FIN7 recruiter Andrii Kolpakov pleads guilty to role in global hacking scheme
https://www.cyberscoop.com/fin7-recruiter-andrii-kolpakov-pleads-guilty-role-global-hacking-scheme/
![]()
|
FIN7 recruiter Andrii Kolpakov pleads guilty to role in global hacking scheme - CyberScoop One of the ringleaders of FIN7, a global hacking crew accused of stealing more than $1 billion by posing as a cybersecurity vendor, has admitted his role in the scheme. Andrii Kolpakov pleaded guilty on Monday to conspiracy to commit wire and bank fraud and conspiracy to commit computer hacking as part of his involvement with FIN7. U.S. prosecutors had accused Kolpakov, a Ukrainian national ... |
---
Ukraine’s Top Cyber Cop on Defending Against Disinformation and Russian Hackers
![]()
|
In recent years, Ukraine has become an involuntary testing ground for some of the most dangerous cyberweapons in the world. therecord.media |
---
TA505: A Brief History Of Their Time
https://research.nccgroup.com/2020/11/18/ta505-a-brief-history-of-their-time/
![]()
|
TA505: A Brief History Of Their Time – NCC Group Research Threat Intel Analyst: Antonis Terefos (@Tera0017)Data Scientist: Anne Postma (@A_Postma) 1. Introduction TA505 is a sophisticated and innovative threat actor, with plenty of cybercrime experience, that engages in targeted attacks across multiple sectors and geographies for financial gain. Over time, TA505 evolved from a lesser partner to a mature, self-subsisting and versatile crime operation ... research.nccgroup.com |
---
The adventures of lab ED011—“Nobody would be able to duplicate what happened there”
![]()
|
The adventures of lab ED011—“Nobody would be able to duplicate what happened there” | Ars Technica Lari remembers first going to ED011 in 1993 as a freshman at the Faculty of Automatic Control. The room was dark at night, only a neon tube flickering. arstechnica.com |
---
Back from vacation: Analyzing Emotet’s activity in 2020
https://blog.talosintelligence.com/2020/11/emotet-2020.html
![]()
|
During our analysis of various orphaned domains, we discovered many domains that were used previously for C2 by systems infected with a variety of threats like Dyre, Necurs, StealthWorker, and others.While many of the domains we investigated were part of time-based DGAs and not particularly useful, we identified several domains previously associated with SMTP servers that systems infected with ... blog.talosintelligence.com |
---
Mitsubishi Electric Corp. was hit by a new cyberattack
https://securityaffairs.co/wordpress/111201/hacking/mitsubishi-electric-cyberattack.html
![]()
|
Mitsubishi Electric Corp. was hit by a new cyberattack--Security Affairs Mitsubishi Electric Corp. was hit again by a massive cyberattack that may have caused the leakage of information related to its business partners. “Company officials on Nov. 20 said they were checking […] securityaffairs.co |
---
QakBot Big Game Hunting continues: the operators drop ProLock ransomware for Egregor
https://securityaffairs.co/wordpress/111197/cyber-crime/qakbot-egregor-ransomware.html
![]()
|
Group-IB, a global threat hunting and intelligence company headquartered in Singapore, has discovered that QakBot (aka Qbot) operators have abandoned ProLock for Egregor ransomware. Egregor has been actively distributed since September 2020 and has so far hit […] securityaffairs.co |
---
New Grelos skimmer variant reveals murkiness in tracking Magecart operations
https://securityaffairs.co/wordpress/111165/malware/grelos-skimmer.html
![]()
|
New Grelos skimmer variant reveals murkiness in tracking Magecart ops--Security Affairs Researchers from RiskIQ analyzed the increased overlap of a new variant of the skimmer dubbed Grelos and the operations of the groups under the Magecart umbrella. The analysis demonstrates the difficulty in associating new strains of skimmer to groups […] securityaffairs.co |
---
REvil ransomware demands 500K ransom to Managed.com hosting provider
https://securityaffairs.co/wordpress/111154/cyber-crime/managed-com-revil-ransomware.html
REvil ransomware demands 500K ransom to Managed.com provider--Security Affairs Managed web hosting provider Managed.com was hit by a REvil ransomware attack over the weekend that took their servers and web hosting systems offline. At the time of writing this post, Managed.com hosting […] securityaffairs.co |
---
Cisco fixed flaws in WebEx that allow ghost participants in meetings
https://securityaffairs.co/wordpress/111145/hacking/cisco-webex-meetings-flaws.html
Cisco fixed flaws in WebEx that allow ghost participants in meetings--Security Affairs Cisco has addressed three vulnerabilities in Webex Meetings (CVE-2020-3441, CVE-2020-3471, and CVE-2020-3419) that would have allowed unauthenticated remote attackers to join ongoing meetings as ghost participants. “A vulnerability in ... securityaffairs.co |
---
Phishing campaign targets LATAM e-commerce users with Chaes Malware
https://securityaffairs.co/wordpress/111133/cyber-crime/chaes-malware.html
Phishing campaign targets LATAM e-commerce users with Chaes Malware--Security Affairs Cybereason Nocturnus security researchers have identified an active campaign focused on the users of a large e-commerce platform in Latin America. Experts at Cybereason Nocturnus have uncovered an active campaign targeting the users […] securityaffairs.co |
---
Office 365 phishing campaign uses redirector URLs and detects sandboxes to evade detection
https://securityaffairs.co/wordpress/111120/cyber-crime/office-365-phishing-campaign.html
Microsoft is tracking an ongoing Office 365 phishing campaign that is targeting enterprises, the attacks are able to detect sandbox solutions and evade detection. “We’re tracking an active credential phishing attack targeting enterprises […] securityaffairs.co |
---
Unixfreaxjp at #R2CON2020 presented shellcode basics for radare2
https://securityaffairs.co/wordpress/111062/hacking/unixfreaxjp-r2con2020-shellcode-basics.html
Unixfreaxjp at #R2CON2020 presented shellcode basics for radare2--Security Affairs Shellcode play an essential role in cyber attacks, the popular expert Unixfreaxjp explained how to utilize radare2 for variation of shellcode analysis
Shellcode is having an important part in cyber intrusion activities and mostly spotted to be executed during the process/thread injection or during the exploitation of memory space that mostly related to a vulnerability. […] securityaffairs.co |
---
VoltPillager: Hardware-based fault injection attacks against Intel SGX enclaves
https://securityaffairs.co/wordpress/111033/hacking/voltpillager-attack-intel-sgx.html
VoltPillager: Hardware-based fault injection attacks against Intel SGX--Security Affairs A group of six researchers from the University of Birmingham has devised a new attack technique, dubbed VoltPillager, that can break the confidentiality and integrity of Intel Software Guard Extensions (SGX) […] securityaffairs.co |
---
Unprotected database exposed a scam targeting 100K Facebook accounts
https://securityaffairs.co/wordpress/111018/cyber-crime/100k-facebook-accounts-scam.html
Unprotected DB exposed a scam targeting 100K Facebook accounts--Security Affairs Researchers at vpnMentor discovered an ElasticSearch database exposed online that contained an archive of over 100.000 compromised Facebook accounts. The archive was used by crooks as part of a global hacking campaign against users of the social network. “We […] securityaffairs.co |
---
Crooks use software skimmer that pretends to be a security firm
https://securityaffairs.co/wordpress/111009/cyber-crime/sucuri-software-skimmer.html
Crooks use software skimmer that pretends to be security firm--Security Affairs Researchers at Sucuri analyzed a software skimmer that is using their brand name in order to evade detection. The e-skimmer is a base64-encoded JavaScript blob that attackers inject into target webpages. During a routine investigation, the […] securityaffairs.co |
---
New skimmer attack uses WebSockets to evade detection
https://securityaffairs.co/wordpress/110982/hacking/skimmer-attack-websockets.html
New skimmer attack uses WebSockets to evade detection--Security Affairs Researchers from Akamai discovered a new skimmer attack that is targeting several e-stores with a new technique to exfiltrate data. Threat actors are using fake credit card forum and WebSockets to steal the financial and personal information of the […] securityaffairs.co |
---
New Jupyter information stealer appeared in the threat landscape
https://securityaffairs.co/wordpress/110967/malware/jupyter-malware.html
New Jupyter information stealer appeared in the threat landscape--Security Affairs Researchers at Morphisec have spotted Russian-speaking threat actors that have been using a piece of .NET infostealer, tracked as Jupyter, to steal information from their victims. The Jupyter malware is able to collect data from multiple […] securityaffairs.co |
---
The North Face website suffered a credential stuffing attack
https://securityaffairs.co/wordpress/110952/data-breach/the-north-face-credential-stuffing.html
The North Face website suffered a credential stuffing attack--Security Affairs Outdoor retail giant The North Face has forced a password reset for a number of its customers following a successful credential stuffing attack that took place on October 8th and 9th. Credential stuffing attacks involve botnets […] securityaffairs.co |
---
Officials confirm cyberattack on Saint John was ransomware
https://www.cbc.ca/news/canada/new-brunswick/saint-john-attack-was-ransonware-1.5805531
Officials confirm cyberattack on Saint John was ransomware | CBC News The recent cyber attack on the City of Saint John was ransomware, city officials confirmed at a news conference Tuesday afternoon. |
---
VMWare releases fix for critical ESXi, Workstation vulnerability
VMWare releases fix for critical ESXi, Workstation vulnerability VMware has released security updates to fix critical and high severity vulnerabilities in VMware ESXi, Workstation, Fusion, and Cloud Foundation, allowing for code execution and privilege escalation. |
---
QBot partners with Egregor ransomware in bot-fueled attacks
QBot partners with Egregor ransomware in bot-fueled attacks QBot partners with Egregor ransomware in bot-fueled attacks. Get 98% off the Complete 2020 Cloud Certification Training Bundle. Kali Linux 2020.4 switches the default shell from Bash to ZSH |
---
Mount Locker ransomware now targets your TurboTax tax returns
Mount Locker ransomware now targets your TurboTax tax returns The Mount Locker ransomware operation is gearing up for the tax season by specifically targeting TurboTax returns for encryption. Mount Locker is a relatively new ransomware operation that began ... |