Cybercrime - Cyber Security Informer

Google TAG warns of Russia-linked APT groups targeting Ukraine

Security Affairs

APRIL 20, 2023

The researchers from Google TAG are warning of Russia-linked threat actors targeting Ukraine with phishing campaigns. Russia-linked threat actors launched large-volume phishing campaigns against hundreds of users in Ukraine to gather intelligence and aimed at spreading disinformation, states Google’s Threat Analysis Group (TAG).

Phishing

Phishing Education Accountability Telecommunications

Google TAG spotted actors using new code signing tricks to evade detection

Security Affairs

SEPTEMBER 26, 2021

Researchers from Google’s TAG team reported that financially motivated actors are using new code signing tricks to evade detection. “In these new samples, the signature was edited such that an End of Content (EOC) marker replaced a NULL tag for the ‘parameters’ element of the SignatureAlgorithm signing the leaf X.509

Software

Software Hacking Cybercrime Information Security

Google TAG details cyber activity with regard to the invasion of Ukraine

Security Affairs

MARCH 31, 2022

The Google TAG uses uncovered phishing attacks targeting Eastern European and NATO countries, including Ukraine. “ However, for the first time, TAG has observed COLDRIVER campaigns targeting the military of multiple Eastern European countries, as well as a NATO Centre of Excellence.” In one case observed by the TAG team.

Phishing

Phishing Accountability Government Hacking

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Multiple APT groups exploited WinRAR flaw CVE-2023-38831

Security Affairs

OCTOBER 18, 2023

Google TAG reported that both Russia and China-linked threat actors are weaponizing the a high-severity vulnerability in WinRAR. Google’s Threat Analysis Group (TAG) reported that in recent weeks multiple nation-state actors were spotted exploiting the vulnerability CVE-2023-38831 in WinRAR. ” reported Google TAG.

Cybercrime

Cybercrime Malware Software Hacking

Google: China dominates government exploitation of zero-day vulnerabilities in 2023

Security Affairs

MARCH 28, 2024

Google’s Threat Analysis Group (TAG) and Mandiant reported a surge in the number of actively exploited zero-day vulnerabilities in 2023. In 2023, Google (TAG) and Mandiant discovered 29 out of 97 vulnerabilities exploited in the wild. ” reads the report published by Google TAG.

Government

Government Surveillance Cybercrime Ransomware

Dell notifies customers about data breach

Malwarebytes

MAY 10, 2024

Dell is warning its customers about a data breach after a cybercriminal offered a 49 million-record database of information about Dell customers on a cybercrime forum. The information involved does not include financial or payment information, email address, telephone number or any highly sensitive customer information.”

Data breaches

Data breaches Passwords Phishing Big data

Ex-members of the Conti ransomware gang target Ukraine

Security Affairs

SEPTEMBER 8, 2022

Researchers from Google’s Threat Analysis Group (TAG) reported that some former members of the Conti cybercrime group were involved in five different campaigns targeting Ukraine between April and August 2022. ” reads the TAG’s report. ” concludes TAG.

Ransomware

Ransomware Cybercrime Government Media

Some Members of Conti Group Targeting Ukraine in Financially Motivated Attacks

The Hacker News

SEPTEMBER 7, 2022

Former members of the Conti cybercrime cartel have been implicated in five different campaigns targeting Ukraine from April to August 2022.

Cybercrime

Exotic Lily initial access broker works with Conti gang

Security Affairs

MARCH 19, 2022

Google’s Threat Analysis Group (TAG) uncovered a new initial access broker, named Exotic Lily, that is closely affiliated with the Conti ransomware gang. Google’s Threat Analysis Group (TAG) researchers linked a new initial access broker, named Exotic Lily, to the Conti ransomware operation.

Cybercrime

Cybercrime Social Engineering Ransomware Engineering

Security Affairs newsletter Round 460 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

FEBRUARY 25, 2024

Iran Crisis Russia-Aligned TAG-70 Targets European Government and Military Mail Servers in New Espionage Campaign U.S.

Spyware

Spyware Cyber Insurance Hacking Advertising

North Korea dedicates a hacking group to fund cyber crime

CyberSecurity Insiders

APRIL 5, 2023

North Korea has established a hacking group named APT43 to fund its cybercrime activities, aimed at advancing Pyongyang’s geopolitical interests. On April 3 of this year, Google’s Threat Analysis Group (TAG) announced that APT43 was in-volved in cryptocurrency theft and digital currency laundering.

Hacking

Hacking Social Engineering Cryptocurrency Manufacturing

TA505 Cybercrime targets system integrator companies

Security Affairs

NOVEMBER 12, 2019

The analysis of a malicious email revealed a possible raising interest of the TA505 cybercrime gang in system integrator companies. The infrastructure used in the attacks suggests the involvement of the cybercrime group TA505. SecurityAffairs – TA505, cybercrime). Introduction. net http[://com-mk84.net. Pierluigi Paganini.

Cybercrime

Cybercrime Computers and Electronics Penetration Testing Malware

North Korea hackers impersonating Coinbase to lure employees and customers

CyberSecurity Insiders

AUGUST 17, 2022

NOTE – Lazarus is also known in the world of cybercrime as Guardians of Peace and is being run and funded by the government of North Korea. United States Intelligence Community has given the group as Hidden Cobra and Microsoft has tagged the name of this group as ZINC.

Social Engineering

Social Engineering Cryptocurrency Education Cybercrime

Tracking the Trackers: For Better or Worse

SecureWorld News

NOVEMBER 27, 2023

These radios are being tracked and tagged by marketers, telecom companies and individuals in an effort to resell that data to parties willing to pay. Tiny BLE (Bluetooth Low Energy) tags are being placed in people’s vehicles, pockets, bags and other items on the move all the time.

Wireless

Wireless Energy and Utilities Technology Data privacy

Who and What is Behind the Malware Proxy Service SocksEscort?

Krebs on Security

JULY 25, 2023

Proxy services can be used in a legitimate manner for several business purposes — such as price comparisons or sales intelligence — but they are massively abused for hiding cybercrime activity because they make it difficult to trace malicious traffic to its original source. SocksEscort[.]com SocksEscort began in 2009 as “ super-socks[.]com

Malware

Malware VPN Internet Internet

Cybercriminals launched “Leaksmas” event in the Dark Web exposing massive volumes of leaked PII and compromised data

Security Affairs

DECEMBER 28, 2023

Numerous leaks disseminated in the underground cyber world were tagged with ‘Free Leaksmas,’ indicating that these significant leaks were shared freely among various cybercriminals as a form of mutual gratitude. Instead, they marked the holiday season in their unique way.

Identity Theft

Identity Theft Data breaches Government Hacking

Smooth Cybercriminals: Google Warns of Iran-Backed APT Hackers

SecureWorld News

OCTOBER 19, 2021

One notorious hacking group from Iran uses particularly dirty schemes to fleece users, according to Google's Threat Analysis Group (TAG). According to Google’s TAG blog, APT35 have been active since at least 2017, including attacks on the 2020 U.S. Read Google's official TAG blog to learn more about the technical details.

Phishing

Phishing Social Engineering Authentication Government

Meet Exotic Lily, access broker for ransomware and other malware peddlers

Malwarebytes

MARCH 18, 2022

The Google Threat Analysis Group (TAG) has shared their observations about a group of cybercriminals called Exotic Lily. Among these interested parties TAG found the Conti and Diavol ransomware groups. From the TAG blog we can learn that Exotic Lily was very much specialized. Initial access broker. Exotic Lily.

Ransomware

Ransomware Malware Social Engineering Media

The Bridge to Zero Trust

CyberSecurity Insiders

FEBRUARY 28, 2023

No one likes to think their company might be hit by a cyber attack or breach, but the truth is cybercrime is one of the biggest threats your organization can face. If you suffer a breach, the loss of data is only the first of many issues you will be facing.

Architecture

Architecture Authentication Technology CISO

Crooks use HTML smuggling to spread QBot malware via SVG files

Security Affairs

DECEMBER 14, 2022

. “SVG images are constructed using XML, allowing them to be placed within HTML using ordinary XML markup tags. Talos has identified malicious emails featuring HTML attachments with encoded SVG images that themselves contain HTML <script> tags. Including script tags within a SVG image is a legitimate feature of SVG.”

Malware

Malware Phishing Passwords Hacking

Security Affairs newsletter Round 431 by Pierluigi Paganini – International edition

Security Affairs

AUGUST 6, 2023

Rapid7 found a bypass for the recently patched actively exploited Ivanti EPMM bug Russian APT29 conducts phishing attacks through Microsoft Teams Hackers already installed web shells on 581 Citrix servers in CVE-2023-3519 attacks Zero-day in Salesforce email services exploited in targeted Facebook phishing campaign Burger King forgets to put a password (..)

Malware

Malware Cybercrime Cryptocurrency Social Engineering

Webcast Tackles How to Protect Oneself Against the Dark Side of AI

SecureWorld News

MAY 31, 2023

Eastern, and will provide viewers with information they need to understand the future of cybercrime and give them tools to stop it. Dan Shiebler, Head of Machine Learning, Abnormal Security As the Head of Machine Learning at Abnormal Security, Dan leads a team of 40+ detection engineers to build AI systems that fight cybercrime.

Social Engineering

Social Engineering Artificial Intelligence Engineering Cybercrime

Security Affairs newsletter Round 455 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

JANUARY 21, 2024

million cryptojacking scheme arrested in Ukraine Cybercrime Cryptojacker arrested in Ukraine over EUR 1.8

Artificial Intelligence

Artificial Intelligence VPN Hacking Firewall

Security Affairs newsletter Round 428 by Pierluigi Paganini – International edition

Security Affairs

JULY 15, 2023

Russia-linked APT Gamaredon starts stealing data from victims between 30 and 50 minutes after the initial compromise The source code of the BlackLotus UEFI Bootkit was leaked on GitHub US CISA warns of Rockwell Automation ControlLogix flaws Indexing Over 15 Million WordPress Websites with PWNPress New AVrecon botnet remained under the radar for two (..)

Spyware

Spyware Hacking Data breaches Mobile

“FudCo” Spam Empire Tied to Pakistani Software Firm

Krebs on Security

SEPTEMBER 6, 2021

In May 2015, KrebsOnSecurity briefly profiled “ The Manipulaters ,” the name chosen by a prolific cybercrime group based in Pakistan that was very publicly selling spam tools and a range of services for crafting, hosting and deploying malicious email. One of several current Fudtools sites run by The Manipulaters.

Software

Software Phishing Cybercrime Accountability

7 Cyber Safety Tips to Outsmart Scammers

Webroot

FEBRUARY 26, 2024

Cybercrime isn’t just a futuristic Hollywood plotline, it’s a real threat that targets everyone—from wide-eyed kids to seasoned adults and wise grandparents. Keep your devices updated Newsflash: Cybercriminals love exploiting vulnerabilities in outdated software like it’s Black Friday at the cybercrime emporium.

Scams

Scams VPN Passwords Phishing

Poulight Stealer, a new Comprehensive Stealer from Russia

Security Affairs

MAY 7, 2020

Infostealer market is one of the most remunerative for cyber criminals, information gathered from infected systems could be resold in the cybercrime underground or used for credential stuffing attacks. The first information tag “ prog.params ” is immediately retrieved in the instruction “ HandlerParams.Start() ” seen in Figure 4.

Malware

Malware Advertising Cybercrime Internet

A new sophisticated JavaScript Skimmer dubbed Pipka used in the wild

Security Affairs

NOVEMBER 15, 2019

The skimmer uses an image GET request, but unlike other skimmers instead of loading and then immediately removing the image tag, Pipka sets the onload attribute of the image tag. VISA PFD believes that Pipka will continue to evolve and that its use will increase in the cybercrime ecosystem to target eCommerce merchant websites.

eCommerce

eCommerce Accountability Advertising Cybercrime

GUEST ESSAY: Sure steps to achieve a robust employee cybersecurity awareness training regimen

The Last Watchdog

OCTOBER 24, 2022

Employees are the first line of defense against cybercrime and should understand how to recognize phishing emails and what to do if they suspect them. Make sure to use common, understandable labels and data value tags for your data. . • Create security awareness for employees. Use a corporate VPN.

Passwords

Passwords Security Awareness Data breaches Cybersecurity

Google won a lawsuit against the Glupteba botnet operators

Security Affairs

NOVEMBER 21, 2022

.” The IT giant won a lawsuit filed against two Russian nationals involved in the operations of the botnet, the court’s ruling sets an important legal precedent in the fight against cybercrime.

Cybercrime

Cybercrime IoT Cryptocurrency Malware

What Is a Backdoor Attack?

SiteLock

AUGUST 27, 2021

The average cost of a data breach can exceed $100,000 for SMBs , and that doesn’t include the high price tag associated with repairing a business’s reputation and rebuilding customer trust. As cybercrime increases, your security measures should, too. Backdoor attacks increased by 173% between 2017 and 2018. million versus $4.25

Small Business

Small Business Cybercrime Malware Backups

HUMAN Orchestrates Unprecedented Private Takedown, VASTFLUX

CyberSecurity Insiders

JANUARY 19, 2023

HUMAN worked closely with its partners in the Human Collective to get additional insight into traffic volumes and verification tags they were using on their ads. We leverage modern defense to disrupt the economics of cybercrime by increasing the cost to cybercriminals while simultaneously reducing the cost of collective defense.

Advertising

Advertising Cybercrime CISO Education

Come to the dark side: hunting IT professionals on the dark web

SecureList

JANUARY 30, 2023

Just as any other business, cybercrime needs labor. Changes on the market, layoffs, and pay cuts, too, often prompt them to look for a job on cybercrime websites. Working with underground teams, let alone cybercrime groups, poses serious risks: members can be deanonymized and prosecuted, and even getting paid is not a guarantee.

Cybercrime

Cybercrime Marketing Encryption Risk

GUEST ESSAY: The drivers behind persistent ransomware — and defense tactics to deploy

The Last Watchdog

SEPTEMBER 7, 2022

They could be on the other side of the globe, part of a cybercrime regime that will never be discovered, much less brought to justice. The price tag of the ransom is just one of the many costs of these attacks, and remediation can often exceed this fee many times over. But the situation isn’t hopeless. The impact of ransomware.

Ransomware

Ransomware Education Financial Services Phishing

Magecart campaign abuses legitimate sites to host web skimmers and act as C2

Security Affairs

JUNE 5, 2023

. “Attackers employ a number of evasion techniques during the campaign, including obfuscating Base64 and masking the attack to resemble popular third-party services, such as Google Analytics or Google Tag Manager.” ” reads the analysis published by Akamai.

Retail

Retail Hacking Software Malware

Magecart gang hides PHP-based web shells in favicons

Security Affairs

MAY 14, 2021

Magecart cybercrime gang is using favicon to hide malicious PHP web shells used to maintain remote access to inject JavaScript skimmers into online stores. Threat actors edited the shortcut icon tags with a path to the fake PNG file. ” reads the analysis published by Malwarebytes.

Cybercrime

Cybercrime Malware Hacking Cybersecurity

Surveillance firm’s leaked docs show the purchase of an $8M iOS RCE zero-day exploit?

Security Affairs

AUGUST 28, 2022

In June, researchers from Google’s Threat Analysis Group (TAG) revealed that the Italian surveillance firm RCS Labs was helped by some Internet service providers (ISPs) in Italy and Kazakhstan to infect Android and iOS users with their spyware.

Surveillance

Surveillance Spyware Mobile Hacking

Attackers create phishing lures with standard tools in Google Docs to steal credentials

SC Magazine

JUNE 17, 2021

According to Avanan blog, once the attacker publishes the lure, “Google provides a link with embed tags that are meant to be used on forums to render custom content. The attacker does not need the iframe tags and only needs to copy the part with the Google Docs link.

Phishing

Phishing Social Engineering Engineering CISO

Cyberthreats to financial organizations in 2022

SecureList

NOVEMBER 23, 2021

The COVID-19 pandemic is likely to cause a massive wave of poverty, and that invariably translates into more people resorting to crime, including cybercrime. Cracking down hard on the cybercrime world. Analysis of forecasts for 2021. We should expect more fraud, targeting mostly BTC , because this cryptocurrency is the most popular.

Cryptocurrency

Cryptocurrency Banking Cybercrime Ransomware

PRODUCT REVIEW: Frontline Vulnerability Manager (Frontline VM) by digitaldefense

CyberSecurity Insiders

DECEMBER 9, 2021

TAG Cyber Distinguished Vendor. Cybercrime Magazine Hot 150. With a NPS score of 75 and a customer satisfaction score of 90, it’s plain to see customers value this level of support. AWARDS & RECOGNITION. SC Media 5-Star Review. 5-Star CRN Partner Program Rating. 2020 HIRE Vets Platinum Medallion Award. CUSTOMER SATISFACTION.

Risk

Risk Information Security Cybersecurity Technology

Security Affairs newsletter Round 416 by Pierluigi Paganini – International edition

Security Affairs

APRIL 23, 2023

Abandoned Eval PHP WordPress plugin abused to backdoor websites CISA adds MinIO, PaperCut, and Chrome bugs to its Known Exploited Vulnerabilities catalog At least 2 critical infrastructure orgs breached by North Korea-linked hackers behind 3CX attack American Bar Association (ABA) suffered a data breach,1.4

Spyware

Spyware Ransomware Malware Data breaches

A new Magecart campaign hides the malicious code in 404 error page

Security Affairs

OCTOBER 12, 2023

Loader — Short, obscure JavaScript code snippets responsible for loading the full malicious code of the attack Malicious attack code — The primary JavaScript code that executes the attack; it detects sensitive inputs, reads the data, disrupts the checkout process, and injects fake forms Data exfiltration — The method used to transmit the stolen data (..)

Retail

Retail Security Intelligence Hacking Software

Bumblebee attacks, from initial access to the compromise of Active Directory Services

Security Affairs

AUGUST 19, 2022

Bumblebee has been active since March 2022 when it was spotted by Google’s Threat Analysis Group (TAG), experts noticed that cybercriminal groups that were previously using the BazaLoader and IcedID as part of their malware campaigns switched to the Bumblebee loader. ” reads the analysis published by Cybereason.

Malware

Malware Accountability Phishing Passwords

Maze Ransomware Operators: 'We Are Closing'

SecureWorld News

NOVEMBER 2, 2020

The Maze ransomware team, a pioneer in the cybercrime space, claims it is shutting down operations. You would not even notice when you will be tagged with chips or your DNA will be the only was to access the new digital world. They were a successful team in cybercrime, so why quit? Interpret that however you will.

Ransomware

Ransomware Cybercrime Hacking Technology

Google TAG warns of Russia-linked APT groups targeting Ukraine

Google TAG spotted actors using new code signing tricks to evade detection

Webinars

Trending Sources

Google TAG details cyber activity with regard to the invasion of Ukraine

Webinars

Multiple APT groups exploited WinRAR flaw CVE-2023-38831

Google: China dominates government exploitation of zero-day vulnerabilities in 2023

Dell notifies customers about data breach

Ex-members of the Conti ransomware gang target Ukraine

Some Members of Conti Group Targeting Ukraine in Financially Motivated Attacks

Exotic Lily initial access broker works with Conti gang

Security Affairs newsletter Round 460 by Pierluigi Paganini – INTERNATIONAL EDITION

North Korea dedicates a hacking group to fund cyber crime

TA505 Cybercrime targets system integrator companies

North Korea hackers impersonating Coinbase to lure employees and customers

Tracking the Trackers: For Better or Worse

Who and What is Behind the Malware Proxy Service SocksEscort?

Cybercriminals launched “Leaksmas” event in the Dark Web exposing massive volumes of leaked PII and compromised data

Smooth Cybercriminals: Google Warns of Iran-Backed APT Hackers

Meet Exotic Lily, access broker for ransomware and other malware peddlers

The Bridge to Zero Trust

Crooks use HTML smuggling to spread QBot malware via SVG files

Security Affairs newsletter Round 431 by Pierluigi Paganini – International edition

Webcast Tackles How to Protect Oneself Against the Dark Side of AI

Security Affairs newsletter Round 455 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs newsletter Round 428 by Pierluigi Paganini – International edition

“FudCo” Spam Empire Tied to Pakistani Software Firm

7 Cyber Safety Tips to Outsmart Scammers

Poulight Stealer, a new Comprehensive Stealer from Russia

A new sophisticated JavaScript Skimmer dubbed Pipka used in the wild

GUEST ESSAY: Sure steps to achieve a robust employee cybersecurity awareness training regimen

Google won a lawsuit against the Glupteba botnet operators

What Is a Backdoor Attack?

HUMAN Orchestrates Unprecedented Private Takedown, VASTFLUX

Come to the dark side: hunting IT professionals on the dark web

GUEST ESSAY: The drivers behind persistent ransomware — and defense tactics to deploy

Magecart campaign abuses legitimate sites to host web skimmers and act as C2

Magecart gang hides PHP-based web shells in favicons

Surveillance firm’s leaked docs show the purchase of an $8M iOS RCE zero-day exploit?

Attackers create phishing lures with standard tools in Google Docs to steal credentials

Cyberthreats to financial organizations in 2022

PRODUCT REVIEW: Frontline Vulnerability Manager (Frontline VM) by digitaldefense

Security Affairs newsletter Round 416 by Pierluigi Paganini – International edition

A new Magecart campaign hides the malicious code in 404 error page

Bumblebee attacks, from initial access to the compromise of Active Directory Services

Maze Ransomware Operators: 'We Are Closing'

Stay Connected