Geek-Guy.com

Category: Cybercrime

Auto Added by WPeMatico

Advanced Malware Targets Cryptocurrency Wallets

  More attacks targeting cryptocurrency users.  Microsoft has identified a new Remote Access Trojan, named StilachiRAT, that has sophisticated capabilities to remain stealthy and persistent so it can harvest crypto wallet credentials via web browsers.   The malware targets many widely used cryptocurrency wallet browser extensions: 1.        Bitget Wallet (Formerly BitKeep) 2.        Trust Wallet 3.       …

Canadian citizen allegedly involved in Snowflake attacks consents to extradition to US

A Canadian citizen is one step closer to standing trial in the United States for his alleged involvement in a series of attacks targeting as many as 165 Snowflake customers, one of the most widespread and damaging attack sprees on record.  Connor Moucka consented to extradition on Friday to face 20 federal charges, including conspiracy…

KI als Turbo für Kriminelle

width=”2500″ height=”1406″ sizes=”(max-width: 2500px) 100vw, 2500px”>Europol warnt: Kriminelle nutzen KI, um ihre Operationen zu automatisieren und zu verstärken. Golden Dayz – shutterstock.com Von Cyberbetrug über Ransomware bis hin zu Drogenhandel und Geldwäsche: Das Internet ist laut Europol zum Hauptschauplatz für kriminelle Machenschaften geworden. „Nahezu alle Formen schwerer und organisierter Kriminalität hinterlassen einen digitalen Fußabdruck“, betont…

Nation-state groups hit hundreds of organizations with Microsoft Windows zero-day

Cybercriminals working on behalf of at least six nation-states are actively exploiting a zero-day vulnerability in Microsoft Windows to commit espionage, steal data and cryptocurrency, according to Trend Micro researchers. The vulnerability, which Trend Micro tracks as ZDI-CAN-25373, allows attackers to execute hidden malicious commands due to the way Windows displays the contents of shortcut…

Infostealers fueled cyberattacks and snagged 2.1B credentials last year

Cybercriminals used information-stealing malware to a devastating effect last year, capturing sensitive data that fueled ransomware, breaches and attacks targeting supply chains and critical infrastructure, according to a new report. Infostealers were used to steal 2.1 billion credentials last year, accounting for nearly two-thirds of 3.2 billion credentials stolen from all organizations, Flashpoint said in a…

Who is sending those scammy text messages about unpaid tolls?

It’s not just you.  Seemingly everyone is getting those text messages that serve as a notification of an unpaid toll road violation. The past due is usually less than $25, but is often paired with threats of excessive penalties, suspended vehicle registrations and threats to report the fare to state motor vehicle agencies. None of…

Lazarus Group deceives developers with 6 new malicious npm packages

Lazarus Group has burrowed deeper into the npm registry and planted six new malicious packages designed to deceive software developers and disrupt their workflows, researchers at cybersecurity firm Socket said in a Monday blog post. The North Korea-linked threat group embedded BeaverTail malware into the npm packages to install backdoors and steal credentials and data…

Legislative push for child online safety runs afoul of encryption advocates (again)

Two members of the Senate Judiciary Committee are preparing to introduce  a bipartisan bill that would mandate tech companies to more swiftly report and remove child sexual abuse material hosted on their platforms, but critics warn it could result in the weakening or elimination of encrypted messaging services that many Americans rely on. The Stop…

Neun Prozent der Betriebe wurden ausgespäht

Im Fokus der Spione stehen innovative, forschende Unternehmen, die im internationalen Wettbewerb stehen.  AlyoshinE – Shutterstock.com Neun Prozent der Betriebe in Deutschland sind einer Befragung zufolge innerhalb von fünf Jahren Opfer eines Spionageangriffs geworden. Rund zwölf Prozent berichteten über mindestens einen Verdachtsfall oder Angriff auf ihren Betrieb, teilte das Nürnberger Institut für Arbeitsmarkt- und Berufsforschung mit. Betroffen…

X suffered a DDoS attack. Its CEO and security researchers can’t agree on who did it.

Social media service X was hit by a series of distributed denial-of-service attacks Monday, which rendered the platform formerly known as Twitter inaccessible at times for users with intermittent outages and errors, according to researchers. The cause of those attacks has been much harder to discern. Elon Musk, the site’s owner, described the incident as…

Ransomware poseurs are trying to extort businesses through physical letters

The FBI and threat researchers are warning executives to be on the lookout for physical letters in the mail threatening to leak sensitive corporate data.  The letters, which are stamped “time sensitive read immediately” and shipped directly to executives through the Postal Service, are part of a nationwide scam designed to extort victims into paying…

Russian crypto exchange Garantex seized in international law enforcement operation

U.S. and European law enforcement agencies have seized the infrastructure of Garantex, a cryptocurrency exchange accused of laundering billions in criminal proceeds, in a sweeping international operation that signals heightened focus on illicit financial flows in cryptocurrency markets. According to Justice Department documents unsealed Friday, the Moscow-based exchange processed approximately $96 billion in cryptocurrency transactions…

Silk Typhoon shifted to specifically targeting IT management companies

The Chinese state-backed threat group Silk Typhoon shifted tactics in late 2024 to broaden access and enable follow-on attacks against downstream customers of its initial targets, Microsoft Threat Intelligence said in a blog released Wednesday.  The Chinese espionage group, which is also known as APT27, has abused stolen API keys and credentials for privileged access…

US indicts 12 Chinese nationals for vast espionage attack spree

The Justice Department on Wednesday indicted 12 Chinese nationals for their alleged involvement in an extensive nation-state-backed espionage campaign that included a spree of attacks on U.S. federal and state agencies, including the late 2024 attack targeting the Treasury Department.  Officials accused the Chinese individuals, including two officers of China’s Ministry of Public Security, eight…

Cybercriminals picked up the pace on attacks last year

Threat actors became increasingly efficient last year, rapidly achieving lateral movement and swiftly stealing data at a faster clip than ever before, according to multiple threat intelligence firms.  The reduced time frame is a clear indicator that cybercriminals are constantly improving their ability to be successful. With the abuse of legitimate system tools to help…

Investigator says differing names for hacker groups, hackers studying investigative methods hinders law enforcement

Malicious hacking groups pay close attention to public documents related to criminal prosecutions, and the lack of standardized names for those groups hampers U.S. federal law enforcement, an investigator said in a recent speech. The investigator, who could not be named under the conditions of the speech, said those are just two of many problems…

Interna von Ransomware-Gruppe Black Basta durchgesickert

Über die vergangenen Jahre hat Black Basta mit mehr als 500 Opfern weltweit von sich Reden gemacht. Durchgesickerte Chat-Protokolle enthüllen die innere Funktionsweise und interne Konflikte der Gruppe. DC Studio – shutterstock.com Black Basta betrat erstmals im April 2022 die Hackerbühne und nutzte den inzwischen weitgehend verschwundenen QakBot, auch bekannt als QBot. Einem von der…

Army soldier linked to Snowflake attack spree allegedly tried to sell data to foreign spies

U.S. authorities say a 21-year-old U.S. Army soldier attempted to sell stolen sensitive information to a foreign intelligence service as part of a broader effort to extort victims and leak call records of high-ranking public officials. In November while on active duty, Cameron Wagenius made multiple attempts to extort $500,000 from a major telecommunications company…

Microsoft IDs developers behind alleged generative AI hacking-for-hire scheme

Microsoft has identified individuals from Iran, China, Vietnam and the United Kingdom as primary players in an alleged international scheme to hijack and sell Microsoft accounts that could bypass safety guidelines for generative AI tools. In December, Microsoft petitioned a Virginia court to seize infrastructure and software from 10 unnamed individuals who the company claims…

Crypto analysts stunned by Lazarus Group’s capabilities in $1.46B Bybit theft

Last week’s $1.46 billion Ethereum theft by North Korean-linked Lazarus Group has sent shockwaves through the cybercrime ecosystem, as it has not only joined the ranks of the largest known financial thefts in history but also demonstrated that the group’s skillset is presenting new challenges for defenders.  In the wake of the theft, numerous experts…

Threat actors are increasingly trying to grind business to a halt

Cybercriminals intentionally disrupted operations at a growing rate last year, Palo Alto Networks’ threat intelligence firm Unit 42 said in an annual incident response report released Tuesday. Of the nearly 500 major cyberattacks Unit 42 responded to last year, 86% involved business disruption, including operational downtime, fraud-related losses, increased operating costs and negative reputational impacts. …

What defenders are learning from Black Basta’s leaked chat logs

Black Basta’s internal chat logs, which were leaked earlier this month, are providing defenders with actionable intelligence on the ransomware group’s operations, cybercrime experts told CyberScoop.  Researchers sifting through Black Basta’s exposed communications found details about the group’s preferred tools and techniques, including custom malware loaders, indicators of compromise, cryptocurrency wallets and email addresses associated…

Apple pulls end-to-end encryption feature from UK after demands for law enforcement access 

Apple has pulled Advanced Data Protection, a feature that provides end-to-end encrypted data storage through iCloud, from the United Kingdom following a fight with the British government over law enforcement access. Starting Friday, U.K. users who attempt to access the feature on their phones or computers will be denied. Users who already had Advanced Data…

Security-Infotainment: Die besten Hacker-Dokus

Sie fühlen sich leer ohne Security-Dashboard? Diese Dokumentationen überbrücken den Schmerz bis zum nächsten Arbeitstag. Foto: Gorodenkoff – shutterstock.com Wenn Sie in Ihrer Profession als Sicherheitsentscheider voll aufgehen, brauchen Sie möglicherweise auch zwischen den Arbeitstagen ihre tägliche Dosis Cybersecurity. Falls Ihnen die zahlreichen Annäherungen Hollywoods an das Thema viel zu weit von der Realität entfernt…

SEC rebrands cryptocurrency unit to focus on emerging technologies 

The Securities and Exchange Commission announced Thursday that it was changing its Crypto Assets and Cyber Unit to the “Cyber and Emerging Technologies Unit.” The regulator said its new unit will “focus on combatting cyber-related misconduct and to protect retail investors from bad actors in the emerging technologies space.” The newly rebranded unit will be…

Russia-aligned threat groups dupe Ukrainian targets via Signal

Russian state threat groups have compromised Signal accounts used by Ukrainian military and government personnel to eavesdrop on real-time communications, Google Threat Intelligence Group said in a report released Wednesday. “This is a persistent, ongoing campaign being carried out by multiple different Russia-aligned threat actors,” Dan Black, principal analyst at Google Threat Intelligence Group, said…

Edge device vulnerabilities fueled attack sprees in 2024

Edge devices harboring zero-day and n-day vulnerabilities were linked to the most consequential attack campaigns last year, Darktrace said in an annual threat report released Wednesday. Darktrace’s threat researchers found the most frequent vulnerability exploits in customers’ instances of Ivanti Connect Secure and Ivanti Policy Secure appliances, along with firewall products from Fortinet and Palo…

U.S. adversaries increasingly turning to cybercriminals and their malware for help

Governments of the United States’ chief adversaries in cyberspace, especially Russia, have increasingly been relying on cybercriminals and their tools to advance their goals, according to a Google report published Tuesday. There’s long been overlap between government and criminal cyber operators, but governments are now enjoying the benefits of collaboration and borrowing more — both…

Bipartisan Senate bill would strengthen cybercrime penalties

Cybercrimes could be punished more harshly under a new bill from a pair of senators that seeks to amend U.S. criminal code on computer fraud. The Cyber Conspiracy Modernization Act from Sens. Mike Rounds, R-S.D., and Kirsten Gillibrand, D-N.Y., would modify the Computer Fraud and Abuse Act (CFAA) to establish a specific penalty for conspiracy…

U.S. sanctions bulletproof hosting provider for supplying LockBit infrastructure

A consortium of U.S., Australian and U.K. officials announced coordinated sanctions Tuesday against Zservers, a Russia-based bulletproof hosting provider. The action targets the company for its role in facilitating ransomware attacks, most notably those conducted by the LockBit ransomware-as-a-service (RaaS) group. Officials detailed that Zservers has long been linked to cybercriminal forums, where it has…

Thai authorities detain four Europeans in ransomware crackdown

In a sweeping international law enforcement operation, Thai authorities arrested four Europeans in Phuket, accusing them of orchestrating ransomware attacks affecting Swiss companies worldwide. The suspects are allegedly tied to the 8Base ransomware-as-a-service (RaaS) gang, which extorted $16 million worth of Bitcoin from over 1,000 individuals. The operation, termed “Phobos Aetor,” reflected a tightly coordinated…

From credit card fraud to zero-day exploits: Xe Group expanding cybercriminal efforts

A cybercriminal organization that has been operating for over a decade has moved from credit-card skimming to exploiting zero-day vulnerabilities, according to a joint investigation by cybersecurity firms Solis Security and Intezer. The group, tracked as XE Group, now poses heightened risks to global supply chains, particularly in manufacturing and distribution sectors, by leveraging stealthier…

FBI nominee Kash Patel gets questions on cybercrime investigations, Silk Road founder, surveillance powers

A senator on Thursday questioned whether the president’s pick to lead the FBI might harm cybercrime investigations with his plans for the bureau. At a nomination hearing of the Senate Judiciary Committee, Amy Klobuchar, D-Minn., asked Kash Patel about comments he made in September. “I’d shut down the FBI Hoover building on day one and…

Department of Justice partners with Dutch police to break up HeartSender network

Authorities in the United States and the Netherlands have dismantled a sophisticated Pakistan-based cybercrime network known as Saim Raza.  The operation, dubbed “Operation Heart Blocker,” culminated Wednesday with the coordinated seizure of 39 domains and servers. Also known as HeartSender, Saim Raza was responsible for developing and selling phishing kits, with the Department of Justice…

US Justice Department says cybercrime forum allegedly affected 17 million Americans

U.S. prosecutors accused an Argentinian national living in Spain of being an “active administrator” of Nulled, one of the two hacking forums seized and shut down by authorities. © 2024 TechCrunch. All rights reserved. For personal use only.

FBI seizes major cybercrime forums in coordinated domain takedown

The Federal Bureau of Investigation, along with several other international law enforcement departments, has seized control of several high-profile online platforms linked to cybercrime in a sweeping operation aimed at disrupting digital marketplaces for stolen credentials and hacking tools. The domains of forums Cracked[.]io and Nulled[.]to now redirect to FBI-controlled servers, signaling efforts to dismantle…

DOJ indicts five in North Korean fake IT worker scheme

The U.S. government delivered another blow to North Korea’s fake IT worker scheme Thursday, with the Department of Justice announcing indictments against five men for fraudulently obtaining remote credentials to work with American companies and generate revenue for Pyongyang. The indictments of North Korean nationals Jin Sung-Il and Pak Jin-Song, Mexican national Pedro Ernesto Alonso…

BreachForums founder to be resentenced after court vacates previous punishment

A U.S. appeals court has vacated the initial sentence given to Conor Brian Fitzpatrick, who pleaded guilty in 2023 for charges related to his work as founder of the notorious BreachForums website. The appeal, filed by the U.S. government, signals that a new sentence could be much more harsh than the one initially issued last…

Treasury sanctions Chinese cybersecurity company, affiliate for Salt Typhoon hacks 

The Department of the Treasury has sanctioned a Chinese national and a cybersecurity company based in Sichuan, China, for taking part in the Salt Typhoon hacking campaign that has swept up data from at least nine U.S. telecommunications companies. The department’s Office of Foreign Assets Control (OFAC) named Yin Kecheng of Shanghai and the Sichuan…

Law enforcement action deletes PlugX malware from thousands of machines

U.S. and international law enforcement agencies have removed the PlugX malware from thousands of computers worldwide in a coordinated campaign to blunt the effectiveness of one of the most infamous pieces of malware used by malicious cyber actors. According to recently unsealed court documents from the Eastern District of Pennsylvania, the U.S. Department of Justice…

Second Biden cyber executive order directs agency action on fed security, AI, space

A draft cybersecurity executive order would tackle cyber defenses in locations ranging from outer space to the U.S. federal bureaucracy to its contractors, and address security risks embedded in subjects like cybercrime, artificial intelligence and quantum computers. The draft, a copy of which CyberScoop obtained, constitutes one big last stab at cybersecurity in the Biden…

Russian nationals charged with operating crypto mixers that masked cybercrime funds

Three Russian nationals were indicted this week for their roles in managing a pair of cryptocurrency mixing services, operations that were funded in part by money gained through ransomware attacks.  The indictment from a federal grand jury in the Northern District of Georgia alleges that Roman Vitalyevich Ostapenko, 55, Alexander Evgenievich Oleynik, 44, and Anton…

After UN adoption, controversial cybercrime treaty’s next steps could prove vital

A divisive United Nations cybercrime treaty — one that critics say is a huge danger to human rights and that the United States cautiously agreed to advance — is now in the hands of member nations. The U.N. General Assembly adopted the treaty without a vote last week, leaving ratification to individual states. If the…

South Korea sanctions 15 North Koreans for IT worker scams, financial hacking schemes

The South Korean government has sanctioned more than a dozen individuals and one organization for a wide-ranging global scheme to fund North Korea’s nuclear and missile programs through impersonating IT workers abroad, stealing cryptocurrency and facilitating cyberattacks. South Korean officials on Thursday identified 15 North Korean nationals and the Chosun Geumjeong Economic Information Technology Exchange…

Justice Department unveils charges against alleged LockBit developer

The U.S. Department of Justice revealed charges Friday against Rostislav Panev, a dual Russian and Israeli national, for his alleged role as a developer in the notorious LockBit ransomware group. Panev was arrested in Israel following a U.S. provisional arrest request and is currently awaiting extradition. Authorities allege that Panev has been an instrumental figure…

PHP backdoor looks to be work of Chinese-linked APT group

Cybersecurity researchers at a China-based cybersecurity company have uncovered an advanced PHP backdoor that suggests a new asset in the arsenal of Chinese-linked Advanced Persistent Threat group Winnti. Researchers at QiAnXin’s XLab discovered the backdoor, which they titled Glutton, targeting China, the United States, Cambodia, Pakistan, and South Africa. After initially discovering the malware in…

Arizona man arrested for alleged involvement in violent online terror networks

Baron Martin, a 20-year-old resident of Tucson, Arizona, was arrested Wednesday on charges of producing child sexual abuse material and cyberstalking. His arrest is connected to his involvement in online terror networks, specifically 764 and CVLT, which are known for violent extremist activities. Martin, also known under the alias “Convict,” is charged with significant involvement…

Cybercriminal marketplace Rydox seized in international law enforcement operation

The Justice Department announced Thursday that it had participated in a coordinated effort to seize and dismantle Rydox, an online marketplace for stolen personal information and cybercrime tools. The operation led to the arrest of three individuals alleged to be the site’s administrators. Rydox has been linked to over 7,600 illicit sales and generated substantial…

Court indicts 14 North Korean IT workers tied to $88 million in illicit gains

A federal court has indicted 14 more North Korean IT workers as part of an ongoing U.S. government campaign to crack down on Pyongyang’s use of tech professionals to swindle American companies and nonprofits. The Justice Department said the 14 indicted workers generated at least $88 million throughout a conspiracy that stretched over approximately six…

Notorious Nigerian cybercriminal tied to BEC scams extradited to U.S.

Abiola Kayode, a 37-year-old Nigerian national, has been extradited from Ghana to the United States to face charges of conspiracy to commit wire fraud.  Kayode, who was on the FBI’s Most Wanted cybercriminal list, is charged with participating in a business email compromise (BEC) scheme and romance fraud from January 2015 to September 2016, defrauding…

International crackdown disrupts DDoS-for-hire operations

In a sweeping international crackdown, law enforcement agencies from 15 countries, including the United States and multiple European nations, have dismantled 27 of the most popular platforms used for carrying out distributed denial-of-service (DDoS) attacks, Europol announced Wednesday. The operation, known as PowerOFF, has led to the arrest of three administrators in France and Germany…

WordPress Appliance - Powered by TurnKey Linux