Security Affairs

NOVEMBER 3, 2021

Experts warn of the availability in the cybercrime underground of offers for initial access to networks of players in global supply chains. In August 2021 , an affiliate of the Conti ransomware gang claimed access to corporate networks belonging to a U.S. In October 2021 , a threat actor claimed access to the network of a U.S.-based

Cybercrime 133

Cybercrime VPN Ransomware Hacking 133

Security Affairs

NOVEMBER 20, 2021

“Most likely because no other groups were able to replicate such capabilities, after leaving cyberspace in January 2021, Emotet left a vacuum that was not filled even with MASSLOADER, also known as Hancitor. “Emotet’s return is not coincidental, it is caused by major shifts in the overall cybercrime domain.

Cybercrime 136

Cybercrime Ransomware Banking Malware 136

Security Affairs

MAY 27, 2022

The FBI warns organizations in the higher education sector of credentials sold on cybercrime forums that can allow threat actors to access their networks. In May 2021, cybercriminals offered more than 36,000 login credentials for.edu email accounts and advertised the data on an instant messaging platform. Pierluigi Paganini.

Cybercrime 145

Cybercrime Education Accountability Phishing 145

Security Affairs

OCTOBER 12, 2020

US government networks are under attack, threat actors chained VPN and Windows Zerologon flaws to gain unauthorized access to elections support systems. Recently Microsoft observed Iran-linked APT Mercury and the Russian cybercrime gang TA505 exploiting the Zerologon flaw in attacks in the wild. ” concludes the alert.

VPN 145

VPN Government Authentication Advertising 145

Security Affairs

DECEMBER 11, 2021

Accenture researchers detailed the activity of a new sophisticated cybercrime group, called Karakurt, behind recent cyberattacks. The activity of the group was first spotted in June 2021, but the group has been more active in Q3 2021. In June 2021 the gang registered the domains hosting its leak sites, karakurt[.]group

Cybercrime 113

Cybercrime VPN Ransomware Hacking 113

The Last Watchdog

JULY 11, 2022

Related: VPNs vs ZTNA. It’s in findings of a deep dive data analytics study led by Surfshark , a supplier of VPN services aimed at the consumer and SMB markets. Here are excerpts of our dialogue, edited for clarity and length: LW: Is it safe to assume demand for consumer VPNs has spiked, post Covid19?

VPN 229

VPN Data breaches Internet Internet 229

Security Affairs

JUNE 30, 2021

Law enforcement has seized the servers of DoubleVPN (doublevpn.com), a Russian-based VPN service that provides double-encryption service widely used by threat actors to anonymize their operation while performing malicious activities. The VPN service was offered for a starting price of €22 ($25). . Pierluigi Paganini.

VPN 141

VPN Cybercrime Encryption Advertising 141

Security Affairs

JUNE 17, 2021

UNC2465 cybercrime group that is affiliated with the Darkside ransomware gang has infected with malware the website of a CCTV camera vendor. “The intrusion that is detailed in this post began on May 18, 2021, which occurred days after the publicly reported shutdown of the overall DARKSIDE program ( Mandiant Advantage background ).

Cybercrime 110

Cybercrime Ransomware Software Antivirus 110

Krebs on Security

JULY 25, 2023

In a report released July 12, researchers at Lumen’s Black Lotus Labs called the AVrecon botnet “one of the largest botnets targeting small-office/home-office (SOHO) routers seen in recent history,” and a crime machine that has largely evaded public attention since first being spotted in mid-2021. com, super-socks[.]com,

Malware 239

Malware VPN Internet Internet 239

SecureList

MAY 12, 2021

Hackers who are on the lookout for publicly disclosed vulnerabilities (1-days) in internet facing software, such as VPN appliances or email gateways. There is, of course, a documented porosity between the ransomware ecosystem and other cybercrime domains such as carding or point-of-sale (PoS) hacking. Access sellers.

Ransomware 145

Ransomware Encryption Malware Cybercrime 145

Krebs on Security

DECEMBER 3, 2021

Since the beginning of 2020, Babam has set up numerous auctions on the Russian-language cybercrime forum Exploit , mainly selling virtual private networking (VPN) credentials stolen from various companies. Babam has authored more than 270 posts since joining Exploit in 2015, including dozens of sales threads. com and wwwpexpay[.]com.

Ransomware 351

Ransomware Passwords Accountability Cybercrime 351

Security Affairs

JANUARY 1, 2022

Which are the most-read cyber stories of 2021? The popular whistleblower Edward Snowden recommends customers of ExpressVPN VPN service to stop using it. Experts discovered a Local Privilege Escalation, tracked as CVE-2021-33909, that could allow attackers to get root access on most Linux distros. Pierluigi Paganini.

Hacking 115

Hacking Passwords VPN Ransomware 115

Krebs on Security

MARCH 2, 2022

In July 2021, Mango told Stern that the group was placing ads on several Russian-language cybercrime forums to hire more workers. According to Mango, as of July 18, 2021 the Conti gang employed 62 people, mostly low-level malware coders and software testers. It took the HSE until Sept.

Ransomware 240

Ransomware Antivirus Malware Cybercrime 240

SecureList

APRIL 27, 2021

This is our latest installment, focusing on activities that we observed during Q1 2021. In parallel, Volexity also reported the same Exchange zero-days being in use in early 2021. The attackers used vulnerabilities in an SSL-VPN product to deploy a multi-layered loader we dubbed Ecipekac (aka DESLoader, SigLoader and HEAVYHAND).

Malware 145

Malware Government Spyware Social Engineering 145

Security Affairs

JANUARY 12, 2022

The RedLine malware allows operators to steal several information, including credentials, credit card data, cookies, autocomplete information stored in browsers, cryptocurrency wallets, credentials stored in VPN clients and FTP clients. 2021-11-26 04:34:54 2021-11-26 10:05:15 149.154.167.91 154.167.91 Pierluigi Paganini.

Malware 145

Malware Manufacturing Cryptocurrency Cybercrime 145

Security Affairs

JUNE 2, 2024

Ticketmaster confirms data breach impacting 560 million customers Critical Apache Log4j2 flaw still threatens global finance Crooks stole more than $300M worth of Bitcoin from the exchange DMM Bitcoin ShinyHunters is selling data of 30 million Santander customers Over 600,000 SOHO routers were destroyed by Chalubo malware in 72 hours LilacSquid APT (..)

Data breaches 123

Data breaches VPN Cloud Migration Malware 123

Krebs on Security

APRIL 18, 2023

Riley Kilmer is co-founder of Spur.us , a company that tracks thousands of VPN and proxy networks, and helps customers identify traffic coming through these anonymity services. ” MRMURZA Faceless is a project from MrMurza , a particularly talkative member of more than a dozen Russian-language cybercrime forums over the past decade.

Malware 301

Malware Passwords Accountability Advertising 301

Security Affairs

AUGUST 26, 2021

Threat actors are targeting Pulse Connect Secure VPN devices exploiting multiple flaws, including CVE-2021-22893 and CVE-2021-22937. CVE-2021-22893 is a buffer overflow issue in Pulse Connect Secure Collaboration Suite prior b9.1R11.4 The flaw received a CVSS score of 9.1,

Malware 138

Malware VPN Authentication Hacking 138

Security Affairs

JULY 18, 2021

Read more at [link] #Cybersecurity #InfoSec #Ransomware — US-CERT (@USCERT_gov) July 15, 2021. Other groups targeted known vulnerabilities in SonicWall devices in the past, such as the UNC2447 cybercrime gang that exploited the CVE-2021-20016 zero-day bug in SonicWall SMA 100 Series VPN appliances to deliver the FiveHands ransomware.

Ransomware 137

Ransomware Firmware Mobile InfoSec 137

Security Affairs

DECEMBER 14, 2023

anti-cybercrime (Ofac).” The authorities reported that from June 2021 through at least November 2022, threat actors targeted a wide range of businesses and critical infrastructure sectors, including Government Facilities, Communications, Critical Manufacturing, Information Technology, and especially Healthcare and Public Health (HPH).

Ransomware 139

Ransomware Cryptocurrency Cybercrime VPN 139

Security Affairs

JANUARY 14, 2022

The gang was also providing VPN-like services used by other cybercriminal organizations to carry out malicious activities used to deliver malware to the target organization. Source SSU. The law enforcement arrested the leader of the group, a 36-year-old man that lives in Kyiv, along with his wife and three other acquaintances.

Ransomware 136

Ransomware DDOS Telecommunications Malware 136

Security Affairs

SEPTEMBER 8, 2021

The ransomware group has been active since August 2021 and implement a double extortion model like other gangs. SongBird also created a post on the RAMP forum that includes a link to a file containing the Fortinet VPN accounts. 2,959 out of 22,500 victims are US entities.

VPN 110

VPN Ransomware Hacking Accountability 110

Security Affairs

JULY 9, 2021

The systems at the company were infected with the Phoenix Locker, a variant of ransomware tracked as Hades that was part of the arsenal of the cybercrime group known as Evil Corp. “The investigation revealed that the threat actor accessed certain CNA systems at various times from March 5, 2021 to March 21, 2021.

Data breaches 145

Data breaches Insurance Ransomware Identity Theft 145

Security Affairs

DECEMBER 31, 2021

The RedLine malware allows operators to steal several information, including credentials, credit card data, cookies, autocomplete information stored in browsers, cryptocurrency wallets, credentials stored in VPN clients and FTP clients. Internationally sourced data, exfiltrated in Sept and Aug 2021.

Accountability 145

Accountability Malware Data breaches Passwords 145

Security Affairs

JANUARY 21, 2024

Admin of the BreachForums hacking forum sentenced to 20 years supervised release Russia-linked Midnight Blizzard APT hacked Microsoft corporate emails VF Corp December data breach impacts 35 million customers China-linked APT UNC3886 exploits VMware zero-day since 2021 Ransomware attacks break records in 2023: the number of victims rose by 128% U.S.

Artificial Intelligence 128

Artificial Intelligence Hacking VPN Firewall 128

Security Affairs

MAY 9, 2021

Experts found critical authentication bypass flaw in HPE Edgeline Infrastructure Manager UNC2529, a new sophisticated cybercrime gang that targets U.S.

Data breaches 102

Data breaches DDOS VPN Hacking 102

Security Affairs

JULY 6, 2022

.” These upgrades prove that Hive is one of the fastest evolving ransomware families in the cybercrime ecosystem. The Hive ransomware operation has been active since June 2021, it provides Ransomware-as-a-Service Hive and adopts a double-extortion model threatening to publish data stolen from the victims on their leak site (HiveLeaks).

Encryption 137

Encryption Ransomware Cybercrime Malware 137

SecureWorld News

FEBRUARY 27, 2021

In 2021, remote working is still very much considered the norm as the world continues to combat the coronavirus pandemic. One of the major issues surrounds keeping remote workers protected against cybercrime. Invest in a strong VPN. Many businesses have requested their staff work remotely for the foreseeable future.

Cybercrime 58

Cybercrime VPN Computers and Electronics Firewall 58

Malwarebytes

MAY 11, 2021

Both the Australian Cyber Security Centre (ACSC) and the US Federal Bureau of Investigation (FBI) have issued warnings about an ongoing cybercrime campaign that is using Avaddon ransomware. In February 2021 a researcher found a flaw in the Avaddon encryption routine that allowed them to create a free decryptor. Free decryptor.

Ransomware 120

Ransomware VPN Encryption Cybercrime 120

Malwarebytes

JANUARY 19, 2022

VPNLab had been around since 2008 and had built its service around the OpenVPN technology, used strong encryption, and provided double VPN, with servers located in many different countries. What is double VPN? Double VPN is basically what the name suggests. Double VPN is not a common feature, because it is very slow.

VPN 84

VPN Encryption Cybercrime Technology 84

Security Affairs

JULY 31, 2022

The DawDropper apps are masqueraded as productivity and utility apps such as document scanners, VPN services, QR code readers, and call recorders. “In the latter part of 2021, we found a malicious campaign that uses a new dropper variant that we have dubbed as DawDropper. ” reads the report published by Trend Micro.

Banking 132

Banking Malware VPN Hacking 132

Security Affairs

AUGUST 8, 2021

Ivanti fixed a critical code execution issue in Pulse Connect Secure VPN RansomEXX ransomware leaks files stolen from Italian luxury brand Zegna VMware addresses critical flaws in its products CVE-2021-20090 actively exploited to target millions of IoT devices worldwide RansomEXX ransomware hit computer manufacturer and distributor GIGABYTE.

VPN 103

VPN Ransomware Manufacturing IoT 103

BH Consulting

DECEMBER 14, 2021

Digital takeup drives accelerated cybercrime activity: IOCTA. Growing use of digital technologies, accelerated by the Covid-19 pandemic, has led to a sharp increase in cybercrime. In last month’s newsletter, we looked at why using a VPN doesn’t always protect the user. You asked for miracles, Theo, I give you the FBI.”.

Cybercrime 59

Cybercrime Mobile DDOS CISO 59

Security Affairs

JUNE 20, 2021

Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the international press subscribe here.

Data breaches 108

Data breaches DDOS Small Business Ransomware 108

SecureList

NOVEMBER 23, 2021

The debate about which threats pose the most danger to industrial enterprises often revolves around comparisons between APTs and cybercrime. Similarly, APTs masquerading as cybercrime, and attacks by cybercriminals pretending to be an APT, have lost their wow factor. Update firewalls and SSL VPN gateways in good time.

Spyware 137

Spyware Phishing Cybercrime Energy and Utilities 137

Security Affairs

JULY 5, 2021

Implement allowlisting to limit communication with remote monitoring and management (RMM) capabilities to known IP address pairs, and/or Place administrative interfaces of RMM behind a virtual private network (VPN) or a firewall on a dedicated administrative network.

Ransomware 136

Ransomware VPN Backups Firewall 136

Krebs on Security

SEPTEMBER 2, 2021

Here’s the story of a cybercrime group that compromises up to 100,000 email inboxes per day, and apparently does little else with this access except siphon gift card and customer loyalty program data that can be resold online. “But what are the detection signatures you have available for detecting malicious logins via IMAP?

Accountability 348

Accountability Authentication Passwords Hacking 348