware disguised as a security tool to target Ukraine’s IT Army. It is injected with the malicious code, which consists of the Phoenix information stealer.” The Liberator tool is circulating among pro-Ukraina hackers that use it to target Russian propaganda websites.

DDOS

DDOS Digital transformation Malware Advertising

Ragnar Locker gang threatens to leak data if victim contacts law enforcement

Security Affairs

SEPTEMBER 7, 2021

Only use secure networks and avoid using public Wi-Fi networks. Consider installing and using a VPN. Use multi-factor authentication with strong passwords. Install and regularly update anti-virus or anti-malware software on all hosts. Keep computers, devices, and applications patched and up-to-date. Pierluigi Paganini.

Ransomware

Ransomware VPN Authentication Passwords

APT groups chain VPN and Windows Zerologon bugs to attack US government networks

Security Affairs

OCTOBER 12, 2020

US government networks are under attack, threat actors chained VPN and Windows Zerologon flaws to gain unauthorized access to elections support systems. An attacker could also exploit the flaw to disable security features in the Netlogon authentication process and change a computer’s password on the domain controller’s Active Directory.

VPN

VPN Government Authentication Advertising

Ransomware Revival: Troldesh becomes a leader by the number of attacks

Security Affairs

NOVEMBER 19, 2019

The first half of 2019 saw a 10-fold increase in the number of password-protected objects, such as documents and archive files, being used to deliver malware. In 2017, password-protected archives accounted for only 0.08% of all malicious objects. In 2018, their number grew to 3.6%, while in H1 2019 saw an unusual rise of up to 27.8%.

Ransomware

Ransomware Antivirus Malware Banking

Security Affairs newsletter Round 457 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

FEBRUARY 4, 2024

Clorox estimates the costs of the August cyberattack will exceed $49 Million Mastodon fixed a flaw that can allow the takeover of any account Iranian hackers breached Albania’s Institute of Statistics (INSTAT) Operation Synergia led to the arrest of 31 individuals Ex CIA employee Joshua Adam Schulte sentenced to 40 years in prison Cloudflare breached (..)

Identity Theft

Identity Theft VPN Malware Ransomware

It’s official, Lapsus$ gang compromised a Microsoft employee’s account

Security Affairs

MARCH 23, 2022

Yesterday the cybercrime gang leaked 37GB of source code stolen from Microsoft’s Azure DevOps server. virtual private network (VPN), remote desktop protocol (RDP), virtual desktop infrastructure (VDI) including Citrix, or Identity providers (including Azure Active Directory, Okta)). ” continues the analysis.

Accountability

Accountability VPN Social Engineering Hacking

Leveraging Cybersecurity Strategy to Enhance Data Protection Strategy

BH Consulting

JUNE 20, 2023

One may know what the term VPN means, but what about when a VPN should be used and more importantly – not used, and what are the risks of using a VPN versus the benefits. Consequently, the need to know and understand information security at this level is an increasing requirement for privacy professionals.

Cybersecurity

Cybersecurity Information Security VPN Authentication

FBI: Compromised US academic credentials available on various cybercrime forums

15 billion credentials available in the cybercrime marketplaces

Webinars

Trending Sources

The ‘Groove’ Ransomware Gang Was a Hoax

Webinars

Who and What is Behind the Malware Proxy Service SocksEscort?

GUEST ESSAY: Sure steps to achieve a robust employee cybersecurity awareness training regimen

UNC2465 cybercrime group launched a supply chain attack on CCTV vendor

Okta warns of unprecedented scale in credential stuffing attacks on online services

Iranian threat actors attempt to buy stolen data of US organizations, FBI warns

Akira ransomware targets Finnish organizations

Daixin Team targets health organizations with ransomware, US agencies warn

Akira ransomware targets Finnish organizations

Yevgeniy Nikulin, Russian hacker behind Dropbox and LinkedIn hacks found guilty

Microsoft issues targeted notification to hospitals vulnerable to Ransomware attacks

Crooks stole more than $1.5M worth of Bitcoin from General Bytes ATMs

Cisco was hacked by the Yanluowang ransomware gang

BlackCat Ransomware gang breached over 60 orgs worldwide

New AVrecon botnet remained under the radar for two years while targeting SOHO Routers

Experts found 10 malicious packages on PyPI used to steal developers’ data

Akira ransomware attack on Tietoevry disrupted the services of many Swedish organizations

Security Affairs newsletter Round 377

Avoslocker ransomware gang targets US critical infrastructure

The Have I Been Pwned service now includes 441K accounts stolen by RedLine malware

Hackers are targeting teleworkers with vishing campaign, CISA and FBI warn

FIN8-linked actor targets Citrix NetScaler systems

FBI and CISA warn of attacks by Rhysida ransomware gang

CISA publishes malware analysis reports on samples targeting Pulse Secure devices

Security Affairs most-read cyber stories of 2021

Colocation data centers giant Equinix data hit by Netwalker Ransomware

New TA886 group targets companies with custom Screenshotter malware

New Checkmate ransomware target QNAP NAS devices

A new Zerobot variant spreads by exploiting Apache flaws

NetWalker ransomware operators have made $25 million since March 2020

Ragnar Locker ransomware group breached at least 52 organizations across 10 critical infrastructure sectors

Black Friday and Cyber Monday, crooks are already at work

Experts link AVRecon bot to the malware proxy service SocksEscort

Security Affairs newsletter Round 402 by Pierluigi Paganini

Threat spotlight: Conti, the ransomware used in the HSE healthcare attack

Crooks target Ukraine’s IT Army with a tainted DDoS tool

Ragnar Locker gang threatens to leak data if victim contacts law enforcement

APT groups chain VPN and Windows Zerologon bugs to attack US government networks

Ransomware Revival: Troldesh becomes a leader by the number of attacks

Security Affairs newsletter Round 457 by Pierluigi Paganini – INTERNATIONAL EDITION

It’s official, Lapsus$ gang compromised a Microsoft employee’s account

Leveraging Cybersecurity Strategy to Enhance Data Protection Strategy

Stay Connected