Cybercrime, Information Security and Security Intelligence

Russian Cybercrime group is exploiting Zerologon flaw, Microsoft warns

Security Affairs

OCTOBER 10, 2020

Microsoft has uncovered Zerologon attacks that were allegedly conducted by the infamous TA505 Russia-linked cybercrime group. Microsoft spotted a series of Zerologon attacks allegedly launched by the Russian cybercrime group tracked as TA505 , CHIMBORAZO and Evil Corp. states Microsoft. We strongly recommend patching.

Cybercrime

Cybercrime Security Intelligence Authentication Banking

Cybercrime gang FIN7 returned and was spotted delivering Clop ransomware

Security Affairs

MAY 20, 2023

Researchers at Microsoft Security Intelligence team published a series of tweets to warn of a new wave of attacks aimed at distributing the Clop ransomware and linked it to the financially motivated cybercriminal group Sangria Tempest (ELBRUS, FIN7 ). They then use OpenSSH and Impacket to move laterally and deploy Clop ransomware.

Cybercrime

Cybercrime Ransomware Security Intelligence Hacking

Experts warn of mass exploitation of critical PHP flaw CVE-2024-4577

Security Affairs

MARCH 10, 2025

Cybersecurity and Infrastructure Security Agency (CISA) added the the vulnerability to its Known Exploited Vulnerabilities (KEV) catalog. In June, the U.S.

DDOS

DDOS Security Intelligence Malware Hacking

Microsoft warns about ongoing PonyFinal ransomware attacks

Security Affairs

MAY 27, 2020

pic.twitter.com/Q3BMs7fSvx — Microsoft Security Intelligence (@MsftSecIntel) May 27, 2020. Human-operated ransomware is a technique usually employed in nation-state attacks that is becoming very popular in the cybercrime ecosystem. — Microsoft Security Intelligence (@MsftSecIntel) May 27, 2020.

Ransomware

Ransomware Security Intelligence Encryption Advertising

A new Mirai botnet variant targets DigiEver DS-2105 Pro DVRs

Security Affairs

DECEMBER 26, 2024

In November 2024, the Akamai Security Intelligence Research Team (SIRT) observed increased activity targeting the URI /cgi-bin/cgi_main.cgi , linked to a Mirai-based malware campaign exploiting an unassigned RCE vulnerability in DVR devices, including DigiEver DS-2105 Pro. ” reads the analysis published by Akamai.

Manufacturing

Manufacturing Malware Firmware IoT

Researchers warn of a surge in cyber attacks against Microsoft Exchange

Security Affairs

MARCH 12, 2021

Experts believe that cybercrime organizations and state-sponsored group could exploit the code in like attacks, ESET researchers pointed out that other threat actors, such as cybercrime Tick, LuckyMouse, and Calypso, had also been exploiting the ProxyLogon flaws before Microsoft addressed them. and also as DearCry. Pierluigi Paganini.

Cyber Attacks

Cyber Attacks Cybercrime Authentication Hacking

Microsoft warns TA505 changed tactic in an ongoing malware campaign

Security Affairs

FEBRUARY 2, 2020

Security experts from Microsoft have uncovered an ongoing p hishing campaign launched by the TA505 cybercrime gang (aka Evil Corp ) that is employing attachments featuring HTML redirectors for delivering malicious Excel docs. pic.twitter.com/mcRyEBUmQH — Microsoft Security Intelligence (@MsftSecIntel) January 30, 2020.

Malware

Malware Security Intelligence Banking Phishing

Cybercrime Forum Data Set for 2019 and 2021 – Free Direct Download Technical Collection Copy Available! Grab a Copy Today!

Security Boulevard

MAY 25, 2021

I've decided to make my Cybercrime Forum Data Set for 2019 and 2021 exclusively available online for free in order for me to speed the dissemination process and to possibly empower security researchers and vendors with the necessary information to help them stay on the top of their game in terms of current and emerging cyber threats including U.S

Cybercrime

Cybercrime Cyber threats Hacking Software

Microsoft, Italy and the Netherlands agencies warn of EMOTET campaigns

Security Affairs

SEPTEMBER 24, 2020

pic.twitter.com/POppQ51uMX — Microsoft Security Intelligence (@MsftSecIntel) September 22, 2020. Security experts pointed out that Emotet gang also sells access to these infected networks to other cybercrime organizations, such as ransomware operators.

Malware

Malware Passwords Advertising Ransomware

Vietnam-linked Bismuth APT leverages coin miners to stay under the radar

Security Affairs

DECEMBER 1, 2020

Learn how the group tried to stay under the radar using threats perceived to be less alarming: [link] — Microsoft Security Intelligence (@MsftSecIntel) November 30, 2020. The experts warn that nation-state actors are adopting TTPs associated with cybercrime gangs to make it hard the attack attribution.

Cryptocurrency

Cryptocurrency Antivirus Government Manufacturing

Threat actor has been targeting the aviation industry since at least 2018

Security Affairs

SEPTEMBER 18, 2021

Talos researchers believe that the group was able to remain under the radar using crypters that it bought on cybercrime forums. Our researchers are closely monitoring the campaign and will share additional info and investigation guidance through Microsoft 365 security center and Microsoft Threat Experts.

Malware

Malware Phishing DNS Cybercrime

Sysrv-K, a new variant of the Sysrv botnet includes new exploits

Security Affairs

MAY 15, 2022

Microsoft Security Intelligence team Microsoft reported that a new variant of the Sysrv botnet, tracked as Sysrv-K, now includes exploits for vulnerabilities in the Spring Framework and WordPress. — Microsoft Security Intelligence (@MsftSecIntel) May 13, 2022.

Security Intelligence

Security Intelligence Malware Backups Architecture

Multiple threat actors exploit PHP flaw CVE-2024-4577 to deliver malware

Security Affairs

JULY 11, 2024

Multiple threat actors exploit a recently disclosed security PHP flaw CVE-2024-4577 to deliver multiple malware families. ” reported Akamai.

Malware

Malware DDOS Internet Internet

Corona Mirai botnet spreads via AVTECH CCTV zero-day

Security Affairs

AUGUST 29, 2024

Akamai’s Security Intelligence and Response Team (SIRT) has detected a botnet campaign exploiting multiple previously known vulnerabilities and a newly discovered zero-day, tracked as CVE-2024-7029 (CVSS score: 8.7), in AVTECH CCTV cameras.

Firmware

Firmware Malware Security Intelligence Authentication

New InfectedSlurs Mirai-based botnet exploits two zero-days

Security Affairs

NOVEMBER 22, 2023

In October, Akamai’s Security Intelligence Response Team (SIRT) noticed an anomalous activity to the company’s honeypots targeting a rarely used TCP port. The researchers discovered the botnet in October 2023, but they believe it has been active since at least 2022.

DDOS

DDOS Wireless Security Intelligence Malware

HTML Smuggling technique used in phishing and malspam campaigns

Security Affairs

NOVEMBER 12, 2021

— Microsoft Security Intelligence (@MsftSecIntel) July 23, 2021. Attackers increasingly use HTML smuggling in phishing and other email campaigns to stealthily deliver threats, but Microsoft Defender Office 365’s detonation technology provides durable protection against this evasive delivery technique.

Phishing

Phishing Banking Passwords Malware

Akamai dealt with an 800Gbps ransom DDoS against a gambling company

Security Affairs

APRIL 1, 2021

The Akamai Security Intelligence Response Team’s threat advisory team revealed that crooks used a previously unseen DDoS attack vector that leveraged a networking protocol known as protocol 33, or Datagram Congestion Control Protocol (DCCP). ” Likely DDoS extortion attacks. Source Akamai).

DDOS

DDOS Security Intelligence Hacking Cybersecurity

A new Magecart campaign hides the malicious code in 404 error page

Security Affairs

OCTOBER 12, 2023

Researchers from the Akamai Security Intelligence Group uncovered a Magecart web skimming campaign that is manipulating the website’s default 404 error page to hide malicious code. Researchers observed a new Magecart web skimming campaign changing the websites’ default 404 error page to steal credit cards.

Retail

Retail Security Intelligence Hacking Software

Updated Kmsdx botnet targets IoT devices

Security Affairs

AUGUST 28, 2023

The Akamai Security Intelligence Response Team (SIRT) discovered a new version of the KmsdBot botnet that employed an updated Kmsdx binary targeting Internet of Things (IoT) devices. Researchers spotted an updated version of the KmsdBot botnet that is now targeting Internet of Things (IoT) devices.

IoT

IoT DDOS Architecture Internet

IT giants warn of ongoing Chromeloader malware campaigns

Security Affairs

SEPTEMBER 20, 2022

pic.twitter.com/v6sexKgDSg — Microsoft Security Intelligence (@MsftSecIntel) September 16, 2022. Microsoft researchers are tracking an ongoing wide-ranging click fraud campaign where attackers monetize clicks generated by a browser node-webkit or malicious browser extension secretly installed on devices.

Malware

Malware Adware Ransomware Security Intelligence

Hackers Also Have Financial Reporting And Quotas :)

Security Boulevard

JUNE 18, 2022

Security breaches cause foreseeable financial damage to the organization. In many cases, more significant than the amount spent on combined network security, cloud security, and artificial intelligence. The security office also analyzes the cost of cybercrime to the organization as a benchmark for investment and strategy.

Hacking

Hacking CISO Cybersecurity Banking

Microsoft partnered with other security firms to takedown TrickBot botnet

Security Affairs

OCTOBER 12, 2020

link] — Microsoft Security Intelligence (@MsftSecIntel) October 12, 2020. Microsoft took action against the Trickbot botnet, disrupting one of the world’s most persistent malware operations. In this blog, we detail the evolution of Trickbot, associated tactics, recent campaigns, and dive into the anatomy of a specific attack.

Malware

Malware Banking Advertising Financial Services

Top Cybersecurity Websites and Blogs for Compliance in 2024

Centraleyes

JULY 8, 2024

Krebs on Security Krebs on Security, authored by investigative journalist Brian Krebs, is known for its in-depth investigative reporting on cybercrime, data breaches, and security vulnerabilities. It’s hands-down essential reading for compliance professionals seeking a broader understanding of cybersecurity issues.

Cybersecurity

Cybersecurity Data breaches Data privacy Technology

Black Hat Asia 2022 Continued: Cisco Secure Integrations

Cisco Security

MAY 27, 2022

Donated Partner Threat Intelligence (correlated through SecureX). Recorded Future threat intelligence. threat intelligence. Open-Source Threat Intelligence (correlated through SecureX). CyberCrime Tracker. alphaMountain.ai Have I Been Pwned. IBM X-Force Exchange. Palo Alto Networks AutoFocus. About Black Hat.

Malware

Malware Accountability Technology DNS

Cyber Security Informer

Russian Cybercrime group is exploiting Zerologon flaw, Microsoft warns

Cybercrime gang FIN7 returned and was spotted delivering Clop ransomware

Trending Sources

Experts warn of mass exploitation of critical PHP flaw CVE-2024-4577

Microsoft warns about ongoing PonyFinal ransomware attacks

A new Mirai botnet variant targets DigiEver DS-2105 Pro DVRs

Researchers warn of a surge in cyber attacks against Microsoft Exchange

Microsoft warns TA505 changed tactic in an ongoing malware campaign

Cybercrime Forum Data Set for 2019 and 2021 – Free Direct Download Technical Collection Copy Available! Grab a Copy Today!

Microsoft, Italy and the Netherlands agencies warn of EMOTET campaigns

Vietnam-linked Bismuth APT leverages coin miners to stay under the radar

Threat actor has been targeting the aviation industry since at least 2018

Sysrv-K, a new variant of the Sysrv botnet includes new exploits

Multiple threat actors exploit PHP flaw CVE-2024-4577 to deliver malware

Corona Mirai botnet spreads via AVTECH CCTV zero-day

New InfectedSlurs Mirai-based botnet exploits two zero-days

HTML Smuggling technique used in phishing and malspam campaigns

Akamai dealt with an 800Gbps ransom DDoS against a gambling company

A new Magecart campaign hides the malicious code in 404 error page

Updated Kmsdx botnet targets IoT devices

IT giants warn of ongoing Chromeloader malware campaigns

Hackers Also Have Financial Reporting And Quotas :)

Microsoft partnered with other security firms to takedown TrickBot botnet

Top Cybersecurity Websites and Blogs for Compliance in 2024

Black Hat Asia 2022 Continued: Cisco Secure Integrations

Stay Connected