Security Affairs
Expert warns of Turtle macOS ransomware
The popular cybersecurity researcher Patrick Wardle dissected the new macOS ransomware Turtle used to target Apple devices.
The Hacker News
CACTUS Ransomware Exploits Qlik Sense Vulnerabilities in Targeted Attacks
A CACTUS ransomware campaign has been observed exploiting vulnerabilities in the Qlik Sense cloud analytics and business intelligence platform.
Cyber Security News
Cybercriminals are Showing Hesitation to Utilize AI When Executing Cyber Attacks
Media reports highlight the sale of LLMs like WormGPT and FraudGPT on underground forums for cyberattacks.
The Hacker News
How Hackers Phish for Your Users' Credentials and Sell Them
Did you know that a single stolen credential can jeopardize your entire network? Protect your organization against sophisticated phishing attacks. Lea
Krebs on Security
ID Theft Service Resold Access to USInfoSearch Data
One of the cybercrime underground's more active sellers of Social Security numbers, background and credit reports has been pulling data from hacked accounts at the U.S. consumer data broker USinfoSearch, KrebsOnSecurity has learned.
Security Affairs
Security Affairs newsletter Round 447 by Pierluigi Paganini
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you.
The Hacker News
Cybercriminals Using Telekopye Telegram Bot to Craft Phishing Scams on a Grand Scale
Beware of Telekopye: The malicious Telegram bot used by the "Neanderthals" for large-scale phishing scams. It crafts phishing websites and emails.
The Record
Report claims to reveal identity of Russian hacktivist leader
Killmilk is a 30-year-old Russian citizen, according to the news site Gazeta.ru. The report has drawn extra scrutiny to Killnet, known for DDoS attacks on Western targets.
Trend Micro
Attack Signals Possible Return of Genesis Market, Abuses Node.js, and EV Code Signing
The Trend Micro Managed XDR team encountered malicious operations that used techniques similar to the ones used by Genesis Market, a website for facilitating fraud that was taken down in April 2023.
Cyber Security News
LummaC2 Employs Trigonometry to Track Mouse Movements
MaaS (Malware-as-a-Service) thrives as a top choice for new cyber threats, offering easy access to powerful tools. Threat actors primarily focus on information theft under Maas, specializing in stealing and leaking sensitive data from hacked devices.
CyberNews
Cybersecurity analyst disowns threat actor ‘twin’
Vx-Underground is a regular fixture on Twitter, aka X, regularly posting bulletins regarding threat actors.
Bleeping Computer
VX-Underground malware collective framed by Phobos ransomware
A new Phobos ransomware variant frames the popular VX-Underground malware-sharing collective, indicating the group is behind attacks using the encryptor.
Infosecurity News
Infostealer Lumma Evolves With New Anti-Sandbox Method
Outpost24 explained the technique relies on trigonometry to discern genuine human behavior
Bleeping Computer
Lumma Stealer malware now uses trigonometry to evade detection
The Lumma information-stealing malware is now using an interesting tactic to evade detection by security software - the measuring of mouse movements using trigonometry to determine if the malware is running on a real machine or an antivirus sandbox.
The Hacker News
LummaC2 Malware Deploys New Trigonometry-Based Anti-Sandbox Technique
New LummaC2 malware uses trigonometry-based tactic to differentiate between users and security systems, evading sandboxes and security analyses.
Cyber Security News
Weekly Cyber Security News Roundup for the Week of November 13th to 18th
Welcome to the Cyber Security News Recap, a weekly publication by Cyber Writes. Our aim is to bring you up-to-date information on the latest developments in the field of cybersecurity.
DarkReading
Actions to Take to Defeat Initial Access Brokers
Initial access brokers (IAB) are often difficult to track. This Tech Tip spells out some countermeasures enterprises need to defend against stolen credentials.
CyberNews
MESVision attack exposes nearly 350K individuals
MESVision fell victim in MOVEit Trasnfer hack, exposing hundreds of thousands of victims.
Bleeping Computer
Fraud researchers impersonated on X to push crypto-stealing sites
Multiple fake accounts impersonating cryptocurrency scam investigators and blockchain security companies are promoting phishing pages to drain wallets in an ongoing campaign on X (former Twitter).
Bleeping Computer
Fraudsters make $50,000 a day by spoofing crypto researchers
Multiple fake accounts impersonating cryptocurrency scam investigators and blockchain security companies are promoting phishing pages to drain wallets in an ongoing campaign on X (former Twitter).
Security Affairs
Nuclear and Oil & Gas are Major Targets of Ransomware Groups in 2024
Experts warn of an alarming rise in ransomware operations targeting the energy sector, including nuclear facilities and related research entities.
The Hacker News
CISA Sets a Deadline - Patch Juniper Junos OS Flaws Before November 17
Juniper Junos OS vulnerabilities can lead to remote code execution. CISA has set a Nov 17, 2023 deadline to secure against Juniper Junos OS vulnerabil
The Hacker News
Major Phishing-as-a-Service Syndicate 'BulletProofLink' Dismantled by Malaysian Authorities
Malaysian authorities, with help from the AFP and FBI, shut down the notorious phishing-as-a-service (PhaaS) operation, BulletProofLink.
CyberNews
ICBC, China’s largest bank, hit with ransomware
Industrial and Commercial Bank of China was hit with ransomware attack, disrupting the US Treasury market.
Bleeping Computer
Industrial and Commercial Bank of China hit by ransomware attack
The Industrial & Commercial Bank of China (ICBC) is restoring systems and services following a ransomware attack that disrupted the U.S. Treasury market, causing equities clearing issues.
Bleeping Computer
World’s largest commercial bank ICBC confirms ransomware attack
The Industrial & Commercial Bank of China (ICBC) is restoring systems and services following a ransomware attack that disrupted the U.S. Treasury market, causing equities clearing issues.
CyberNews
Dolly.com pays ransom, attackers release data anyway
Dolly.com was attacked, paid the ransom, but attackers still published its data.
Cyber Security News
Google Calendar RAT Abusing Calendar Events to Create Red Teaming Infrastructure
Google Calendar RAT is a proof of concept for Command & Control . It's useful when setting up a full red teaming infrastructure.
The Record
Industrial and Commercial Bank of China dealing with LockBit ransomware attack
The ransomware attack on China's largest bank impacted trading on the U.S. Treasury market.
The Record
Ransomed.vc gang claims to shut down after six affiliates allegedly arrested
A Telegram account claiming to be behind the operation initially tried to sell the ransomware tools, before saying the group was shutting down for good this week.
Bleeping Computer
Russian-speaking threat actor "farnetwork" linked to 5 ransomware gangs
The operator of the Nokoyawa ransomware-as-a-service (RaaS), a threat actor known as 'farnetwork', built experience over the years by helping the JSWORM, Nefilim, Karma, and Nemty affiliate programs with malware development and operation management.
Infosecurity News
Threat Actor Farnetwork Linked to Five Ransomware Schemes
Group-IB lifts the lid on prolific cyber-criminal
The Hacker News
Experts Expose Farnetwork's Ransomware-as-a-Service Business Model
Cybersecurity experts unmask 'farnetwork', a Russian-speaking cybercriminal linked to 5 different ransomware-as-a-service (RaaS) programs.
Cyber Security News
RedLine Malware Steals Sensitive Data and Installs More Malware
Researchers from Any Run saw again its active activity intended to develop to steal, cause financial loss, and data, targeting both enterprise and personal devices.
Cyber Security News
Hackers Bypassing "Restricted Settings" in Android 13 to Drop Malware Securely
The ever-changing landscape of mobile security is a constant battle between security researchers and malicious actors.
DarkReading
Virtual Kidnapping: AI Tools Are Enabling IRL Extortion Scams
With AI and publicly available data, cybercriminals have the resources they need to fake a real-life kidnapping and make you believe it.
The Hacker News
New Jupyter Infostealer Version Emerges with Sophisticated Stealth Tactics
Jupyter Infostealer is back with stealthy changes. Cyber attackers use manipulated SEO tactics to trick users into downloading malware.
The Hacker News
Google Warns How Hackers Could Abuse Calendar Service as a Covert C2 Channel
Google warns of hackers exploiting its Calendar service to host command-and-control (C2) infrastructure.
The Hacker News
NodeStealer Malware Hijacking Facebook Business Accounts for Malicious Ads
Cybercriminals are using compromised business accounts to lure victims with "revealing photos of young women," distributing NodeStealer malware.
CSO
Boeing systems hit in reported Lockbit cyberattack
Boeing has confirmed that an "incident" has occurred, after reports surfaced that the Lockbit ransomware group has claimed to have exfiltrated sensitive data from the aerospace giant.
SecurityWeek
Boeing Confirms Distribution Business Hit by Cyberattack
Boeing has confirmed a cyberattack after a ransomware group claimed to have breached the company’s systems.
Cyber Security News
Boeing Admits Cyberattack; Lockbit Claims Zero-Day Exploit Was Used to Gain Access
Boeing, the aerospace industry leader, has recently reported a cyberattack on its systems. The attack primarily targeted the company's parts and distribution business.
The Record
Boeing says cyber incident affects parts and distribution business
"We are aware of a cyber incident impacting elements of our parts and distribution business," a spokesperson told Recorded Future News. "This issue does not affect flight safety.”
Krebs on Security
Russian Reshipping Service ‘SWAT USA Drop’ Exposed
One of the largest cybercrime services for laundering stolen merchandise was hacked recently, exposing its internal operations, finances and organizational structure. Here’s a closer look at the Russia-based SWAT USA Drop Service, which currently employs more than 1,200 people across…
The Hacker News
Researchers Expose Prolific Puma's Underground Link Shortening Service
Meet "Prolific Puma," the secretive threat actor behind a dangerous link shortening service with thousands of malicious domains used for phishing.
The Record
Major Mexican airport confirms experts are working to address cyberattack
The Querétaro Intercontinental Airport — about three hours from Mexico City — posted on social media that it was responding to an unspecified incident.
DarkReading
Malware 'Meal Kits' Serve Up No-Fuss RAT Attacks
The wider availability of turnkey cyberattack kits in the criminal underground is leading to a glut of campaigns using remote access Trojans (RATs).
Bleeping Computer
Massive cybercrime URL shortening service uncovered via DNS data
A threat actor that security researchers call Prolific Puma has been providing link shortening services to cybercriminals for at least four years while keeping a sufficiently low profile to operate undetected.
Cyber Security News
815 Million Indians' Aadhaar Data Exposed on the Dark Web
Millions of Indians have had their personal information compromised, including their Aadhaar and its details.
Ars Technica
Microsoft profiles new threat group with unusual but effective practices
Octo Tempest employs tactics that many of its targets aren't prepared for.
Trend Micro
How Kopeechka, an Automated Social Media Accounts Creation Service, Can Facilitate Cybercrime
This report explores the Kopeechka service and gives a detailed technical analysis of the service’s features and capabilities and how it can help cybercriminals to achieve their goals.
The Hacker News
Microsoft Warns as Scattered Spider Expands from SIM Swaps to Ransomware
New research reveals how the zero-day financial criminal group Scattered Spider leverages sophisticated phishing, SIM swapping, and help desk fraud ta
The Record
MGM Resorts hackers 'one of the most dangerous financial criminal groups’
Octo Tempest, a hacking group also known as Scattered Spider, has been in the limelight since its attack on MGM Resorts left parts of Las Vegas paralyzed for days and cost the casino giant an estimated $100 million.
The Record
Ukraine’s deputy minister of digital transformation on building a military tech sector from scratch
On a recent trip to Ukraine, Click Here spoke with Ukraine's Alex Bornyakov about the country's booming drone sector and the Brave1 initiative, which aims to get innovative weapons into the hands of soldiers in a matter of weeks, not months.
The Hacker News
Malvertising Campaign Targets Brazil's PIX Payment System with GoPIX Malware
Brazil's popular PIX payment system is under attack! Cybercriminals are using a new malware, GoPIX, to target users searching for "WhatsApp web."
Ars Technica
RIP to my 8-port Unifi switch after years and years of Texas outdoor temps
Turns out that only lightning could kill the otherwise-unkillable US-8-150W.
Infosecurity News
US Charge Man with Running Stolen Credentials Marketplace
Authorities believe the E-Root marketplace listed more than 350,000 computer credentials for sale
Infosecurity News
Growing Concern Over Role of Hacktivism in Israel-Hamas Conflict
Hacktivists claim DDoS attacks against Israeli websites as cybersecurity experts urge caution in believing these cyber-criminals’ claims
Trend Micro
Beware Lumma Stealer Distributed via Discord CDN
This blog discusses how threat actors abuse Discord’s content delivery network (CDN) to host and spread Lumma Stealer, and talks about added capabilities to the information stealing malware.
Bleeping Computer
DarkGate malware spreads through compromised Skype accounts
Between July and September, DarkGate malware attacks have used compromised Skype accounts to infect targets through messages containing VBA loader script attachments.
The Hacker News
New PEAPOD Cyberattack Campaign Targeting Women Political Leaders
A new cyber campaign targets EU military & political leaders focusing on gender equality. The cyber collective behind it blurs lines between financial
The Hacker News
DarkGate Malware Spreading via Messaging Services Posing as PDF Files
DarkGate malware is now spreading through instant messaging apps like Skype & Microsoft Teams.
Trend Micro
Void Rabisu Targets Female Political Leaders with New Slimmed-Down ROMCOM Variant
Almost a year after Void Rabisu shifted its targeting from opportunistic ransomware attacks with an emphasis on cyberespionage, the threat actor is still developing its main malware, the ROMCOM backdoor.
DarkReading
DarkGate Operator Uses Skype, Teams Messages to Distribute Malware
A plurality of the targets in the ongoing campaign have been based in the Americas.
Trend Micro
DarkGate Opens Organizations for Attack via Skype, Teams
We detail an ongoing campaign abusing messaging platforms Skype and Teams to distribute the DarkGate malware to targeted organizations. We also discovered that once DarkGate is installed on the victim’s system, additional payloads were introduced to the environment.
CSO
Microsoft, American Express most spoofed brands in financial services phishing emails
Research discovers “interesting developments” in the delivery methods, techniques, themes, and targeted brands of email phishing against financial services.
The Record
Exclusive: Inside Ukraine’s secret drone factories
The Click Here podcast team goes inside Ukraine’s military drone industry, where entrepreneurs are putting innovative weapons into the hands of soldiers in a matter of weeks, not months.
CSO
Veza releases new IGA solution to enhance identity security
The solution manages access authorization based on roles and permissions, not users or groups.
The Record
Microsoft: Human-operated ransomware attacks tripled over past year
Human-operated attacks typically involve the active abuse of remote monitoring and management tools. Microsoft said its data could point to a shift in how the cybercrime underground works.
Cyber Security News
New Android Banking Malware Pose as Government App to Target Users
In the cybercrime landscape, researchers at Securelist have also reported on new Lumma stealer and Zanubis Android banking malware versions.
Infosecurity News
BunnyLoader Malware Targets Browsers and Cryptocurrency
Coded in C/C++, the tool is a fileless loader that conducts malicious activities in memory
The Hacker News
BunnyLoader: New Malware-as-a-Service Threat Emerges in the Cybercrime Underground
BunnyLoader, the latest malware-as-a-service, is up for sale in the dark web. It can steal your data, replace your crypto address
SecurityWeek
Johnson Controls Hit by Ransomware
Johnson Controls has confirmed being hit by a disruptive cyberattack, with a ransomware group claiming to have stolen information
Infosecurity News
Android Banking Trojan Zanubis Evolves to Target Peruvian Users
The Trojan utilizes the Obfuscapk obfuscator for Android APK files, Kaspersky explained
Cyber Security News
'Ransomed.Vc' Group Attacking Japanese Giants in New operations
This development comes hot on the heels of the recent data breach at Sony, which appears to be connected to the activities of Ransomed.vc.
Infosecurity News
Ransomed.vc Group Hits NTT Docomo After Sony Breach Claims
According to Resecurity, Ransomed.vc is demanding a ransom of over $1m from NTT Docomo
DarkReading
Suspicious New Ransomware Group Claims Sony Hack
A deceitful threat actor claims its biggest haul yet. But what, if any, Sony data does it actually have?
Bleeping Computer
Can we fix the weaknesses in password-based authentication?
There are inherent weaknesses to password-based authentication. Learn more from Specops Software on measures we can enforce to minimize these weaknesses and prevent corporate breaches.
SecurityWeek
Sony Investigating After Hackers Offer to Sell Stolen Data
Sony has launched an investigation after a ransomware group claimed to have compromised all systems and offered to sell stolen data.
The Hacker News
Are You Willing to Pay the High Cost of Compromised Credentials?
Weak passwords = easy targets. 83% of breached passwords meet complexity rules. How can organizations step up their security game? Read more
Bleeping Computer
T-Mobile denies new data breach rumors, points to authorized retailer
T-Mobile has denied suffering another data breach following Thursday night reports that a threat actor leaked a large database allegedly containing T-Mobile employees' data.
The Record
T-Mobile denies rumors of a breach affecting employee data
T-Mobile attributed a leak, which didn't affect company data, to an April attack on an independent retailer.
DarkReading
'Gold Melody' Access Broker Plays on Unpatched Servers' Strings
A financially motivated threat actor uses known vulnerabilities, ordinary TTPs, and off-the-shelf tools to exploit the unprepared, highlighting the fact that many organizations still don't focus on the security basics.
SecurityWeek
TransUnion Denies Breach After Hacker Publishes Allegedly Stolen Data
TransUnion denies suffering a breach after a hacker publishes 3GB of data allegedly stolen from the credit reporting firm.
Cyber Security News
Researchers Uncover the Bond Between the Infamous Remcos RAT and GuLoader
Threat actors adopting the use of two software GuLoader (also known as CloudEyE Protector) and Remcos (Remote administration tool) for malicious purposes
Infosecurity News
Finnish Authorities Shutter Dark Web Drugs Marketplace
Customs officers announce seizure of Piilopuoti server
Cyber Security News
LockBit Demands 3% of Victim Company Revenue as Ransom
In recent developments within the notorious LockBit ransomware group, discussions among its affiliates are stirring up potential changes in their ransom payment policies.
Infosecurity News
Threat Actor Claims Major TransUnion Customer Data Breach
Database compromise dates back to March 2022
Cyber Security News
Hackers Released Updated Version of Black Hat AI Tool WormGPT V2
Threat actors with ChatGPT-like tools could pose major cybersecurity and safety risks. Highlights the need for vigilant AI development to prevent misuse.
The Hacker News
Hook: New Android Banking Trojan That Expands on ERMAC's Legacy
Discover the evolution of Android trojans - 'Hook' inherits its powers from 'ERMAC.' How does it outperform its predecessor? Read on.
The Hacker News
Financially Motivated UNC3944 Threat Actor Shifts Focus to Ransomware Attacks
UNC3944 threat actor now turns to ransomware attacks, targeting critical systems. Understand their tactics, and learn how to protect your organization
The Record
‘Scattered Spider’ group launches ransomware attacks while expanding targets in hospitality, retail
Hackers connected to a group known to researchers by names like "Scattered Spider," "0ktapus," and UNC3944 have moved beyond targeting telecommunication firms and tech companies into attacks on hospitality, retail, media and financial services.
Bleeping Computer
The Week in Ransomware - September 15th 2023 - Russian Roulette
This week's big news is the extortion attacks on the Caesars and MGM Las Vegas casino chains, with one having already paid the ransom and the other still facing operational disruptions.
SecurityWeek
MGM Hackers Broadening Targets, Monetization Strategies
The financially motivated UNC3944 group that hacked MGM has hit at least 100 organizations, mainly in the US and Canada.
Cyber Security News
UNC3944 Hackers Acquire Corporate Logins Using SMS Phishing And Support Desk Calls
UNC3944 has frequently employed phone-based social engineering and SMS phishing attacks to gain credentials and escalate access to target organizations.
CSO
Hackers behind MGM cyberattack thrash the casino’s incident response
MGM rushed through response owing to incompetent staff, had multiple system vulnerabilities, and did not care about customer safety, alleged ransomware group ALPHV who also blamed VX underground for spreading misinformation.
Bleeping Computer
MGM casino's ESXi servers allegedly encrypted in ransomware attack
An affiliate of the BlackCat ransomware group, also known as APLHV, is behind the attack that disrupted MGM Resorts' operations, forcing the company to shut down IT systems.
CyberSecurity Dive
MGM Resorts disruption linked to recent attacks against hospitality industry
Security researchers link the threat group Scattered Spider to a wave of malicious activity as Caesars Entertainment confirms social engineering attack in regulatory filing.
SecurityWeek
Ransomware Gang Takes Credit for Disruptive MGM Resorts Cyberattack
A known ransomware gang has taken credit for the highly disruptive attack on MGM Resorts, and the company has yet to restore impacted systems
The Record
MGM still responding to wide-ranging cyberattack as rumors run rampant
The hospitality giant, facing serious disruptions to its businesses in Las Vegas, says it is continuing to "work diligently to resolve our cybersecurity issue while addressing individual guest needs promptly."
Infosecurity News
MGM Criticized for Repeated Security Failures
The malware researchers' collective Vx-underground claimed that ALPHV/BlackCat was behind the attack against the casino giant
DarkReading
ChatGPT Jailbreaking Forums Proliferate in Dark Web Communities
By code or by command, cybercriminals are circumventing ethical and safety restrictions to use generative AI chatbots in the way that they want.
Infosecurity News
Europol: Financial Crime Makes “Billions” and Impacts “Million
Policing group releases first ever report on the topic
The Record
Power grid of Asian nation shows signs of intrusion by espionage group
Cybersecurity company Symantec declined to attribute the incident to China but pointed to a group it tracks as RedFly, which used malware known as ShadowPad.
DarkReading
W3LL Gang Compromises Thousands of Microsoft 365 Accounts
A secretive phishing cabal boasts a sophisticated affiliate network and a modular, custom toolset that's claiming victims on three continents.
Infosecurity News
Experts Uncover Underground Phishing “Empire” W3LL
Secretive group targets specifically Microsoft 365 accounts
The Hacker News
W3LL Store: How a Secret Phishing Syndicate Targets 8,000+ Microsoft 365 Accounts
A hidden "phishing empire" dubbed W3LL Store has compromised 8,000+ Microsoft 365 business email accounts!
The Record
New phishing tool hijacked thousands of Microsoft business email accounts
A hacking group called W3LL has created an English-language underground marketplace to sell a phishing kit that can bypass multi-factor authentication, according to Group-IB.
The Hacker News
Vietnamese Cybercriminals Targeting Facebook Business Accounts with Malvertising
Cybercriminals are exploiting social media ads on Meta-owned Facebook for malware distribution. With fraudulent ads, they're targeting businesses and
DarkReading
NYC Subway Disables Trip-History Feature Over Tap-and-Go Privacy Concerns
The move by New York's Metropolitan Transit Authority (MTA) follows a report that showed how easy it is for someone to pull up another individual's seven-day ride history through the One Metro New York (OMNY) website.
Trend Micro
Revisiting 16shop Phishing Kit, Trend-Interpol Partnership
In this entry, we summarize the security analyses and investigations done on phishing-as-a-service 16shop through the years. We also outline the partnership between Trend Micro and Interpol in taking down the main administrators and servers of this massive phishing campaign.
Infosecurity News
New Research Exposes Airbnb as Breeding Ground For Cybercrime
Slashnext unveiled a disturbing arsenal of stealers, cookies and exploits
Cyber Security News
Hackers Launch Brute-Force Attack Cisco ASA SSL VPNs
Cisco ASA SSL VPN Appliances is a type of network security device that allows remote users to access a private network over the internet securely.
DarkReading
In Airbnb, Cybercriminals Find a Comfortable Home for Fraud
The popular travel rental site is an ideal destination for cybercrooks bent on taking over accounts and bookings.
Cyber Security News
Five Families - Hackers Collaborate to Launch Notorious Cyber Attack
The Five Families unites the underground internet world, adopting the name of the 1950s-60s New York mafia's Italian-American clans.
The Hacker News
Alert: Juniper Firewalls, Openfire, and Apache RocketMQ Under Attack from New Exploits
Juniper firewalls, Openfire, and Apache RocketMQ servers are being actively targeted by cybercriminals.
The Record
How did Clop get its hands on the MOVEit zero day?
Dustin Childs, the head of threat awareness for the Zero Day Initiative, explains to the Click Here podcast team how zero-day vulnerabilities make it into the hands of cybercriminals.
DarkReading
Sprawling Qakbot Malware Takedown Spans 700,000 Infected Machines
"Operation Duck Hunt" is not likely to eliminate the initial access botnet forever, but the proactive removal of the malware from victim machines by law enforcement is one of the largest and most significant efforts of its kind.
The Hacker News
DarkGate Malware Activity Spikes as Developer Rents Out Malware to Affiliates
New malspam campaign uses DarkGate malware to steal data, mine cryptocurrency, and evade detection.
Cyber Security News
How Hackers Abusing ChatGPT Features For Their Cybercriminal Activities - Bypass Censorship
Cybersecurity analysts at Trend Micro, Europol, and UNICRI jointly studied criminal AI exploitation, releasing the "Malicious Uses and Abuses of Artificial Intelligence".
Infosecurity News
Data of 2.6M Duolingo Users Leaked on Hacking Forum
The compromised data includes names, usernames, email addresses and internal service-related details
SecurityWeek
Traders Targeted by Cybercriminals in Attack Exploiting WinRAR Zero-Day
A financially motivated cybercrime group has exploited a WinRAR zero-day to deliver malware to traders and steal their money.
Bleeping Computer
Scraped data of 2.6 million Duolingo users released on hacking forum
The scraped data of 2.6 million DuoLingo users was leaked on a hacking forum, allowing threat actors to conduct targeted phishing attacks using the exposed information.
Bleeping Computer
The Week in Ransomware - August 18th 2023 - LockBit on Thin Ice
While there was quite a bit of ransomware news this week, the highlighted story was the release of Jon DiMaggio's third article in the Ransomware Diaries series, with the focus of this article on the LockBit ransomware operation.
Bleeping Computer
Microsoft: BlackCat's Sphynx ransomware embeds Impacket, RemCom
Microsoft has discovered a new version of the BlackCat ransomware that embeds the Impacket networking framework and the Remcom hacking tool, both enabling spreading laterally across a breached network.
CyberSecurity Dive
Security basics aren’t so basic — they’re hard
Lax security controls cause heavy damages, and security experts warn how unmet basics turn up, time and again, when things go wrong.
Infosecurity News
AnonFiles Shuts Down After Massive User Abuse
Anonymous file sharing service puts domain up for sale
CyberScoop
Hackers are increasingly hiding within services such as Slack and Trello to deploy malware
A new analysis unpacks a wide array of malware abusing legitimate internet services and what defenders should do to stop it.
The Hacker News
What's the State of Credential theft in 2023?
83% of breaches in 2023 fueled by stolen credentials! Uncover the latest attacker tactics and fortify your defenses against this escalating threat.
Bleeping Computer
Raccoon Stealer malware returns with new stealthier version
The developers of Raccoon Stealer information-stealing malware have ended their 6-month hiatus from hacker forums to promote a new 2.3.0 version of the malware to cyber criminals.
SecurityWeek
Hacker Forum Credentials Found on 120,000 PCs Infected With Info-Stealer Malware
Hudson Rock has identified credentials for hacker forums on roughly 120,000 computers infected with information stealers.
The Hacker News
Malware Unleashed: Public Sector Hit in Sudden Surge, Reveals New Report
The latest BlackBerry Global Threat Intelligence Report is out, uncovering a staggering 40% surge in cyberattacks against government and public.
Cyber Security News
Hackers Attacking Power Generator Systems to Infect With Ransomware
A new variant of SystemBC malware was found to be deployed to a critical infrastructure target. There have been several Ransomware attacks during the second quarter of 2023.
Security Affairs
Power Generator in South Africa hit with DroxiDat and Cobalt Strike
Threat actors employed a new variant of the SystemBC malware, named DroxiDat, in attacks aimed at African critical infrastructure. Researchers from Kaspersky’s Global Research and Analysis Team (GReAT) reported that an unknown threat actor used a new variant of the SystemBC proxy malware, named DroxiDat, in an attack against a power generation company in southern Africa. SystemBC was […]
The Hacker News
Interpol Busts Phishing-as-a-Service Platform '16Shop,' Leading to 3 Arrests
Interpol takes down phishing-as-a-service platform 16Shop and makes arrests in Indonesia and Japan.
Security Affairs
EvilProxy used in massive cloud account takeover scheme
Cloud account takeover scheme utilizing EvilProxy hit over 100 top-level executives of global organizations EvilProxy was observed sending 120,000 phishing emails to over a hundred organizations to steal Microsoft 365 accounts. Proofpoint noticed a worrisome surge of successful cloud account compromises in the past five months. Most of the attacks targeted high-ranking executives. The researchers estimated […]
DarkReading
Custom Yashma Ransomware Crashes Into the Scene
The threat actor is targeting organizations in Bulgaria, China, Vietnam, and various English-speaking nations.
Bleeping Computer
Microsoft August 2023 Patch Tuesday warns of 2 zero-days, 87 flaws
Today is Microsoft's August 2023 Patch Tuesday, with security updates for 87 flaws, including two actively exploited and twenty-three remote code execution vulnerabilities.
The Record
Interpol takes down phishing-as-a-service platform used by 70,000 people
The phishing-as-a-service platform 16shop was taken down Tuesday in a global investigation led by Interpol.
Bleeping Computer
Chrome malware Rilide targets enterprise users via PowerPoint guides
The malicious Rilide Stealer Chrome browser extension has returned in new campaigns targeting crypto users and enterprise employees to steal credentials and crypto wallets.
SecurityWeek
New hVNC macOS Malware Advertised on Hacker Forum
A new macOS-targeting hVNC malware family is being advertised on a prominent Russian cybercrime forum for $60,000.
The Record
Iranian cloud company accused of hosting cybercriminals, nation-state hackers
An Iranian technology company is providing infrastructure services to ransomware gangs and an array of nation-state hackers, researchers have found.
Ars Technica
Stability AI releases Stable Diffusion XL, its next-gen image synthesis model
New SDXL 1.0 release allows hi-res AI image synthesis that can run on a local machine.
DarkReading
Massive macOS Campaign Targets Crypto Wallets, Data
Threat actors are distributing new "Realst" infostealer via fake blockchain games, researchers warn.
Security Affairs
FraudGPT, a new malicious generative AI tool appears in the threat landscape
FraudGPT is another cybercrime generative artificial intelligence (AI) tool that is advertised in the hacking underground. Generative AI models are becoming attractive for crooks, Netenrich researchers recently spotted a new platform dubbed FraudGPT which is advertised on multiple marketplaces and the Telegram Channel since July 22, 2023. According to Netenrich, this generative AI bot was […]
The Hacker News
The Alarming Rise of Infostealers: How to Detect this Silent Threat
Info stealing malware on the rise! Windows, Linux, macOS - no system is safe! Get the scoop on these cyber threats in Uptycs' latest whitepaper.
Bleeping Computer
ALPHV ransomware adds data leak API in new extortion strategy
The ALPHV ransomware gang, also referred to as BlackCat, is trying to put more pressure on their victims to pay a ransom by providing an API for their leak site to increase visibility for their attacks.
DarkReading
'FraudGPT' Malicious Chatbot Now for Sale on Dark Web
The subscription-based, generative AI-driven offering joins a growing trend toward "generative AI jailbreaking" to create ChatGPT copycat tools for cyberattacks.
Bleeping Computer
Over 400,000 corporate credentials stolen by info-stealing malware
The analysis of nearly 20 million information-stealing malware logs sold on the dark web and Telegram channels revealed that they had achieved significant infiltration into business environments.
DarkReading
KillNet's Kremlin Connection Unclear as the Cybercrime Collective Grows
KillNet is amassing members, capabilities, and know-how, as it looks to consolidate cybercrime power under its own umbrella.
Bleeping Computer
How is the Dark Web Reacting to the AI Revolution?
Cybercriminals are already utilizing and creating malicious tools based on open source AI language models for phishing and malware development. Learn more from Flare about how threat actors are beginning to use AI.
Ars Technica
Meta launches Llama 2, an open source AI model that allows commercial applications
A family of pretrained and fine-tuned language models in sizes from 7 to 70 billion parameters.
The Hacker News
Go Beyond the Headlines for Deeper Dives into the Cybercriminal Underground
Dive deep into the world of cybercriminals with Cybersixgill's monthly stories.
Bleeping Computer
CISA orders govt agencies to mitigate Windows and Office zero-days
CISA ordered federal agencies to mitigate remote code execution zero-days affecting Windows and Office products that were exploited by the Russian-based RomCom cybercriminal group in NATO phishing attacks.
The Record
By criminals, for criminals: AI tool easily generates ‘remarkably persuasive’ fraud emails
An artificial intelligence tool promoted on underground forums shows how AI can help refine cybercrime operations, researchers say.
Security Affairs
WormGPT, the generative AI tool to launch sophisticated BEC attacks
The WormGPT case: How Generative artificial intelligence (AI) can improve the capabilities of cybercriminals and allows them to launch sophisticated attacks. Researchers from SlashNext warn of the dangers related to a new generative AI cybercrime tool dubbed WormGPT. Since chatbots like ChatGPT made the headlines, cybersecurity experts warned of potential abuses of Generative artificial intelligence (AI) […]
Security Affairs
Security Affairs newsletter Round 428 by Pierluigi Paganini – International edition
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Russia-linked APT Gamaredon starts stealing data from victims between 30 and 50 minutes after the initial […]
The Hacker News
WormGPT: New AI Tool Allows Cybercriminals to Launch Sophisticated Cyber Attacks
A new generative AI cybercrime tool called WormGPT is making waves in underground forums. It empowers cybercriminals to automate phishing attacks.
Bleeping Computer
BreachForums owner Pompompurin pleads guilty to hacking charges
20-year-old Conor Brian Fitzpatrick aka Pompompurin, the owner of the notorious BreachForums (aka Breached) hacking forum, has pleaded guilty to charges of hacking and possession of child pornography.
-1.webp)
Cyber Security News
New Stealthy Universal Rootkit Let Attacker Load second-stage Payload Directly
A self-signed China-originated Rootkit acts as a universal downloader targeting gaming sectors to exfiltrate sensitive information.
The Hacker News
Microsoft Releases Patches for 130 Vulnerabilities, Including 6 Under Active Attack
Heads up, everyone! Microsoft has released updates to fix 130 security flaws, including 6 zero-day vulnerabilities being actively exploited.
Bleeping Computer
Microsoft: Unpatched Office zero-day exploited in NATO summit attacks
Microsoft disclosed today an unpatched zero-day security bug in multiple Windows and Office products exploited in the wild to gain remote code execution via malicious Office documents.
Security Affairs
HCA Healthcare data breach impacted 11 million patients
HCA Healthcare disclosed a data breach that exposed the personal information of roughly 11 million patients. HCA Healthcare this week announced that the personal information of roughly 11 million patients was compromised in a data breach. The organization discovered the security breach on July 5 when a threat actor claimed the hack on an underground […]
SecurityWeek
Personal Information of 11 Million Patients Stolen in Data Breach at HCA Healthcare
HCA Healthcare says the personal information of roughly 11 million patients was stolen in a data breach after hackers posted data.
Trend Micro
Hunting for A New Stealthy Universal Rootkit Loader
In this entry, we discuss the findings of our investigation into a piece of a signed rootkit, whose main binary functions as a universal loader that enables attackers to directly load a second-stage unsigned kernel module.
Infosecurity News
Android OS Tools Fuel Cybercrime Spree, Prey on Digital Users
According to Resecurity, the trend poses challenges for online banking and payment systems
Infosecurity News
Twitter User Exposes Nickelodeon Data Leak
Social media reports suggest an individual allegedly dumped approximately 500GB of animation files
The Record
Killnet as a private military hacking company? For now, it's probably just a dream
The cybercrime group known as Killnet is skilled at grabbing attention, even if some of its claims are hard to prove. Its leader now has a vision for organizing the pro-Russia hacker underground.
SecurityWeek
28,000 Impacted by Data Breach at Pepsi Bottling Ventures
The personal, financial, and health information of over 28,000 individuals stolen in data breach at Pepsi Bottling Ventures.
The Record
Nickelodeon says some of allegedly stolen data ‘appears to be decades old’
Cybersecurity experts have warned for days that hackers are sharing stolen documents from the television network.
DarkReading
C10p's MOVEit Campaign Represents a New Era in Cyberattacks
The ransomware group shows an evolution of its tactics with MOVEit zero day — potentially ushering in a new normal when it comes to extortion supply chain cyberattacks, experts say.
Infosecurity News
Mexican Hacker Unleashes Android Malware on Global Banks
Neo_Net’s campaign mainly targeted Spanish and Chilean financial institutions
Security Affairs
Neo_Net runs eCrime campaign targeting clients of banks globally
A Mexican threat actor that goes online with the moniker Neo_Net is behind an Android malware campaign targeting banks worldwide. A joint study conducted by vx-underground and SentinelOne recently revealed that a Mexican threat actor that goes online with the moniker Neo_Net is behind an Android malware campaign targeting financial institutions worldwide. The case was […]
Cyber Security News
Neo_Net Hackers Group Targeting users of prominent banks globally
Neo_Net - a Spanish-based threat actor, has conducted campaigns against financial institutions and banks and achieved the highest success rate in spite of its unsophisticated tools.
The Hacker News
Mexico-Based Hacker Targets Global Banks with Android Malware
Neo_Net, a Mexican e-crime actor, is behind an Android malware campaign that's stolen €350,000+ and compromised PII data.
The Hacker News
Evasive Meduza Stealer Targets 19 Password Managers and 76 Crypto Wallets
Your crypto wallet, your secrets, even your games – NOTHING is safe from Meduza Stealer. Discover how this crimeware stays ahead of the game.
Infosecurity News
LockBit Claims TSMC Hack, Demands $70m Ransom
If confirmed, it could be the fourth-largest ransom demand of all time
The Record
Semiconductor giant says IT supplier was attacked; LockBit makes related claims
TSMC, considered the world’s most valuable semiconductor company, said there was an incident at IT supplier Kinmax. The LockBit cybercrime gang is claiming an attack against TSMC.
The Hacker News
The Right Way to Enhance CTI with AI (Hint: It's the Data)
The Right Way to Enhance CTI with AI (Hint: It's the Data) | Read more hacking news on The Hacker News cybersecurity news website and learn how to protect against cyberattacks and software vulnerabilities.
Bleeping Computer
FBI seizes BreachForums after arresting its owner Pompompurin in March
U.S. law enforcement today seized the clear web domain of the notorious BreachForums (aka Breached) hacking forum three months after apprehending its owner Conor Fitzpatrick (aka Pompompurin), under cybercrime charges.
Bleeping Computer
The Great Exodus to Telegram: A Tour of the New Cybercrime Underground
Threat actors are moving from the dark web to illicit Telegram channels specializing in cybercrime. This Flare article examines why threat actors are shifting from Tor and provides guidance on monitoring Telegram channels.
Latest Hacking News
100,000 Stolen ChatGPT Account Credentials Found on Dark Web
In the span of a year leading up to May 2023, over 100,000 stolen ChatGPT account credentials have been found on various dark web marketplaces. This alarming trend was discovered by researchers at Group-IB, who
Trend Micro
MOVEit Vulnerability Breaches Targeted Fed Agencies
Jon Clay and Ed Cabrera talk about the MOVEit breaches and more in the video series #TrendTalksBizSec
DarkReading
Mysterious Mystic Stealer Spreads Like Wildfire in Mere Months
A criminal crowd-sourcing campaign has led to swift adoption of the stealer, which can pilfer key computer data, credentials from browsers and chat apps, and cryptocurrency from multiple wallets.
The Hacker News
Over 100,000 Stolen ChatGPT Account Credentials Sold on Dark Web Marketplaces
Over 100,000 OpenAI ChatGPT account credentials have been compromised and sold on the dark web. Cybercriminals are targeting the valuable information.
Bleeping Computer
Over 100,000 ChatGPT accounts stolen via info-stealing malware
More than 101,000 ChatGPT user accounts have been compromised by information stealers over the past year, according to dark web marketplace data.
Trend Micro
SeroXen Mechanisms: Exploring Distribution, Risks, and Impact
This is the third installment of a three-part technical analysis of the fully undetectable (FUD) obfuscation engine BatCloak and SeroXen malware. In this entry, we document the techniques used to spread and abuse SeroXen, as well as the security risks, impact, implications of, and insights into highly evasive FUD batch obfuscators.
The Hacker News
New Mystic Stealer Malware Targets 40 Web Browsers and 70 Browser Extensions
A new information-stealing malware called Mystic Stealer is targeting 40 web browsers and 70 browser extensions, as well as cryptocurrency wallets.
Bleeping Computer
New Mystic Stealer malware increasingly used in attacks
A new information-stealing malware named 'Mystic Stealer,' has been promoted on hacking forums and darknet markets since April 2023, quickly gaining traction in the cybercrime community.
Security Affairs
Law enforcement shutdown a long-standing DDoS-for-hire service
Polish police, as part of the international law enforcement operation PowerOFF, dismantled a DDoS-for-hire service that has been active since at least 2013. An international operation codenamed PowerOff led to the shutdown of a DDoS-for-hire service that has been active since at least 2013. The operation was conducted by the Polish Central Bureau for Combating […]
Bleeping Computer
The Week in Ransomware - June 16th 2023 - Wave of Extortion
The MOVEit Transfer extortion attacks continue to dominate the news cycle, with the Clop ransomware operation now extorting organizations breached in the attacks.
Bleeping Computer
Police cracks down on DDoS-for-hire service active since 2013
Polish police officers part of the country's Central Cybercrime Bureau detained two suspects believed to have been involved in the operation of a long-running DDoS-for-hire service (aka booter or stresser) active since at least 2013.
The Hacker News
Activities in the Cybercrime Underground Require a New Approach to Cybersecurity
Combating cybercrime requires a powerful approach. Discover how Attack Surface Management (ASM) and Cyber Threat Intelligence (CTI) can help.
Security Affairs
LLM meets Malware: Starting the Era of Autonomous Threat
Malware researchers analyzed the application of Large Language Models (LLM) to malware automation investigating future abuse in autonomous threats. Executive Summary In this report we shared some insight that emerged during our exploratory research, and proof of concept, on the application of Large Language Models to malware automation, investigating how a potential new kind of […]
Security Affairs
Russians charged with hacking Mt. Gox exchange and operating BTC-e
Two Russian nationals have been charged with the hack of the cryptocurrency exchange Mt. Gox in 2011 and money laundering. Russian nationals Alexey Bilyuchenko (43) and Aleksandr Verner (29) have been charged with the hack of the cryptocurrency exchange Mt. Gox in 2011 and the operation of the illicit cryptocurrency exchange BTC-e. The duo has […]
DarkReading
'Asylum Ambuscade' Cyberattackers Blend Financial Heists & Cyber Espionage
In a rare mix of motivations, the cyberattack group has been linked to both financial cybercrime and political spying efforts on governments.
DarkReading
Sophisticated 'Impulse Project' Crypto Scam Sprawls With 1,000 Affiliate Sites
Ready-to-defraud turnkey services from Russia's Impulse Team are offered on the cyber underground and have built a campaign that has operated undetected dating back to 2016.
Ars Technica
FBI warns of increasing use of AI-generated deepfakes in sextortion schemes
Deepfake videos show real people engaged in fake sex.
Bleeping Computer
Sextortionists are making AI nudes from your social media images
The Federal Bureau of Investigation (FBI) is warning of a rising trend of malicious actors creating deepfake nude content from social media images to perform sextortion attacks.
Bleeping Computer
FBI: Your online images turned into AI-generated nudes for sextortion
The Federal Bureau of Investigation (FBI) is warning of a rising trend of malicious actors creating deepfake nude content from social media images to perform sextortion attacks.