Cyber Crime

Belgium city of Liege has suffered today a ransomware attack that has disrupted the IT network of the municipality and its online services. Liege, one of the biggest cities in Belgium, was hit by a ransomware attack that has disrupted the IT network of the municipality and its online services. “The City of Liège is […]

The post A ransomware attack disrupted the IT network of the City of Liege appeared first on Security Affairs.

Read More A ransomware attack disrupted the IT network of the City of Liege

DirtyMoe is a Windows botnet that is rapidly growing, it passed from 10,000 infected systems in 2020 to more than 100,000 in the first half of 2021. Researchers from Avast are warning of the rapid growth of the DirtyMoe botnet (PurpleFox, Perkiler, and NuggetPhantom), which passed from 10,000 infected systems in 2020 to more than 100,000 in […]

The post DirtyMoe botnet infected 100,000+ Windows systems in H1 2021 appeared first on Security Affairs.

Read More DirtyMoe botnet infected 100,000+ Windows systems in H1 2021

The Taiwanese memory and storage chip maker ADATA was hit by the Ragnar Locker ransomware gang that also published more than 700GB of stolen data. The Ragnar Locker ransomware gang has published on its leak sites more than 700GB of data stolen from Taiwanese memory and storage chip maker ADATA. The group published the link […]

The post Ragnar Locker ransomware leaked data stolen from ADATA chipmaker appeared first on Security Affairs.

Read More Ragnar Locker ransomware leaked data stolen from ADATA chipmaker

Carnival Corp. said that the data breach it has suffered in March might have impacted its customers and employees. Carnival Corp. this week confirmed that the data breach that took place in March might have exposed personal information about customers and employees of Carnival Cruise Line, Holland America Line, and Princess Cruises. Carnival Corporation & plc […]

The post Cruise operator Carnival discloses a security breach appeared first on Security Affairs.

Read More Cruise operator Carnival discloses a security breach

Russian national Oleg Koshkin was convicted for operating a “crypting” service used to obfuscate the Kelihos bot from antivirus software. Russian national Oleg Koshkin was convicted for charges related to the operation of a malware crypting service used by the Kelihos botnet to obfuscate malware and evade detection. “According to court documents and evidence introduced at trial, Oleg Koshkin, […]

The post Oleg Koshkin was convicted for operating a crypting service also used by Kelihos botnet appeared first on Security Affairs.

Read More Oleg Koshkin was convicted for operating a crypting service also used by Kelihos botnet

UNC2465 cybercrime group that is affiliated with the Darkside ransomware gang has infected with malware the website of a CCTV camera vendor. An affiliate of the Darkside ransomware gang, tracked as UNC2465, has conducted a supply chain attack against a CCTV vendor, Mandiant researchers discovered. UNC2465 is considered one of the main affiliated of the […]

The post UNC2465 cybercrime group launched a supply chain attack on CCTV vendor appeared first on Security Affairs.

Read More UNC2465 cybercrime group launched a supply chain attack on CCTV vendor

Ukraine police arrested multiple individuals that are believed to be linked to the Clop ransomware gang as part of an international joint operation. Ukraine police arrested multiple individuals that are believed to be linked to the Clop ransomware gang as part of an international operation conducted by law enforcement from Ukraine, South Korea, and the […]

The post An international joint operation resulted in the arrest of Clop ransomware members appeared first on Security Affairs.

Read More An international joint operation resulted in the arrest of Clop ransomware members

A new variant of the Mirai botnet, tracked as Moobot, was spotted scanning the Internet for vulnerable Tenda routers. Researchers from AT&T Alien Lab have spotted a new variant of the Mirai botnet, tracked asu Moobot, which was scanning the Internet for the CVE-2020-10987 remote code-execution (RCE) issue in Tenda routers. The botnet was linked […]

The post Cyberium malware-hosting domain employed in multiple Mirai variants campaigns appeared first on Security Affairs.

Read More Cyberium malware-hosting domain employed in multiple Mirai variants campaigns

Japanese multinational conglomerate Fujifilm announced that it has restored operations following the recent ransomware attack. On June 4, the Japanese multinational conglomerate Fujifilm announced that it was hit by a ransomware attack and shut down its network in response to the incident. Around two weeks later the Japanese giant announced that it has restored operations following […]

The post Fujifilm restores operations after recent ransomware attack appeared first on Security Affairs.

Read More Fujifilm restores operations after recent ransomware attack

The source code for the Paradise Ransomware has been released on a hacking forum allowing threat actors to develop their customized variant. The source code for the Paradise Ransomware has been released on the hacking forum XSS allowing threat actors to develop their own customized ransomware operation. The news of the availability of the source […]

The post The source code of the Paradise Ransomware was leaked on XSS hacking forum appeared first on Security Affairs.

Read More The source code of the Paradise Ransomware was leaked on XSS hacking forum

The MASQ tool could be used by attackers to emulate device fingerprints thus allowing them to bypass fraud protection controls The Resecurity® HUNTER unit has identified a new tool available for sale in the Dark Web called MASQ, enabling bad actors to emulate device fingerprints thus allowing them to bypass fraud protection controls, including authentication mechanisms. One of the […]

The post Wear your MASQ! New Device Fingerprint Spoofing Tool Available in Dark Web appeared first on Security Affairs.

Read More Wear your MASQ! New Device Fingerprint Spoofing Tool Available in Dark Web

The REvil ransomware gang made the headlines again, the group hit the US nuclear weapons contractor Sol Oriens and stole the victim’s data. US nuclear weapons contractor Sol Oriens was hit by a cyberattack carried out by the REvil ransomware operators, which claims to have stolen data. Sol Orien provides consultant services to the National Nuclear […]

The post REvil ransomware gang hit US nuclear weapons contractor Sol Oriens appeared first on Security Affairs.

Read More REvil ransomware gang hit US nuclear weapons contractor Sol Oriens

Microsoft disrupted a large-scale business email compromise (BEC) campaign that used forwarding rules to access messages related to financial transactions. Microsoft researchers announced to have disrupted the cloud-based infrastructure used by crooks in a recent large-scale business email compromise (BEC) campaign. The attackers breached the mailboxes of the victims using phishing messages, then exfiltrated sensitive […]

The post Microsoft experts disrupted a large-scale BEC campaign appeared first on Security Affairs.

Read More Microsoft experts disrupted a large-scale BEC campaign

Microsoft spotted a series of attacks that use SEO poisoning to deliver a remote access trojan (RAT) used by threat actors to steal sensitive data. Microsoft is monitoring a wave of cyber attacks that leverages SEO poisoning to deliver a remote access trojan (RAT) to steal sensitive data from the infected systems The IT giant […]

The post SEO poisoning campaign aims at delivering RAT, Microsoft warns appeared first on Security Affairs.

Read More SEO poisoning campaign aims at delivering RAT, Microsoft warns

The member states of the G7 group have called on Russia and other states to dismantle operations of the ransomware gangs operating within their countries. G7 member states have called on Russia and other states to dismantle operations of ransomware gangs operating within their countries. The call to action follows the large number of ransomware […]

The post G7 calls on Russia to dismantle operations of ransomware gangs within its borders appeared first on Security Affairs.

Read More G7 calls on Russia to dismantle operations of ransomware gangs within its borders

The Anti-Phishing Working Group (APWG) revealed that the number of phishing websites peaked at record levels in the first quarter of 2021. The Anti-Phishing Working Group (APWG) has published its new Phishing Activity Trends Report related to the first quarter of 2021. The document revealed that phishing maintained record levels in the first quarter of 2021, the […]

The post APWG: Phishing maintained near-record levels in the first quarter of 2021 appeared first on Security Affairs.

Read More APWG: Phishing maintained near-record levels in the first quarter of 2021

The Avaddon ransomware gang has shut down its operations and released the decryption keys to allow victims to recover their files for free. Good news for the victims of the Avaddon ransomware gang, the cybercrime group has shut down its operations and provided the decryption keys to BleepingComputer website. The group has also shut down […]

The post Avaddon ransomware gang shuts down their operations and releases decryption keys appeared first on Security Affairs.

Read More Avaddon ransomware gang shuts down their operations and releases decryption keys

Experts spotted a new mysterious malware that was used to collect a huge amount of data, including sensitive files, credentials, and cookies. Researchers from NordLocker have discovered an unsecured database containing 1.2-terabyte of stolen data. Threat actors used custom malware to steal data from 3.2 million Windows systems between 2018 and 2020. The database includes […]

The post Mysterious custom malware used to steal 1.2TB of data from million PCs appeared first on Security Affairs.

Read More Mysterious custom malware used to steal 1.2TB of data from million PCs

The US Department of Justice seized the servers and domains of the popular cybercrime marketplace SlilPP. The US Department of Justice announced to have seized the infrastructure of SlilPP, a popular marketplace used by cybercriminals to buy and sell stolen login credentials. The seizure is the result of a multinational operation involving law enforcement agencies in the […]

The post DoJ announced to have shut down Slilpp marketplace in international operation appeared first on Security Affairs.

Read More DoJ announced to have shut down Slilpp marketplace in international operation

Threat hunting and adversarial cyber intelligence company Group-IB published a comprehensive analysis of fraud cases on a global scale. Group-IB,  a global threat hunting and adversarial cyber intelligence company specializing in the investigation and prevention of high-tech cybercrime, has published a comprehensive analysis of fraud cases on a global scale.  Group-IB,  a global threat hunting and adversarial […]

The post Global Scamdemic: Scams Become Number One Online Crime appeared first on Security Affairs.

Read More Global Scamdemic: Scams Become Number One Online Crime

Microsoft warns of a malware-based campaign that targeted organizations in the aerospace and travel sectors in the past months. Microsoft researchers revealed that organizations in the aerospace and travel sectors have been targeted in the past months in a malware-based campaign. Threat actors conducted a spear-phishing campaign using messages that were specifically designed to be […]

The post Organizations in aerospace and travel sectors under attack, Microsoft warns appeared first on Security Affairs.

Read More Organizations in aerospace and travel sectors under attack, Microsoft warns

FBI and DHS’s CISA have published a joint alert on DarkSide ransomware activity after the disruptive attack on Colonial Pipeline. FBI and DHS’s CISA have published a joint alert to warn of ransomware attacks conducted by the DarkSide group. The alert comes after the disruptive attack that hit Colonial Pipeline that caused chaos and disruption. […]

The post US CISA and FBI publish joint alert on DarkSide ransomware appeared first on Security Affairs.

Read More US CISA and FBI publish joint alert on DarkSide ransomware

Malware researchers from Cleafy warn of a new Android banking trojan dubbed TeaBot (aka Anatsa) that is targeting banks in Europe. Malware experts from the Italian cybersecurity firm Cleafy have spotted a new Android banking trojan dubbed TeaBot (aka Anatsa) that is targeting banks in Spain, Germany, Italy, Belgium, and the Netherlands. TeaBot malware appeared […]

The post TeaBot Android banking Trojan targets banks in Europe appeared first on Security Affairs.

Read More TeaBot Android banking Trojan targets banks in Europe

The FBI and Australian Australian Cyber Security Centre (ACSC) warn of an ongoing Avaddon ransomware campaign targeting organizations worldwide. The Federal Bureau of Investigation (FBI) and the Australian Cyber Security Centre (ACSC) are warning of an ongoing Avaddon ransomware campaign targeting organizations worldwide in multiple industries, including government, finance, energy, manufacturing, and healthcare. The alert published […]

The post FBI and Australia ACSC agencies warn of ongoing Avaddon ransomware attacks appeared first on Security Affairs.

Read More FBI and Australia ACSC agencies warn of ongoing Avaddon ransomware attacks

The U.S. FBI confirmed that the attack against the Colonial Pipeline over the weekend was launched by the Darkside ransomware gang. The U.S. Federal Bureau of Investigation confirmed that the Colonial Pipeline was shut down due to a cyber attack carried out by the Darkside ransomware gang. “The FBI confirms that the Darkside ransomware is […]

The post FBI confirmed that Darkside ransomware gang hit Colonial Pipeline appeared first on Security Affairs.

Read More FBI confirmed that Darkside ransomware gang hit Colonial Pipeline

The city of Tulsa, Oklahoma, has been hit by a ransomware attack over the weekend that impacted its government’s network and shut down its websites. One of the biggest cities in the US  by population size, the City of Tulsa, was victim of a ransomware attack that affected its government’s network and forced the shutdown […]

The post City of Tulsa, is the last US city hit by ransomware attack appeared first on Security Affairs.

Read More City of Tulsa, is the last US city hit by ransomware attack

Microsoft is warning of a large-scale BEC campaign that targeted hundreds of organizations leveraging typo-squatted domains registered days before the attacks. Business email compromise (BEC) attacks represent a serious threat for organizations worldwide, according to the annual report released by FBI’s Internet Crime Complaint Center, the 2020 Internet Crime Report, in 2020, the IC3 received 19,369 Business […]

The post Microsoft warns of a large-scale BEC campaign to make gift card scam appeared first on Security Affairs.

Read More Microsoft warns of a large-scale BEC campaign to make gift card scam

The Cuba Ransomware gang has partnered with the crooks behind the Hancitor malware in attacks aimed at corporate networks. The Hancitor downloader has been around for quite some time already. It is known since at least 2016 for dropping Pony and Vawtrak. As a loader, it has been used to download other malware families, such as Ficker […]

The post Connecting the Bots – Hancitor fuels Cuba Ransomware Operations appeared first on Security Affairs.

Read More Connecting the Bots – Hancitor fuels Cuba Ransomware Operations

A taste of the latest release of QakBot – one of the most popular and mediatic trojan bankers active since 2007. The malware QakBot, also known as Qbot, Pinkslipbot, and Quakbot is a banking trojan that has been made headlines since 2007. This piece of malware is focused on stealing banking credentials and victim’s secrets using […]

The post A taste of the latest release of QakBot appeared first on Security Affairs.

Read More A taste of the latest release of QakBot

A new cybercrime gang, tracked as UNC2529, has targeted many organizations in the US and other countries using new sophisticated malware. A new financially motivated threat actor, tracked by FireEye Experts as UNC2529, has targeted many organizations in the United States and other countries using several new pieces of malware. The group targeted the organization […]

The post UNC2529, a new sophisticated cybercrime gang that targets U.S. orgs with 3 malware appeared first on Security Affairs.

Read More UNC2529, a new sophisticated cybercrime gang that targets U.S. orgs with 3 malware

The Threat Report Portugal: Q1 2021 compiles data collected on the malicious campaigns that occurred from January to March, Q1, of 2021. Threat Report Portugal Q1 2021: Phishing and malware by numbers. The Portuguese Abuse Open Feed 0xSI_f33d is an open sharing database with the ability to collect indicators from multiple sources, developed and maintained by Segurança-Informática. This feed is […]

The post Threat Report Portugal: Q1 2021 appeared first on Security Affairs.

Read More Threat Report Portugal: Q1 2021

The bold author of a new cryptocurrency stealer, dubbed WeSteal, is promising its customers a leading way to make money in 2021. A new cryptocurrency stealer dubbed WeSteal is available on the cybercrime underground, unlike other commodity cryptocurrency stealers, its author doesn’t masquerade its purpose and promises “the leading way to make money in 2021.” […]

The post WeSteal, a shameless commodity cryptocurrency stealer available for sale appeared first on Security Affairs.

Read More WeSteal, a shameless commodity cryptocurrency stealer available for sale

Swiss cloud hosting provider Swiss Cloud has suffered a ransomware attack that seriously impacted its server infrastructure. On April 27 the Swiss cloud hosting provider was hit by a ransomware attack that brought down the company’s server infrastructure. The company is currently working to restore operations from its backups with the help of experts from […]

The post Cloud hosting provider Swiss Cloud suffered a ransomware attack appeared first on Security Affairs.

Read More Cloud hosting provider Swiss Cloud suffered a ransomware attack

Taiwanese vendor QNAP is warning its customers of AgeLocker ransomware attacks on their NAS devices. Crooks behind the AgeLocker ransomware operation are targeting QNAP NAS devices, the Taiwanese vendor warns. The vendor doesn’t provide technical details of the attacks, it is not clear if the ransomware gang exploited know vulnerabilities. “The QNAP security team has […]

The post AgeLocker ransomware operation targets QNAP NAS devices appeared first on Security Affairs.

Read More AgeLocker ransomware operation targets QNAP NAS devices

Babuk ransomware operators shut down their affiliate program and announced to stop using ransomware, the group plans to move on data theft. Recently the Babuk ransomware operators made the headlines for the ransomware attack against the DC Police Department. Experts believe that the decision of the group to leave the ransomware practice could be the […]

The post Babuk crew announced it will stop ransomware attacks appeared first on Security Affairs.

Read More Babuk crew announced it will stop ransomware attacks

UNC2447 cybercrime gang exploited a zero-day in the Secure Mobile Access (SMA), addressed by SonicWall earlier this year, before the vendor released a fix. Researchers from FireEye’s Mandiant revealed that a sophisticated cybercrime gang tracked as UNC2447 has exploited a zero-day issue (CVE-2021-20016) in SonicWall Secure Mobile Access (SMA) devices, fixed earlier this year, before […]

The post UNC2447 cybercrime gang exploited SonicWall Zero-Day before it was fixed appeared first on Security Affairs.

Read More UNC2447 cybercrime gang exploited SonicWall Zero-Day before it was fixed

UNICC and Group-IB detected and took down a massive multistage scam campaign circulating online on April 7, World Health Day. Group-IB, a global threat hunting and adversary-centric cyber intelligence company that specializes in investigating hi-tech cybercrimes, and the United Nations International Computing Centre (UNICC), detected and took down a massive multistage scam campaign circulating online on April 7, World Health Day. […]

The post Saving World Health Day: UNICC and Group-IB take down scam campaign impersonating the World Health Organization appeared first on Security Affairs.

Read More Saving World Health Day: UNICC and Group-IB take down scam campaign impersonating the World Health Organization

Banca di Credito Cooperativo (BCC), one of the largest Italian cooperative credit banks was hit by a ransomware attack. Banca di Credito Cooperativo (BCC), one of the largest Italian cooperative credit banks, was hit by a cyberattack allegedly carried out by one of the most aggressive ransomware gangs, Darkside. The attack paralyzed the operations at 188 branches […]

The post An alleged ransomware attack hit the Italian Banca di Credito Cooperativo causing chaos appeared first on Security Affairs.

Read More An alleged ransomware attack hit the Italian Banca di Credito Cooperativo causing chaos

UK rail network Merseyrail was hit by a cyberattack, ransomware operators breached the corporate email system to disclose the attack to employees and journalists. UK rail network Merseyrail, which operates rail services across Merseyside, announced it was a victim of a cyber attack. A ransomware gang has also compromised the email system of the organization to […]

The post UK rail network Merseyrail hit by ransomware gang appeared first on Security Affairs.

Read More UK rail network Merseyrail hit by ransomware gang

The FBI has shared with Have I Been Pwned service 4 million email addresses collected by Emotet botnet and employed in malware campaigns. Last week, European law enforcement has conducted an operation aimed at performing a mass-sanitization of computers infected with the infamous Emotet Windows malware. The authorities automatically wiped the infamous Emotet malware from infected systems […]

The post FBI shares with HIBP 4 million email addresses involved in Emotet attacks appeared first on Security Affairs.

Read More FBI shares with HIBP 4 million email addresses involved in Emotet attacks

So, your computer screen has been hijacked by ransomware and the criminals behind the attack are demanding money to return your systems. Now what? That’s a question countless organisations are asking themselves nowadays, with attacks increasing and, according to Mimecast’s The State of Email Security Report 2020, organisations suffering three days of downtime on average following a ransomware attack. The problem often stem from a malicious attachment contained within a phishing email. If an employee opens it, the malware will spread rapidly through the organisation’s systems locking you out of your files. When this happens, many victims feel obliged to

The post How to protect your organisation after a ransomware attack appeared first on IT Governance UK Blog.

Read More How to protect your organisation after a ransomware attack

After serveral months (actually 15) from the Cybersecurity Observatory launch (you can find it HERE) I experienced a huge increment of classified Malware from the end of January 2021. The following picture shows how the average samples frequency is just more than twice if compared to the beginning of the month and to the past […]

Read More Malware Family Surface 2021 (Q1)

Today Yoroi released its last cybersecurity report (available HERE). Following I am copying one of its chapters to give you a little flawor about what you can get for free by downloading it ! Hope you might like its contents. The volume of the malicious code produced and disseminated in the wild is constantly increasing. […]

Read More 0-Day Malware (2020)

Hackers have broken into the biochemical systems of an Oxford University lab where researchers are working on the study of Covid-19. Hackers compromised the systems at one of the most advanced biology labs at the Oxford University that is involved in the research on the Covid-19 pandemic. The news was disclosed by Forbes and the […]

The post Hackers are selling access to Biochemical systems at Oxford University Lab appeared first on Security Affairs.

Read More Hackers are selling access to Biochemical systems at Oxford University Lab

Dutch Research Council (NWO) confirmed that the recent cyberattack that forced it to take its servers offline was caused by the DoppelPaymer ransomware gang. On February 14, Dutch Research Council (NWO) was hit by a cyber attack that compromised its network and impacted its operations. In response to the incident, the Dutch Research Council (NWO) […]

The post Dutch Research Council (NWO) confirms DoppelPaymer ransomware attack appeared first on Security Affairs.

Read More Dutch Research Council (NWO) confirms DoppelPaymer ransomware attack

North Korea-linked Lazarus APT group has targeted the defense industry with the custom-backdoor dubbed ThreatNeedle since 2020. North Korea-linked Lazarus APT group has targeted the defense industry with the backdoor dubbed ThreatNeedle since early 2020. The state-sponsored hackers targeted organizations from more than a dozen countries. The experts discovered the custom backdoor while investigating an […]

The post North Korea-linked Lazarus APT targets defense industry with ThreatNeedle backdoor appeared first on Security Affairs.

Read More North Korea-linked Lazarus APT targets defense industry with ThreatNeedle backdoor

Crooks are exploiting BTC blockchain transactions to hide backup command-and-control (C2) server addresses for a cryptomining botnet. Security experts from Akamai have spotted a new botnet used for illicit cryptocurrency mining activities that are abusing Bitcoin (BTC) transactions to implement a backup mechanism for C2.  This technique allows botnet operators to make their infrastructure resilient […]

The post A Cryptomining botnet abuses Bitcoin blockchain transactions as C2 backup mechanism appeared first on Security Affairs.

Read More A Cryptomining botnet abuses Bitcoin blockchain transactions as C2 backup mechanism

Hackers posted data stolen from manufacturer of business jets Bombardier on Clop ransomware leak site following alleged FTA hack. Hackers exploited vulnerabilities in Accellion FTA file-sharing legacy servers to steal data from the airplane maker Bombardier and leak data on the site operated by the Clop ransomware gang. The wave of attacks exploiting multiple zero-day […]

The post Airplane manufacturer Bombardier has disclosed a security breach, data leaked online appeared first on Security Affairs.

Read More Airplane manufacturer Bombardier has disclosed a security breach, data leaked online

FireEye experts linked a series of attacks targeting Accellion File Transfer Appliance (FTA) servers to the cybercrime group UNC2546, aka FIN11. Security experts from FireEye linked a series of cyber attacks against organizations running Accellion File Transfer Appliance (FTA) servers to the cybercrime group UNC2546, aka FIN11. “Starting in mid-December 2020, malicious actors that Mandiant […]

The post FIN11 cybercrime group is behind recent wave of attacks on FTA servers appeared first on Security Affairs.

Read More FIN11 cybercrime group is behind recent wave of attacks on FTA servers

Researchers spotted a new Office malware builder, tracked as APOMacroSploit, that was employed in a campaign targeting more than 80 customers worldwide. Researchers from security firm Check Point uncovered a new Office malware builder called APOMacroSploit, which was employed in attacks that targeted more than 80 customers worldwide. APOMacroSploit is a macro builder that was […]

The post Researchers uncovered a new Malware Builder dubbed APOMacroSploit appeared first on Security Affairs.

Read More Researchers uncovered a new Malware Builder dubbed APOMacroSploit

Experts warn of threat actors using Google Alerts to promote a fake Adobe Flash Player updater that delivers unwanted programs. Experts from BleepingComputer are warning of threat actors that are using Google Alerts to promote a fake Adobe Flash Player updater that delivers unwanted programs. Bad actors publish posts with titles containing popular keywords to […]

The post Experts warn of threat actors abusing Google Alerts to deliver unwanted programs appeared first on Security Affairs.

Read More Experts warn of threat actors abusing Google Alerts to deliver unwanted programs

The Federal Bureau of Investigation (FBI) has issued a warning about the risks of telephony denial-of-service (TDoS) attacks on call centers. The United States’ Federal Bureau of Investigation (FBI) is warning of the consequences of telephony denial-of-service (TDoS) attacks on call centers, which in some cases could threaten people’s lives. TDoS attacks could render telephone systems unavailable […]

The post FBI warns of the consequences of telephony denial-of-service (TDoS) attacks appeared first on Security Affairs.

Read More FBI warns of the consequences of telephony denial-of-service (TDoS) attacks

Experts warn of new malware, dubbed Silver Sparrow, that is infecting Mac systems using the latest Apple M1 chip across the world. Malware researchers at Red Canary uncovered a new malware, dubbed Silver Sparrow, that is infecting Mac systems using the latest Apple M1 chip across the world. According to data shared by Malwarebytes, as […]

The post Silver Sparrow, a new malware infects Mac systems using Apple M1 chip appeared first on Security Affairs.

Read More Silver Sparrow, a new malware infects Mac systems using Apple M1 chip

MassLogger Windows credential stealer infamous is back and it has been upgraded to steal credentials from Outlook, Chrome, and instant messenger apps. MassLogger Windows credential stealer is back and it has been upgraded to steal credentials from Outlook, Chrome, and instant messenger apps. Cisco Talos experts uncovered attacks against users in Turkey, Latvia, and Italy, the […]

The post New Masslogger Trojan variant exfiltrates user credentials appeared first on Security Affairs.

Read More New Masslogger Trojan variant exfiltrates user credentials

Hackers abuse Google Apps Script to steal credit cards, bypass CSP Attackers are abusing Google’s Apps Script business application development platform to steal payment card information from e-stores. Sansec researchers reported that threat actors are abusing Google’s Apps Script business application development platform to steal credit card data provided by customers of e-commerce websites. “Attackers use […]

The post Hackers steal credit card data abusing Google’s Apps Script appeared first on Security Affairs.

Read More Hackers steal credit card data abusing Google’s Apps Script

PaloAlto Network warns of the WatchDog botnet that uses exploits to take over Windows and Linux servers and mine cryptocurrency. Security researchers at Palo Alto Networks uncovered a cryptojacking botnet, tracked as WatchDog, that is targeting Windows and Linux systems. WatchDog is one of the largest and longest-lasting Monero cryptojacking operations uncovered by security experts, […]

The post WatchDog botnet targets Windows and Linux servers in cryptomining campaign appeared first on Security Affairs.

Read More WatchDog botnet targets Windows and Linux servers in cryptomining campaign

Malvertising gang ScamClub has exploited an unpatched zero-day vulnerability in WebKit-based browsers in a campaign aimed at realizing online gift card scams. The Malvertising gang ScamClub has abused an unpatched zero-day vulnerability in WebKit-based browsers to bypass security measures and redirect users from legitimate sites to websites hosting online gift card scams. The malvertising campaign […]

The post ScamClub malvertising gang abused WebKit zero-day to redirect to online gift card scams appeared first on Security Affairs.

Read More ScamClub malvertising gang abused WebKit zero-day to redirect to online gift card scams

Latin American Javali trojan weaponizing Avira antivirus legitimate injector to implant malware In the last few years, many banking trojans developed by Latin American criminals have increased in volume and sophistication. Although exists a strong adoption of technologies with the goal of protecting the final user such as plugins, tokens, e-tokens, two-factor-authentication mechanisms, CHIP, PIN […]

The post Latin American Javali trojan weaponizing Avira antivirus legitimate injector to implant malware appeared first on Security Affairs.

Read More Latin American Javali trojan weaponizing Avira antivirus legitimate injector to implant malware

Researchers from threat intelligence Cyble have discovered threat actors abusing the Ngrok platform in a fresh phishing campaign. Researchers at the threat intelligence firm Cyble discovered a new wave of phishing attacks targeting multiple organizations that are abusing the ngrok platform, a secure and introspectable tunnel to the localhost. ngrok is a cross-platform application used to […]

The post Hackers abusing the Ngrok platform phishing attacks appeared first on Security Affairs.

Read More Hackers abusing the Ngrok platform phishing attacks

Experts discovered a new Bluetooth overlay skimmer that interferes with the ability of the terminal to read chip-based cards, forcing the use of the stripe. The popular investigator Brian Krebs reported the discovery of a new Bluetooth overlay skimmer that interfered with the terminal’s ability to read chip-based cards, forcing the use of the magnetic […]

The post A new Bluetooth overlay skimmer block chip-based transactions appeared first on Security Affairs.

Read More A new Bluetooth overlay skimmer block chip-based transactions

An international operation conducted in Ukraine and France lead to the arrest of criminals believed to be affiliated with the Egregor RaaS. Some affiliated with the Egregor RaaS, not the main ransomware gang, have been arrested as a result of a joint operation conducted by law enforcement in Ukraine and France. Authorities did not reveal […]

The post French and Ukrainian police arrested Egregor ransomware affiliates/partners in Ukraine appeared first on Security Affairs.

Read More French and Ukrainian police arrested Egregor ransomware affiliates/partners in Ukraine

The administrators of the most popular carding marketplace on the dark web Joker’s Stash announced his retirement. Cybercriminal behind the most prominent carding marketplace on the dark web Joker’s Stash retires, he will shut down its servers and destroy the backups. According to Forbes, the man has amassed a billion dollars worth of Bitcoin with […]

The post The kingpin behind Joker’s Stash retires with a billionaire exit appeared first on Security Affairs.

Read More The kingpin behind Joker’s Stash retires with a billionaire exit

Court documents obtained by Forbes revealed that the FBI may have a tool that allows accessing private Signal messages on iPhones. Court documents related to a recent gun-trafficking case in New York and obtained by Forbes revealed that the FBI may have a tool to access private Signal messages. The documents revealed that encrypted messages can be intercepted from […]

The post Court documents show FBI could use a tool to access private Signal messages on iPhones appeared first on Security Affairs.

Read More Court documents show FBI could use a tool to access private Signal messages on iPhones

Google revealed that Gmail users from the United States are the most targeted by email-based phishing and malware. A joint five-month study conducted by Google with Stanford University researchers analyzed over 1.2 billion email-based phishing and malware attacks against Gmail users to determine what are factors influence the risk of attack. Experts discovered that malicious […]

The post Gmail users from US most targeted by email-based phishing and malware appeared first on Security Affairs.

Read More Gmail users from US most targeted by email-based phishing and malware

Russian internet and search company Yandex discloses a data breach, a system administrator was selling access to thousands of user mailboxes. Russian search engine and internet provider Yandex discloses a data breach, the company revealed that one of its system administrators was caught selling access to 4,887 user email accounts. The security incident was discovered […]

The post Yandex security team caught admin selling access to users’ inboxes appeared first on Security Affairs.

Read More Yandex security team caught admin selling access to users’ inboxes

The fresh release of the Latin American Lampion trojan was updated with a new C2 address. Lampion trojan disseminated in Portugal using COVID-19 template. In the last few days, a new release of the Latin American Lampion trojan was released in Portugal using a template related to COVID-19. This trojan has been distributed in Portugal […]

The post Lampion trojan disseminated in Portugal using COVID-19 template appeared first on Security Affairs.

Read More Lampion trojan disseminated in Portugal using COVID-19 template

An expert released a free decryption tool for the Avaddon ransomware, but operators quickly updated malware code to make it inefficient. The Spanish student Javier Yuste has released a free decryption tool for the Avaddon ransomware that can be used by the victims to recover their encrypted files for free. Yuste is a student at […]

The post Avaddon ransomware decryptor released, but operators quickly reacted appeared first on Security Affairs.

Read More Avaddon ransomware decryptor released, but operators quickly reacted

A total of eight criminals have been arrested on 9 February as a result of an international police operation into a series of SIM swapping attacks.  Eight men were arrested in England and Scotland as part of a year-long international investigation into a series of SIM swapping attacks targeting high-profile victims in the United States. […]

The post Law enforcement arrested 8 people that targeted celebrities with SIM swapping attacks appeared first on Security Affairs.

Read More Law enforcement arrested 8 people that targeted celebrities with SIM swapping attacks

The gaming firm CD Projekt Red, which developed popular games like Cyberpunk 2077 and The Witcher, has disclosed a ransomware attack. The gaming firm CD Projekt Red, which developed popular games like Cyberpunk 2077 and The Witcher series, has suffered a ransomware attack. The company confirmed the security breach with a series of messages on […]

The post CD Projekt Red game maker discloses ransomware attack appeared first on Security Affairs.

Read More CD Projekt Red game maker discloses ransomware attack

An international operation conducted by Ukraine’s police, along with the US and Australia peers, shut down the world’s largest phishing Service U-Admin. Last week, an international operation conducted by Ukraine’s police, along with the US and Australian authorities, lead to the shut down of the world’s phishing framework U-Admin. The National Police and its Main […]

The post Ukraine’s police arrested the author of the U-Admin phishing kit appeared first on Security Affairs.

Read More Ukraine’s police arrested the author of the U-Admin phishing kit

If you are a security researcher or even a passionate about how attackers implement phishing you will find yourself to look for phishing kits. A phishing kit is not a phishing builder, but a real implementation (actually re-implementation) of a third party website built to lure your victim. Initially attackers use a phishing builder to […]

Read More Introducing PhishingKitTracker

Hi Folks, today I want to share a quantitative analysis on a weird return-match by Upatre. According to Unit42 Upatre is an ancient downloader firstly spotted in 2013 used to inoculate banking trojans and active up to 2016. First discovered in 2013, Upatre is primarily a downloader tool responsible for delivering additional trojans onto the […]

Read More Is upatre downloader coming back ?