CyberNews
Europol confirms web platform breach
Europol confirmed one of it web portals was breached.
The Cyber Express
Hacker Offers Data Allegedly Stolen from the City of New York
An unidentified threat actor known as "pwns3c" has offered access to a database purported to contain sensitive data and documents
Cyber Security News
Notorious Hacker IntelBroker Claims that Europol has Suffered a Data Breach
The European Union's law enforcement agency, Europol, has confirmed a security breach of its web portal but says no operational data was compromised.
Security Affairs
Notorius threat actor IntelBroker claims the hack of the Europol
Notorius threat actor IntelBroker claims that Europol has suffered a data breach that exposed FOUO and other classified data.
HACKRead
Europol Hacked? IntelBroker Claims Major Law Enforcement Breach
The notorious IntelBroker hacker claims to have successfully breached the European Union Agency for Law Enforcement Cooperation (Europol).
HACKRead
IntelBroker Hacker Claims Breach of Top Cybersecurity Firm, Selling Access
The norotious IntelBroker hackers claims to have breached a leading cybersecurity company selling its access for $20,000 in XMR cryptocurrency.
SecurityWeek
Botnet Disrupted by FBI Still Used by Russian Spies, Cybercriminals
A botnet dismantled in January and used by Russia-linked APT28 consisted of more than just Ubiquiti Edge OS routers.
Ars Technica
Hacker free-for-all fights for control of home and office routers everywhere
How and why nation-state hackers and cybercriminals coexist in the same router botnet.
Trend Micro
Router Roulette: Cybercriminals and Nation-States Sharing Compromised Networks
This blog entry aims to highlight the dangers of internet-facing routers and elaborate on Pawn Storm's exploitation of EdgeRouters, complementing the FBI's advisory from February 27, 2024.
The Cyber Express
Vastaamo Hacker Sentenced for Blackmailing Thousands Over Stolen Therapy Notes
Julius Kivimäki, one of Europe's most sought-after cyber criminals, has been sentenced to more than six years jail for attempting
The Record
Hacker who blackmailed psychotherapy patients sentenced to six years in prison
Aleksanteri Kivimäki, formerly known by the first name Julius and the hacker handle Zeekill, was convicted on all charges relating to the hack of Helsinki-based Vastaamo.
Security Affairs
Cryptocurrencies and cybercrime: A critical intermingling
As cryptocurrencies have grown in popularity, there has also been growing concern about cybercrime involvement in this sector
Bleeping Computer
Hackers hijack antivirus updates to drop GuptiMiner malware
North Korean hackers have been exploiting the updating mechanism of the eScan antivirus to plant backdoors on big corporate networks and deliver cryptocurrency miners through GuptiMiner malware.
Cyber Security News
Hackers Hijacking Antivirus Updates to Deliver GuptiMiner
A sophisticated malware campaign has been compromising the update mechanism of eScan antivirus software to distribute malicious backdoors and cryptocurrency mining software.
CyberNews
Wave of ransomware on the cheap: junk guns still okay for small targets
Researchers observe a flood of crude and amateurish ransomware. But it’s cheap, difficult to trace, and comes in many flavors.
SC Magazine
Microsoft finds Kubernetes clusters targeted by OpenMetadata exploits
A cryptominer campaign leveraged five vulnerabilities in OpenMetadata to infect environments.
Bleeping Computer
Hackers hijack OpenMetadata apps in Kubernetes cryptomining attacks
In an ongoing Kubernetes cryptomining campaign, attackers target OpenMetadata workloads using critical remote code execution and authentication vulnerabilities.
CyberNews
Investigation finds 18 data centers secretly mining crypto in Sweden
Eighteen companies in Sweden, disguised as legitimate data centers for AI or other activities, have been found exploiting tax incentives to mine cryptocurrency.
SecurityWeek
Cryptojacker Arrested, Charged for Defrauding Cloud Providers of $3.5 Million
Charles O. Parks III was arrested and charged with defrauding two cloud-services providers of $3.5 million.
The Hacker News
Hive RAT Creators and $3.5M Cryptojacking Mastermind Arrested in Global Crackdown
Two arrested for developing and distributing Hive RAT malware & a Nebraska man indicted for a massive $3.5 million cloud cryptojacking scheme.
Ars Technica
Alleged cryptojacking scheme consumed $3.5M of stolen computing to make just $1M
Indictment says man tricked cloud providers into giving him services he never paid for.
Bleeping Computer
Crypto miner arrested for skipping on $3.5 million in cloud server bills
The U.S. Department of Justice has announced the arrest and indictment of Charles O. Parks III, known as "CP3O," for allegedly renting large numbers of cloud servers to conduct crypto mining and then skipping out on paying the bills.
The Cyber Express
Alleged Telecom Argentina Data Access Offered for $100 on Dark Web
A dark web actor has allegedly proposed the Telecom Argentina access sale for $100 on a hacking forum. According to
CyberNews
Security engineer guilty of hacking cryptocurrency exchanges
A senior security engineer has been found guilty of multiple attacks on decentralized cryptocurrency exchanges
The Hacker News
Ex-Security Engineer Jailed 3 Years for $12.3 Million Crypto Exchange Thefts
Former security engineer sentenced to 3 years for stealing $12.3M from crypto exchanges using insider skills.
Bleeping Computer
Ex-Amazon engineer gets 3 years for hacking crypto exchanges
Former Amazon security engineer Shakeeb Ahmed was sentenced to three years in prison for hacking two cryptocurrency exchanges in July 2022 and stealing over $12 million.
Bleeping Computer
RUBYCARP hackers linked to 10-year-old cryptomining botnet
A Romanian botnet group named 'RUBYCARP' is leveraging known vulnerabilities and performing brute force attacks to breach corporate networks and compromise servers for financial gain.
Infosecurity News
Research Unearths RUBYCARP’s Multi-Miner Assault on Crypto
Sysdig stated that by deploying multiple miners, the group decreased attack time and detection risk
HACKRead
IntelBroker Leaks Alleged National Security Data Tied to US Contractor Acuity Inc.
The IntelBroker hacker and their affiliates have leaked a trove of sensitive records, which they claim jeopardize the United States national security.
Bleeping Computer
Hackers exploit Ray framework flaw to breach servers, hijack resources
A new hacking campaign dubbed "ShadowRay" targets an unpatched vulnerability in Ray, a popular open-source AI framework, to hijack computing power and leak sensitive data from thousands of companies.
SC Magazine
Takedowns spark affiliate bidding war among ransomware gangs
After authorities disrupted LockBit and ALPHV/BlackCat, smaller extortion groups are scrambling to recruit their former affiliates.
Trend Micro
TeamCity Vulnerability Exploits Lead to Jasmin Ransomware, Other Malware Types
CVE-2024-27198 and CVE-2024-27199 are vulnerabilities within the TeamCity On-Premises platform that can allow attackers to gain administrative control over affected systems.
Krebs on Security
Incognito Darknet Market Mass-Extorts Buyers, Sellers
Borrowing from the playbook of ransomware purveyors, the darknet narcotics bazaar Incognito Market has begun extorting all of its vendors and buyers, threatening to publish cryptocurrency transaction and chat records of users who refuse to pay a fee ranging from…
HACKRead
Hacker Claims Breaching US Federal Contractor Acuity, Selling ICE, USCIS Data
The IntelBroker hacker claims to have breached Acuity, a US federal contractor and is now selling data belonging to ICE and USCIS
Cyber Security News
How to Analyse Crypto Malware in ANY.RUN Sandbox ?
ANY.RUN, an interactive malware sandbox, has published a comprehensive analysis of the growing threat that crypto-malware poses.
DarkReading
'Lucifer' Botnet Turns Up the Heat on Apache Hadoop Servers
More than 3,000 unique attacks hitting Hadoop and Druid honeypots in just the past month indicate an attacker testing phase.
Bleeping Computer
New Migo malware disables protection features on Redis servers
Security researchers discovered a new campaign that targets Redis servers on Linux hosts using a piece of malware called 'Migo' to mine for cryptocurrency.
Security Affairs
A Ukrainian Raccoon Infostealer operator is awaiting trial in the US
The Raccoon Infostealer operator, Mark Sokolovsky, was extradited to the US from the Netherlands to appear in a US court.
HACKRead
Hackers Claim Data Breach at Staffing Giant Robert Half, Sell Sensitive Data
The hackers, infamously known as IntelBroker and Sanggiero, claim to possess a trove of data from Robert Half stolen through a data breach.
The Hacker News
New Mispadu Banking Trojan Exploiting Windows SmartScreen Flaw
Cybercriminals are targeting Mexican users with a new variant of the Mispadu banking malware, exploiting a patched Windows SmartScreen bypass flaw
HACKRead
Thousands of Stolen AnyDesk Login Credentials Sold on Dark Web
Cybersecurity researchers have identified threat actors on a dark web forum selling AnyDesk accounts, ranging from 18,000 to 30,000 accounts.
Bleeping Computer
Hackers push USB malware payloads via news, media hosting sites
A financially motivated threat actor using USB devices for initial infection has been found abusing legitimate online platforms, including GitHub, Vimeo, and Ars Technica, to host encoded payloads embedded in seemingly benign content.
DataBreaches
Leading Mobile Banking App Hit by IntelBroker Hackers, Sensitive Data Up for Sale
Ashish Khaitan reports: The IntelBroker hacker group has claimed responsibility for a potential cyberattack on a popular (undisclosed) mobile banking app...
The Cyber Express
Leading Mobile Banking App Hit by IntelBroker Hackers, Sensitive Data Up for Sale
The IntelBroker hacker group has claimed responsibility for a potential cyberattack on a popular (undisclosed) mobile banking app boasting over
Bleeping Computer
Vastaamo hacker traced via ‘untraceable’ Monero transactions, police says
Julius Aleksanteri Kivimäki, the suspect believed to be behind an attack against one of Finland's largest psychotherapy clinics, Vastaamo, was allegedly identified by tracing what has been believed to be untraceable Monero transactions.
Ars Technica
$40 billion worth of crypto crime enabled by stablecoins since 2022
Stablecoins like Tether also used for scams and sanctions evasion.
Bleeping Computer
Docker hosts hacked in ongoing website traffic theft scheme
A new campaign targeting vulnerable Docker services deploys an XMRig miner and the 9hits viewer app on compromised hosts, allowing a dual monetization strategy.
SecurityWeek
Hacker Behind $2 Million Cryptocurrency Mining Scheme Arrested in Ukraine
Ukrainian authorities have arrested an individual allegedly involved in a $2 million cryptojacking operation.
Security Affairs
Attackers target Apache Hadoop and Flink to deliver cryptominers
Researchers devised a new attack that exploits misconfigurations in Apache Hadoop and Flink to deploy cryptocurrency miners.
Bleeping Computer
Hacker arrested for cryptojacking 1 million virtual servers
A 29-year-old man in Ukraine was arrested this week for using hacked accounts to create 1 million virtual servers used to mine $2 million in cryptocurrency.
Bleeping Computer
Hacker spins up 1 million virtual servers to illegally mine crypto
A 29-year-old man in Ukraine was arrested this week for using hacked accounts to create 1 million virtual servers used to mine $2 million in cryptocurrency.
The Hacker News
29-Year-Old Ukrainian Cryptojacking Kingpin Arrested for Exploiting Cloud Services
29-year-old Ukrainian arrested for a major cryptojacking scheme, netting over $2M in profits.
The Hacker News
Cryptominers Targeting Misconfigured Apache Hadoop and Flink with Rootkit in New Attacks
New cyberattack targets Apache Hadoop & Flink using misconfigurations to deploy crypto miners
DarkReading
Attacker Targets Hadoop YARN, Flint Servers in Stealthy Campaign
The adversary is exploiting two known misconfigurations in the big data technologies to drop a Monero cryptominer.
Bleeping Computer
Hackers target Apache RocketMQ servers vulnerable to RCE attacks
Security researchers are detecting hundreds of IP addresses on a daily basis that scan or attempt to exploit Apache RocketMQ services vulnerable to a remote command execution flaw identified as CVE-2023-33246 and CVE-2023-37582.
Bleeping Computer
The law enforcement operations targeting cybercrime in 2023
In 2023, we saw numerous law enforcement operations targeting cybercrime operations, including cryptocurrency scams, phishing attacks, credential theft, malware development, and ransomware attacks.
Cyber Security News
German Authorities Taken Down Dark Web Marketplace Kingdom Market
Kingdom Market, a dark web marketplace that sold drugs, malicious software, criminal services, and counterfeit documents.
HACKRead
8220 Gang Targets Telecom and Healthcare in Global Cryptojacking Attack
The 8220 Gang is exploiting multiple vulnerabilities, including the Oracle WebLogic Server vulnerability, to propagate cryptojacking malware in the Americas, Europe, and Africa.
The Hacker News
German Authorities Dismantle Dark Web Hub 'Kingdom Market' in Global Operation
German law enforcement takes down dark web giant "Kingdom Market," specializing in narcotics and malware sales to tens of thousands of users.
Infosecurity News
German Police Take Down Kingdom Market Dark Web Marketplace
Police in Germany have dismantled notorious drugs and cybercrime marketplace Kingdom Market
The Cyber Express
Crushing Cybercrime: German Law Enforcement Strikes Hard, Shuts Down Kingdom Market
German law enforcement agencies have successfully taken down Kingdom Market, a notorious darknet marketplace serving as a hub for illegal
Security Affairs
German police seized the dark web marketplace Kingdom Market
The German police seized the dark web marketplace Kingdom Market as a result of an international law enforcement operation.
Bleeping Computer
German police takes down Kingdom Market cybercrime marketplace
The Federal Criminal Police Office in Germany (BKA) and the internet-crime combating unit of Frankfurt (ZIT) have announced the seizure of Kingdom Market, a dark web marketplace for drugs, cybercrime tools, and fake government IDs.
The Record
German police take down Kingdom Market, a darknet emporium of illicit goods
German police said they posted a takedown notice on the website and are now analyzing Kingdom Market's server infrastructure to identify the people behind the website's operation.
The DFIR Report
Lets Open(Dir) Some Presents: An Analysis of a Persistent Actor’s Activity - The DFIR Report
This report is a little different than our typical content. We were able to analyze data from a perspective we typically don’t get to see… a threat actor’s host! In … Read More
The Record
NY engineer pleads guilty to stealing millions from two crypto exchanges
Shakeeb Ahmed, 34, faces up to five years in federal prison for two separate multimillion-dollar hacks in July 2022 of decentralized cryptocurrency exchanges.
Bleeping Computer
New cybercrime market 'OLVX' gains popularity among hackers
A new cybercrime marketplace, OLVX, has emerged and is quickly gaining new customers looking to purchase tools to conduct online fraud and cyberattacks.
Cyber Security News
Apache ActiveMQ Vulnerability Exploited by Kinsing to Attack Linux Servers
The Apache ActiveMQ vulnerability was actively targeted by threat actors to get unauthorized access to messaging systems.
The DFIR Report
SQL Brute Force leads to Bluesky Ransomware - The DFIR Report
In December 2022, we observed an intrusion on a public-facing MSSQL Server, which resulted in BlueSky ransomware. First discovered in June 2022, BlueSky ransomware has code links to Conti and … Read More
CSO
GE investigates alleged data breach into confidential projects: Report
General Electric has confirmed that it has started an investigation into the data breach claims made by IntelBroker.
CyberNews
MadCat ransom gang caught stealing from other criminals
New ransomware linked by security researchers to suspected scammers who pretended to sell passport details on the dark web.
DarkReading
Kinsing Cyberattackers Target Apache ActiveMQ Flaw to Mine Crypto
Active exploit of the critical RCE flaw targets Linux systems to achieve full system compromise.
Cyber Security News
Hackers Attacking Apache Web Servers to Install Coinminers
An attack campaign that installs XMRig Coinminer on Windows web servers that run on Apache has been discovered recently.
Bleeping Computer
Kinsing malware exploits Apache ActiveMQ RCE to plant rootkits
The Kinsing malware operator is actively exploiting the CVE-2023-46604 critical vulnerability in the Apache ActiveMQ open-source message broker to compromise Linux systems.
Trend Micro
CVE-2023-46604 (Apache ActiveMQ) Vulnerability Exploited to Infect Systems With Cryptominers and Rootkits
We uncovered the active exploitation of the Apache ActiveMQ vulnerability CVE-2023-46604 to download and infect Linux systems with the Kinsing malware (also known as h2miner) and cryptocurrency miner.
DataBreaches
Hackers give Jeffco Public Schools an extension on their deadline to respond; email parents about the breach (1)
On November 2, DataBreaches reported that the same threat actors that had hacked and exfiltrated data from Clark County School District in Las Vegas had also...
Cyber Security News
Threat and Vulnerability Roundup for the week of October 29th to November 4th
welcome to Cyber Writes' weekly publication - the Threat and Vulnerability Roundup! Get ready to dive into the latest and greatest in cybersecurity, as we bring you the most up-to-date information each week.
The Hacker News
StripedFly Malware Operated Unnoticed for 5 Years, Infecting 1 Million Devices
StripedFly, a stealthy malware posing as a crypto miner, has infected over a million devices worldwide and has flown under the radar for 5 years.
DataBreaches
Jeffco Public Schools hit by the same threat actors that hit Clark County School District — and via the same way
How many school districts have to get massively hacked by the same method before the U.S. Department of Education, CISA, and states start really pressuring...
-1.webp)
Cyber Security News
Within 5 Minutes, Hackers Were Able to Get AWS Credentials From GitHub
Recently, under the name EleKtra-Leak has been identified, to be targeting AWS credentials within minutes of their public exposure on GitHub.
SecurityWeek
IAM Credentials in Public GitHub Repositories Harvested in Minutes
A threat actor has been using automated tools to clone public GitHub repositories and harvest AWS IAM credentials.
DarkReading
'Elektra-Leak' Attackers Harvest AWS Cloud Keys in GitHub Campaign
Cyber adversaries are scanning public GitHub repositories in real-time, evading Amazon quarantine controls, and harvesting AWS keys.
DarkReading
'Elektra-Leak' Attackers Harvest AWS Cloud Keys in GitHub Campaign
Cyber adversaries are scanning public GitHub repositories in real-time, evading Amazon quarantine controls, and harvesting AWS keys.
Bleeping Computer
Malicious NuGet packages abuse MSBuild to install malware
A new NuGet typosquatting campaign pushes malicious packages that abuse Visual Studio's MSBuild integration to execute code and install malware stealthily.
The Hacker News
Malicious NuGet Packages Caught Distributing SeroXen RAT Malware
Cybersecurity experts uncover a coordinated malware campaign on NuGet package manager. Get the details now:
The Hacker News
EleKtra-Leak Cryptojacking Attacks Exploit AWS IAM Credentials Exposed on GitHub
EleKtra-Leak cryptojacking campaign is exploiting exposed AWS IAM credentials on public GitHub repositories
CyberScoop
Kaspersky reveals 'elegant' malware resembling NSA code
The Russian cybersecurity firm discovered sophisticated malware that combined cryptocurrency mining and espionage capabilities.
Bleeping Computer
StripedFly malware framework infects 1 million Windows, Linux hosts
A sophisticated cross-platform malware platform named StripedFly flew under the radar of cybersecurity researchers for five years, infecting over a million Windows and Linux systems during that time.
DarkReading
Complex Spy Platform StripedFly Bites 1M Victims
Sophisticated Windows and Linux malware for stealing data and conducting cyber espionage has flown under the radar, disguised as a cryptominer.
Cyber Security News
Hackers Using Money-Making Scripts to Deliver Multiple Malware
The FBI warned about attacks on government and non-profit organizations in April, which involved deploying multiple malware strains on victim devices.
The Record
Business-oriented threat involving ‘several types of malware all at once’ remains active
A malware campaign that the U.S. warned about in April is still dumping cryptominers, keyloggers and more on organizations worldwide, Kaspersky said.
The Record
Concerns grow as LockBit knockoffs increasingly target popular vulnerabilities
Hackers are using a leaked toolkit used to create do-it-yourself versions of the popular LockBit ransomware, making it easy for even amateur cybercriminals to target common vulnerabilities.
Bleeping Computer
Ukrainian activists hack Trigona ransomware gang, wipe servers
A group of cyber activists under the Ukrainian Cyber Alliance banner has hacked the servers of the Trigona ransomware gang and wiped them clean after copying all the information available.
The Record
Pro-Ukraine group says it took down Trigona ransomware website
The Ukrainian Cyber Alliance hacktivism group says it wiped out the Trigona gang's servers, defaced its website and exfiltrated data about the operation.
Bleeping Computer
Malicious Solana, Kucoin packages infect NuGet devs with SeroXen RAT
Malicious NuGet packages appearing to have over 2 million downloads impersonate crypto wallets, crypto exchange, and Discord libraries to infect developers with the SeroXen remote access trojan.
The Hacker News
Malicious NuGet Package Targeting .NET Developers with SeroXen RAT
Malicious NuGet package distributing SeroXen RAT targets .NET developers.
-1.webp)
Cyber Security News
BunnyLoader: New Malware-as-a-Service (MaaS) Under Rapid Development
A new malware-as-a-service (MaaS) loader under the name “BunnyLoader” has been discovered to be sold in multiple hacking forums.
SecurityWeek
Kubernetes Vulnerability Leads to Remote Code Execution
A high-severity vulnerability can be exploited to execute code remotely on any Windows endpoint within a Kubernetes cluster.
The Record
Phishing campaign uses Word documents to distribute three malware strains
Researchers identified a new phishing campaign that uses Microsoft Word documents to distribute malware that can log what a victim types, siphon cryptocurrency funds, and steal sensitive data.
Infosecurity News
CISA Adds Critical RocketMQ Bug to Must-Patch List
Apache flaw can enable remote command execution
Loading more articles....