Cybercrime, Malware and Security Intelligence

Russian Cybercrime group is exploiting Zerologon flaw, Microsoft warns

Security Affairs

OCTOBER 10, 2020

Microsoft has uncovered Zerologon attacks that were allegedly conducted by the infamous TA505 Russia-linked cybercrime group. Microsoft spotted a series of Zerologon attacks allegedly launched by the Russian cybercrime group tracked as TA505 , CHIMBORAZO and Evil Corp. states Microsoft. We strongly recommend patching.

Cybercrime

Cybercrime Security Intelligence Authentication Banking

Anubis, a new info-stealing malware spreads in the wild

Security Affairs

AUGUST 27, 2020

Microsoft warned of a recently uncovered piece of malware, tracked as Anubis that was designed to steal information from infected systems. This week, Microsoft warned of a recently uncovered piece of malware, tracked as Anubis, that was distributed in the wild to steal information from infected systems. Pierluigi Paganini.

Malware

Malware Advertising Cryptocurrency Cybercrime

A new Mirai botnet variant targets DigiEver DS-2105 Pro DVRs

Security Affairs

DECEMBER 26, 2024

In November 2024, the Akamai Security Intelligence Research Team (SIRT) observed increased activity targeting the URI /cgi-bin/cgi_main.cgi , linked to a Mirai-based malware campaign exploiting an unassigned RCE vulnerability in DVR devices, including DigiEver DS-2105 Pro. ” reads the analysis published by Akamai.

Manufacturing

Manufacturing Malware Firmware IoT

Webinars

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

MORE WEBINARS

Cybercrime gang FIN7 returned and was spotted delivering Clop ransomware

Security Affairs

MAY 20, 2023

Researchers at Microsoft Security Intelligence team published a series of tweets to warn of a new wave of attacks aimed at distributing the Clop ransomware and linked it to the financially motivated cybercriminal group Sangria Tempest (ELBRUS, FIN7 ). They then use OpenSSH and Impacket to move laterally and deploy Clop ransomware.

Cybercrime

Cybercrime Ransomware Security Intelligence Hacking

Multiple threat actors exploit PHP flaw CVE-2024-4577 to deliver malware

Security Affairs

JULY 11, 2024

Multiple threat actors exploit a recently disclosed security PHP flaw CVE-2024-4577 to deliver multiple malware families. The botnet shell script downloads an ELF file named “pty3” from a different IP address, likely a sample of Muhstik malware. ” reported Akamai.

Malware

Malware DDOS Internet Internet

Microsoft warns TA505 changed tactic in an ongoing malware campaign

Security Affairs

FEBRUARY 2, 2020

Security experts from Microsoft have uncovered an ongoing p hishing campaign launched by the TA505 cybercrime gang (aka Evil Corp ) that is employing attachments featuring HTML redirectors for delivering malicious Excel docs. In contrast, past Dudear email campaigns carried the malware as attachment or used malicious URLs.

Malware

Malware Security Intelligence Banking Phishing

Experts warn of mass exploitation of critical PHP flaw CVE-2024-4577

Security Affairs

MARCH 10, 2025

Cybersecurity and Infrastructure Security Agency (CISA) added the the vulnerability to its Known Exploited Vulnerabilities (KEV) catalog. reported Akamai.

DDOS

DDOS Security Intelligence Malware Hacking

IT giants warn of ongoing Chromeloader malware campaigns

Security Affairs

SEPTEMBER 20, 2022

VMware and Microsoft are warning of a widespread Chromeloader malware campaign that distributes several malware families. The malware is able to redirect the user’s traffic and hijacking user search queries to popular search engines, including Google, Yahoo, and Bing. SecurityAffairs – hacking, malware).

Malware

Malware Adware Ransomware Security Intelligence

Microsoft, Italy and the Netherlands agencies warn of EMOTET campaigns

Security Affairs

SEPTEMBER 24, 2020

New Zealand’s Computer Emergency Response Team (CERT) also published a security alert warning of spam campaigns spreading the Emotet threat. jp) email addresses that have been infected with the infamous malware and that can be employed in further spam campaigns. Today was only about a dozen replychain and nothing else.

Malware

Malware Passwords Advertising Ransomware

Microsoft warns about ongoing PonyFinal ransomware attacks

Security Affairs

MAY 27, 2020

pic.twitter.com/Q3BMs7fSvx — Microsoft Security Intelligence (@MsftSecIntel) May 27, 2020. Human-operated ransomware is a technique usually employed in nation-state attacks that is becoming very popular in the cybercrime ecosystem. — Microsoft Security Intelligence (@MsftSecIntel) May 27, 2020.

Ransomware

Ransomware Security Intelligence Encryption Advertising

Threat actor has been targeting the aviation industry since at least 2018

Security Affairs

SEPTEMBER 18, 2021

The group is suspected to have been running successful malware campaigns for more than five years. The attackers have used off-the-shelf malware since the beginning of their operations and have never developed their own malware. — Microsoft Security Intelligence (@MsftSecIntel) May 11, 2021.

Malware

Malware Phishing DNS Cybercrime

Researchers warn of a surge in cyber attacks against Microsoft Exchange

Security Affairs

MARCH 12, 2021

Experts believe that cybercrime organizations and state-sponsored group could exploit the code in like attacks, ESET researchers pointed out that other threat actors, such as cybercrime Tick, LuckyMouse, and Calypso, had also been exploiting the ProxyLogon flaws before Microsoft addressed them. and also as DearCry.

Cyber Attacks

Cyber Attacks Cybercrime Authentication Hacking

2022: The threat landscape is paved with faster and more complex attacks with no signs of stopping

Webroot

JANUARY 7, 2022

The cybercrime marketplace also continued to get more robust while the barrier to entry for malicious actors continued to drop. This has created a perfect breeding ground for aspiring cybercriminals and organized cybercrime groups that support newcomers with venture capitalist-style funding. Malware made leaps and bounds in 2021.

Cybercrime

Cybercrime Ransomware Phishing Cryptocurrency

Cybercriminals Exploit Legitimate Windows Tool for Cryptojacking

Penetration Testing

SEPTEMBER 10, 2024

The AhnLab Security Intelligence Center (ASEC) has uncovered a concerning trend in cybercrime involving the misuse of Binary Managed Object Files (BMOFs) for the distribution of XMRig, a notorious cryptocurrency... The post Cybercriminals Exploit Legitimate Windows Tool for Cryptojacking appeared first on Cybersecurity News.

Cryptocurrency

Cryptocurrency Cybercrime Security Intelligence Cybersecurity

Cybercriminal on Cybercriminal Crime: Ransomware Hijacks CoinMiner

Penetration Testing

JUNE 5, 2024

In an unexpected twist of cybercrime, security researchers at AhnLab Security Intelligence Center (ASEC) have revealed a bizarre case of one criminal gang inadvertently aiding another.

Ransomware

Ransomware Cybercrime Security Intelligence Malware

Corona Mirai botnet spreads via AVTECH CCTV zero-day

Security Affairs

AUGUST 29, 2024

Akamai’s Security Intelligence and Response Team (SIRT) has detected a botnet campaign exploiting multiple previously known vulnerabilities and a newly discovered zero-day, tracked as CVE-2024-7029 (CVSS score: 8.7), in AVTECH CCTV cameras. ” continues the report.

Firmware

Firmware Malware Security Intelligence Authentication

Sysrv-K, a new variant of the Sysrv botnet includes new exploits

Security Affairs

MAY 15, 2022

Microsoft Security Intelligence team Microsoft reported that a new variant of the Sysrv botnet, tracked as Sysrv-K, now includes exploits for vulnerabilities in the Spring Framework and WordPress. — Microsoft Security Intelligence (@MsftSecIntel) May 13, 2022.

Security Intelligence

Security Intelligence Malware Backups Architecture

Vietnam-linked Bismuth APT leverages coin miners to stay under the radar

Security Affairs

DECEMBER 1, 2020

Learn how the group tried to stay under the radar using threats perceived to be less alarming: [link] — Microsoft Security Intelligence (@MsftSecIntel) November 30, 2020. The experts warn that nation-state actors are adopting TTPs associated with cybercrime gangs to make it hard the attack attribution.

Cryptocurrency

Cryptocurrency Antivirus Manufacturing Government

Cybercrime Forum Data Set for 2019 and 2021 – Free Direct Download Technical Collection Copy Available! Grab a Copy Today!

Security Boulevard

MAY 25, 2021

I've decided to make my Cybercrime Forum Data Set for 2019 and 2021 exclusively available online for free in order for me to speed the dissemination process and to possibly empower security researchers and vendors with the necessary information to help them stay on the top of their game in terms of current and emerging cyber threats including U.S

Cybercrime

Cybercrime Cyber threats Hacking Software

HTML Smuggling technique used in phishing and malspam campaigns

Security Affairs

NOVEMBER 12, 2021

— Microsoft Security Intelligence (@MsftSecIntel) July 23, 2021. HTML smuggling is a highly evasive technique for malware delivery that leverages legitimate HTML5 and JavaScript features. The malicious payloads are delivered via encoded strings in an HTML attachment or webpage.

Phishing

Phishing Banking Passwords Malware

GUEST ESSAY: How SIEMS, UEBAs fall short in today’s turbulent threat landscape

The Last Watchdog

JULY 30, 2018

More than 230,000 new malware samples are launched every day. And the cost of damage directly related to cybercrime is adding up, expected to reach $6 trillion by 2021. Over the past decade, cyber security solutions have evolved into specific categories of solutions. Understanding today’s cybersecurity landscape is complex.

CISO

CISO Cyber Attacks Data collection Cybersecurity

New InfectedSlurs Mirai-based botnet exploits two zero-days

Security Affairs

NOVEMBER 22, 2023

In October, Akamai’s Security Intelligence Response Team (SIRT) noticed an anomalous activity to the company’s honeypots targeting a rarely used TCP port. The InfectedSlurs is based on the JenX Mirai malware variant that in 2018 leveraged the Grand Theft Auto videogame community to infect devices.

DDOS

DDOS Wireless Security Intelligence Malware

Microsoft partnered with other security firms to takedown TrickBot botnet

Security Affairs

OCTOBER 12, 2020

The security firms have collected more than 125,000 TrickBot malware samples and mapped the command and control infrastructure. The TrickBot botnet was considered by security experts one of the biggest botnets. Microsoft took action against the Trickbot botnet, disrupting one of the world’s most persistent malware operations.

Malware

Malware Banking Advertising Financial Services

Updated Kmsdx botnet targets IoT devices

Security Affairs

AUGUST 28, 2023

The Akamai Security Intelligence Response Team (SIRT) discovered a new version of the KmsdBot botnet that employed an updated Kmsdx binary targeting Internet of Things (IoT) devices. The malware was employed in cryptocurrency mining campaigns and to launch denial-of-service (DDoS) attacks.

IoT

IoT DDOS Architecture Internet

Meeting Customers Where They Are …. And Where They Don’t Want to Be

Cisco Security

SEPTEMBER 30, 2021

In addition to creating a complex and dynamic network, hybrid work expanded the attack surface exponentially, making networking and security difficult to manage—further fueling the cybercrime epidemic and opening the floodgates to additional cybersecurity-related challenges. Seeking a secure and simple solution.

Marketing

Marketing Firewall Cyber threats Cybercrime

Black Hat Asia 2022 Continued: Cisco Secure Integrations

Cisco Security

MAY 27, 2022

Malware Threat Intelligence made easy and available, with Cisco Secure Malware Analytics and SecureX by Ben Greenbaum . SecureX: Bringing Threat Intelligence Together by Ian Redden . Secure Endpoint for iOS/Security Connector . Secure Malware Analytics (formerly Threat Grid) .

Malware

Malware Accountability Technology DNS

A new Magecart campaign hides the malicious code in 404 error page

Security Affairs

OCTOBER 12, 2023

Researchers from the Akamai Security Intelligence Group uncovered a Magecart web skimming campaign that is manipulating the website’s default 404 error page to hide malicious code. Researchers observed a new Magecart web skimming campaign changing the websites’ default 404 error page to steal credit cards.

Retail

Retail Security Intelligence Hacking Software

Akamai dealt with an 800Gbps ransom DDoS against a gambling company

Security Affairs

APRIL 1, 2021

The Akamai Security Intelligence Response Team’s threat advisory team revealed that crooks used a previously unseen DDoS attack vector that leveraged a networking protocol known as protocol 33, or Datagram Congestion Control Protocol (DCCP). ” Likely DDoS extortion attacks. Source Akamai).

DDOS

DDOS Security Intelligence Hacking Cybersecurity

Top Cybersecurity Websites and Blogs for Compliance in 2024

Centraleyes

JULY 8, 2024

Graham Cluley Blog Graham Cluley’s blog is a trusted source for cybersecurity insights, covering a wide range of topics including data breaches, malware threats, and compliance issues. WeLiveSecurity WeLiveSecurity, published by ESET, provides authoritative security news and insights from researchers and experts worldwide.

Cybersecurity

Cybersecurity Data breaches Data privacy Technology

CSC Research Finds Third Parties Continue to Lay Groundwork for Malicious Activity Among Thousands of COVID-Related Domains

CyberSecurity Insiders

JANUARY 25, 2022

Of the dormant domains, most concerning is that nearly 33% are configured to send and receive email with active MX records, which can provide bad actors a launch pad to conduct malicious attacks against brands and consumers through phishing or malware attacks. “At At CSC, we believe domain security intelligence is power.

Artificial Intelligence

Artificial Intelligence Phishing Technology DNS

Cyber Security Informer

Russian Cybercrime group is exploiting Zerologon flaw, Microsoft warns

Anubis, a new info-stealing malware spreads in the wild

Webinars

Trending Sources

A new Mirai botnet variant targets DigiEver DS-2105 Pro DVRs

Webinars

Cybercrime gang FIN7 returned and was spotted delivering Clop ransomware

Multiple threat actors exploit PHP flaw CVE-2024-4577 to deliver malware

Microsoft warns TA505 changed tactic in an ongoing malware campaign

Experts warn of mass exploitation of critical PHP flaw CVE-2024-4577

IT giants warn of ongoing Chromeloader malware campaigns

Microsoft, Italy and the Netherlands agencies warn of EMOTET campaigns

Microsoft warns about ongoing PonyFinal ransomware attacks

Threat actor has been targeting the aviation industry since at least 2018

Researchers warn of a surge in cyber attacks against Microsoft Exchange

2022: The threat landscape is paved with faster and more complex attacks with no signs of stopping

Cybercriminals Exploit Legitimate Windows Tool for Cryptojacking

Cybercriminal on Cybercriminal Crime: Ransomware Hijacks CoinMiner

Corona Mirai botnet spreads via AVTECH CCTV zero-day

Sysrv-K, a new variant of the Sysrv botnet includes new exploits

Vietnam-linked Bismuth APT leverages coin miners to stay under the radar

Cybercrime Forum Data Set for 2019 and 2021 – Free Direct Download Technical Collection Copy Available! Grab a Copy Today!

HTML Smuggling technique used in phishing and malspam campaigns

GUEST ESSAY: How SIEMS, UEBAs fall short in today’s turbulent threat landscape

New InfectedSlurs Mirai-based botnet exploits two zero-days

Microsoft partnered with other security firms to takedown TrickBot botnet

Updated Kmsdx botnet targets IoT devices

Meeting Customers Where They Are …. And Where They Don’t Want to Be

Black Hat Asia 2022 Continued: Cisco Secure Integrations

A new Magecart campaign hides the malicious code in 404 error page

Akamai dealt with an 800Gbps ransom DDoS against a gambling company

Top Cybersecurity Websites and Blogs for Compliance in 2024

CSC Research Finds Third Parties Continue to Lay Groundwork for Malicious Activity Among Thousands of COVID-Related Domains

Stay Connected