2013, Cybercrime and Information Security

Meet the Administrators of the RSOCKS Proxy Botnet

Krebs on Security

JUNE 22, 2022

.” The DOJ’s statement doesn’t mention that RSOCKS has been in operation since 2014, when access to the web store for the botnet was first advertised on multiple Russian-language cybercrime forums. “Something new was required and I decided to leave Omsk and try to live in the States,” Kloster wrote in 2013.

Advertising

Advertising Cybercrime System Administration Hacking

XE Group shifts from credit card skimming to exploiting zero-days

Security Affairs

FEBRUARY 10, 2025

The cybercrime group XE Group exploited a VeraCore zero-day to deploy reverse shells, web shells in recent attacks. A recent investigation by researchers from Intezer and Solis Security shed light on the recent operations of the XE Group. ” reads the analysis published by Intezer.

Manufacturing

Manufacturing Cybercrime Passwords Authentication

Accused Russian RSOCKS Botmaster Arrested, Requests Extradition to U.S.

Krebs on Security

SEPTEMBER 24, 2022

A native of Omsk, Russia, Kloster came into focus after KrebsOnSecurity followed clues from the RSOCKS botnet master’s identity on the cybercrime forums to Kloster’s personal blog , which featured musings on the challenges of running a company that sells “security and anonymity services to customers around the world.”

Cybercrime

Cybercrime Data breaches Malware Ransomware

Alleged Extortioner of Psychotherapy Patients Faces Trial

Krebs on Security

NOVEMBER 16, 2023

In a 2,200-page report, Finnish authorities laid out how they connected the extortion spree to Kivimäki, a notorious hacker who was convicted in 2015 of perpetrating tens of thousands of cybercrimes, including data breaches, payment fraud, operating a botnet and calling in bomb threats.

Cybercrime

Cybercrime Hacking Data breaches Banking

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

The Last Watchdog

JUNE 21, 2020

The epidemic went truly mainstream with the release of CryptoLocker back in 2013, and it has since transformed into a major dark web economy spawning the likes of Sodinokibi, Ryuk, and Maze lineages that are targeting the enterprise on a huge scale in 2020. FBI spoofs 2012 – 2013. File encryption 2013 – 2015.

Ransomware

Ransomware Hacking Encryption Penetration Testing

US offers $2.5M reward for Belarusian man involved in mass malware distribution

Security Affairs

AUGUST 28, 2024

The indictment alleges that from 2013 to 2022, Kadariya played a key role in distributing the Angler Exploit Kit, which was used to spread various malware, including ransomware, through malvertising and other methods. Kadariya has been indicted for distributing the Angler Exploit Kit and other malware to millions of victims.

Malware

Malware Computers and Electronics Cybercrime Internet

First American Financial Pays Farcical $500K Fine

Krebs on Security

JUNE 18, 2021

The SEC said that under First American’s remediation policies, if the person responsible for fixing the problem is unable to do so based on the timeframes listed above, that employee must have their management contact the company’s information security department to discuss their remediation plan and proposed time estimate.

Insurance

Insurance Risk Financial Services CISO

Local Networks Go Global When Domain Names Collide

Krebs on Security

AUGUST 23, 2024

Mike Barlow , information security manager for the City of Memphis, confirmed the Memphis Police’s systems were sharing their Microsoft Windows credentials with the domain, and that the city was working with Caturegli to have the domain transferred to them. .” Caturegli said setting up an email server record for memrtcc.ad

DNS

DNS Internet Internet Authentication

Police seized 50,000 Bitcoin from operator of the now-defunct piracy site movie2k

Security Affairs

JANUARY 31, 2024

It was operating between 2008 and 2013. In 2013, the Motion Picture Association of America (MPAA) shut down the website due to concerns related to copyright infringement. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – cybercrime, Apple)

Media

Media Cybercrime Advertising Information Security

New ZLoader malware campaign hit more than 2000 victims across 111 countries

Security Affairs

JANUARY 10, 2022

A malware campaign spreads ZLoader malware by exploiting a Windows vulnerability that was fixed in 2013 but in 2014 Microsoft revised the fix. The threat actors exploit a vulnerability, tracked as CVE-2013-3900, that was discovered and fixed in 2013 but in 2014 Microsoft revised the fix.

Malware

Malware Banking Software Cybercrime

Notorious Finnish Hacker sentenced to more than six years in prison

Security Affairs

APRIL 30, 2024

“Finnish prosecutors quickly zeroed in on a suspect: Julius “Zeekill” Kivimäki , a notorious criminal hacker convicted of committing tens of thousands of cybercrimes before he became an adult. .” reads the post published by Brian Krebs. After being charged with the attack in October 2022, Kivimäki fled the country.

Hacking

Hacking Cybercrime Data breaches Information Security

State attorneys general announced a $1.5 million settlement with Neiman Marcus

Security Affairs

JANUARY 9, 2019

million settlement with The Neiman Marcus Group over a 2013 data breach. million settlement with The Neiman Marcus Group LLC over a data breach suffered by the company in 2013 and disclosed earlier 2014. billion in the Q4 2013. Security Affairs – settlement, cybercrime ). ” reported the Associated Press.

Data breaches

Data breaches Retail Advertising Cybercrime

New Mirai botnet variant Murdoc Botnet targets AVTECH IP cameras and Huawei HG532 routers

Security Affairs

JANUARY 21, 2025

Gayfemboy exploits various vulnerabilities, including CVE-2013-3307 , CVE-2021-35394 , CVE-2024-8957 , and others in DVRs, routers, and security appliances. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,botnet)

IoT

IoT Malware Hacking Cybercrime

FBI shuts down the Russian-based hacker platform DEER.IO

Security Affairs

MARCH 26, 2020

that is hosting various cybercrime products and services were being sold. companies for customers’ personal information.” platform since October 2013. SecurityAffairs – cybercrime, DEER.IO). appeared first on Security Affairs. “A Russian-based cyber platform known as DEER.IO Pierluigi Paganini.

Cybercrime

Cybercrime Advertising Hacking Accountability

U.S. sanctioned virtual currency exchanges Cryptex and PM2BTC for facilitating illegal activities

Security Affairs

SEPTEMBER 27, 2024

government sanctioned the virtual currency exchanges Cryptex and PM2BTC for facilitating cybercrime and money maundering. The authorities believe that these exchanges facilitate the laundering of proceeds from cybercrime. ” reads the press release published by DoJ. data breaches. This included over $158 million from fraud, $8.8

Cybercrime

Cybercrime Cryptocurrency Banking Ransomware

The parabola of a prolific cyber-criminal known as Dton

Security Affairs

MARCH 17, 2020

The man is active at least since 2013 and already earned at least $100,000 US from his ‘work,’ but researchers believe he has earned several times that amount. Dton’s history demonstrates that it is quite easy, even for relatively unskilled individuals, to enter in the cybercrime arena. SecurityAffairs – Dton, cybercrime).

Cybercrime

Cybercrime Malware Advertising Phishing

The man behind Cardplanet credit card market sentenced to 9 years in prison

Security Affairs

JUNE 27, 2020

The man operated the Cardplanet site between at least early 2009 through at least August 2013. Burkov was also operating another invite-only cybercrime forum, to obtain membership prospective members needed three existing members to “vouch” for their good reputation in the cybercrime community.

Marketing

Marketing Cybercrime Advertising Insurance

Irish Silk Road admin sentenced to 78 months in federal prison

Security Affairs

JULY 26, 2019

The man, who is also known as Libertas also provided customer support to Silk Road users in 2013, for this job he received a weekly salary. According to FBI, between February of 2011 and July 2013, Silk Road managed $1.2 SecurityAffairs – Dark Web, cybercrime). The FBI also seized about $33.6 Pierluigi Paganini.

Marketing

Marketing Advertising Cybercrime Information Security

Law enforcement shutdown a long-standing DDoS-for-hire service

Security Affairs

JUNE 17, 2023

Polish police, as part of the international law enforcement operation PowerOFF, dismantled a DDoS-for-hire service that has been active since at least 2013. An international operation codenamed PowerOff led to the shutdown of a DDoS-for-hire service that has been active since at least 2013. Viewer discretion is advised.

DDOS

DDOS Computers and Electronics Cybercrime Cryptocurrency

Russians charged with hacking Mt. Gox exchange and operating BTC-e

Security Affairs

JUNE 9, 2023

The BTC-e virtual currency is popular in the cybercrime underground because it was used by crooks to launder funds for illegal activities. In accordance with these requests, between in or about March 2012 and in or about April 2013, the New York Bitcoin Broker allegedly transferred more than approximately $6.6 ” reads the DoJ.

Hacking

Hacking Cryptocurrency Advertising Banking

HawkEye Keylogger is involved in attacks against business users

Security Affairs

MAY 28, 2019

The malware has been under active development since at least 2013 and it is offered for sale on various hacking forums as a keylogger and stealer. It allows to monitor systems and exfiltrate information. The latest variant appeared in the cybercrime underground in December 2018, it was named HawkEyeReborn v9.

Cybercrime

Cybercrime Malware Advertising Healthcare

A new variant of Cicada ransomware targets VMware ESXi systems

Security Affairs

SEPTEMBER 2, 2024

A second round of puzzles began one year later on January 4, 2013, and then a third round following the confirmation of a fresh clue posted on Twitter on January 4, 2014. Since June, the operators behind Cicada3301 have started recruiting affiliates on the RAMP cybercrime forum. The third puzzle has not been solved yet.

Ransomware

Ransomware Encryption Malware Cybercrime

German BKA arrested the alleged operator of Deutschland im Deep Web darknet market

Security Affairs

OCTOBER 30, 2022

The Darknet marketplace was a crucial service for drug trafficking in the cybercrime underground for several years. . ” The DiDW Darknet marketplace first appeared on the threat landscape in 2013. . ” The DiDW Darknet marketplace first appeared on the threat landscape in 2013.

Marketing

Marketing Cybercrime Mobile Internet

France police arrested Telegram CEO Pavel Durov

Security Affairs

AUGUST 25, 2024

Telegram Messenger is a cloud-based, cross-platform instant messaging service launched in 2013 for iOS and Android. Over the years, Telegram has become the privileged communication channel for cybercriminals and other threat actors. Telegram and the French Interior Ministry have not yet commented on the news.

Media

Media Encryption Hacking Cybercrime

A member of the FIN7 group was sentenced to 10 years in prison

Security Affairs

APRIL 18, 2021

CARBANAK cybercrime gang was first uncovered in 2014 by Kaspersky Lab that dated its activity back to 2013 when the group leveraged the Anunak malware in targeted attacks on financial institutions and ATM networks. Between 2014 and 2016 the group used a new custom malware dubbed Carbanak that is considered a newer version of Anunak.

System Administration

System Administration Penetration Testing Malware Hacking

LeakedSource Owner Quit Ashley Madison a Month Before 2015 Hack

Krebs on Security

JULY 18, 2023

LeakedSource was advertised on a number of popular cybercrime forums as a service that could help hackers break into valuable or high-profile accounts. us began in September 2013 as a forum for learning and teaching how to hack accounts at Runescape, an MMORPG set in a medieval fantasy realm where players battle for kingdoms and riches.

Hacking

Hacking Accountability Data breaches Marketing

Vietnam-linked Bismuth APT leverages coin miners to stay under the radar

Security Affairs

DECEMBER 1, 2020

The OceanLotus APT group is a state-sponsored group that has been active since at least 2013. The APT32 also targeted peripheral network security and technology infrastructure corporations, and security firms that may have connections with foreign investors. ” Microsoft said.

Cryptocurrency

Cryptocurrency Antivirus Manufacturing Government

Threat actor has been targeting the aviation industry since at least 2018

Security Affairs

SEPTEMBER 18, 2021

Talos researchers believe that the group was able to remain under the radar using crypters that it bought on cybercrime forums. ” Evidence collected by the experts suggests that the threat actor has been active at least since 2013. Microsoft 365 Defender detects the multiple components of this attack. .”

Malware

Malware Phishing DNS Cybercrime

BotenaGo botnet targets millions of IoT devices using 33 exploits

Security Affairs

NOVEMBER 11, 2021

Beta, D6220, D6400, D7000 CVE-2018-10561, CVE-2018-10562 GPON home routers CVE-2013-3307 Linksys X3000 1.0.03 d26m CVE-2013-5223 D-Link DSL-2760U Gateway CVE-2020-8958 Guangzhou 1GE ONU V2801RW 1.9.1-181203 Ax with firmware 1.04b12 and earlier CVE-2016-1555 Netgear WN604 before 3.3.3 CVE-2016-6277 NETGEAR R6250 before 1.0.4.6.Beta,

IoT

IoT Firmware Malware Wireless

3 of the Worst Data Breaches in the World That Could Have Been Prevented

Security Affairs

DECEMBER 1, 2022

In 2013, Yahoo suffered one of the worst data breaches in history, exposing over 3 billion user accounts. Near the holiday season of 2013, hackers exposed the credit and debit card information of over 110 million Target customers. Here are three of the worst data breaches that could have been avoided: Yahoo. Pierluigi Paganini.

Data breaches

Data breaches Passwords Social Engineering Encryption

Colorado Department of Higher Education (CDHE) discloses data breach after ransomware attack

Security Affairs

AUGUST 6, 2023

CDHE provides free access to the identify theft monitoring Experian IdentityWorks SM for 24 months.

Education

Education Data breaches Ransomware Hacking

Journalist Matthew Keys is now charged with an attack on a magazine

Security Affairs

APRIL 29, 2020

Keys was accused of providing Anonymous login credentials that allowed the group to deface access and deface the website of the Los Angeles Times in 2013. When Keys left Tribune Company-owned Sacramento KTXL Fox 40 in 2010, he shared login credentials of the CMS used by the website with members of Anonymous.

Hacking

Hacking Advertising Accountability Media

Play ransomware attacks use a new exploit to bypass ProxyNotShell mitigations on Exchange servers

Security Affairs

DECEMBER 21, 2022

they impact Exchange Server 2013, 2016, and 2019, an authenticated attacker can trigger them to elevate privileges to run PowerShell in the context of the system and gain arbitrary or remote code execution on vulnerable servers. The ProxyNotShell flaws are: CVE-2022-41040 – Microsoft Exchange Server Elevation of Privilege Vulnerability.

Ransomware

Ransomware Authentication Hacking Cybercrime

FBI arrested a Russian citizen suspected to be the mastermind of Deer.io

Security Affairs

MARCH 10, 2020

platform since October 2013. The Russian man also advertised the platform on other hacking forums. Firsov was arrested at the John F. Kennedy Airport, in New York, on March 7, the man is accused of running the Deer.io “The suspect, named Kirill Victorovich Firsov, was arrested on Saturday, March 7, at the John F.

Accountability

Accountability Advertising Passwords Hacking

Pakistani man sentenced to 12 years of prison for his role in AT&T hacking scheme

Security Affairs

SEPTEMBER 19, 2021

In 2013, AT&T implemented a new system to monitor the activity of the employees, for this reason, the Pakistani man corrupted the employees to install malware and other tools on the infrastructure of the company to unlock the devices remotely.

Hacking

Hacking Malware Cybercrime Information Security

Prominent Carding Marketplace UniCC announced it’s shutting down

Security Affairs

JANUARY 15, 2022

The site was launched in 2013 and according to the Elliptic Threat Intel about $358 million (across Bitcoin, Litecoin, Ether and Dash) in purchases were made through the platform. One of the biggest underground carding marketplaces, UniCC, announced it’s shutting down its operations.

Marketing

Marketing Retail Cryptocurrency Banking

A job ad published by the UK’s Ministry of Defence revealed a secret hacking squad

Security Affairs

AUGUST 15, 2021

.” “ MAB5 was described in gushing terms and with incredible detail, even naming the military leader – a Lieutenant Colonel (Lt Col) in the Royal Corps of Signals, who was awarded the MBE in the Queen’s Birthday Honours List 2013 when he was a Major. SecurityAffairs – hacking, cybercrime). Pierluigi Paganini.

Computers and Electronics

Computers and Electronics Hacking Engineering Mobile

The phone monitoring app LetMeSpy disclosed a data breach

Security Affairs

JUNE 29, 2023

DDoSecrets said it was limiting the distribution of the data to journalists and researchers, given the amount of personally identifiable information in the cache.” India, and Africa.

Data breaches

Data breaches Spyware Hacking Accountability

Ticketmaster will pay $10 Million fine over hacking a competitor

Security Affairs

JANUARY 2, 2021

The intrusions into the competitor’s systems took place repeatedly between 2013 and 2015. The attacks aimed at stealing information to gain an advantage over CrowdSurge, which was acquired by Warner Music Group (WMG) in 2017.

Hacking

Hacking Passwords Accountability Cybercrime

CERT-UA warns of an ongoing SmokeLoader campaign

Security Affairs

MAY 8, 2023

CERT-UA attributed the campaign to the financially motivated threat actor UAC-0006 which has been active since at least 2013. SmokeLoader acts as a loader for other malware, once it is executed it will inject malicious code into the currently running explorer process (explorer.exe) and downloads another payload to the system.

Malware

Malware Phishing VPN Accountability

Two Estonian citizens arrested in $575M cryptocurrency fraud scheme

Security Affairs

NOVEMBER 22, 2022

” The defendants are accused to have defrauded the victims between December 2013 and August 2019, they operated with other co-conspirators residing in Estonia, Belarus, and Switzerland. . “In reality, Polybius was never actually a bank, and never paid out the promised dividends.

Cryptocurrency

Cryptocurrency Banking Marketing Hacking

Latitude Data breach is worse than initially estimated. 14 million individuals impacted

Security Affairs

MARCH 28, 2023

million) were provided before 2013. million records include some, but not all of the following personal information: name, address, telephone, and date of birth. The statement also reported that approximately 6.1 million records dating back to at least 2005 were also compromised in the data breach. 94% of these records (5.7

Data breaches

Data breaches Financial Services Passwords Hacking

Rackspace: Play Ransomware gang used a previously unknown exploit to access its Hosted Exchange email environment

Security Affairs

JANUARY 6, 2023

they impact Exchange Server 2013, 2016, and 2019, an authenticated attacker can trigger them to elevate privileges to run PowerShell in the context of the system and gain arbitrary or remote code execution on vulnerable servers. The ProxyNotShell flaws are: CVE-2022-41040 – Microsoft Exchange Server Elevation of Privilege Vulnerability.

Ransomware

Ransomware Data breaches Authentication Hacking

The US government sanctioned four entities and one individual for supporting cyber operations conducted by North Korea

Security Affairs

MAY 24, 2023

In a classified report cited by Chosun, the US National Intelligence Service (DNI) found that North Korea was financing its ‘priority policies’, such as nuclear and missile development, through cybercrime. The 110th Research Center was also involved in the theft of sensitive government information from entities in South Korea.

Government

Government Cryptocurrency Media Technology

Meet the Administrators of the RSOCKS Proxy Botnet

XE Group shifts from credit card skimming to exploiting zero-days

Trending Sources

Accused Russian RSOCKS Botmaster Arrested, Requests Extradition to U.S.

Alleged Extortioner of Psychotherapy Patients Faces Trial

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

US offers $2.5M reward for Belarusian man involved in mass malware distribution

First American Financial Pays Farcical $500K Fine

Local Networks Go Global When Domain Names Collide

Police seized 50,000 Bitcoin from operator of the now-defunct piracy site movie2k

New ZLoader malware campaign hit more than 2000 victims across 111 countries

Notorious Finnish Hacker sentenced to more than six years in prison

State attorneys general announced a $1.5 million settlement with Neiman Marcus

New Mirai botnet variant Murdoc Botnet targets AVTECH IP cameras and Huawei HG532 routers

FBI shuts down the Russian-based hacker platform DEER.IO

U.S. sanctioned virtual currency exchanges Cryptex and PM2BTC for facilitating illegal activities

The parabola of a prolific cyber-criminal known as Dton

The man behind Cardplanet credit card market sentenced to 9 years in prison

Irish Silk Road admin sentenced to 78 months in federal prison

Law enforcement shutdown a long-standing DDoS-for-hire service

Russians charged with hacking Mt. Gox exchange and operating BTC-e

HawkEye Keylogger is involved in attacks against business users

A new variant of Cicada ransomware targets VMware ESXi systems

German BKA arrested the alleged operator of Deutschland im Deep Web darknet market

France police arrested Telegram CEO Pavel Durov

A member of the FIN7 group was sentenced to 10 years in prison

LeakedSource Owner Quit Ashley Madison a Month Before 2015 Hack

Vietnam-linked Bismuth APT leverages coin miners to stay under the radar

Threat actor has been targeting the aviation industry since at least 2018

BotenaGo botnet targets millions of IoT devices using 33 exploits

3 of the Worst Data Breaches in the World That Could Have Been Prevented

Colorado Department of Higher Education (CDHE) discloses data breach after ransomware attack

Journalist Matthew Keys is now charged with an attack on a magazine

Play ransomware attacks use a new exploit to bypass ProxyNotShell mitigations on Exchange servers

FBI arrested a Russian citizen suspected to be the mastermind of Deer.io

Pakistani man sentenced to 12 years of prison for his role in AT&T hacking scheme

Prominent Carding Marketplace UniCC announced it’s shutting down

A job ad published by the UK’s Ministry of Defence revealed a secret hacking squad

The phone monitoring app LetMeSpy disclosed a data breach

Ticketmaster will pay $10 Million fine over hacking a competitor

CERT-UA warns of an ongoing SmokeLoader campaign

Two Estonian citizens arrested in $575M cryptocurrency fraud scheme

Latitude Data breach is worse than initially estimated. 14 million individuals impacted

Rackspace: Play Ransomware gang used a previously unknown exploit to access its Hosted Exchange email environment

The US government sanctioned four entities and one individual for supporting cyber operations conducted by North Korea

Stay Connected