Security Affairs

NOVEMBER 3, 2024

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Cryptocurrency 109

Cryptocurrency Hacking Phishing Cyber Attacks 109

Security Affairs

FEBRUARY 16, 2020

Iranian hackers have been hacking VPN servers to plant backdoors in companies around the world. Iran-linked attackers targeted Pulse Secure, Fortinet, Palo Alto Networks, and Citrix VPNs to hack into large companies as part of the Fox Kitten Campaign. SecurityAffairs – Fox Kitten campaign, VPN ).

VPN 145

VPN Advertising Telecommunications Hacking 145

Krebs on Security

JULY 18, 2022

911 says its network is made up entirely of users who voluntarily install its “free VPN” software. In this scenario, users indeed get to use a free VPN service, but they are often unaware that doing so will turn their computer into a proxy that lets others use their Internet address to transact online. “The 911[.]re

VPN 349

VPN Computers and Electronics Antivirus Software 349

Security Affairs

JULY 9, 2020

More than 15 billion username and passwords are available on cybercrime marketplaces, including over 5 billion unique credentials, states the experts. Experts reported that brute-force cracking tools and account checkers are available on cybercrime marketplaces and forums for an average of $4. Pierluigi Paganini.

Cybercrime 145

Cybercrime Antivirus Marketing Accountability 145

Security Affairs

AUGUST 23, 2024

court for his role in the Karakurt cybercrime gang. court for his role in the Russian Karakurt cybercrime gang. “Among other things, the Russian cybercrime group steals victim data and threatens to release it unless the victim pays ransom in cryptocurrency. . ” reads the press release published by DoJ.

Cybercrime 123

Cybercrime VPN Cryptocurrency Hacking 123

Krebs on Security

AUGUST 19, 2020

But one increasingly brazen group of crooks is taking your standard phishing attack to the next level, marketing a voice phishing service that uses a combination of one-on-one phone calls and custom phishing sites to steal VPN credentials from employees. SCHOOL OF HACKS. The employee phishing page bofaticket[.]com. Image: urlscan.io.

Phishing 363

Phishing VPN Social Engineering Media 363

Krebs on Security

MAY 28, 2024

KrebsOnSecurity identified one of the three men in a July 2022 investigation into 911 S5, which was massively hacked and then closed ten days later. 911 built its proxy network mainly by offering “free” virtual private networking (VPN) services. based startup that tracks proxy and VPN services.

VPN 274

VPN Banking Cybercrime Internet 274

Security Affairs

APRIL 7, 2025

Microsoft credited controversial actor EncryptHub, a lone actor with ties to cybercrime, for reporting two Windows flaws. In 2024, he shifted to cybercrime, starting with low-level roles in vishing and ransomware, later moving into malware and vulnerability research that drew wide attention.

Cybercrime 71

Cybercrime Malware Hacking VPN 71

Security Affairs

OCTOBER 12, 2020

US government networks are under attack, threat actors chained VPN and Windows Zerologon flaws to gain unauthorized access to elections support systems. Recently Microsoft observed Iran-linked APT Mercury and the Russian cybercrime gang TA505 exploiting the Zerologon flaw in attacks in the wild. SecurityAffairs – hacking, Zerologon).

VPN 145

VPN Government Authentication Advertising 145

Security Affairs

NOVEMBER 20, 2021

The researchers believe that one reason that contributed to multiple ransomware-as-a-service (RaaS) operations shutting down this year ( Babuk , DarkSide , BlackMatter , REvil , Avaddon ) was that affiliates used low-level access sellers and brokers (RDP, vulnerable VPN, poor quality spam). SecurityAffairs – hacking, Emotet).

Cybercrime 137

Cybercrime Ransomware Banking Malware 137

Security Affairs

MAY 27, 2022

The FBI warns organizations in the higher education sector of credentials sold on cybercrime forums that can allow threat actors to access their networks. SecurityAffairs – hacking, FBI). The post FBI: Compromised US academic credentials available on various cybercrime forums appeared first on Security Affairs.

Cybercrime 145

Cybercrime Education Accountability Phishing 145

Security Affairs

APRIL 30, 2021

UNC2447 cybercrime gang exploited a zero-day in the Secure Mobile Access (SMA), addressed by SonicWall earlier this year, before the vendor released a fix. UNC2447 extortion activity employed the FIVEHANDS ransomware, the threat actors aggressively threatened victims to disclose their hack on the media to sell the data on hacker forums. .

Cybercrime 142

Cybercrime Ransomware Malware Mobile 142

Security Affairs

NOVEMBER 28, 2023

The Daixin Team group claims to have hacked the North Texas Municipal Water District (US) and threatened to leak the stolen data. In October 2022, CISA, the FBI, and the Department of Health and Human Services (HHS) warned that the Daixin Team cybercrime group is actively targeting U.S.

Hacking 136

Hacking VPN Ransomware Cybercrime 136

Security Affairs

JANUARY 18, 2022

Europol this week announced the shutdown of VPNLab, a VPN service that is very popular in the cybercrime ecosystem. An international operation conducted by law enforcement bodies from 10 countries took down VPNLab.net, a VPN service provider that is very popular in the cybercrime ecosystem. Pierluigi Paganini.

VPN 109

VPN Cybercrime Ransomware Advertising 109

Security Affairs

NOVEMBER 3, 2021

Experts warn of the availability in the cybercrime underground of offers for initial access to networks of players in global supply chains. SecurityAffairs – hacking, initial access broker). The post Cybercrime underground flooded with offers for initial access to shipping and logistics orgs appeared first on Security Affairs.

Cybercrime 134

Cybercrime VPN Ransomware Hacking 134

Krebs on Security

OCTOBER 8, 2020

But judging from the proliferation of help-wanted ads for offensive pentesters in the cybercrime underground, today’s attackers have exactly zero trouble gaining that initial intrusion: The real challenge seems to be hiring enough people to help everyone profit from the access already gained. THE DOCTOR IS IN. ” WHO IS DR. SAMUIL?

Cybercrime 349

Cybercrime Malware VPN Ransomware 349

Krebs on Security

JULY 29, 2022

But some of them — like 911 — build their networks in part by offering “free VPN” or “free proxy” services that are powered by software which turns the user’s PC into a traffic relay for other users. Its [sic] confirmed that the recharge system was also hacked the same way.

Cybercrime 315

Cybercrime Software VPN Backups 315

Security Affairs

NOVEMBER 24, 2024

CISA adds Apple, Oracle Agile PLM bugs to its Known Exploited Vulnerabilities catalog More than 2,000 Palo Alto Networks firewalls hacked exploiting recently patched zero-days Ransomhub ransomware gang claims the hack of Mexican government Legal Affairs Office US DoJ charges five alleged members of the Scattered Spider cybercrime gang Threat actor (..)

Cybercrime 71

Cybercrime Artificial Intelligence Hacking VPN 71

Security Affairs

OCTOBER 3, 2023

Zscaler ThreatLabz researchers discovered a new malware-as-a-service (MaaS) that is called BunnyLoader, which has been advertised for sale in multiple cybercrime forums since September 4, 2023. The malware is also able to steal data from messaging apps and VPN clients. ” continues the report.

Advertising 139

Advertising Cybercrime Malware Cryptocurrency 139

Security Affairs

DECEMBER 11, 2021

Accenture researchers detailed the activity of a new sophisticated cybercrime group, called Karakurt, behind recent cyberattacks. “Accenture Security has identified a new threat group, the self-proclaimed Karakurt Hacking Team, that has impacted over 40 victims across multiple geographies. SecurityAffairs – hacking, Karakurt).

Cybercrime 114

Cybercrime VPN Ransomware Hacking 114

Security Affairs

JANUARY 14, 2025

The campaign likely began in November 2024, the campaign unfolded in four phases: vulnerability scanning (Nov 1623, 2024), reconnaissance (Nov 2227), SSL VPN setup (Dec 47), and lateral movement (Dec 1627). In the next phase (starting Dec 4, 2024), attackers targeted SSL VPN access by creating super admin accounts or hijacking existing ones.

Firewall 82

Firewall VPN Accountability Firmware 82

Krebs on Security

JULY 25, 2023

Now new findings reveal that AVrecon is the malware engine behind a 12-year-old service called SocksEscort , which rents hacked residential and small business devices to cybercriminals looking to hide their true location online. Image: Lumen’s Black Lotus Labs. Usually, these users have no idea their systems are compromised.

Malware 237

Malware VPN Internet Internet 237

Krebs on Security

FEBRUARY 14, 2022

In January, KrebsOnSecurity examined clues left behind by “ Wazawaka ,” the hacker handle chosen by a major ransomware criminal in the Russian-speaking cybercrime scene. 26, 2020, a new user named Biba99 registered on the English language cybercrime forum RaidForums. This post is an attempt to remedy that.

Ransomware 242

Ransomware VPN Cybercrime Accountability 242

Security Affairs

SEPTEMBER 1, 2020

Iran-linked APT group Pioneer Kitten is now trying to monetize its efforts by selling access to some of the networks it has hacked to other hackers. Iran-linked APT group Pioneer Kitten, also known as Fox Kitten or Parisite, is now trying to monetize its efforts by selling access to some of the networks it has hacked to other hackers.

Hacking 130

Hacking VPN Advertising Government 130

Security Affairs

FEBRUARY 20, 2025

The Orange Cyberdefense CERT investigated four attackers with a similar initial access vector consisting of thecompromise of a Check Point VPN appliance. The experts believe threat actors exploited the zero-dayCVE-2024-24919 in Check Point Security Gateways with Remote Access VPN or Mobile Access features.

Healthcare 86

Healthcare Ransomware VPN Malware 86

Krebs on Security

JULY 8, 2019

“In one year, people who worked with us have earned over US $2 billion,” read the farewell post by the eponymous GandCrab identity on the cybercrime forum Exploit[.]in in threads asking for urgent help obtaining access to hacked businesses in South Korea. Vpn-service[.]us Vpn-service[.]us

Ransomware 276

Ransomware Accountability Cybercrime Passwords 276

Security Affairs

JULY 11, 2020

A jury found Russian hacker Yevgeniy Nikulin guilty for the hack of LinkedIn, Dropbox, and Formspring back in 2012 and for the sale of the stolen data on cybercrime black marketplaces. The data stolen by Nikulin were available on the cybercrime underground between 2015 and 2016, they were offered for sale by multiple traders.

Hacking 117

Hacking Cybercrime Advertising Data breaches 117

Security Affairs

JUNE 30, 2021

Law enforcement has seized the servers of DoubleVPN (doublevpn.com), a Russian-based VPN service that provides double-encryption service widely used by threat actors to anonymize their operation while performing malicious activities. The VPN service was offered for a starting price of €22 ($25). . Pierluigi Paganini.

VPN 142

VPN Cybercrime Encryption Advertising 142

Security Affairs

AUGUST 10, 2022

Upon achieving an MFA push acceptance, the attacker had access to the VPN in the context of the targeted user. “Initial access to the Cisco VPN was achieved via the successful compromise of a Cisco employee’s personal Google account. SecurityAffairs – hacking, Yanluowang ransomware). Pierluigi Paganini.

Ransomware 136

Ransomware Hacking VPN Phishing 136

Security Affairs

JUNE 17, 2021

UNC2465 cybercrime group that is affiliated with the Darkside ransomware gang has infected with malware the website of a CCTV camera vendor. Experts noticed that in this supply chain attack, UNC2465 did not deliver the Darkside ransomware as the final payload, but they not exclude that the cybercrime group could move to a new RaaS operation.

Cybercrime 111

Cybercrime Ransomware Software Antivirus 111

Security Affairs

DECEMBER 1, 2024

CISA adds Array Networks AG and vxAG ArrayOS flaw to its Known Exploited Vulnerabilities catalog Thai police arrested Chinese hackers involved in SMS blaster attacks Zyxel firewalls targeted in recent ransomware attacks Malware campaign abused flawed Avast Anti-Rootkit driver Russia-linked APT TAG-110 uses targets Europe and Asia Russia-linked threat (..)

Cybercrime 71

Cybercrime Firewall Ransomware Social Engineering 71

Krebs on Security

DECEMBER 3, 2021

Since the beginning of 2020, Babam has set up numerous auctions on the Russian-language cybercrime forum Exploit , mainly selling virtual private networking (VPN) credentials stolen from various companies. Verified was hacked at least twice in the past five years, and its user database posted online. com and wwwpexpay[.]com.

Ransomware 345

Ransomware Passwords Accountability Cybercrime 345

Security Affairs

DECEMBER 26, 2023

The Rhysida ransomware group claimed to have hacked Abdali Hospital, a multi-specialty hospital located in Jordan. pic.twitter.com/6uHMDcNhTC — Dominic Alvieri (@AlvieriD) December 26, 2023 The group published images of stolen documents as proof of the hack. Abdali Hospital provides care to patients in numerous specialties.

Ransomware 139

Ransomware Hacking Manufacturing Healthcare 139

Security Affairs

NOVEMBER 25, 2023

The Rhysida ransomware group claimed to have hacked the Chinese state-owned energy conglomerate China Energy Engineering Corporation. VPNs, RDPs) to gain initial access to the target network and maintain persistence. The group relied on compromised credentials to authenticate to internal VPN access points.

Ransomware 142

Ransomware Hacking Engineering Manufacturing 142

Troy Hunt

FEBRUARY 25, 2025

This is just one of many channels involved in cybercrime, but it's noteworthy due to the huge amount of freely accessible data. It was reproducible too: when I saw "something went wrong", but the path began with "mx", I VPN'd into Mexico City and Netflix happily confirmed the reset email was sent.

Passwords 358

Passwords Accountability VPN Malware 358

Security Affairs

MARCH 21, 2022

Microsoft is investigating claims that the Lapsus$ hacking group breached its internal Azure DevOps source code repositories. Microsoft announced that is investigating claims that the Lapsus$ cybercrime gang breached their internal Azure DevOps source code repositories and stolen data. SecurityAffairs – hacking, Microsoft).

Hacking 98

Hacking InfoSec Telecommunications Cybercrime 98

Security Affairs

JANUARY 15, 2025

A previously unknown threat actor released config files and VPN passwords for Fortinet FortiGate devices on a popular cybercrime forum. A previously unknown threat actor named Belsen Group published configuration files and VPN passwords for over 15,000 Fortinet FortiGate appliances. “The data includes: IPs.

VPN 90

VPN Passwords Firewall Firmware 90