#cybercrime
Cofense reports on an social engineering campaign targeting the hospitality industry (primarily luxury hotel chains and resorts) to deliver information stealers. The initial infection vector are emails and instant messages. They use TTPs to bypass email security, then deliver infection URLs in password-protected archives. No IOC.
Link: https://cofense.com/blog/luxury-hotels-remain-target-of-social-engineering-attack/
Cyble discovered a new Python-based information stealer called Exela, primarily targeting Discord users’s info, as well as browser data/credentials, session details from social media/gaming platforms. They provide technical analysis, IOC, MITRE ATT&CK TTPs, and YARA rule.
Link: https://cyble.com/blog/exela-stealer-spotted-targeting-social-media-giants/
17 victims, 7 cyber gangs and 7 countries in our #HoT today ⤵
🔥17 #ransomware victims by the notorious Rhysida, Ransomed, ALPHV/BlackCat, Knight, 8Base, NoEscape and BianLian gangs.
🌍 7 involved countries: Kuwait, Japan, USA, Netherlands, Germany, France, Italy.
☢ #CyberRiskFactor: 4,1
Here you can find the full list ⤵
https://hackmanac.com/news/hacks-of-today-26-09-2023
Contact us for any question 📧
@stefanofavarato @securityaffairs
@SofiaScozzari @AlvieriD @amvinfe
#hackmanac #threatintelligence #cybersecurity #cybersecnews #darkwebmonitoring #darkweb #malware #databreach #dataleak #cybercrime
$200 Million in Cryptocurrency Stolen in Mixin Network Hack https://www.securityweek.com/200-million-in-cryptocurrency-stolen-in-mixin-network-hack/ #cryptocurrency #Cybercrime
E-Mails über TLS verschlüsseln – die unangenehme Wahrheit
https://netzpalaver.de/2023/09/26/e-mails-ueber-tls-verschluesseln-die-unangenehme-wahrheit/ via @netzpalaver #Telekommunkation #Datenschutz #Cybercrime
"Shadow Syndicate Unveils RaaS: A New Era of Ransomware 🌐💻"
The cybersecurity landscape is evolving with the emergence of Shadow Syndicate's Ransomware-as-a-Service (RaaS). This new venture signifies a shift in the modus operandi of cyber criminals, offering a ready-to-use ransomware platform to affiliates. The RaaS model lowers the entry barrier for aspiring cyber criminals while escalating the threat level for organizations globally. 🌍🔓
Shadow Syndicate's RaaS platform is meticulously crafted, providing a user-friendly interface, robust encryption algorithms, and a 24/7 support service for its affiliates. The article delves into the technical and operational intricacies of this RaaS platform, shedding light on its potential impact on the cybersecurity ecosystem. 🛡️🖥️
The authors, Oleg Skulkin and Igor Zdrnja, provide a comprehensive analysis, underscoring the need for enhanced cybersecurity measures to mitigate the burgeoning threat posed by such RaaS platforms. 📊🔐
Source: Group-IB Blog
Tags: #RaaS #Ransomware #CyberSecurity #ShadowSyndicate #CyberThreats #Encryption #CyberCrime #ThreatAnalysis
Authors: Oleg Skulkin & Igor Zdrnja
Kotaku: ‘All Of Sony Systems’ Allegedly Hacked By New Ransomware Group https://kotaku.com/sony-playstation-hack-breach-ransomware-ransomed-vc-1850870993 #gaming #tech #kotaku #costaricanransomwareattack #playstationnetworkoutage #technologyinternet #computersecurity #securitybreaches #cyberattacks #ransomware #cybercrime #revil #sony
Nigerian Pleads Guilty in US to Million-Dollar BEC Scheme Role – Source: www.securityweek.com https://ciso2ciso.com/nigerian-pleads-guilty-in-us-to-million-dollar-bec-scheme-role-source-www-securityweek-com/ #rssfeedpostgeneratorecho #CyberSecurityNews #securityweekcom #securityweek #Cybercrime #guilty #BEC
Die dunkle Seite der Macht. Oder mehr. Das Darknet - Eine Annäherung von @larsbas und mir morgen bei #9vor9 - Crime-as-a-service - im Darknet kann man kriminelle Dienstleistungen verschiedenster Arten kaufen. Und immer wieder wird gefeiert, wenn Marktplätze geschlossen werden, auf denen mit Kinderpornographie, Drogen oder Hackerangriffe angeboten werden. Doch es gibt nicht nur die dunkle Seite der Macht. Es ist auch Plattform für Whistleblower und mehr.
#Darknet #Cybercrime #Whistleblower
ThreatFabric: new samples of Xenomorph Android malware targets users of cryptocurrency wallets and various U.S. financial institutions. IOC provided.
Link: https://www.threatfabric.com/blogs/xenomorph
Tags: #xenomorph #cryptowallet #cybercrime #IOC #bankingmalware
Nigerian Pleads Guilty in US to Million-Dollar BEC Scheme Role https://www.securityweek.com/nigerian-pleads-guilty-in-us-to-million-dollar-bec-scheme-role/ #Cybercrime #guilty #BEC
Download the newsletter directly here! → https://www.ccinfo.nl/_downloads/17fd4f994644f26666fedc4a8e12741e
#Cybercrime #darkweb #data leaks #PostQuantumCryptography #OnlinePrivacy #CyberSecurity #AVG #SafeSurfing #WiFi
HACKS OF TODAY 23-24-25/09/2023 WEEK-END EDITION
44 victims, 13 cyber gangs and 12 countries in our #HoT today ⤵
🔥 43 #ransomware and 1 #data breach by the notorious KaraKurt, ALPHV/BlackCat, Medusa, LockBit 3.0, Akira, Cl0p, Rhysida, 8Base, Ransomed, NoEscape, Stormous, Ragnar Locker and BianLian gangs.
🌍 12 involved countries: USA, United Kingdom, Philippines, Japan, Israel, Turkey, Sweden, Bulgaria, Spain, Germany, France, Brazil.
☢ #CyberRiskFactor: 3.4
Here you can find the full list ⤵
https://hackmanac.com/news/hacks-of-today-23-24-25-09-2023
Contact us for any question 📧
@stefanofavarato @securityaffairs
@SofiaScozzari @AlvieriD @amvinfe
#hackmanac #threatintelligence #cybersecurity #cybersecnews #darkwebmonitoring #darkweb #malware #databreach #dataleak #cybercrime
📨 Latest issue of my curated #cybersecurity and #infosec list of resources for week #38/2023 is out! It includes the following and much more:
➝ 🔓 ❌ TransUnion Denies #Breach After Hacker Publishes Allegedly Stolen Data
➝ 🔓 ⚖️ Hackers breached International Criminal Court’s systems last week
➝ 🔓 🤖 #Microsoft #AI researchers accidentally exposed terabytes of internal sensitive data
➝ 🦠 💸 #BlackCat #ransomware hits #Azure Storage with #Sphynx encryptor
➝ 🇮🇷 🇮🇱 Iranian Nation-State Actor OilRig Targets Israeli Organizations
➝ 🇮🇳 #India's biggest tech centers named as #cybercrime hotspots
➝ 🇫🇮 💊 Finnish Authorities Dismantle Notorious #PIILOPUOTI Dark Web Drug Marketplace
➝ 🇨🇦 🇷🇺 Canadian Government Targeted With #DDoS Attacks by Pro-#Russia Group
➝ 🇨🇳 🇺🇸 #China Accuses U.S. of Decade-Long #Cyberespionage Campaign Against #Huawei Servers
➝ 🇺🇸 🇨🇳 China's Malicious Cyber Activity Informing War Preparations, #Pentagon Says
➝ 🇨🇳 🦠 New #SprySOCKS Linux #malware used in cyber espionage attacks
➝ 🇬🇧 🔐 UK Minister Warns #Meta Over End-to-End Encryption
➝ 🇺🇸 🇷🇺 One of the #FBI’s most wanted hackers is trolling the U.S. government
➝ 🦠 🥸 Fake #WinRAR proof-of-concept exploit drops #VenomRAT malware
➝ 🦠 📈 #P2PInfect botnet activity surges 600x with stealthier malware variants
➝ 🦠 📡 Hackers backdoor #telecom providers with new HTTPSnoop malware
➝ 🦠 🐝 #Bumblebee malware returns in new attacks abusing #WebDAV folders
➝ 🔐 #GitHub launches #passkey support into general availability
➝ ☑️ 🐧 Free Download Manager releases script to check for #Linux malware
➝ 💬 🔐 #Signal adds quantum-resistant encryption to its #E2EE messaging protocol
➝ 🍏 🔐 #iOS 17 includes these new security and #privacy features
➝ 🩹 High-Severity Flaws Uncovered in #Atlassian Products and ISC BIND Server
➝ 🩹 😡 Incomplete disclosures by #Apple and #Google create “huge blindspot” for 0-day hunters
➝ 🍏 🩹 Apple emergency updates fix 3 new zero-days exploited in attacks
➝ 🩹 #TrendMicro fixes #endpoint protection zero-day used in attacks
➝ 🩹 #Fortinet Patches High-Severity #Vulnerabilities in FortiOS, FortiProxy, FortiWeb Products
➝ 🔓 Nearly 12,000 #Juniper #Firewalls Found Vulnerable to Recently Disclosed RCE Vulnerability
📚 This week's recommended reading is: "Future Crimes: Everything Is Connected, Everyone Is Vulnerable and What We Can Do About It" by Marc Goodman
Subscribe to the #infosecMASHUP newsletter to have it piping hot in your inbox every week-end ⬇️
https://infosec-mashup.santolaria.net/p/infosec-mashup-week-382023
Security Affairs newsletter Round 438 by Pierluigi Paganini – International edition – Source: securityaffairs.com https://ciso2ciso.com/security-affairs-newsletter-round-438-by-pierluigi-paganini-international-edition-source-securityaffairs-com/ #rssfeedpostgeneratorecho #informationsecuritynews #ITInformationSecurity #SecurityAffairscom #CyberSecurityNews #PierluigiPaganini #SecurityAffairs #SecurityAffairs #BreakingNews #hackingnews #Cybercrime #DataBreach #Newsletter #Security #hacking
Habt einen guten Start in die neue Woche - und bleibt sicher 😉🔐👍⭐️⭐️⭐️
(c) Kostas Koufogiorgos #CyberResilienceAct #CRA #HateSpeech #Cybercrime
Missing Link: Digitalisierung befeuert milliardenschwere Untergrundwirtschaft | heise online https://www.heise.de/hintergrund/Missing-Link-Digitalisierung-befeuert-milliardenschwere-Untergrundwirtschaft-9306597.html #CyberCrime #eCommerce #SocialMedia #cryptocurrencies #cryptocurrency #NFT
#Phishing: Vermehrt gefälschte Abmahnungen wegen angeblicher Film-Downloads | Security https://www.heise.de/news/Verbraucherzentrale-NRW-warnt-vor-Phishing-Mails-mit-gefaelschten-Abmahnungen-9312464.html #CyberCrime
Having Telegram offer users cryptowallets means to nothing but an attempt at strengthening their position as a favoured platform with the cyber criminal ecosystem.
Oh, you are going to facilitate a payment system next with low fee conversion to dollars or euros? What a surprise that would be.
Any one else been thinking about this?
Romance-Scam-Masche: Wenn das Date zur Geldanlage in Kryptowährungspools drängt | heise online https://www.heise.de/news/Romance-Scam-Masche-Wenn-das-Date-zur-Geldanlage-in-Kryptowaehrungspools-draengt-9312800.html #scam #CyberCrime #cryptocurrencies #cryptocurrency
"Possiamo attaccare i siti web di potenziali clienti per ottenere una leva commerciale più efficace?"
Questa è una domanda che ci è stata posta spesso, e la risposta è no.
Il dubbio è lecito, perché online esistono servizi che permettono di fare delle scansioni di sicurezza su qualsiasi URL. In realtà, l'𝐚𝐫𝐭𝐢𝐜𝐨𝐥𝐨 𝟔𝟏𝟓 𝐭𝐞𝐫 𝐝𝐞𝐥 𝐂𝐨𝐝𝐢𝐜𝐞 𝐏𝐞𝐧𝐚𝐥𝐞 dice:
"Chiunque abusivamente si introduce in un sistema informatico o telematico protetto da misure di sicurezza ovvero vi si mantiene contro la volontà espressa o tacita di chi ha il diritto di escluderlo, è punito con la reclusione fino a tre anni".
Quindi chiunque testi un sito web senza autorizzazione, rischia fino a 3 anni di reclusione. Non è un caso che i servizi di scansione di sicurezza richiedano di dichiarare di essere autorizzati a testare quello specifico sito web.
Seguici per altri consigli su come evitare la prigione 👍
#securityawareness #hacking #diritto #cybercrime #informationsecurity #thinksecure
In latest news, Aleksanteri (before: Julius) Kivimäki is also suspected of 14151 breaches of other computer systems, along with the most prolific #Vastaamo case. These suspected breaches happened during the same time frame as the Vastaamo case.
Unfortunately it seems quite unlikely that these cases will be investigated, mainly because doing so would take such a long time that the right to prosecute would expire. This is a flaw in the Finnish legal system, and people get away with crimes all the time due to the expiration.
Source (in Finnish): https://www.is.fi/digitoday/art-2000009874322.html #cybercrime #prosecution
Researchers are tracking a new cybercrime group that is using an unprecedented extortion tactic. The gang, which operates through a blog called Ransomed, tells victims that if they don't pay to protect stolen files, they'll be fined under data protection laws like the EU's GDPR. https://therecord.media/ransomed-cybercrime-group-extortion-gdpr
#gdpr #ransomware #cybercrime
Nach DDoS-Attacke: Grenzterminals an kanadischen Flughäfen ausgefallen
Am Sonntag kam es zu Problemen an kanadischen Flughäfen. Grenzterminals waren nach einer DDoS-Attacke ausgefallen.
#Cybersecurity before #cyber - "The Computer Chronicles - Computer Security (1984)"
https://www.youtube.com/watch?v=DGBLzYyHBJk
40 years later and the problems are the same, just a fair bit larger in scope. #infosec #cybercrime #computerchronicles
#Crypto #Cryptocurrencies #Cybersecurity #Cybercrime: "Billionaire Mark Cuban has long been a major supporter of cryptocurrencies, promoting Bitcoin as a better investment than gold and criticizing security regulators’ approach to reigning in the industry. Now, he’s been hit with a nearly $1 million loss after falling victim to a phishing scam.
The substantial theft was first spotted by an anonymous blockchain watcher on social media, who noticed that Cuban’s crypto wallet was being drained of all its funds on Friday. “Lmao, did Mark Cuban's wallet just get drained? Wallet inactive for 160 days and all assets just moved,” said WazzCrypto in a tweet with an attached screenshot of Cuban’s wallet activity. The losses amounted to roughly $870,000, according to blockchain data from the attacker’s crypto address."
Mittwoch: Helfersuche für Google Maps, Social Engineering für Cyberangriffe
Freiwillige für Maps + Cyberkriminelle mit Social-Tricks + SBF-Eltern verklagt + oneAPI neu organisiert + Nikon Z f im Retro-Look + X-Paywall gegen Bot-Armeen
#Cybercrime #Cybersecurity #Datenklau #ElonMusk #Google #GoogleMaps #HighPerformanceComputing #Kamera #Kartendienste #Kriminalität #Kryptowährung #LinuxFoundation #Nikon #Twitter #Vollformat #news
Casino-Hacker haben neben MGM und Caesars drei weitere Unternehmen angegriffen
Die Cyberkriminellen hinter den Casino-Angriffen haben jüngst auch drei Firmen anderer Branchen attackiert. Hier wurde ebenfalls Social Engineering eingesetzt.
#Cybercrime #Cybersecurity #Datenklau #Glücksspiel #Hacking #Ransomware #Security #news
#Cybercrime und #Wissenschaft - spannender geht's gar nicht.
Für die Kollegen von MDR Wissen habe ich ein paar Erkenntnisse zusammengetragen. Z.B dass Cybercrime und konventionelle Kriminalität sich gegenseitig mit ihren "Fähigkeiten" unterstützen. Cybercrime wird deshalb gewalttätiger, sagt ein Experte.
Getroffen habe ich ihn in #Halle; nach der "Human Factor in Cybercrime Conference" (HFC! In Halle! 🤭)
📖
https://www.mdr.de/wissen/cybercrime-kongress-halle-100.html
📻
https://www.mdr.de/audio-2432248_zc-61c1655f_zs-94656218.html
Montag: KI in Justiz und Verwaltung, Deutschland ohne Strategie zur Kernfusion
CDU mit KI-Positionspapier + Kernfusion in Deutschland + Digitalisierung hilft Kriminellen + KI mit geometrischer Kunst + Stromversorgung mit wenig Ausfällen
#Arbeitswelt #Cybercrime #Cybersecurity #Digitalisierung #Energie #ErneuerbareEnergie #Forschung #KünstlicheIntelligenz #Regulierung #Solarenergie #Stromversorgung #Windkraft #news
Missing Link: Digitalisierung befeuert milliardenschwere Untergrundwirtschaft
Online bestellbare Auftragsarbeiten ("Crime-as-a-Service"), Verschlüsselung, FinTech, Neobanken und Kryptowährungen beflügeln laut Europol die Kriminalität.
#MissingLink #Kriminalität #Cybercrime #eCommerce #Kryptowährung #Metaverse #NFT #news
More bad guys sending garbage texts. This is blatant phishing. Maybe spear phishing? The URL was registered yesterday, Friday. Smart, they have all weekend to #cybercrime because many companies typically don’t staff fraud teams on the weekend.
Reported to name silo (registrar) as well as ATT (SMS provider) and the anti phishing working group. (APWG.org)
Neue Webinare zum Schutz vor Cyberangriffen
In fünf Webinaren vom 23.10. bis 27.11.2023 lernen IT-Verantwortliche und Admins von den Profis der SySS GmbH, Hackern stets einen Schritt voraus zu sein.
#Cybercrime #Cybersecurity #Datenschutz #Security #Phishing #news
BGH: Urteile im Cyberbunker-Prozess größtenteils bestätigt
Hatte es in der Verhandlung noch den Anschein, als könnte der BGH eine Neuauflage des Cyberbunker-Prozesses anordnen, wurden die Urteile jetzt doch bestätigt.
Ransomware-Verdacht: Sicherheitsvorfall bei US-Hotelkette MGM Resorts
Nach einem “Vorfall” hat die US-Hotelkette MGM Resorts ihre IT-Systeme heruntergefahren. Betroffen sind auch die Casinos in Las Vegas. Der Verdacht: Ransomware.
@heisec
Kann man Nordkorea nicht mal im Netz blocken?
#hacking #Cybercrime
Few customers but plenty of cash?: N Korean restaurants remain open in Laos
l+f: Das rätselhafte root-Passwort
Das ISC hat auf Honeypots ausprobierte Benutzernamen und Passwörter veröffentlicht. Das am häufigsten genutzte root-Passwort gibt Rätsel auf.
Trickbot-Malware: USA und Großbritannien verhängen Sanktionen gegen mehr Russen
Die USA und Großbritannien ziehen mehr mutmaßliche Cyberkriminelle aus der Anonymität. Gegen mehrere Russen wurden Sanktionen verhängt und Anklagen eingereicht.
US, in coordination with the UK, sanctions 11 individuals who are part of the #Russia based Trickbot #cybercrime group. https://ofac.treasury.gov/recent-actions/20230907
Lockbit veröffentlicht Daten von britischem Hochsicherheits-Zaunbauer
Ein Windows-7-PC war Einfallstor: Lockbit konnte bei einem Zaunbauer für Hochsicherheitsbereiche aus dem Vereinigten Königreich einbrechen und Daten stehlen.
New roundup:
Scientology fights "right to repair" while Russia hijacks UN cybercrime treaty, a privacy research paper on the visually impaired, thoughts (and details) on Jill Biden's 2nd covid infection while the White House insists "we're in a better place," and more.
https://www.patreon.com/posts/cybersecurity-5-88790622
#cybersecurity #cybercrime #infosec #covid #covidisntover #maskup #firstlady #biden #jillbiden #scientology #righttorepair #mastercard #trickbot #privacy
Phishing Attacks Surge Despite Increased Awareness, New Strategies Needed
CircleID gives a nice summary of our 2023 Phishing Landscape study
https://circleid.com/posts/20230903-phishing-attacks-surge-despite-increased-awareness-new-strategies-needed
The reporter did not include a link to the study proper so if you're a glutton for measurements grab https://interisle.net/PhishingLandscape2023.pdf
📨 Latest issue of my curated #cybersecurity and #infosec list of resources for week #35/2023 is out! It includes the following and much more:
➝ 🔓 🏌🏻♂️Golf gear giant #Callaway data breach exposes info of 1.1 million
➝ 🔓👕 Forever 21 data breach affects half a million people
➝ 🔓 🤦🏻♂️ #LogicMonitor customers hit by hackers, because of default passwords
➝ 🇺🇸 ⚖️ Lawsuit Accuses University of Minnesota of Not Doing Enough to Prevent #DataBreach
➝ 🎬 🔓 #Paramount discloses data breach following security incident
➝ 🏥 🔓 #Healthcare Organizations Hit by Cyberattacks Last Year Reported Big Impact, Costs
➝ 🇺🇸 🌎 #Microsoft joins a growing chorus of organizations criticizing a #UN cybercrime treaty
➝ 🇺🇸 🦠 U.S. Hacks #QakBot, Quietly Removes Botnet Infections
➝ 🇷🇺 🇺🇦 #Russia targets #Ukraine with new Android #backdoor, intel agencies say
➝ 🇷🇺 🕵🏻♂️ Unmasking #Trickbot, One of the World’s Top Cybercrime Gangs
➝ 🇨🇳 👀 ‘Earth Estries’ #Cyberespionage Group Targets Government, Tech Sectors
➝ 🇨🇳 Chinese Hacking Group Exploits Barracuda Zero-Day to Target Government, Military, and Telecom
➝ 💸 🇪🇺 Pay our ransom instead of a #GDPR fine, #cybercrime gang tells its targets
➝ 🇺🇸 🇨🇳 #Meta: Pro-Chinese influence operation was the largest in history
➝ 🇪🇸 📸 Spain warns of #LockBit Locker ransomware phishing attacks
➝ 🇵🇱 🚂 Two Men Arrested Following #Poland Railway Hacking
➝ 🇰🇵 🐍 #Lazarus hackers deploy fake #VMware PyPI packages in #VMConnect attacks
➝ 💸 #Classiscam fraud-as-a-service expands, now targets banks and 251 brands
➝ 💬 🎠 Trojanized #Signal and #Telegram apps on Google Play delivered spyware
➝ 🦠 📄 MalDoc in PDFs: Hiding malicious Word docs in PDF files
➝ 🇧🇷 👀 A Brazilian phone #spyware was hacked and victims’ devices ‘deleted’ from server
➝ 👨🏻💻 🔐 #GitHub Enterprise Server Gets New Security Capabilities
➝ 🚗 💰 Over $1 Million Offered at New #Pwn2Own #Automotive Hacking Contest
➝ 🩹 #Splunk Patches High-Severity Flaws in Enterprise, IT Service Intelligence
➝ ⛏️ 🔓 Recent #Juniper Flaws Chained in Attacks Following #PoC Exploit Publication
📚 This week's recommended reading is: "Spam Nation: The Inside Story of Organized Cybercrime―from Global Epidemic to Your Front Door" by @briankrebs
Subscribe to the #infosecMASHUP newsletter to have it piping hot in your inbox every week-end ⬇️
https://infosec-mashup.santolaria.net/p/infosec-mashup-week-352023
These are just some of the topics that participants brought up in this #FnF23 session.
#disinformation #antiTerrorLaws #artificialIntelligence #cyberCrime #borderPolicing #chatControl #encryption #foreignIntelligence #spyware #dataRetention #dsa #DSAimplementation #hateSpeech #foia #freedomOfInformation #EIDAS #digitalID #gdpr #GDPRimplementation #warOnCash
Cyberkriminalität: Bitkom beziffert Schaden auf 206 Milliarden Euro
Durch Diebstahl von IT-Ausrüstung und Daten sowie durch Industriespionage und Sabotage entstehen der deutschen Wirtschaft dieses Jahr 206 Milliarden Euro Schaden. Das ergab eine Bitkom-Umfrage. Immer mehr Attacken kommen aus Russland und China.
New: In early 2022, a mysterious leaker published a huge cache of information from inside the Russian cybercrime group Trickbot. For months, me and @lhn have worked to uncover the real world identity of one of the gang's central members, putting a face to the anonymous activity.
Bentley, also known as Maksim Galochkin, is one of the top couple of members of Trickbot and is responsible for managing 21 people who make sure its ransomware works properly. He's a cryptocurrency enthusiast, hates working from home, and has a history of launching IT companies in Russia.
We also dive into the inner workings of the group and their links to the Russian state.
Where there is cybercrime, there is crypto; and where there is crypto there is a need for conversion into cash services.
So with this introduction by Binance announcing Send Cash, I predict that some of these countries will begin to be favored by cyber criminals.
Anyone dare to predict otherwise? ;-)
Microsoft joins a growing chorus of organizations criticizing a UN cybercrime treaty.
Critics say the draft version of the global treaty backed by #China and #Russia could be used to persecute security researchers and activists.
Schwerer Schlag gegen Japans nationale IT-Sicherheit: Chinesische Hacker waren mehrere Monate im Netz der staatlichen Cyber-Sicherheitsbehörde NISC. #spionage #japan #china #cybercrime #cybersecurity #hackerangriff
In .AT Land soll "in 38 Regionen jeweils eine Schwerpunktdienststelle entstehen". Dort " sollen dann #Cybercrime-Spezialisten und -Spezialistinnen usw eine „Cybercobra“ bilden.
A #CyberCobra Oida! Da Fraunz, da Fredl, de Sabrina & da Kevin wern a echte, rustikale #Kyberei!
Our Policy Advisor Tanja Fachathaler speaks at a packed side-event to the UN #Cybercrime treaty negotiations in New York to remind everyone about the human rights implications and what’s at stake for our freedom online.
New: Every year, criminal hacker forums host a weird event: research and writing contests for their members. Cybercriminals can pen articles and have the chance to win thousands of dollars.
New analysis from Sophos, dives into these strange competitions. In the last few years, the contests have grown in size, receiving dozens of entries, and have prize pots of up to $80,000.
The contests have rules—no plagiarizing(!), entries must be of a certain length, and be properly formatted. What's more, some of the contests are sponsored by big time cybercrime groups
https://www.wired.com/story/hacking-contests-cybercriminals/
Moscow helping cybercriminals operate with 'near impunity': Canadian Cyber Centre | CityNews Toronto https://bit.ly/45JHNfq #Crime #Moscow #Cybercrime #CdnCyberCentre #Iran #Russia #cdnpoli @cdnpoli
GTA-6-Videos veröffentlicht: Mitglieder der Hackergruppe "Lapsus$" vor Gericht
Sie veröffentlichten Videos von GTA 6 und erpressten große Tech-Konzerne. Zwei Teenager, die für "Lapsus$" aktiv waren, müssen sich vor Gericht verantworten.
Schweiz: Daten der Militärpolizei im Darknet aufgetaucht
Nach dem Angriff auf die Softwarefirma Xplain sind nun auch Daten der Schweizer Militärpolizei im Darknet entdeckt worden. Die Armee gibt Entwarnung.
Ransomware-Angriff: Alle Daten bei CloudNordic futsch
Der dänische Clouddienstleister CloudNordic hat bei einem Ransomware-Angriff vor dem Wochenende sämtliche Kundendaten verloren.
#Backup #CloudComputing #CloudNordic #Cyberangriff #Cybercrime #Daten #Ransomware #Rechenzentrum #Security #Umzug
Neue Webinare zum Schutz vor Cyberangriffen
In fünf Webinaren vom 23.10. bis 27.11.2023 lernen IT-Verantwortliche und Admins von den Profis der SySS GmbH, Hackern stets einen Schritt voraus zu sein.
#Cybercrime #Cybersecurity #Datenschutz #Security #Phishing #news
Cyberbunker-Prozess: Möglicherweise Wiederholung vor dem Landgericht
Der Prozess um den sogenannten Cyberbunker könnte ans Landgericht zurückverwiesen werden. Das deutete sich jetzt in der Revisionsverhandlung vor dem BGH an.
📨 Latest issue of my curated #cybersecurity and #infosec list of resources for week #33/2023 is out! It includes the following and much more:
➝ 🇬🇧 👮🏻♂️ #Norfolk and #Suffolk police: Victims and witnesses hit by #databreach
➝ 💬 🔓 #Discord.io confirms breach after hacker steals data of 760K users
➝ 🇺🇸 🏥 #Health plan provider PH TECH joins MOVEit victim list, 1.7 million exposed
➝ 🌍 👮🏻♂️ #Interpol arrests 14 suspected cybercriminals for stealing $40 million
➝ 🇮🇷 #Iran and the Rise of Cyber-Enabled Influence Operations
➝ 🎣 📨 Major U.S. energy org targeted in QR code #phishing attack
➝ 🦠 💸 Jon DiMaggio’s demystifying #LockBit’s Secrets in his latest Ransomware Diaries Vol. 3
➝ 🔓 🎠 Approximately 2000 #Citrix NetScalers backdoored in mass-exploitation campaign
➝ 🇮🇷 Charming Kitten Targets Iranian Dissidents with Advanced Cyber Attacks
➝ 🇺🇸 💸 #FBI warns of increasing #cryptocurrency recovery scams
➝ 🇵🇱 👮🏻♂️ #LOLEKHosted admin arrested for aiding Netwalker ransomware gang
➝ 🇷🇺 👨🏻⚖️ #Russia slaps #Reddit, #Wikipedia with fines
➝ 🇨🇳 ⚡️ #Tesla reassures Chinese users on #datasecurity amid spying concerns
➝ 🇮🇱 🇺🇸 #Israel, US to Invest $4 Million in Critical Infrastructure Security Projects
➝ 💸 🐈⬛ New #BlackCat Ransomware Variant Adopts Advanced Impacket and RemCom Tools
➝ 🦠 🦝 Raccoon Stealer #malware returns with new stealthier version
➝ 💸 🐧 Monti #Ransomware Returns with New #Linux Variant and Enhanced Evasion Tactics
➝ 🏴☠️ 💻 Over 120,000 Computers Compromised by Info Stealers Linked to Users of #Cybercrime Forums
➝ 🤖 🌪️ Google Brings AI Magic to Fuzz Testing With Eye-Opening Results
➝ 🔑 #Google Introduces First #Quantum Resilient #FIDO2 Security Key Implementation
➝ 🐮 👀 Cult of the Dead Cow releases #Veilid: A secure open-source Peer-to-Peer network for apps that flips off the surveillance economy
➝ 📱 Threat actors use beta apps to bypass mobile app store security
➝ 🛰️ ☠️ How a hacking crew overtook a #satellite from inside a Las Vegas convention center and won $50,000
➝ 🃏 🔓 How to hack #casino card-shuffling machines
➝ 🇫🇷 🏧 Iagona ScrutisWeb Vulnerabilities Could Expose #ATM's to Remote Hacking
📚 This week's recommended reading is: "The Cuckoo's Egg: Tracking a Spy Through the Maze of Computer Espionage" by Clifford Paul "Cliff" Stoll
Subscribe to the #infosecMASHUP newsletter to have it piping hot in your inbox every week-end ⬇️
https://infosec-mashup.santolaria.net/p/infosec-mashup-week-332023
For the last three years, hackers have been logging into one honeypot setup by security researchers. When they do, the researchers have recorded their screens, every mouse click, keyboard tap, and also grabbed clipboard data.
This has resulted in more than 100 hours of data on the behaviour of cyber criminals. Here’s what can be learned from it
https://www.wired.com/story/hacker-honeypot-go-secure/ #cybersecurity #cybercrime #windows #infosec #blackhat
#France:
The cyber crime group KittenSec has released a portion of data from Free (free.fr), a French internet provider.
They didn't manage to release a significant amount since they were interrupted before downloading the entire 110GB of data.
This leak, totaling 7.45 Gigabytes, includes employee lists and other relevant information.
@SofiaScozzari @stefanofavarato @AlvieriD @amvinfe
#databreach #dataleak #cybercrime #infosec #hackmanac #telegram #france #telco
📨 Latest issue of my curated #cybersecurity and #infosec list of resources for week #31/2023 is out! It includes the following and much more:
➝ 🐛 ✂️ Researchers Uncover New High-Severity #Vulnerability in #PaperCut Software
➝ 🇮🇱 🦠 #Israel cybersecurity agency says no breach after senior official self-infects home PC with #malware
➝ 🇺🇸 CISA’s strategic plan adheres to overall Biden administration direction on cybersecurity
➝ 🩹 ❌ Top 12 vulnerabilities list highlights troubling reality: many organizations still aren’t #patching
➝ 🐬 🔓 Hacking tool #FlipperZero tracked by intelligence agencies, which fear white nationalists may deploy it against power grid
➝ 🔥 🔓 Hundreds of #Citrix NetScaler ADC and Gateway Servers Hacked in Major Cyber Attack
➝ ⚡️ 🔓 Researchers jailbreak a #Tesla to get free in-car feature upgrades
➝ 🏭 📊 Industrial Control Systems Vulnerabilities Soar: Over One-Third Unpatched in 2023
➝ 🇷🇺 👥 Russian hackers target govt orgs in #Microsoft Teams #phishing attacks
➝ 🩹 🔓 #Rapid7 found a bypass for the recently patched actively exploited #Ivanti EPMM bug
➝ 🙈🔓 #Tenable CEO accuses Microsoft of negligence in addressing security flaw
➝ 🎣 📨 Hackers exploited #Salesforce zero-day in #Facebook phishing attack
➝ 🇺🇸 ☁️ US internet hosting company appears to facilitate global #cybercrime, researchers say
➝ 🇨🇳 🇪🇺 #China's #APT31 Suspected in Attacks on Air-Gapped Systems in Eastern Europe
➝ 🦠 💸 Schools Are Now the Leading Target for Cyber Gangs as Ransom Payments Encourage Attacks
➝ 🇺🇸 🇨🇳 Possible Chinese Malware in US Systems - a ‘Ticking Time Bomb’
➝ 🇮🇹 🏦 Cybercriminals Renting #WikiLoader to Target Italian Organizations with Banking Trojan
➝ 🇺🇸 🇨🇳 Microsoft downplays damaging report on Chinese hacking its own engineers vetted
➝ 🇯🇴 💬 #Jordan adopts cybercrime law seen as threat to #freespeech
➝ 🇪🇬 🏥 Hacker Claims to Have Stolen Sensitive Medical Records from #Egypt's Ministry of Health
➝ 🔓 💰 #BankCard USA surrenders and pays #ransom
📚 This week's recommended reading is: "Art of Software Security Assessment, The: Identifying and Preventing Software Vulnerabilities" by Mark Dowd, John McDonald, and Justin Schuh
Subscribe to the #infosecMASHUP newsletter to have it piping hot in your inbox every week-end ⬇️
https://infosec-mashup.santolaria.net/p/infosec-mashup-week-312023
#Hackers have been selling nude videos of children from hacked baby monitors on #Telegram.
Another reminder that many things shouldn't be connected to the #Internet, many #IoT devices have really poor #security. This includes many "smart" devices that are advertised to parents to watch their little ones.
These are the times when convenience shouldn't be at the expense of security & #privacy. When buying baby monitors, make sure to find ones that work without WiFi setup. Find models that where WiFi is optional and comes with a viewing device bundled. These devices may also have questionable security as well, but at least they're not connected to the Internet...
#infosec #cybersecurity #BabyMonitor #news #technews #databreach #cybercrime
https://www.wired.com/story/hikvision-cameras-telegram-children/
https://ipvm.com/reports/cp-sale-hack?code=fgasdtgf
Auf Phishing reingefallen: Landesministerium überweist Kriminellen 225.000 Euro
Sachsens Gesundheitsministerium hat eine betrügerische Rechnung bezahlt und Kriminellen 225.000 Euro überwiesen. Vor der Masche hat das LKA schon 2016 gewarnt.
📨 Latest issue of my curated #cybersecurity and #infosec list of resources for week #26/2023 is out! It includes, but not only:
➝ 🦠 🇺🇸 Schools say US teachers’ retirement fund was breached by #MOVEit hackers
➝ 🇨🇳 🇺🇸 Chinese spy #balloon did not collect information over US, #Pentagon says
➝ 🇨🇳 🦠 #TSMC Says Supplier Hacked After #Ransomware Group Claims Attack on Chip Giant
➝ 🇷🇺 Russian Cybersecurity Executive Arrested for Alleged Role in 2012 Megahacks
➝ 🇷🇺 🛰️ Hackers attack Russian #satellite telecom provider, claim affiliation with #WagnerGroup
➝ 🇬🇧 ⚕️ More than a million #NHS patients’ details compromised after cyber attack
➝ 📊 🐛 #MITRE releases new list of top 25 most dangerous software #bugs
➝ 🇷🇺 Pro-Russia DDoSia hacktivist project sees 2,400% membership increase
➝ 💻 🛡️ #Brave Browser boosts privacy with new local resources restrictions
➝ 🦠 🏦 Anatsa Banking #Trojan Targeting Users in US, UK, Germany, Austria, and Switzerland
➝ 🇺🇸 💵 White House releases cybersecurity budget priorities for FY 2025
➝ 🇺🇸 🇧🇷 8Base Ransomware Spikes in Activity, Threatens U.S. and Brazilian Businesses
➝ 🇬🇧 🔐 #Apple speaks out against bill that could mandate #CSAM scanning in iMessage
➝ 🇵🇭 2,700 People Tricked Into Working for Cybercrime Syndicates Rescued in #philippines
➝ 🇩🇪 ⚡️ #Siemens Energy confirms data breach after MOVEit data-theft attack
➝ 🕵🏻♂️ 📱 #LetMeSpy, a phone tracking app spying on thousands, says it was hacked
➝ 🦠 💰 Prominent #cryptocurrency exchange infected with previously unseen Mac #malware
➝ 🤖 📝 #LLMs and #IncidentResponse? It Starts with Summarization
➝ 🇺🇸 👨🏻🎓Hackers steal data of 45,000 New York City students in MOVEit breach
➝ 🇨🇦 ⛽️ Suncor Energy cyberattack impacts Petro-Canada gas stations
➝ 🦠 🕹️ Trojanized Super Mario Game Installer Spreads SupremeBot Malware
➝ 🇩🇪 💾 SSD missing from #SAP datacenter turns up on #eBay, sparking security investigation
#cyberattack #cybercrime #privacy #security #software #data #banking
📚 This week's recommended reading is: "Alice and Bob Learn Application Security" by @SheHacksPurple
Subscribe to the #newsletter to have it piping hot in your inbox every week-end ⬇️
https://infosec-mashup.santolaria.net/p/infosec-mashup-week-262023
AfD-Mitgliedsanträge frei zugreifbar im Netz
Der Internet-Auftritt der AfD hat ohne Zugriffsschutz Mitgliedsanträge preisgegeben. Ein Web-Verzeichnis stand für jeden frei zugreifbar im Netz.
@TheConversationUS @kurteichenwald
The new and flipped mantra of formerly ‘#LawAndOrder ‘ (🍌?) #Republicans is to “defund the #FBI”.
The rise of #cybercrime makes one wonder if their base of support isn’t just #MAGA morons who reject #science and don’t know the difference between fishing and phishing. 🤔
Criminal gangs are stealing and laundering billions through sham bank accounts, using 100s of 1000s of fake and real identities – possibly including yours. @kurteichenwald led a 4-month investigation that revealed: (🧵)
https://theconversation.com/us/investigations/mailbox-robberies-drop-accounts-checkwashing-fraud-gangs-of-fullz #news #fraud #fullz #CyberCrime
ChatGPT: Zugangsdaten zu mehr als 100.000 Konten im Darknet
IT-Sicherheitsforscher haben ChatGPT-Zugangsdaten auf Darknet-Marktplätzen entdeckt. Insgesamt 100.000 Zugänge waren im Laufe des vergangenen Jahres betroffen.
Ransomware: Schutzkonzept gegen Angriffe
Trotz Maßnahmen gegen Cyber-Angriffe und Ransomware gelingen viele Attacken. Die Daten sind verschlüsselt. Einige Punkte verhelfen zu brauchbaren Backups.
"Genesis Market": Kriminelle Plattform nach "Abschaltung" weiter aktiv
Anfang April wurde der "Genesis Market" angeblich abgeschaltet. Weltweit wurden 119 Personen festgenommen. Ein Teil der Plattform ist aber längst wieder aktiv.
"Others had been pumping out viruses for months, but Dark Avenger built his to be lethal. His first creation would be known as Eddie. When a user ran a program infected with Eddie, the virus would not start by attacking other files. It would lurk in computer memory and hand back control to the original program." —Scott J. Shapiro for The Guardian
#Longreads #EditorsPicks #CyberCrime #Hackers #Bulgaria #BookExcerpt
Twitter-Hack: Weiterer Angeklagter bekennt sich zum Krypto-Scam 2020 schuldig
Ein Brite gibt zu, 2020 am Twitter-Hack und der Übernahme prominenter Konten beteiligt gewesen zu sein. Eingezahlte Kryptobeträge sollten verdoppelt werden.
On the trail of the Dark Avenger: the most dangerous virus writer in the world
(Some familiar names from the early days of anti-virus mentioned in this article)
KI-Pionier Geoffrey Hinton kann sich nicht vorstellen, wie weit KI in 5 Jahren sein wird - auf jeden viel weiter, als er ursprünglich gedacht hat. Ich habe mit 2 Expert*innen darüber gesprochen, wie ernst seine Warnung einzuschätzen ist und wie sie die Gefahren, die er aufzeigt, bewerten
Kurz informiert: Schulserver, Vorwerk, Western Digital, Deep Floyd If
Unser werktäglicher News-Überblick fasst die wichtigsten Nachrichten des Tages kurz und knapp zusammen.
#Cybercrime #kurzinformiert #Sicherheitslücken #Roboter #WesternDigital #news
heise+ | 2FA absichern: So schützen Sie sich vor Angriffen auf den zweiten Faktor
Benutzerkonten mit einem zusätzlichen Faktor zu schützen, ist eine gute Idee. Wir zeigen, wie Sie Ihre Accounts abdichten und das Angriffsrisiko minimieren.
#ZweifaktorAuthentisierung #IdentityManagement #Cybercrime #Cybersecurity #Hacking #Security #news
Deepfake fraud hits a third of businesses #CyberCrime #DeepFake
https://betanews.com/2023/04/27/deepfake-fraud-hits-a-third-of-businesses/
Namensänderung: Kleinanzeigen löst eBay Kleinanzeigen ab
Nach dem Wechsel des Eigentümers heißt ebay Kleinanzeigen ab Mitte Mai nur noch Kleinanzeigen. Achtung für Betrügern und Fake.
UN-Cybercrime-Konvention: EU streitet mit China und Russland über Datenschutz
Abhören in Echtzeit, staatliches Hacking und Auslieferungen – bei den Verhandlungen über ein UN-Abkommen gegen Cyberkriminalität steht viel auf dem Spiel.
XWorm RAT: Avira-Sicherheitsexperten warnen vor Malware
Sicherheitsexperten von Avira warnen vor der Malware XWorm RAT
Why is Australia being targeted by cybercriminals? Who was behind the Medibank extortion/ransomaware attempt? How do ransomware gangs work? A deep dive by the ABC's Four Corners with Katherine Mansted, Jon DiMaggio, John Macpherson, Clare O'Neil, yours truly from Intel 471 and more. Thanks to the ABC for their diligent work on this piece.
#cybercrime #informationsecurity #infosec #ransomware #cybersecurity #auspol #Australia
https://www.youtube.com/watch?v=4m6Ydx0TGMY&list=PLDTPrMoGHssDTF6wySxfL89TPt5LRezhz
Nächsten Mittwoch geht's im #Digitalausschuss um die geplante UN-#Cybercrime-Konvention.
Diesmal wieder öffentlich.
(Danach auch noch um Breitband-Förderung.) https://www.bundestag.de/ausschuesse/a23_digitales/Anhoerungen/943988-943988
Neue Webinare zum Schutz vor Cyberangriffen
In fünf Webinaren vom 07. bis 30. Juni 2023 lernen IT-Verantwortliche und Admins von den Profis der SySS GmbH, Hackern stets einen Schritt voraus zu sein.
#Cybercrime #Cybersecurity #Datenschutz #Security #Phishing #news
"Wagner-Cybertruppe": Minister warnt vor Angriffen auf britische Infrastruktur
Der britische Minister Dowden warnt vor russischen Cyberangriffen auf Kritis. Die Hacker seien nach dem Vorbild der paramilitärischen Wagner-Gruppe organisiert.