Cybecrime News, Articles and Updates

Crook gets 20 years for literal domain hijacking at gunpoint

A man was sentenced to 20 years in prison after giving a new meaning to the term domain-hijacking when attempting to forcibly steal a domain name from someone at gunpoint.

U.S. counterspy warns World Cup travelers to leave electronics stateside

American's traveling to Russia for the World Cup games have been advised to leave their personal electronic devices stateside.

South Korean cryptocurrency exchange hit, sparking drop in bitcoin prices; Ethereum heist nets $20M

Over the weekend, threat actors made off with about 30 percent of the coins traded on the Conrail exchange, although the firm didn't quantify the value of the heist.

Trickbot and IcedID team up to boost revenues from victims

The botnet operators behind IcedID and Trickbot are collaborating with each other and possibly sharing their ill-gotten gains, according to security researchers.

New Confucius malware campaign has links to Patchwork cybergang

New tools and techniques used by the Confucius cybergangs suggest further connections between the group and the Patchwork cybergang.

Pen testers break down bank security flaws

While banks have built effective barriers for external attacks, researchers warn they have not done nearly as much work to fight threats on their internal networks.

Sun Team's RedDawn campaign targets North Korean defectors and journalist

The second campaign from the "Sun Team" hacking group managed to sneak its way into the Google Play Store that actively targeted North Korean defectors.

Third-party software vulnerability results in Mexican bank heist scoring millions

Mexican authorities are investigating suspect a bank hack that siphoned hundreds of millions of pesos out of at least five banks.

Mia Khalifa themed malware targets Android and Windows devices

Cybercriminals were spotted using the likes of a former adult film star to spread a multiplatform spyware disguised as an adult game.

Cybercrime losses exceed $1.4B in 2017

Two of the top three crimes, non-payment/non-delivery, and personal data breaches were also in the top spot in 2016 while phishing beat out 419/overpayment scams which dropped to fourth place in 2017, affecting only 23,135 victims compared to the 25,716 victims in 2016.

SynAck ransomware implements Doppelgänging evasion technique

SynAck targeted ransomware was seen in the wild using the Doppelgänging technique which was first presented as a proof of concept in December 2017.

ZooPark cyberespionage campaign targets Androids in the Middle East

A cyberespionage operation targeting Android users in the Middle East has been exfiltrating the data of unsuspecting users since June 2015.

HPE iLO 4 remote management interfaces targeted with ransomware

Threat actors are targeting internet accessible HPE Integrated Lights-Out 4 (HPE iLO 4) remote management interfaces with ransomware or a decoy wiper.

Financial services industry most targeted with malware for second year straight

For the second year in a row, the financial services industry tops the charts as the most targeted industry with the highest volume of security incidents and the third highest volume of cyber-attacks.

Celebgate hacker who stole Jennifer Lawrence nudes pleads guilty of breaking into nearly 240 iCloud accounts

A Connecticut man admitted to hacking into the iCloud accounts of prominent females celebrities including "Red Sparrow" actress Jennifer Lawrence and more than 200 others.

Remotely hosted objects used to spread Formbook malware

Cybercriminals are once again abusing trusted applications, such as Microsoft Office, to launch multi-stage attacks inside malicious documents to deliver Formbook malware

Magento sites brute forced by cryptominers

Brute force attacks are being used to compromise Magento sites to scrape payment card data and deliver cryptomining malware.

Leaked Documents claim Cambridge Analytica Affiliate Gave Facebook Data to John Bolton

A whistleblower has released documents bolstering claims the U.K. company at the center of the Facebook-Cambridge Analytical scandal didn't destroy user data.

Fancy Bear suspected in United Kingdom's Anti-Doping Agency cyberattack

Fancy Bear hackers are suspected of launching a foiled cyber-attack on the United Kingdom's Anti-Doping Agency.

Vanderbilt University researcher claims breaches linked to patient deaths

A Vanderbilt University researcher is claiming more than 2,100 patient deaths are linked to hospital data breaches each year.

Evasions common flaw in popular security products, says NSS Labs

SC Media chats with NSS Labs CEO Vikram Phatak to discuss some of the latest cyber threats and how evasions are one of the most common flaws in popular security products.

Bitcoin stealing malware distributed on download.com for nearly a year

Bitcoin stealing malware that swaps user accounts with that of the attacker was hosted on Download.com servers for nearly a year.

Cryptocurrency mining attacks increasing exponentially, no end in sight

Cryptocurrency miners are seemingly working away under every rock on the internet and there is a good reason. It's an almost guaranteed payday with a much-reduced chance of discovery.

Judge rules U.S. breach victims can sue Yahoo

A federal judge in California Friday ruled Yahoo must face many of the claims brought against the firm in a lawsuit over the company's massive data breaches.

Hacking Team reunion samples found in 14 countries

The Hacking Team is back to developing spyware as previously unreported samples of its infamous surveillance RCS tool were reportedly spotted in the wild.

U.K. police use DDoS-style attacks on suspected drug dealer's phones

U.K. police tried DDoS style attacks to disrupt service on suspected drug dealer's phones in cases where they couldn't prosecute but were looking to interfere with the drug trade.

FS-ISAC hit with phishing attacks

A Financial Services Information Sharing and Analysis Center (FS-ISAC) employee feel victim to a phishing attack that compromised their login credentials.

Private chats and user accounts could be exposed by Tinder security bug

An easy-to-exploit bug has left Tinder accounts and private chats exposed to hackers, revealed a researcher this week.