Security Affairs

OCTOBER 12, 2020

US government networks are under attack, threat actors chained VPN and Windows Zerologon flaws to gain unauthorized access to elections support systems. Recently Microsoft observed Iran-linked APT Mercury and the Russian cybercrime gang TA505 exploiting the Zerologon flaw in attacks in the wild. Pierluigi Paganini.

VPN 145

VPN Government Authentication Advertising 145

Security Affairs

NOVEMBER 20, 2021

The researchers believe that one reason that contributed to multiple ransomware-as-a-service (RaaS) operations shutting down this year ( Babuk , DarkSide , BlackMatter , REvil , Avaddon ) was that affiliates used low-level access sellers and brokers (RDP, vulnerable VPN, poor quality spam). ” concludes the analysis.

Cybercrime 136

Cybercrime Ransomware Banking Malware 136

Security Affairs

OCTOBER 29, 2024

Update software : Keep your operating system, security software, and firewall up to date to patch vulnerabilities. Consider extra security layers : Use additional protection like a VPN for safer online activity. The following authorities participated in the Operation Magnus.

Identity Theft 124

Identity Theft Passwords Malware Banking 124

Security Affairs

MAY 27, 2022

The FBI warns organizations in the higher education sector of credentials sold on cybercrime forums that can allow threat actors to access their networks. The FBI has observed incidents of stolen higher education credential information posted on publically accessible online forums or listed for sale on criminal marketplaces.

Cybercrime 145

Cybercrime Education Accountability Phishing 145

Security Affairs

NOVEMBER 3, 2021

Experts warn of the availability in the cybercrime underground of offers for initial access to networks of players in global supply chains. “It’s extremely beneficial that security teams in the shipping industry monitor and track adversaries, their tools and malicious behavior to stop attacks from these criminals.”

Cybercrime 133

Cybercrime VPN Ransomware Hacking 133

Security Affairs

JANUARY 18, 2022

Europol this week announced the shutdown of VPNLab, a VPN service that is very popular in the cybercrime ecosystem. An international operation conducted by law enforcement bodies from 10 countries took down VPNLab.net, a VPN service provider that is very popular in the cybercrime ecosystem. Europol said.

VPN 109

VPN Cybercrime Ransomware Advertising 109

Security Affairs

OCTOBER 3, 2023

Zscaler ThreatLabz researchers discovered a new malware-as-a-service (MaaS) that is called BunnyLoader, which has been advertised for sale in multiple cybercrime forums since September 4, 2023. The malware is also able to steal data from messaging apps and VPN clients. ” continues the report.

Advertising 138

Advertising Cybercrime Malware Cryptocurrency 138

Security Affairs

APRIL 7, 2025

Microsoft credited controversial actor EncryptHub, a lone actor with ties to cybercrime, for reporting two Windows flaws. In 2024, he shifted to cybercrime, starting with low-level roles in vishing and ransomware, later moving into malware and vulnerability research that drew wide attention.

Cybercrime 71

Cybercrime Malware Hacking VPN 71

Security Affairs

DECEMBER 11, 2021

Accenture researchers detailed the activity of a new sophisticated cybercrime group, called Karakurt, behind recent cyberattacks. The analysis of the attack chain associated with this threat actor revealed that it primarily leverages VPN credentials to gain initial access to the target’s network. group and karakurt[.]tech,

Cybercrime 113

Cybercrime VPN Ransomware Hacking 113

Krebs on Security

JULY 25, 2023

Proxy services can be used in a legitimate manner for several business purposes — such as price comparisons or sales intelligence — but they are massively abused for hiding cybercrime activity because they make it difficult to trace malicious traffic to its original source. SocksEscort began in 2009 as “ super-socks[.]com com , segate[.]org

Malware 237

Malware VPN Internet Internet 237

Security Affairs

NOVEMBER 3, 2024

Chinese threat actors use Quad7 botnet in password-spray attacks FBI arrested former Disney World employee for hacking computer menus and mislabeling allergy info Sophos details five years of China-linked threat actors’ activity targeting network devices worldwide PTZOptics cameras zero-days actively exploited in the wild New LightSpy spyware (..)

Cryptocurrency 109

Cryptocurrency Hacking Phishing Cyber Attacks 109

Security Affairs

JANUARY 14, 2025

The campaign likely began in November 2024, the campaign unfolded in four phases: vulnerability scanning (Nov 1623, 2024), reconnaissance (Nov 2227), SSL VPN setup (Dec 47), and lateral movement (Dec 1627). In the next phase (starting Dec 4, 2024), attackers targeted SSL VPN access by creating super admin accounts or hijacking existing ones.

Firewall 82

Firewall VPN Accountability Firmware 82

Security Affairs

FEBRUARY 20, 2025

The Orange Cyberdefense CERT investigated four attackers with a similar initial access vector consisting of thecompromise of a Check Point VPN appliance. The experts believe threat actors exploited the zero-dayCVE-2024-24919 in Check Point Security Gateways with Remote Access VPN or Mobile Access features.

Healthcare 85

Healthcare Ransomware VPN Malware 85

Security Affairs

JUNE 30, 2021

Law enforcement has seized the servers of DoubleVPN (doublevpn.com), a Russian-based VPN service that provides double-encryption service widely used by threat actors to anonymize their operation while performing malicious activities. The VPN service was offered for a starting price of €22 ($25). . Pierluigi Paganini.

VPN 141

VPN Cybercrime Encryption Advertising 141

Security Affairs

NOVEMBER 24, 2024

CISA adds Apple, Oracle Agile PLM bugs to its Known Exploited Vulnerabilities catalog More than 2,000 Palo Alto Networks firewalls hacked exploiting recently patched zero-days Ransomhub ransomware gang claims the hack of Mexican government Legal Affairs Office US DoJ charges five alleged members of the Scattered Spider cybercrime gang Threat actor (..)

Cybercrime 71

Cybercrime Artificial Intelligence Hacking VPN 71

Security Affairs

JUNE 17, 2021

UNC2465 cybercrime group that is affiliated with the Darkside ransomware gang has infected with malware the website of a CCTV camera vendor. Experts noticed that in this supply chain attack, UNC2465 did not deliver the Darkside ransomware as the final payload, but they not exclude that the cybercrime group could move to a new RaaS operation.

Cybercrime 111

Cybercrime Ransomware Software Antivirus 111

Security Affairs

MARCH 24, 2025

A cyberattack on the Virginia Attorney Generals Office forced officials to shut down IT systems, including email and VPN, and revert to paper filings. The breach was detected in February , leading to notifications to the FBI, Virginia State Police, and the Virginia Information Technologies Agency.

Ransomware 102

Ransomware Hacking Social Engineering VPN 102

Security Affairs

MARCH 14, 2025

“When the firewall had VPN capabilities, the threat actor created local VPN user accounts with names resembling legitimate accounts but with an added digit at the end. These newly created users were then added to the VPN user group, enabling future logins.” ” reads the report.

Firewall 66

Firewall Ransomware VPN Encryption 66

Security Affairs

NOVEMBER 29, 2022

The sensitive system information, system configurations, and network details might be further distributed over the darkweb. The post Threat actors are offering access to corporate networks via unauthorized Fortinet VPN access appeared first on Security Affairs. Pierluigi Paganini. SecurityAffairs – hacking, Fortinet).

VPN 104

VPN Firewall Authentication Internet 104

Security Affairs

NOVEMBER 28, 2023

In October 2022, CISA, the FBI, and the Department of Health and Human Services (HHS) warned that the Daixin Team cybercrime group is actively targeting U.S. The Daixin Team group gains initial access to victims through virtual private network (VPN) servers. The threat actors obtained the VPN credentials through phishing attacks.

Hacking 136

Hacking VPN Ransomware Cybercrime 136

Security Affairs

DECEMBER 1, 2024

CISA adds Array Networks AG and vxAG ArrayOS flaw to its Known Exploited Vulnerabilities catalog Thai police arrested Chinese hackers involved in SMS blaster attacks Zyxel firewalls targeted in recent ransomware attacks Malware campaign abused flawed Avast Anti-Rootkit driver Russia-linked APT TAG-110 uses targets Europe and Asia Russia-linked threat (..)

Cybercrime 71

Cybercrime Firewall Social Engineering Ransomware 71

Security Affairs

APRIL 2, 2020

Microsoft is sending notifications to dozens of hospitals about vulnerable VPN devices and gateways exposed online in their network. Microsoft is warning dozens of hospitals of the risks of ransomware attacks due to insecure VPN devices and gateways exposed online. ” reads the post published by Microsoft.

Ransomware 140

Ransomware VPN Healthcare Cyber Attacks 140

Webroot

MARCH 3, 2025

March is a time for leprechauns and four-leaf clovers, and as luck would have it, its also a time to learn how to protect your private data from cybercrime. During this time, many government agencies and consumer protection organizations come together to help educate consumers on how to keep their personal and financial information secure.

Consumer Protection 87

Consumer Protection Identity Theft Scams Social Engineering 87

The Last Watchdog

OCTOBER 24, 2022

. • Create security awareness for employees. One of the most important ways to protect against data breaches is to increase employee security awareness. Employees are the first line of defense against cybercrime and should understand how to recognize phishing emails and what to do if they suspect them. Use a corporate VPN.

Passwords 214

Passwords Security Awareness Data breaches Cybersecurity 214

Security Affairs

JUNE 2, 2024

Ticketmaster confirms data breach impacting 560 million customers Critical Apache Log4j2 flaw still threatens global finance Crooks stole more than $300M worth of Bitcoin from the exchange DMM Bitcoin ShinyHunters is selling data of 30 million Santander customers Over 600,000 SOHO routers were destroyed by Chalubo malware in 72 hours LilacSquid APT (..)

Data breaches 123

Data breaches VPN Cloud Migration Malware 123

Krebs on Security

MAY 22, 2023

This email address is also connected to accounts on several Russian cybercrime forums, including “ __edman__ ,” who had a history of selling “logs” — large amounts of data stolen from many bot-infected computers — as well as giving away access to hacked Internet of Things (IoT) devices.

Scams 303

Scams DDOS Cryptocurrency Accountability 303

Security Affairs

JANUARY 13, 2024

Akira ransomware targets Finnish organizations GitLab fixed a critical zero-click account hijacking flaw Juniper Networks fixed a critical RCE bug in its firewalls and switches Vast Voter Data Leaks Cast Shadow Over Indonesia ’s 2024 Presidential Election Researchers created a PoC for Apache OFBiz flaw CVE-2023-51467 Team Liquid’s wiki leak exposes (..)

VPN 131

VPN Cybercrime Ransomware Hacking 131

Security Affairs

NOVEMBER 8, 2023

In October, CISA, the FBI, and the Department of Health and Human Services (HHS) warned that the Daixin Team cybercrime group is actively targeting U.S. The Daixin Team group gains initial access to victims through virtual private network (VPN) servers. The threat actors obtained the VPN credentials through phishing attacks.

Ransomware 137

Ransomware Healthcare VPN Insurance 137

Security Affairs

SEPTEMBER 10, 2023

US CISA added critical Apache RocketMQ flaw to its Known Exploited Vulnerabilities catalog Ragnar Locker gang leaks data stolen from the Israel’s Mayanei Hayeshua hospital North Korea-linked threat actors target cybersecurity experts with a zero-day Zero-day in Cisco ASA and FTD is actively exploited in ransomware attacks Nation-state actors (..)

DDOS 130

DDOS VPN Data breaches Cybercrime 130

Security Affairs

JULY 2, 2024

“The man, 42, is expected to appear in Perth Magistrates Court today (28 June, 2024) to face nine charges for alleged cybercrime offences.” These harvested cfedentials could be used to access victims’ personal information and bank details. ” AFP Western Command Cybercrime Detective Inspector Andrea Coleman said.

Wireless 127

Wireless Cybercrime Banking VPN 127

Security Affairs

APRIL 28, 2024

From March 18, 2024, to April 16, 2024, Duo Security and Cisco Talos observed large-scale brute-force attacks against a variety of targets, including VPN services, web application authentication interfaces and SSH services.

VPN 139

VPN Accountability Firewall Data breaches 139

Security Affairs

JULY 11, 2020

A jury found Russian hacker Yevgeniy Nikulin guilty for the hack of LinkedIn, Dropbox, and Formspring back in 2012 and for the sale of the stolen data on cybercrime black marketplaces. The data stolen by Nikulin were available on the cybercrime underground between 2015 and 2016, they were offered for sale by multiple traders.

Hacking 116

Hacking Cybercrime Data breaches Advertising 116

Security Affairs

NOVEMBER 11, 2021

The Federal Bureau of Investigation (FBI) issued a private industry notification (PIN) to warn private industry partners that Iran-linked threat actors are attempting to buy stolen information belonging to US businesses and organizations abroad. Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

VPN 112

VPN Cybercrime Passwords Firewall 112

Security Affairs

AUGUST 21, 2020

Hackers aim at collecting login credentials for networks of the target organizations, then they attempt to monetize their efforts by selling access to corporate resources in the cybercrime underground. “The actors then convinced the targeted employee that a new VPN link would be sent and required their login, including any 2FA or OTP.”

Social Engineering 140

Social Engineering VPN Phishing Authentication 140

Security Affairs

SEPTEMBER 1, 2020

The Iranian hacker group has been attacking corporate VPNs over the past months, they have been hacking VPN servers to plant backdoors in companies around the world targeting Pulse Secure , Fortinet , Palo Alto Networks , and Citrix VPNs. ” reads the report published by Crowdstrike.

Hacking 129

Hacking VPN Advertising Government 129

Security Affairs

OCTOBER 3, 2019

Cybercrime is a prolific business, criminal organizations continues to make profits with illegal activities in the cyberspace, but police are ready to contrast them. Crooks were preserving their anonymity using VPN and TOR services. SecurityAffairs – bot farm, cybercrime). “Cyber ?? Pierluigi Paganini.

Cybercrime 111

Cybercrime VPN Advertising Accountability 111

Security Affairs

NOVEMBER 4, 2020

KPOT Stealer is a “stealer” malware that focuses on exfiltrating account information and other data from web browsers, instant messengers, email, VPN, RDP, FTP, cryptocurrency, and gaming software. The KPOT Stealer was written in C/C++, it was offered in the cybercrime underground as a Malware-as-a-Service (MaaS).

Ransomware 145

Ransomware Malware Advertising Cybercrime 145