2020, Cybercrime and Information Security

The source code of the 2020 variant of HelloKitty ransomware was leaked on a cybercrime forum

Security Affairs

OCTOBER 9, 2023

A threat actor has leaked the source code for the first version of the HelloKitty ransomware on a Russian-speaking cybercrime forum. The availability of the source in the cybercrime ecosystem can allow threat actors to develop their own version of the Hello Kitty ransomware. The HelloKitty gang has been active since January 2021.

Cybercrime

Cybercrime Ransomware DDOS Encryption

Russian Cybercrime group is exploiting Zerologon flaw, Microsoft warns

Security Affairs

OCTOBER 10, 2020

Microsoft has uncovered Zerologon attacks that were allegedly conducted by the infamous TA505 Russia-linked cybercrime group. Microsoft spotted a series of Zerologon attacks allegedly launched by the Russian cybercrime group tracked as TA505 , CHIMBORAZO and Evil Corp. states Microsoft. We strongly recommend patching.

Cybercrime

Cybercrime Security Intelligence Authentication Banking

Threat Report Portugal: Q2 2020

Security Affairs

AUGUST 14, 2020

The Threat Report Portugal: Q2 2020 compiles data collected on the malicious campaigns that occurred from April to Jun, Q2, of 2020. The Threat Report Portugal: Q2 2020 compiles data collected on the malicious campaigns that occurred from April to Jun, Q2, of 2020. Phishing and Malware Q2 2020.

Threat Reports

Threat Reports Phishing Banking Malware

Russian Phobos ransomware operator faces cybercrime charges

Security Affairs

NOVEMBER 19, 2024

Russian Phobos ransomware operator Evgenii Ptitsyn, accused of managing attacks, was extradited from South Korea to the US to face cybercrime charges. Russian Phobos ransomware operator Evgenii Ptitsyn, suspected of playing a key role in the ransomware operations, was extradited from South Korea to the US to face cybercrime charges.

Cybercrime

Cybercrime Ransomware Healthcare Education

15 billion credentials available in the cybercrime marketplaces

Security Affairs

JULY 9, 2020

More than 15 billion username and passwords are available on cybercrime marketplaces, including over 5 billion unique credentials, states the experts. Experts reported that brute-force cracking tools and account checkers are available on cybercrime marketplaces and forums for an average of $4. Pierluigi Paganini.

Cybercrime

Cybercrime Antivirus Marketing Accountability

Incident response analyst report 2020

SecureList

SEPTEMBER 13, 2021

The Incident response analyst report provides insights into incident investigation services conducted by Kaspersky in 2020. In 2020, the pandemic forced companies to restructure their information security practices, accommodating a work-from-home (WFH) approach. Geography of incident responses by region, 2020.

Social Engineering

Social Engineering Healthcare Ransomware Government

DarkIRC botnet is targeting the critical Oracle WebLogic CVE-2020-14882

Security Affairs

DECEMBER 1, 2020

The critical remote code execution (RCE) vulnerability CVE-2020-14882 in Oracle WebLogic is actively exploited by operators behind the DarkIRC botnet. Experts reported that the DarkIRC botnet is actively targeting thousands of exposed Oracle WebLogic servers in the attempt of exploiting the CVE-2020-14882. Pierluigi Paganini.

Malware

Malware DDOS Hacking Cybercrime

FBI: Compromised US academic credentials available on various cybercrime forums

Security Affairs

MAY 27, 2022

The FBI warns organizations in the higher education sector of credentials sold on cybercrime forums that can allow threat actors to access their networks. In late 2020, credentials for US-based universities were found for sale on the dark web. In 2017, crooks launched a phishing campaign against universities to compromise.edu accounts.

Cybercrime

Cybercrime Education Accountability Phishing

FIN11 cybercrime group is behind recent wave of attacks on FTA servers

Security Affairs

FEBRUARY 23, 2021

FireEye experts linked a series of attacks targeting Accellion File Transfer Appliance (FTA) servers to the cybercrime group UNC2546, aka FIN11. Security experts from FireEye linked a series of cyber attacks against organizations running Accellion File Transfer Appliance (FTA) servers to the cybercrime group UNC2546, aka FIN11.

Cybercrime

Cybercrime Software Ransomware Cyber Attacks

Conti Ransomware Group Diaries, Part I: Evasion

Krebs on Security

MARCH 1, 2022

A Ukrainian security researcher this week leaked several years of internal chat logs and other sensitive data tied to Conti , an aggressive and ruthless Russian cybercrime group that focuses on deploying its ransomware to companies with more than $100 million in annual revenue. 22, 2020, the U.S. On Sunday, Feb. 428 hospitals.”

Ransomware

Ransomware Healthcare Cybercrime Government

TeamTNT cybercrime gang expands its arsenal to target thousands of orgs worldwide

Security Affairs

SEPTEMBER 9, 2021

The TeamTNT botnet is a crypto-mining malware operation that has been active since April 2020 and that targets Docker installs. In January 2021, the cybercrime gang launched a new campaign targeting Kubernetes environments with the Hildegard malware. . ” Follow me on Twitter: @securityaffairs and Facebook.

Cybercrime

Cybercrime Cryptocurrency Penetration Testing Malware

Amid an Embarrassment of Riches, Ransom Gangs Increasingly Outsource Their Work

Krebs on Security

OCTOBER 8, 2020

There’s an old adage in information security: “Every company gets penetration tested, whether or not they pay someone for the pleasure.” ” Many organizations that do hire professionals to test their network security posture unfortunately tend to focus on fixing vulnerabilities hackers could use to break in.

Cybercrime

Cybercrime VPN Malware Ransomware

Web Hacking Service ‘Araneida’ Tied to Turkish IT Firm

Krebs on Security

DECEMBER 19, 2024

The makers of Acunetix, Texas-based application security vendor Invicti Security , confirmed Silent Push’s findings, saying someone had figured out how to crack the free trial version of the software so that it runs without a valid license key. In early 2020, Exorn promoted a website called “ orndorks[.]com

Hacking

Hacking Cybercrime Advertising Data breaches

Since 2020, at least 130 different ransomware families have been active

Security Affairs

OCTOBER 14, 2021

Since 2020, at least 130 different ransomware families have been active. The analysis of the temporal distribution of ransomware-related submissions revealed a sequence of peaks in the first two quarters of 2020. The post Since 2020, at least 130 different ransomware families have been active appeared first on Security Affairs.

Ransomware

Ransomware Malware Accountability Hacking

Alleged Extortioner of Psychotherapy Patients Faces Trial

Krebs on Security

NOVEMBER 16, 2023

In a 2,200-page report, Finnish authorities laid out how they connected the extortion spree to Kivimäki, a notorious hacker who was convicted in 2015 of perpetrating tens of thousands of cybercrimes, including data breaches, payment fraud, operating a botnet and calling in bomb threats.

Cybercrime

Cybercrime Hacking Data breaches Banking

Crooks stole 800,000€ from ATMs in Italy with Black Box attack

Security Affairs

NOVEMBER 29, 2020

The Carabinieri of Monza dismantled by the gang, the Italian law enforcement agency confirmed that the cybercrime organization stole about 800,000€ in just 7 months using #ATM Black Box attack. Here the list of victim Banks with date and impacted City: [link] pic.twitter.com/NkRr5IfUGn — Bank Security (@Bank_Security) November 27, 2020.

Banking

Banking Cybercrime Mobile Manufacturing

Interview With a Crypto Scam Investment Spammer

Krebs on Security

MAY 22, 2023

pw has been registered and abandoned by several parties since 2014, but the most recent registration data available through DomainTools.com shows it was registered in March 2020 to someone in Krasnodar, Russia with the email address edgard011012@gmail.com. In May 2020, Zipper told another Lolzteam member that quot[.]pw

Scams

Scams DDOS Cryptocurrency Accountability

Internationa police operation led to the arrest of the SilverTerrier gang leader

Security Affairs

MAY 25, 2022

The Nigeria Police Force has arrested the suspected leader of the SilverTerrier cybercrime group as a result of an international operation. The Nigeria Police Force has arrested the suspected leader of the SilverTerrier cybercrime gang (aka TMT ) after a year-long investigation codenamed “Operation Delilah.”

Cybercrime

Cybercrime Healthcare Cybersecurity Phishing

Dutch police warn customers of a popular DDoS booter service

Security Affairs

OCTOBER 13, 2021

The investigation was launched in 2020 after a gaming provider was hit by a DDoS attack launched via this booter service. On July 30, 2020, the police searched the homes of two suspects and seized computers and telephones. SecurityAffairs – hacking, cybercrime). The investigation is still ongoing. and Overheid.nl

DDOS

DDOS Cybercrime IoT Hacking

Info stealers and how to protect against them

Security Affairs

DECEMBER 18, 2023

“Cashout bank logs” typically refer to a type of cybercrime where individuals gain unauthorized access to banking information, often through phishing attacks or hacking, and then use that information to withdraw money or make unauthorized transactions. Do you want to know how do we protect against info stealers?

Banking

Banking Cybercrime Malware Accountability

Threat actors are actively exploiting Zerologon flaw, Microsoft warns

Security Affairs

OCTOBER 30, 2020

The CVE-2020-1472 flaw is an elevation of privilege that resides in the Netlogon. ” Microsoft strongly encourages administrators of enterprise Windows Servers to install the August 2020 Patch Tuesday as soon as possible to protect their systems from Zerologon attack that exploits the CVE-2020-1472. .”

Authentication

Authentication Advertising Architecture Cybercrime

First American Financial Pays Farcical $500K Fine

Krebs on Security

JUNE 18, 2021

The SEC said that under First American’s remediation policies, if the person responsible for fixing the problem is unable to do so based on the timeframes listed above, that employee must have their management contact the company’s information security department to discuss their remediation plan and proposed time estimate.

Insurance

Insurance Risk Financial Services CISO

A Ukrainian man is the third FIN7 member sentenced in the United States

Security Affairs

APRIL 8, 2022

A Ukrainian man was sentenced in the US to 5 years in prison for his criminal activity in the cybercrime group FIN7. for high-level hacking activity in the cybercrime group FIN7 (aka Carbanak Group and the Navigator Group). in May 2020. in May 2020. law enforcement, then he was extradited to the U.S.

Cybercrime

Cybercrime Hacking Software Phishing

Feds indicted two alleged administrators of WWH Club dark web marketplace

Security Affairs

SEPTEMBER 8, 2024

WWH Club had over 353,000 users by 2023 and offered courses on fraud and cybercrime, generating profits through membership and tuition fees. Khodyrev and Kublitskii were also the administrators of many similar websites, including darkweb marketplaces, forums, and training centers to enable cybercrime.

Cybercrime

Cybercrime Accountability Banking Advertising

Group-IB: ransomware empire prospers in pandemic-hit world. Attacks grow by 150%

Security Affairs

MARCH 4, 2021

Group-IB published a report titled “Ransomware Uncovered 2020-2021 ”. analyzes ransomware landscape in 2020 and TTPs of major threat actors. Group-IB , a global threat hunting and adversary-centric cyber intelligence company, has presented its new report “Ransomware Uncovered 2020-2021 ”. The gold rush of 2020.

Ransomware

Ransomware Cybercrime Malware Marketing

Toymaker giant Mattel disclosed a ransomware attack

Security Affairs

NOVEMBER 4, 2020

Toy industry giant Mattel announced that it has suffered a ransomware attack that took place on July 28th, 2020, and impacted some of its business operations. The good news that the company excluded the theft of internal information. The toymaker is one of the largest toymakers in the world with 24,000 employees and $5.7

Ransomware

Ransomware Advertising Retail Malware

Local Networks Go Global When Domain Names Collide

Krebs on Security

AUGUST 23, 2024

Mike Barlow , information security manager for the City of Memphis, confirmed the Memphis Police’s systems were sharing their Microsoft Windows credentials with the domain, and that the city was working with Caturegli to have the domain transferred to them. .” Caturegli said setting up an email server record for memrtcc.ad

DNS

DNS Internet Internet Authentication

Telegram is becoming the paradise of cyber criminals

Security Affairs

SEPTEMBER 27, 2021

Researchers from vpnMentor recently published a report that sheds the light on the use of Telegram in the cybercrime ecosystem. vpnMentor researchers joined several cybercrime-focused Telegram groups and discovered a vast network of more 1,000s individuals sharing data leaks and dumps and discussing how to exploit them in illegal activities.

Cybercrime

Cybercrime Hacking Mobile DDOS

North Korea-linked threat actors stole $1.7 billion from cryptocurrency exchanges

Security Affairs

JANUARY 2, 2022

In a classified report cited by Chosun, the US National Intelligence Service (DNI) found that North Korea was financing its ‘priority policies’, such as nuclear and missile development, through cybercrime. “Citing the U.S. million in cryptocurrency through this program. 380 billion.

Cryptocurrency

Cryptocurrency Cybercrime Media Government

AbstractEmu, a new Android malware with rooting capabilities

Security Affairs

OCTOBER 28, 2021

“AbstractEmu does not exploit zero-click remote exploits, instead it exploits very contemporary vulnerabilities (CVE-2020-0041, CVE-2020-0069, CVE-2019-2215 and CVE-2020-0041 ) from 2019 and 2020 to target the largest number of devices as possible. . SecurityAffairs – hacking, cybercrime).

Malware

Malware Cybercrime Mobile Banking

Hackers targeted the US Census Bureau network, DHS report warns

Security Affairs

OCTOBER 11, 2020

According to the DHS, threat actors will likely interfere with the upcoming 2020 US Presidential election, as well as to compromise the 2020 US Census. The HTA report warns of an intensification of malicious activities conducted by both nation-states and cybercrime groups. ” reads the DHS HTA. ” reads the DHS HTA.

Government

Government Advertising Hacking Data collection

French police seized dark web marketplace Le Monde Parallèle

Security Affairs

MAY 26, 2021

Last week, French authorities have seized the dark web marketplace Le Monde Parallèle, it is another success of national police in the fight against cybercrime. French authorities seized the dark web marketplace Le Monde Parallèle, the operation is another success of national police in the fight against cybercrime activity in the dark web.

Cybercrime

Cybercrime Cryptocurrency Banking Mobile

U.S. Treasury Department sanctions darkweb marketplace Hydra Market

Security Affairs

APRIL 6, 2022

The seizure of the Hydra Market is the result of an international investigation conducted by the Central Office for Combating Cybercrime (ZIT) in partnership with U.S. billion euros in 2020 alone. Treasury Department explained that the sanctions aim at disrupting the proliferation of cybercrime services. “Today, the U.S.

Marketing

Marketing Cybercrime Advertising Hacking

Global Scamdemic: Scams Become Number One Online Crime

Security Affairs

JUNE 10, 2021

Group-IB, a global threat hunting and adversarial cyber intelligence company specializing in the investigation and prevention of high-tech cybercrime, has published a comprehensive analysis of fraud cases on a global scale. . Insurance companies around the world are now suffering from phishing.

Scams

Scams Banking Retail Insurance

French IT services provider Inetum hit by BlackCat ransomware attack

Security Affairs

DECEMBER 26, 2021

The company operates in more than 26 countries, the Group has nearly 27,000 employees and in 2020 generated revenues of €1.966 billion. ALPHV has been advertising the BlackCat Ransomware-as-a-Service (RaaS) on the cybercrime forums XSS and Exploit since early December. ” reads the press release published by the company.

Ransomware

Ransomware Cybercrime Advertising Information Security

APT groups chain VPN and Windows Zerologon bugs to attack US government networks

Security Affairs

OCTOBER 12, 2020

According to the Alert (AA20-283A), advanced persistent threat (APT) actors are exploiting multiple legacy vulnerabilities in combination with a the recently discovered Zerologon vulnerability (CVE-2020-1472). The CVE-2020-1472 flaw is an elevation of privilege that resides in the Netlogon. ” reads the report.

VPN

VPN Government Authentication Advertising

French and Ukrainian police arrested Egregor ransomware affiliates/partners in Ukraine

Security Affairs

FEBRUARY 15, 2021

The Egregor ransomware gang has been active since September 2020, it began operating shortly after the Maze ransomware operators shut down their operations. The Egregor ransomware first appeared on the threat landscape in September 2020, since then the gang claimed to have compromised over 150 organizations.

Ransomware

Ransomware Cybercrime Media Phishing

NCA arrested 21 customers of the WeLeakInfo service

Security Affairs

JANUARY 3, 2021

In early 2020, a joint operation conducted by the FBI in coordination with the UK NCA, the Netherlands National Police Corps, the German Bundeskriminalamt, and the Police Service of Northern Ireland resulted in the seizure of the WeLeakInfo.com domain. . ” reads the announcement published by the UK NCA.

Data breaches

Data breaches Cybercrime Cyber Attacks Advertising

Clop ransomware gang leaks data allegedly stolen from cybersecurity firm Qualys

Security Affairs

MARCH 3, 2021

A couple of weeks ago, security experts from FireEye linked a series of cyber attacks against organizations running Accellion File Transfer Appliance (FTA) servers to the cybercrime group UNC2546, aka FIN11. reported FireEye. “The onion website.

Ransomware

Ransomware Cybersecurity Cyber Attacks Data breaches

Maze ransomware is going out of the business

Security Affairs

NOVEMBER 1, 2020

The Maze cybercrime gang is shutting down its operations, it was considered one of the most prominent and active ransomware crew since it began operating in May 2019. The gang was the first to introduce a double-extortion model in the cybercrime landscape at the end of 2019.

Ransomware

Ransomware Cybercrime Advertising Software

BlackCat ransomware, a very sophisticated malware written in Rust

Security Affairs

DECEMBER 10, 2021

In the past, other two ransomware were written in Rust for research purposes, one of them was published on GitHub in 2020, the second one is a now-defunct strain named BadBeeTeam. Unlike other malware, ALPHV (BlackCat) is the first Rust ransomware that was used in attacks in the wild by a cybercrime organization.

Ransomware

Ransomware Malware Cybercrime Encryption

University of Utah pays a $457,000 ransom to ransomware gang

Security Affairs

AUGUST 21, 2020

The University of Utah admitted to have paid a $457,059 ransom in order to avoid having ransomware operators leak student information online. ” reads a press release published by the University. “It was determined that approximately.02% 02% of the data on the servers was affected by the attack.”

Ransomware

Ransomware Cyber Insurance Insurance Advertising

HelloKitty ransomware gang also targets victims with DDoS attacks

Security Affairs

NOVEMBER 1, 2021

The HelloKitty ransomware operators have been active since November 2020, since July, they are using a Linux variant of their malware to target VMware ESXi virtual machine platform. SecurityAffairs – hacking, cybercrime). The post HelloKitty ransomware gang also targets victims with DDoS attacks appeared first on Security Affairs.

DDOS

DDOS Ransomware Cybercrime Encryption

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

The Last Watchdog

JUNE 21, 2020

The epidemic went truly mainstream with the release of CryptoLocker back in 2013, and it has since transformed into a major dark web economy spawning the likes of Sodinokibi, Ryuk, and Maze lineages that are targeting the enterprise on a huge scale in 2020. In early 2020, several cybercriminals groups followed suit.

Ransomware

Ransomware Hacking Encryption Penetration Testing

The source code of the 2020 variant of HelloKitty ransomware was leaked on a cybercrime forum

Russian Cybercrime group is exploiting Zerologon flaw, Microsoft warns

Trending Sources

Threat Report Portugal: Q2 2020

Russian Phobos ransomware operator faces cybercrime charges

15 billion credentials available in the cybercrime marketplaces

Incident response analyst report 2020

DarkIRC botnet is targeting the critical Oracle WebLogic CVE-2020-14882

FBI: Compromised US academic credentials available on various cybercrime forums

FIN11 cybercrime group is behind recent wave of attacks on FTA servers

Conti Ransomware Group Diaries, Part I: Evasion

TeamTNT cybercrime gang expands its arsenal to target thousands of orgs worldwide

Amid an Embarrassment of Riches, Ransom Gangs Increasingly Outsource Their Work

Web Hacking Service ‘Araneida’ Tied to Turkish IT Firm

Since 2020, at least 130 different ransomware families have been active

Alleged Extortioner of Psychotherapy Patients Faces Trial

Crooks stole 800,000€ from ATMs in Italy with Black Box attack

Interview With a Crypto Scam Investment Spammer

Internationa police operation led to the arrest of the SilverTerrier gang leader

Dutch police warn customers of a popular DDoS booter service

Info stealers and how to protect against them

Threat actors are actively exploiting Zerologon flaw, Microsoft warns

First American Financial Pays Farcical $500K Fine

A Ukrainian man is the third FIN7 member sentenced in the United States

Feds indicted two alleged administrators of WWH Club dark web marketplace

Group-IB: ransomware empire prospers in pandemic-hit world. Attacks grow by 150%

Toymaker giant Mattel disclosed a ransomware attack

Local Networks Go Global When Domain Names Collide

Telegram is becoming the paradise of cyber criminals

North Korea-linked threat actors stole $1.7 billion from cryptocurrency exchanges

AbstractEmu, a new Android malware with rooting capabilities

Hackers targeted the US Census Bureau network, DHS report warns

French police seized dark web marketplace Le Monde Parallèle

U.S. Treasury Department sanctions darkweb marketplace Hydra Market

Global Scamdemic: Scams Become Number One Online Crime

French IT services provider Inetum hit by BlackCat ransomware attack

APT groups chain VPN and Windows Zerologon bugs to attack US government networks

French and Ukrainian police arrested Egregor ransomware affiliates/partners in Ukraine

NCA arrested 21 customers of the WeLeakInfo service

Clop ransomware gang leaks data allegedly stolen from cybersecurity firm Qualys

Maze ransomware is going out of the business

BlackCat ransomware, a very sophisticated malware written in Rust

University of Utah pays a $457,000 ransom to ransomware gang

HelloKitty ransomware gang also targets victims with DDoS attacks

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

Stay Connected