Security Affairs

MAY 27, 2022

The FBI warns organizations in the higher education sector of credentials sold on cybercrime forums that can allow threat actors to access their networks. Security Affairs is one of the finalists for the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS. Follow me on Twitter: @securityaffairs and Facebook.

Cybercrime 145

Cybercrime Education Accountability Phishing 145

Krebs on Security

JULY 29, 2022

The 911 service as it existed until July 28, 2022. But some of them — like 911 — build their networks in part by offering “free VPN” or “free proxy” services that are powered by software which turns the user’s PC into a traffic relay for other users. However the intruders got in, 911 said, they managed to also overwrite critical 911[.]re

Cybercrime 315

Cybercrime Software VPN Backups 315

Security Affairs

APRIL 7, 2025

Microsoft credited controversial actor EncryptHub, a lone actor with ties to cybercrime, for reporting two Windows flaws. After years of low-profile IT work and self-study, his activity paused in 2022, likely due to jail time. Although involved in cybercrime, EncryptHub also pursued legitimate security research.

Cybercrime 71

Cybercrime Malware Hacking VPN 71

Krebs on Security

JULY 25, 2023

Proxy services can be used in a legitimate manner for several business purposes — such as price comparisons or sales intelligence — but they are massively abused for hiding cybercrime activity because they make it difficult to trace malicious traffic to its original source. “Probably, they wanted to keep that revenue stream going.”

Malware 237

Malware VPN Internet Internet 237

Krebs on Security

FEBRUARY 14, 2022

In January, KrebsOnSecurity examined clues left behind by “ Wazawaka ,” the hacker handle chosen by a major ransomware criminal in the Russian-speaking cybercrime scene. 26, 2020, a new user named Biba99 registered on the English language cybercrime forum RaidForums. This post is an attempt to remedy that.

Ransomware 242

Ransomware VPN Cybercrime Accountability 242

Security Affairs

NOVEMBER 29, 2022

Researchers at Cyble have observed initial access brokers (IABs) selling access to enterprise networks likely compromised via a recently patched critical flaw, tracked as CVE-2022-40684 , in Fortinet products. A proof-of-concept (PoC) exploit code for the CVE-2022-40684 flaw has been released online. Pierluigi Paganini.

VPN 104

VPN Firewall Authentication Internet 104

Krebs on Security

MAY 23, 2024

Two weeks before Russia invaded Ukraine in February 2022, a large, mysterious new Internet hosting firm called Stark Industries Solutions materialized and quickly became the epicenter of massive distributed denial-of-service (DDoS) attacks on government and commercial targets in Ukraine and Europe. The homepage of Stark Industries Solutions.

DDOS 321

DDOS Internet Internet Government 321

Security Affairs

JANUARY 15, 2025

A previously unknown threat actor released config files and VPN passwords for Fortinet FortiGate devices on a popular cybercrime forum. A previously unknown threat actor named Belsen Group published configuration files and VPN passwords for over 15,000 Fortinet FortiGate appliances. released in October 2022.

VPN 90

VPN Passwords Firewall Firmware 90

Security Affairs

NOVEMBER 28, 2023

In October 2022, CISA, the FBI, and the Department of Health and Human Services (HHS) warned that the Daixin Team cybercrime group is actively targeting U.S. In October 2022, CISA, the FBI, and the Department of Health and Human Services (HHS) warned that the Daixin Team cybercrime group is actively targeting U.S.

Hacking 136

Hacking VPN Ransomware Cybercrime 136

Security Affairs

APRIL 7, 2022

Palo Alto Networks addressed a high-severity OpenSSL infinite loop vulnerability, tracked as CVE-2022-0778 , that affects some of its firewall, VPN, and XDR products. SecurityAffairs – hacking, cybercrime). The post Palo Alto Networks devices affected by CVE-2022-0778 OpenSSL bug appeared first on Security Affairs.

Firewall 102

Firewall VPN Cybercrime Software 102

SecureList

NOVEMBER 1, 2022

This is our latest installment, focusing on activities that we observed during Q3 2022. We can confirm a Maui ransomware incident in 2022, but we would expand their “first seen” date from the reported May 2021 to April 15, 2021, and the geolocation of the target to Japan and India. The most remarkable findings.

Malware 145

Malware Ransomware Spyware Encryption 145

SecureList

SEPTEMBER 6, 2022

According to the analytical agency Newzoo, in 2022, the global gaming market will exceed $ 200 billion , with 3 billion players globally. The gaming industry went into full gear during the pandemic, as many people took up online gaming as their new hobby to escape the socially-distanced reality. Top game titles by number of related threats.

Mobile 133

Mobile Passwords Software Accountability 133

SecureList

NOVEMBER 23, 2021

The debate about which threats pose the most danger to industrial enterprises often revolves around comparisons between APTs and cybercrime. Similarly, APTs masquerading as cybercrime, and attacks by cybercriminals pretending to be an APT, have lost their wow factor. Update firewalls and SSL VPN gateways in good time.

Spyware 137

Spyware Phishing Cybercrime Energy and Utilities 137

SecureWorld News

OCTOBER 24, 2022

Cybersecurity Infrastructure Security Agency (CISA) have issued a joint cybersecurity advisory with information about "Daixin Team," a cybercrime group actively targeting U.S. businesses with ransomware and data extortion operations. The biggest target is the Healthcare and Public Health (HPH) sector, according to the advisory. "As

Ransomware 97

Ransomware VPN Healthcare Cybercrime 97

Security Affairs

DECEMBER 14, 2023

anti-cybercrime (Ofac).” The threat actors behind the Hive RaaS have extorted $100 million in ransom payments from over 1,300 companies worldwide as of November 2022, reported the U.S. The group used various attack methods, including malspam campaigns, vulnerable RDP servers, and compromised VPN credentials.

Ransomware 140

Ransomware Cryptocurrency Cybercrime VPN 140

Security Affairs

MARCH 21, 2022

Microsoft announced that is investigating claims that the Lapsus$ cybercrime gang breached their internal Azure DevOps source code repositories and stolen data. Notably, the actors are looking to buy remote VPN access and asking potential insiders to contact them privately via Telegram, they then reward them by paying for the access granted.

Hacking 98

Hacking InfoSec Telecommunications Cybercrime 98

Security Affairs

AUGUST 23, 2024

The Qilin ransomware group has been active since at least 2022 but gained attention in June 2024 for attacking Synnovis , a UK governmental service provider for healthcare. The attackers breached the organization via compromised credentials for a VPN portal that lacked multi-factor authentication (MFA).

Ransomware 135

Ransomware Cybercrime Passwords VPN 135

Security Affairs

JANUARY 13, 2024

We talked about NAS devices and ransomware in the weekly review 37/2022.” ” The ransomware attack reported in late 2023, targeted organizations’ networks using poorly secured VPN gateway on Cisco ASA or FTD devices. Cisco investigated the hacking campaign with the help of Rapid7.

Ransomware 136

Ransomware Backups VPN Authentication 136

Security Affairs

AUGUST 10, 2022

Upon achieving an MFA push acceptance, the attacker had access to the VPN in the context of the targeted user. “Initial access to the Cisco VPN was achieved via the successful compromise of a Cisco employee’s personal Google account. ” reads the analysis published by Cisco Talos.

Ransomware 136

Ransomware Hacking VPN Phishing 136

Security Affairs

SEPTEMBER 12, 2022

Upon achieving an MFA push acceptance, the attacker had access to the VPN in the context of the targeted user. The attacker ultimately succeeded in achieving an MFA push acceptance, granting them access to VPN in the context of the targeted user. . ” reads an update published by Cisco on September September 11, 2022.

Ransomware 115

Ransomware VPN Authentication Phishing 115

Security Affairs

MAY 30, 2024

Since 2011, Wang and his co-conspirators had been distributing malware through malicious VPN applications, including MaskVPN, DewVPN, PaladinVPN, ProxyGate, ShieldVPN, and ShineVPN. The FBI has published information at fbi.gov/911S5 to help identify and remove 911 S5’s VPN applications from your devices or machines.

VPN 120

VPN Cryptocurrency Malware Software 120

Security Affairs

APRIL 25, 2022

ALPHV has been advertising the BlackCat Ransomware-as-a-Service (RaaS) on the cybercrime forums XSS and Exploit since early December. The alert includes indicators of compromise (IoCs) associated with BlackCat/ALPHV, as of mid-February 2022. Consider installing and using a virtual private network (VPN).

Ransomware 135

Ransomware Antivirus Passwords Malware 135

Security Affairs

APRIL 7, 2024

Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Data breaches 130

Data breaches Hacking Small Business Malware 130

Security Affairs

DECEMBER 22, 2022

The Zerobot botnet first appeared in the wild in November 2022 targeting devices running on Linux operating system. The most recent variant spotted by Microsoft spreads by exploiting vulnerabilities in Apache and Apache Spark ( CVE-2021-42013 and CVE-2022-33891 respectively) and also supports new DDoS attack capabilities.

IoT 127

IoT DDOS Malware Firmware 127

Security Affairs

JANUARY 13, 2024

We talked about NAS devices and ransomware in the weekly review 37/2022.” ” The ransomware attack reported in late 2023, targeted organizations’ networks using poorly secured VPN gateway on Cisco ASA or FTD devices. Cisco investigated the hacking campaign with the help of Rapid7.

Ransomware 122

Ransomware Backups VPN Authentication 122

Security Affairs

MARCH 11, 2024

The group focuses on internet-facing services, in at least one instance the group exploited the vulnerability CVE-2024-21887 in Ivanti Connect Secure VPN. NerbianRAT for Windows was first spotted in 2022, however the Linux variant employed by Magnet Goblin has been in circulation since May 2022.

Malware 133

Malware VPN Encryption Hacking 133

Malwarebytes

OCTOBER 19, 2022

In January 2022, news broke that a ransomware group was targeting QNAP Network Attached Storage (NAS) devices. The police wanted to emphasize that it is always important to file a complaint about cybercrime, even though the chances of apprehending the cybercriminals may seem slim. Or you can use another VPN of your choice.

Ransomware 98

Ransomware Firmware VPN Cybercrime 98

Security Affairs

MARCH 22, 2022

Microsoft recently announced that is investigating claims that the Lapsus$ cybercrime gang breached their internal Azure DevOps source code repositories and stolen data. SOSIntel @LawrenceAbrams pic.twitter.com/X5FmgajJcz — Tom Malka (@ZeroLogon) March 20, 2022. Bing_STC-SV’, ‘Bing_Test_Agile’, and “Bing_UX’).

Cybercrime 98

Cybercrime Telecommunications VPN Hacking 98

Security Affairs

APRIL 23, 2022

The popular investigator and journalist Brian Krebs first surmised that the LAPSUS$ gang has breached T-Mobile after he reviewed a copy of the private chat messages between members of the cybercrime group. Telegram channels that were restricted to the core seven members of the group – Source KrebsonSecurity. ” wrote Krebs.

Mobile 102

Mobile VPN Social Engineering Telecommunications 102

CyberSecurity Insiders

DECEMBER 21, 2022

With continued challenges from remote and hybrid working, increased economic unrest and geopolitical conflict, and a new gang of teenage hackers , 2022 has certainly thrown cybersecurity professionals some curveballs. With hybrid work, VPN and remote access will start to become greater network-based targets.

Cybersecurity 135

Cybersecurity Education Internet Internet 135

Security Affairs

APRIL 19, 2024

In December 2023, Microsoft first noticed that to conceal malicious traffic, the threat actor routes it through compromised small office and home office (SOHO) network devices, including routers, firewalls, and VPN hardware. The group also relies on customized versions of open-source tools for C2 communications and to stay under the radar.

Energy and Utilities 132

Energy and Utilities Telecommunications Technology Government 132

Security Affairs

JULY 6, 2022

” These upgrades prove that Hive is one of the fastest evolving ransomware families in the cybercrime ecosystem. The group used a variety of attack methods, including malspam campaigns, vulnerable RDP servers, and compromised VPN credentials. key files. ” continues Microsoft.

Encryption 138

Encryption Ransomware Cybercrime Malware 138

Security Affairs

AUGUST 29, 2023

Citrix reported that successful exploitation requires that the appliance is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server. Then threat actors sent data as an image file to a web-accessible path: cp /var/tmp/test.tar.gz /netscaler/ns_gui/vpn/medialogininit.png. php) on victim machines.

VPN 126

VPN Ransomware DNS Malware 126

Security Affairs

OCTOBER 22, 2022

US government agencies warned that the Daixin Team cybercrime group is actively targeting the U.S. CISA, the FBI, and the Department of Health and Human Services (HHS) warned that the Daixin Team cybercrime group is actively targeting U.S. The threat actors obtained the VPN credentials through phishing attacks.

Ransomware 80

Ransomware VPN Cybercrime Accountability 80

Security Affairs

FEBRUARY 10, 2023

The experts first spotted the attacks attributed to this threat actor in October 2022, they believe that the group is financially motivated. Most of the attacks were observed between October and November 2022 and involved only a limited number of emails (using Publisher files) sent to a small number of companies.

Malware 98

Malware Phishing Spyware Cybercrime 98

Security Affairs

MARCH 23, 2022

Yesterday the cybercrime gang leaked 37GB of source code stolen from Microsoft’s Azure DevOps server. On March 22, 2022 night the group shared a torrent for a 7zip archive containing 9 GB of Microsoft source code. The gang claims to have leaked the source code for some Microsoft projects, including Bing and Cortana.

Accountability 104

Accountability VPN Social Engineering Hacking 104

Security Affairs

MAY 17, 2023

The role of an initial access broker is essential in the cybercrime ecosystem, these actors facilitate the sale or exchange of compromised or stolen initial access to computer networks or systems. What if our VPN had a vulnerability and an attacker leveraged that to gain credentials for a privileged user in R&D?

Energy and Utilities 98

Energy and Utilities Cybercrime Data collection Hacking 98