Cybecrime News, Articles and Updates

Linux IoT botnet retooled to send spam email

An IoT botnet has set its hooks in about 4,500 - 5,000 proxy devices to send spam emails which each device capable of sending 400 messages or a total of 1.8 million messages per day.

Remotely locked Apple devices being held for ransom

Some Apple product owners have found themselves on the receiving end of a new ransom attack that has someone locking their device most likely using stolen iCloud credentials and the initiating the Find My iPhone remote lock feature.

Election season spam correlates with the polls, study

A recent study on election spam found spammers use candidates with the strongest brands in their lures.

Cryptocurrency miners increasingly use CPU mining tools

Cryptocurrency miners have increased their use of mining tools that utilize central processing unit (CPU), and to a lesser extent graphic processing units (GPU) specifically those targeting enterprise networks.

Monero cryptocurrency miners silently placed on Pirate Bay visitor CPUs

In an effort to generate more revenue for the site, The Pirate Bay is quietly running Monero cryptocurrency on the CPU's of its visitors.

RIG, Magnitude, and Disdain among top EKs of summer '17

Summer 2017 saw a few established exploit kits suck as RIG EK and Magnitude EK along with the few newcomers such as the Disdain EK among its most active EKs of the season.

N. Korea targets Bitcoin and other cryptocurrency firms amid sanctions

North Korean hackers are targeting banks and other cryptocurrency outlets as international sanctions appear to take their toll on the Hermit Kingdom.

Ransomware and IOT attacks spell trouble for transportation industry

The ransomware and IOT threat landscapes are merging into a greater threat for transportation sector.

'Crackas With Attitude' member sentenced to in prison for government attacks

Justin G. Liverman, aka "D3F4ULT" of the "Crackas With Attitude" cybergang was sentenced to five years in prison.

NIST develops guidelines for dealing with ransomware recovery

NIST along with vendors and businesses within the cybersecurity community teamed up to develop a recovery guide for firms hit with ransomware attacks.

Site spotted selling stolen Instagram phone and email details for $10

A person is claiming to have exploited the recent Instagram API breach to scrape the personal data of 6 million users is reportedly selling the data in a searchable website for $10 per query.

Instagram API hacked to access verified accounts of Selena Gomez, others

Instagram confirmed it was hit by a cyberattack targeting several high profile celebrities.

Connected devices can get pwned by attackers every 2 minutes

IoT device pwned by credential attackers once every 120 seconds in SANS research using real connected device rather than honeypot.

100% of breached PCI certified companies failed PCI compliance audit

PCI DSS compliance doesn't guarantee security, but half of PCI certified companies aren't compliant which does indicate vulnerability to cyber-attack. "It's not a project, it's a programme - something you need to maintain."

Hackers rewrite Jimmy Nukebot malware to change its goals and tasks

Jimmy Nukebot malware trojan becomes more modular to increase flexibility and make static analysis much more complicated - shows ability to adapt to the goals and tasks set before a botnet to take advantage of a new source.

Chinese hackers leverage HBO 'Game of Thrones' leaks to deliver trojans

A few weeks before the season finale of popular HBO series "Game of Thrones" Proofpoint researchers spotted a Chinese advance persistent threat (APT) group looking to lure fans with leaked episodes.

Study, dark web vendors taking precautions after AlphaBay and Hansa takedowns

Some cybercriminals still aren't taking precautions to ensure they evade capture in the event of another major sting operation making law enforcement's job easier.

ICYMI: infected apps; LinkedIn; NHS breach; GPS spoofing; board training

In Case you missed it: Dodgy Google play apps again; Linkedin hit; NHS database breach; GPS spoofing US navy?; board training lacking

Researchers spot build your own malware apps for ransomware

Symantec researchers have spotted mobile malware factories in the wild which allow wannabe malware authors develop custom malware on their own devices without having to write a single line of code.

Chinese national arrested in relation to OPM breach

U.S. officials arrested a Chinese national who is accused of being involved in the 2015 OPM breach.

Researcher spots uptick in WAP-billing Trojan-Clickers

Kaspersky Lab researcher Roman Unuchek spotted an uptick in WAP-billing trojan-clickers from different cybercriminal groups targeting users in Russia and India.

Russian linked to 2014 Yahoo breach pleads not guilty

A Russian-born Canadian citizen pled not guilty after being accused for playing a role in the 2014 Yahoo hack which compromised the information of nearly 500 million users.

Mandiant breach hackers claim to dump FireEye data

The threat actors who two weeks ago targeted Mandiant are now claiming to have leaked FireEye documents in a second leak.

Guccifer looks to avoid extradition to U.S., claims State Dept. is Guccifer 2.0

The infamous Guccifer is trying to avoid extradition to the U.S. and told reporters he feels the U.S. State Department is behind the Guccifer 2.0 hacks.