Krebs on Security

MAY 11, 2021

Four of these weaknesses can be exploited by malware and malcontents to seize complete, remote control over vulnerable systems without any help from users. ” Breen also called attention to CVE-2021-26419 — a vulnerability in Internet Explorer 11 — to make the case for why IE needs to stand for “Internet Exploder.”

Wireless 316

Wireless Internet Internet Backups 316

Krebs on Security

SEPTEMBER 1, 2021

Over the past 15 years, a cybercrime anonymity service known as VIP72 has enabled countless fraudsters to mask their true location online by routing their traffic through millions of malware-infected systems. Between 2003 and 2006, Corpse focused on selling and supporting his Haxdoor malware. Image: Google Translate via Archive.org.

Malware 340

Malware Cybercrime Internet Internet 340

Krebs on Security

FEBRUARY 26, 2023

Web hosting giant GoDaddy made headlines this month when it disclosed that a multi-year breach allowed intruders to steal company source code, siphon customer and employee login credentials, and foist malware on customer websites. What else do we know about the cause of these incidents?

Hacking 327

Hacking Social Engineering Phishing Scams 327

Krebs on Security

DECEMBER 4, 2024

Last week, the Russian government reportedly arrested Matveev and charged him with creating malware used to extort companies. image: x.com/vxunderground The golden rule of cybercrime in Russia has always been that as long as you never hack, extort or steal from Russian citizens or companies, you have little to fear of arrest.

Cybercrime 233

Cybercrime Ransomware Cryptocurrency Government 233

Krebs on Security

AUGUST 2, 2022

With the recent demise of several popular “proxy” services that let cybercriminals route their malicious traffic through hacked PCs, there is now something of a supply chain crisis gripping the underbelly of the Internet. com , a malware-based proxy network that has been in existence since at least 2010. Image: Spur.us.

Malware 318

Malware Cybercrime Internet Internet 318

Krebs on Security

NOVEMBER 14, 2024

But not long after KrebsOnSecurity reported in April that Shefel/Rescator also was behind the theft of Social Security and tax information from a majority of South Carolina residents in 2012, Mr. Shefel began contacting this author with the pretense of setting the record straight on his alleged criminal hacking activities. 15, 2024.

Retail 258

Retail Advertising Cryptocurrency Marketing 258

Krebs on Security

NOVEMBER 5, 2024

Bloomberg first reported Moucka’s alleged ties to the Snowflake hacks on Monday. On May 2, 2024, Judische claimed on the fraud-focused Telegram channel Star Chat that they had hacked Santander Bank , one of the first known Snowflake victims. Image: [link] On October 30, Canadian authorities arrested Alexander Moucka, a.k.a.

Cybercrime 277

Cybercrime Mobile Media Hacking 277

Krebs on Security

APRIL 18, 2023

For the past seven years, a malware-based proxy service known as “ Faceless ” has sold anonymity to countless cybercriminals. The proxy lookup page inside the malware-based anonymity service Faceless. Image: spur.us. as a media sharing device on a local network that was somehow exposed to the Internet.

Malware 295

Malware Passwords Accountability Advertising 295

Krebs on Security

FEBRUARY 9, 2023

Initially a stealthy trojan horse program delivered via email and used to steal passwords, Trickbot evolved into “a highly modular malware suite that provides the Trickbot Group with the ability to conduct a variety of illegal cyber activities, including ransomware attacks,” the Treasury Department said. The Forbes.ru

Hacking 237

Hacking Cybercrime Ransomware Government 237

Security Affairs

NOVEMBER 29, 2024

Russian authorities arrested ransomware affiliate Mikhail Matveev, aka Wazawaka, for developing malware and ties to hacking groups. On April 26, 2021, Matveev and his Babuk coconspirators hit the Metropolitan Police Department in Washington, D.C.

Ransomware 117

Ransomware Healthcare Hacking Malware 117

Security Affairs

DECEMBER 17, 2024

The FBI warned of a fresh wave of HiatusRAT malware attacks targeting internet-facing Chinese-branded web cameras and DVRs. The Federal Bureau of Investigation (FBI) released a Private Industry Notification (PIN) to warn of HiatusRAT malware campaigns targeting Chinese-branded web cameras and DVRs. ” reads the PIN report.

Architecture 107

Architecture Internet Internet Malware 107

Schneier on Security

SEPTEMBER 14, 2023

Google removed it from Play in 2021. The Trojan has been linked to a China-aligned hacking group tracked as GREF. The FlyGram malware was also shared in a Uyghur Telegram group, further aligning it to previous targeting by the BadBazaar malware family. Both apps remain available in the Samsung store.

Malware 334

Malware Accountability Hacking Spyware 334

Krebs on Security

JULY 25, 2023

Now new findings reveal that AVrecon is the malware engine behind a 12-year-old service called SocksEscort , which rents hacked residential and small business devices to cybercriminals looking to hide their true location online. ” According to Kilmer, AVrecon is the malware that gives SocksEscort its proxies.

Malware 237

Malware VPN Internet Internet 237

eSecurity Planet

APRIL 2, 2025

The hack, attributed to a cybercriminal operating under the alias GHNA, occurred when the attacker accessed a system used by Samsungs German customer service. According to cybersecurity firm Hudson Rock, the hack was made possible by a set of stolen credentials compromised in 2021.

Identity Theft 122

Identity Theft Cybersecurity Scams Accountability 122

Daniel Miessler

MAY 19, 2021

Top actions in breaches were: phishing (social), use of stolen credentials (hacking), other, ransomware (malware), pretexting (social), misconfiguration (error), misdelivery (error), brute force (hacking), C2 (malware), and backdoor (malware). Top three for beginning: hacking, error, and social.

Data breaches 192

Data breaches Social Engineering Ransomware Phishing 192

The Last Watchdog

APRIL 21, 2021

From January through March 2021, TLS concealed 45 percent of the malware Sophos analysts observed circulating on the Internet; that’s double the rate – 23 percent – seen in early 2020, Dan Schiappa, Sophos’ chief product officer, told me in a briefing. “For And then they may use off-the-shelf malware to carry out their attack.

Malware 214

Malware Firewall Encryption Digital transformation 214

Schneier on Security

SEPTEMBER 19, 2024

The FBI has shut down a botnet run by Chinese hackers: The botnet malware infected a number of different types of internet-connected devices around the world, including home routers, cameras, digital video recorders, and NAS drives.

Telecommunications 305

Telecommunications Media Malware Internet 305

The Last Watchdog

JANUARY 25, 2021

Thanks to a couple of milestone hacks disclosed at the close of 2020 and start of 2021, they will forever be associated with putting supply-chain vulnerabilities on the map. Similarly, the SolarWinds and Mimecast hacks are precursors of increasingly clever and deeply-damaging hacks of the global supply chain sure to come.

Hacking 228

Hacking B2B Authentication Software 228

Security Affairs

MAY 22, 2024

A threat actor is targeting organizations in Africa and the Middle East by exploiting Microsoft Exchange Server flaws to deliver malware. According to the researchers, the malware campaign targeting MS Exchange Server has been active since at least 2021. The keylogger was used to collect account credentials.

Malware 137

Malware Accountability Technology Internet 137

Security Affairs

NOVEMBER 19, 2024

Evgenii Ptitsyn and others allegedly ran an international hacking scheme since November 2020, deploying Phobos ransomware to extort victims. Ptitsyn and his conspirators used a ransomware-as-a-service (RaaS) model to distribute their malware to a network of affiliates.

Cybercrime 114

Cybercrime Ransomware Healthcare Education 114

Security Affairs

FEBRUARY 2, 2025

A joint law enforcement operation led to the seizure of 39 domains tied to a Pakistan-based HeartSender cybercrime group (aka Saim Raza and Manipulators Team) known for selling hacking and fraud tools. By 2021, key members had founded WeCodeSolutions in Lahore, seemingly to legitimize their earnings from HeartSender.

Cybercrime 108

Cybercrime Advertising Phishing Hacking 108

Security Affairs

FEBRUARY 13, 2025

On September 2022, the Sandworm group was observed impersonating telecommunication providers to target Ukrainian entities with malware. “ Since 2021, Seashell Blizzard’s subgroup has exploited vulnerable infrastructure using scanning tools, evolving TTPs for persistence and lateral movement.

Telecommunications 106

Telecommunications DNS Passwords Hacking 106

Security Affairs

JUNE 20, 2024

A China-linked cyber espionage group has compromised telecom operators in an Asian country since at least 2021. The Symantec Threat Hunter Team reported that an alleged China-linked APT group has infiltrated several telecom operators in a single, unnamed, Asian country at least since 2021. In addition to utilizing custom backdoors.

DNS 134

DNS Malware Media Encryption 134

Security Affairs

AUGUST 4, 2024

A China-linked APT, tracked as StormBamboo, compromised an internet service provider (ISP) to poison software update mechanisms with malware. The threat actors targeted insecure software update mechanisms to install malware on macOS and Windows victim machines. The company linked the attacks to StormBamboo APT group.

Malware 143

Malware DNS Firewall Software 143

Security Affairs

FEBRUARY 3, 2025

The Russian-speaking Crazy Evil group runs over 10 social media scams, tricking victims into installing StealC, AMOS, and Angel Drainer malware. Since 2021, the Crazy Evil gang has become a major cybercriminal group, using phishing, identity fraud, and malware to steal cryptocurrency. Victim losses range from $0.10

Scams 83

Scams Media Cryptocurrency Cybercrime 83

Security Affairs

SEPTEMBER 7, 2022

A new Linux malware dubbed Shikitega leverages a multi-stage infection chain to target endpoints and IoT devices. Researchers from AT&T Alien Labs discovered a new piece of stealthy Linux malware, dubbed Shikitega, that targets endpoints and IoT devices. ” reads the analysis published by AT&T Alien Labs.

Malware 136

Malware IoT Cryptocurrency Engineering 136

Security Affairs

JULY 7, 2024

Today marks the launch of the Security Affairs newsletter, specializing in Malware. Each week, it will feature a collection of the best articles and research on malware. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, newsletter)

Malware 118

Malware Spyware Cybercrime Ransomware 118

Bleeping Computer

DECEMBER 11, 2023

The notorious North Korean hacking group known as Lazarus continues to exploit CVE-2021-44228, aka "Log4Shell," this time to deploy three previously unseen malware families written in DLang. [.]

Malware 128

Malware Hacking 128

Krebs on Security

APRIL 18, 2022

” On April 13, Microsoft said it executed a legal sneak attack against Zloader , a remote access trojan and malware platform that multiple ransomware groups have used to deploy their malware inside victim networks. ” The figures cited by Weiss appear highly conservative. I asked the source.

Healthcare 340

Healthcare Ransomware Cybersecurity Malware 340

SecureList

JUNE 15, 2023

Thus, it was inevitable that malware creators would one day begin not only to distribute malicious programs themselves, but also to sell them to less technically proficient attackers, thereby lowering the threshold for entering the cybercriminal community. A MaaS operator is typically a team consisting of several people with distinct roles.

Malware 144

Malware Ransomware Cybercrime Hacking 144

Krebs on Security

JUNE 28, 2022

On December 7, 2021, Google announced it was suing two Russian men allegedly responsible for operating the Glupteba botnet, a global malware menace that has infected millions of computers over the past decade. But on Dec. AWM Proxy’s online storefront disappeared that same day.

Passwords 306

Passwords Malware Internet Internet 306

Security Affairs

FEBRUARY 2, 2024

The Computer Emergency Response Team in Ukraine (CERT-UA) reported that a PurpleFox malware campaign had already infected at least 2,000 computers in the country. Experts defined DirtyMoe as a complex malware that has been designed as a modular system. ” reads the alert published by CERT-UA.

Malware 135

Malware Internet Internet DDOS 135

Security Affairs

OCTOBER 4, 2024

perfctl malware targets misconfigured Linux servers to deploy cryptocurrency miners and proxyjacking software in an ongoing campaign. Aqua Nautilus researchers shed light on a Linux malware, dubbed perfctl malware, that over the past 3-4 years targeted misconfigured Linux servers. ” reads the report.

Malware 134

Malware Cryptocurrency Encryption Software 134

Security Affairs

DECEMBER 12, 2023

The North Korea-linked APT group Lazarus is behind a new hacking campaign that exploits Log4j vulnerabilities to deploy previously undocumented remote access trojans (RATs). Cisco Talos researchers tracked the campaign as Operation Blacksmith, the nation-state actors are employing at least three new DLang -based malware families.

Malware 129

Malware Data collection Manufacturing Healthcare 129

Security Affairs

JUNE 9, 2022

Researchers uncovered a high stealth Linux malware, dubbed Symbiote, that could be used to backdoor infected systems. Once the malware has infected all the running processes, it provides the threat actor with rootkit capability and supports data-stealing capabilities. “Symbiote is a malware that is highly evasive.

Malware 145

Malware DNS Antivirus Passwords 145

Krebs on Security

DECEMBER 13, 2021

The consulting firm PricewaterhouseCoopers recently published lessons learned from the disruptive and costly ransomware attack in May 2021 on Ireland’s public health system. Ireland’s Health Service Executive (HSE), which operates the country’s public health system, got hit with Conti ransomware on May 14, 2021.

Healthcare 328

Healthcare Ransomware Antivirus Hacking 328

Security Affairs

APRIL 21, 2022

“The impact of an RCE vulnerability can range from malware execution to an attacker gaining control over a user’s multimedia data, including streaming from a compromised machine’s camera.” MediaTek tracked the ALAC flaws as CVE-2021-0674 and CVE-2021-0675, while Qualcomm tracked it as CVE-2021-30351.

Hacking 141

Hacking Media Malware Cybersecurity 141