Cybercrime, Event and Information Security

Cisco states that data published on cybercrime forum was taken from public-facing DevHub environment

Security Affairs

OCTOBER 21, 2024

Cisco confirms that data published by IntelBroker on a cybercrime forum was taken from the company DevHub environment. Cisco confirms that the data posted by IntelBroker on a cybercrime forum was stolen from its DevHub environment. The company has disabled public access to the site while we continue the investigation.

Cybercrime

Cybercrime Data breaches Technology Banking

Dutch police dismantled dual dark web market ‘Bohemia/Cannabia’

Security Affairs

OCTOBER 14, 2024

Dutch police dismantled Bohemia/Cannabia, two major dark web markets for illegal goods, drugs, and cybercrime services. These are two of the largest and longest-running dark web platforms for the trade of illegal goods, drugs, and cybercrime services. ” reads the post published on the website Search Light Cyber.

Marketing

Marketing Cybercrime DDOS Cryptocurrency

Amazon discloses employee data breach after May 2023 MOVEit attacks

Security Affairs

NOVEMBER 11, 2024

Exposed data did not include Social Security numbers or financial information. Amazon and AWS systems remain secure, and we have not experienced a security event. We were notified about a security event at one of our property management vendors that impacted several of its customers including Amazon.

Data breaches

Data breaches Hacking Ransomware Technology

Notorious hacker behind 40+ cyberattacks on strategic organizations arrested

Security Affairs

FEBRUARY 6, 2025

The investigation began in early 2024 after data stolen from a Madrid business association was leaked on dark web cybercrime forums. The hacker claimed responsibility for the attacks on multiple cybercrime forums under different monikers to avoid being identified. ” continues the press release. ” concludes the statement.

Cybercrime

Cybercrime Government Data breaches Information Security

E-skimming campaign uses Unicode obfuscation to hide the Mongolian Skimmer

Security Affairs

OCTOBER 10, 2024

The Mongolian Skimmer captures final data entries using the beforeunload event, ensures cross-browser compatibility with various event-handling techniques, and employs anti-debugging tactics by monitoring formatting changes to detect and evade debugging attempts.

Data collection

Data collection Engineering Malware Hacking

Cisco states that the second data leak is linked to the one from October

Security Affairs

DECEMBER 30, 2024

In October 2024, Cisco confirmed that the data posted by the notorious threat actor IntelBroker on a cybercrime forum was stolen from its DevHub environment. Meanwhile, Cisco will engage directly with customers if we determine they have been impacted by this event. ” reads the update published by Cisco.

Data breaches

Data breaches Cybercrime Authentication Technology

Malware campaign hides a shellcode into Windows event logs

Security Affairs

MAY 7, 2022

Experts spotted a malware campaign that is the first one using a technique of hiding a shellcode into Windows event logs. In February 2022 researchers from Kaspersky spotted a malicious campaign using a novel technique that consists of hiding the shellcode in Windows event logs. SecurityAffairs – hacking, Windows event logs).

Malware

Malware Encryption Hacking Cybersecurity

New version of Android malware FakeCall redirects bank calls to scammers

Security Affairs

OCTOBER 30, 2024

. “The victim will be unaware of the manipulation, as the malware’s fake UI will mimic the actual banking experience, allowing the attacker to extract sensitive information or gain unauthorized access to the victim’s financial accounts.” Upon detecting specific events (e.g.,

Banking

Banking Malware Accountability Phishing

Cybercriminals launched “Leaksmas” event in the Dark Web exposing massive volumes of leaked PII and compromised data

Security Affairs

DECEMBER 28, 2023

This widespread geographical distribution of “Free Leaksmas” event highlights the extensive global reach and severe impact of these cybercriminal activities.

Identity Theft

Identity Theft Data breaches Government Hacking

Ransomware gangs target companies involved in time-sensitive financial events, FBI warns

Security Affairs

NOVEMBER 2, 2021

The FBI warns of ransomware attacks on businesses involved in “time-sensitive financial events” such as corporate mergers and acquisitions. Ransomware gangs target these companies because there is a high likelihood that they will pay the ransom to avoid the impact of the disclosure of sensitive data during these events.

Ransomware

Ransomware Hacking Accountability Cybercrime

PLAYFULGHOST backdoor supports multiple information stealing features

Security Affairs

JANUARY 5, 2025

The backdoor can drop additional payloads, block input, clear event logs, wipe clipboard, delete browser data, and erase profiles for apps like Skype and Telegram. Google researchers provided event rules within Google Security Operations to dete ctPLAYFULGHOST activity.

Malware

Malware Encryption Phishing Hacking

GUEST ESSAY: Preparing for the dire cybersecurity consequences of Russia’s invasion of Ukraine

The Last Watchdog

APRIL 13, 2022

Additionally, there are also Russian cybercrime organizations that are not state-sponsored but are allowed to operate. Although there’s no one magic solution to eliminating cyberattacks and cybercrime risks, there are steps you can take to reduce the chances of becoming a victim. businesses called #ShieldsUp.

Cybersecurity

Cybersecurity Cybercrime Education Government

Security Affairs newsletter Round 499 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

NOVEMBER 24, 2024

CISA adds Apple, Oracle Agile PLM bugs to its Known Exploited Vulnerabilities catalog More than 2,000 Palo Alto Networks firewalls hacked exploiting recently patched zero-days Ransomhub ransomware gang claims the hack of Mexican government Legal Affairs Office US DoJ charges five alleged members of the Scattered Spider cybercrime gang Threat actor (..)

Cybercrime

Cybercrime Artificial Intelligence Hacking VPN

A crime ring compromised Italian state databases reselling stolen info

Security Affairs

OCTOBER 28, 2024

The charges being pursued by investigators include criminal conspiracy for unauthorized access to computer systems, illegal interception, falsification of electronic communications, disclosure of confidential information, aiding and abetting, and extortion. ” reads a statement from a lawyer for Del Vecchio.

Computers and Electronics

Computers and Electronics Banking Marketing Hacking

ZAGG disclosed a data breach that exposed its customers’ credit card data

Security Affairs

DECEMBER 29, 2024

.” FreshClick is not developed by BigCommerce, which told Bleeping Computer that its systems were secure. ZAGG announced the implementation of security measures to minimize the risk of a similar event occurring in the future. BigCommerce discovered and removed a hacked FreshClick app from customer stores.

Data breaches

Data breaches Computers and Electronics Hacking Wireless

National Consumer Protection Week: Keeping your personal data safe in a digitally connected world

Webroot

MARCH 3, 2025

March is a time for leprechauns and four-leaf clovers, and as luck would have it, its also a time to learn how to protect your private data from cybercrime. During this time, many government agencies and consumer protection organizations come together to help educate consumers on how to keep their personal and financial information secure.

Consumer Protection

Consumer Protection Identity Theft Scams Social Engineering

California Cryobank, the largest US sperm bank, disclosed a data breach

Security Affairs

MARCH 19, 2025

“In addition, we are providing you with proactive fraud assistance to help with any questions that you might have or in the event that you become a victim of fraud” Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,California Cryobank)

Data breaches

Data breaches Banking Insurance Hacking

Pwn2Own 2020 Day1 -researchers earned $180K for hacking Windows, Ubuntu, and macOS

Security Affairs

MARCH 19, 2020

The Coronavirus outbreak hasn’t stopped the Pwn2Own hacking conference, for the first time its organizer, the Zero Day Initiative (ZDI), has decided to arrange the event allowing the participants to remotely demonstrate their exploits. ” reads the official page of the event. SecurityAffairs – Pwn2Own, cybercrime).

Hacking

Hacking Advertising Cybercrime Software

CERIAS – Frederick Scholl’s ‘Cybercrime: A Proposed Solution’

Security Boulevard

APRIL 6, 2021

The post CERIAS – Frederick Scholl’s ‘Cybercrime: A Proposed Solution’ appeared first on Security Boulevard. Many thanks to CERIAS Purdue University for publishing their outstanding videos on the organization's YouTube channel. Enjoy and Be Educated Simultaneously!

Cybercrime

Cybercrime Education InfoSec Information Security

A large botnet targets M365 accounts with password spraying attacks

Security Affairs

FEBRUARY 24, 2025

“The attackers have identified a method that causes login events to be logged in the Non-Interactive Sign-In logs, which may result in reduced security visibility and response.” ” continues the report.

Passwords

Passwords Accountability Authentication Malware

ESXi ransomware attacks use SSH tunnels to avoid detection

Security Affairs

JANUARY 27, 2025

Configuring log forwarding is essential to streamline monitoring and centralize event capture. ESXi appliances splits logs into multiple files by activity, complicating forensic investigations and monitoring activities. “While ESXi does support a few third-party monitoring or telemetry agents, such tools are limited in availability.

Ransomware

Ransomware Authentication Hacking Cybersecurity

The Netherlands declares war on ransomware operations

Security Affairs

OCTOBER 8, 2021

A broad explanation of this threat is included in the Cyber Security Assessment Netherlands (CSBN) 2021, which was shared with the Chamber in June by the Minister of Justice and Security. Security Security Agenda (NCSA) and the integrated approach to cybercrime.” ” continues the letter.

Ransomware

Ransomware Cybercrime Government Cyber Attacks

AWS mitigated largest DDoS attack ever of 2.3 Tbps

Security Affairs

JUNE 17, 2020

This is approximately 44% larger than any network volumetric event previously detected on AWS.” Despite this observation, smaller network volumetric events are far more common. The 99th percentile event in Q1 2020 was 43 Gbps.” “The number of detected events has increased by 23% since the same quarter in 2019.

DDOS

DDOS Advertising Internet Internet

Law enforcement operation seized Ragnar Locker group’s infrastructure

Security Affairs

OCTOBER 19, 2023

This is an important achievement in the fight against cybercrime. Both FBI and Europol declined to comment on the events. The police on Thursday seized the Tor negotiation and data leak sites. More details are expected to be released tomorrow.

Ransomware

Ransomware Financial Services Cybercrime Manufacturing

SIEM for Small and Medium-Sized Enterprises: What you need to know

Security Affairs

SEPTEMBER 19, 2024

Security Information and Event Management (SIEM) solutions are a great way to achieve this. What is SIEM (Security Information and Event Management)? Why SIEM is Crucial for SMEs SIEM solutions offer many benefits for SMEs, enhancing their security posture while keeping costs relatively low.

Threat Detection

Threat Detection Identity Theft Banking Small Business

Codefinger ransomware gang uses compromised AWS keys to encrypt S3 bucket

Security Affairs

JANUARY 15, 2025

We encourage all customers to follow security, identity, and compliance best practices. In the event a customer suspects they may have exposed their credentials, they can start by following the steps listed in this post. As always, customers can contact AWS Support with any questions or concerns about the security of their account.

Encryption

Encryption Ransomware Authentication Accountability

BlackMatter ransomware gang is shutting down due to pressure from law enforcement

Security Affairs

NOVEMBER 3, 2021

The news of the shutdown comes after two major events that have taken place over the past two weeks. The decision of the gang comes after the recent announcement of closer collaboration of US and Russian authorities in curbing cybercriminal organizations based in Russia, such as the FIN7 cybercrime gang.

Ransomware

Ransomware Cybercrime Healthcare Encryption

Security Affairs newsletter Round 482 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

JULY 28, 2024

CISA adds Adobe Commerce and Magento, SolarWinds Serv-U, and VMware vCenter Server bugs to its Known Exploited Vulnerabilities catalog International Press – Newsletter Cybercrime Walsall teenager arrested in joint West Midlands Police and FBI operation Treasury Sanctions Leader and Primary Member of the Cyber Army of Russia Reborn Three arrested for (..)

Spyware

Spyware Data breaches Cybercrime Banking

BlackLock Ransomware Targeted by Cybersecurity Firm

Security Affairs

MARCH 26, 2025

Notably, another prominent ransomware group DragonForce took the lead capitalizing on these events. Both BlackLock and Momona Ransomware went offline and are currently not available. Resecurity highlighted that it is possible DragonForce will take over on the BlackLock affiliate base, and the group will successfully transition to new masters.

Ransomware

Ransomware Cybersecurity Healthcare Accountability

Delaware County, Pennsylvania, opted to pay 500K ransom to DoppelPaymer gang

Security Affairs

NOVEMBER 30, 2020

We commenced an immediate investigation that included taking certain systems offline and working with computer forensic specialists to determine the nature and scope of the event. We are working diligently to restore the functionality of our systems,” states the incident notice published by Delaware County.

Computers and Electronics

Computers and Electronics Ransomware Insurance Cybercrime

A week later, Manchester United has yet to recover after a cyberattack

Security Affairs

NOVEMBER 27, 2020

Although this is a sophisticated operation by organised cyber criminals, the club has extensive protocols and procedures in place for such an event and had rehearsed for this eventuality. The club notifies the British authotities about the incident, including the Information Commissioner’s Office. Pierluigi Paganini.

Cyber Attacks

Cyber Attacks Cybercrime Malware Hacking

The Financial Dynamics Behind Ransomware Attacks

Security Affairs

JUNE 18, 2024

Over the last few years, ransomware attacks have become one of the most prevalent and expensive forms of cybercrime. This revolutionized the cybercrime landscape, making it easier for people with minimal technical skills to commit ransomware attacks. The indirect costs of ransomware attacks are often even more damaging.

Ransomware

Ransomware Cryptocurrency Insurance Cybercrime

Qilin ransomware steals credentials stored in Google Chrome

Security Affairs

AUGUST 23, 2024

After exfiltrating the stolen credentials, the attackers deleted the files and event logs to cover their tracks before deploying the ransomware. The attackers kept this GPO active for over three days, silently harvesting credentials each time users logged in.

Ransomware

Ransomware Cybercrime Passwords VPN

DEF CON 31 Policy – Panel: Blocking Pathways into Cybercrime Current Efforts, Future Opportunities

Security Boulevard

OCTOBER 31, 2023

Originating from the conference events at Caesars Forum, Flamingo, Harrah’s and Linq in Las Vegas, Nevada ; via the organizations YouTube channel. Permalink The post DEF CON 31 Policy – Panel: Blocking Pathways into Cybercrime Current Efforts, Future Opportunities appeared first on Security Boulevard.

Cybercrime

Cybercrime Architecture Education Information Security

Microsoft issues targeted notification to hospitals vulnerable to Ransomware attacks

Security Affairs

APRIL 2, 2020

Human-operated ransomware is a technique usually employed in nation-state attacks that is becoming very popular in the cybercrime ecosystem. Any detections from security products or anomalies found in event logs should be investigated immediately. Monitor and pay special attention to your remote access infrastructure.

Ransomware

Ransomware VPN Healthcare Cyber Attacks

Who Wants to Support My Work Commercially?

Security Boulevard

JANUARY 25, 2022

Folks, Who wants to dive deep into some of my latest commercially available research and stay on the top of their OSINT/cybercrime research and threat intelligence gathering game that also includes their team and organization? Dancho Danchev’s “Astalavista Security Group – Investment Proposal” Presentation – A Photos Compilation.

Cybercrime

Cybercrime Hacking Scams Ransomware

Security Affairs newsletter Round 452 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

DECEMBER 31, 2023

INC RANSOM ransomware gang claims to have breached Xerox Corp Spotify music converter TuneFab puts users at risk Cyber attacks hit the Assembly of the Republic of Albania and telecom company One Albania Russia-linked APT28 used new malware in a recent phishing campaign Clash of Clans gamers at risk while using third-party app New Version of Meduza (..)

Artificial Intelligence

Artificial Intelligence Cyber Attacks Ransomware Malware

French and Ukrainian police arrested Egregor ransomware affiliates/partners in Ukraine

Security Affairs

FEBRUARY 15, 2021

“According to information from France Inter, police officers from the Central Office for the Fight against Cybercrime of the Judicial Police participated in the arrest of several hackers, suspected of being in contact with Egregor, a cyber criminal group : hackers, logistical and financial support, etc.”

Ransomware

Ransomware Cybercrime Media Phishing

A new campaign is likely targeting a zero-day in Fortinet FortiGate firewalls

Security Affairs

JANUARY 14, 2025

In the reconnaissance phase, experts observed automated login/logout events without changes until November 22, 2024, when unauthorized configuration edits began. Between November and December 2024, the researchers observed hundreds to thousands of short-lived, automated jsconsole logins from anomalous IPs across diverse victim organizations.

Firewall

Firewall VPN Accountability Firmware

The 10th edition of the ENISA Threat Landscape (ETL) report is out!

Security Affairs

NOVEMBER 4, 2022

This is the 10 th edition of the annual report and analyzes events that took place between July 2021 and July 2022. Cybercrime actors. “The ETL report maps the cyber threat landscape to help decision-makers, policy-makers and security specialists define strategies to defend citizens, organisations and cyberspace.

Cyber threats

Cyber threats Phishing Social Engineering Ransomware

Linux malware sedexp uses udev rules for persistence and evasion

Security Affairs

AUGUST 25, 2024

Udev is a system component that manages device events on Linux systems, allowing it to identify devices based on their properties and configure rules to trigger actions when devices are plugged in or removed. This technique allows the malware to execute every time a specific device event occurs, making it stealthy and difficult to detect.”

Malware

Malware Hacking Ransomware Cybercrime

Threat actors are actively exploiting Zerologon flaw, Microsoft warns

Security Affairs

OCTOBER 30, 2020

FIND which devices are making vulnerable connections by monitoring event logs. The IT giant urged Windows administrators to install the released security updates as soon as possible. ADDRESS non-compliant devices making vulnerable connections. ENABLE enforcement mode to address CVE-2020-1472 in your environment.

Authentication

Authentication Advertising Architecture Cybercrime

For the advancement of theft: Black hat cons issue call for papers as part of criminal forum

SC Magazine

JUNE 2, 2021

The online conference-esque event started on April 20, when administrators asked for papers covering unorthodox methods to swindle cryptocurrency wallets, smart contracts and NFTs, advances in cryptomining malware, and other related thievery, according to research from Intel 471. “It really shows the maturity of cybercrime.

Cybercrime

Cybercrime Cryptocurrency Hacking Media

Experts warn of the new sophisticate Crocodilus mobile banking Trojan

Security Affairs

MARCH 29, 2025

The malware also supports advanced keylogger capabilities by capturing all Accessibility events and screen elements. ThreatFabric states that the malware primarily targets users in Spain and Turkey, with global expansion expected.

Banking

Banking Mobile Identity Theft Malware

Cisco states that data published on cybercrime forum was taken from public-facing DevHub environment

Dutch police dismantled dual dark web market ‘Bohemia/Cannabia’

Trending Sources

Amazon discloses employee data breach after May 2023 MOVEit attacks

Notorious hacker behind 40+ cyberattacks on strategic organizations arrested

E-skimming campaign uses Unicode obfuscation to hide the Mongolian Skimmer

Cisco states that the second data leak is linked to the one from October

Malware campaign hides a shellcode into Windows event logs

New version of Android malware FakeCall redirects bank calls to scammers

Cybercriminals launched “Leaksmas” event in the Dark Web exposing massive volumes of leaked PII and compromised data

Ransomware gangs target companies involved in time-sensitive financial events, FBI warns

PLAYFULGHOST backdoor supports multiple information stealing features

GUEST ESSAY: Preparing for the dire cybersecurity consequences of Russia’s invasion of Ukraine

Security Affairs newsletter Round 499 by Pierluigi Paganini – INTERNATIONAL EDITION

A crime ring compromised Italian state databases reselling stolen info

ZAGG disclosed a data breach that exposed its customers’ credit card data

National Consumer Protection Week: Keeping your personal data safe in a digitally connected world

California Cryobank, the largest US sperm bank, disclosed a data breach

Pwn2Own 2020 Day1 -researchers earned $180K for hacking Windows, Ubuntu, and macOS

CERIAS – Frederick Scholl’s ‘Cybercrime: A Proposed Solution’

A large botnet targets M365 accounts with password spraying attacks

ESXi ransomware attacks use SSH tunnels to avoid detection

The Netherlands declares war on ransomware operations

AWS mitigated largest DDoS attack ever of 2.3 Tbps

Law enforcement operation seized Ragnar Locker group’s infrastructure

SIEM for Small and Medium-Sized Enterprises: What you need to know

Codefinger ransomware gang uses compromised AWS keys to encrypt S3 bucket

BlackMatter ransomware gang is shutting down due to pressure from law enforcement

Security Affairs newsletter Round 482 by Pierluigi Paganini – INTERNATIONAL EDITION

BlackLock Ransomware Targeted by Cybersecurity Firm

Delaware County, Pennsylvania, opted to pay 500K ransom to DoppelPaymer gang

A week later, Manchester United has yet to recover after a cyberattack

The Financial Dynamics Behind Ransomware Attacks

Qilin ransomware steals credentials stored in Google Chrome

DEF CON 31 Policy – Panel: Blocking Pathways into Cybercrime Current Efforts, Future Opportunities

Microsoft issues targeted notification to hospitals vulnerable to Ransomware attacks

Who Wants to Support My Work Commercially?

Security Affairs newsletter Round 452 by Pierluigi Paganini – INTERNATIONAL EDITION

French and Ukrainian police arrested Egregor ransomware affiliates/partners in Ukraine

A new campaign is likely targeting a zero-day in Fortinet FortiGate firewalls

The 10th edition of the ENISA Threat Landscape (ETL) report is out!

Linux malware sedexp uses udev rules for persistence and evasion

Threat actors are actively exploiting Zerologon flaw, Microsoft warns

For the advancement of theft: Black hat cons issue call for papers as part of criminal forum

Experts warn of the new sophisticate Crocodilus mobile banking Trojan

Stay Connected