Cybercrime News, Articles and Updates

Securus hacked after reports cops used it for tracking location

The hacker at the very least snatched a spreadsheet that housed 2,800 logins and passwords.

Attempts to terminate new WinstarNssmMiner cryptominer result in computer crash

Computers users infected with the newly observed cryptojacking malware WinstarNssmMiner will be surprised to discover that the nasty malware crashes their machines if they try to terminate the program, making it difficult to remove.

Satori botnet searching internet for open Ethereum mining rigs

Increasing value of cryptocurrency sees hackers look out for mining hardware. Security researchers have discovered a large Satori botnet that is scanning the internet for exposed Ethereum cryptocurrency mining rigs.

Two alleged Syrian Electronic Army members indicted for spear phishing and defacement campaign

U.S. prosecutors filed an indictment yesterday for two alleged Syrian Electronic Army hacktivists who are accused of compromising news media websites and social media accounts in order to spread propaganda supporting the regime of Sryian president Bashar al-Assad.

StalinLocker deletes data if you don't enter the right code in time

Ransomware gives you ten minutes to comply. Ransomware is under development that gives victims 10 minutes to enter a code and will delete the contents of a hard drive in the event of failure.

Serbian man arrested for alleged connections to Dark Overlord cyber extortion campaigns

Serbian authorities yesterday announced the arrest of a Belgrade man for his alleged affiliation with The Dark Overlord, a malicious cyber threat actor known for extorting U.S. schools, hospitals and entertainment companies, often after stealing their data or content.

Man behind Scan4you service convicted

Ruslans Bondars, 37, a of the former USSR who had been residing in Riga, Latvia, Wednesday was convicted of one count of conspiracy to violate the Computer Fraud and Abuse Act, one count of conspiracy to commit wire fraud, and one count of computer intrusion with intent to cause damage and aiding and abetting.

Senate intel committee concurs with IC that Russia meddled in election to help Trump, hurt Clinton

The Senate Intelligence Committee, which has been probing Russian meddling in the 2016 presidential election, said Wednesday it supported the conclusions of the intelligence community that found Russia sought to aid Trump.

TeleGrab information stealer swipes Telegram cache and key files

Researchers last month detected a new malware that steals not only browser credentials, browser cookies and text files, but also cache and key files from the desktop version of end-to-end encrypted instant messaging service Telegram.

Former CIA software engineer id'ed as suspect in Vault 7 leaks

Joshua Adam Schulte has not yet been charged with leaking classified information but is being held in the Metropolitan Correctional Center in New York after being indicted for possession of child pornography.

Cambridge Analytica under investigation by FBI, Justice

Witnesses have been questioned recently, particularly about banking transactions and the way the business was run, the New York Times reported.

Rail Europe North America discloses breach of e-commerce IT platform

U.S. residents who purchased European train tickets through Rail Europe North America (RENA) may be affected by a nearly three-month data breach/compromise of its e-commerce websites' IT platform that started late last year.

RIG EK campaign delivers researcher-phobic backdoor trojan Grobios

The RIG exploit kit has been causing trouble again, this time delivering a backdoor trojan called Grobios, which takes great pains to avoid detection and evade virtual and sandbox environments.

McFaul says Putin invested billions in trolls and bots to propagate chaos

Putin has grown less risk-averse in playing his hand against Western democracies, former U.S. Ambassador to Russia Michael McFaul said Friday at the Council on Foreign Relations in New York.

New Apple ID phishing operation protects web assets with AES encryption

A recently discovered email phishing campaign was found targeting Apple ID credentials, while using AES encryption to thwart active countermeasures against their malicious website.

Russian operatives accessed voter databases, says Senate Intel Committee

With the 2018 midterms looming, securing the nation's election systems takes on a certain urgency.

NigelThorn malware exploits Google Chrome zero-day

A zero-day exploiting malware capable of performing credential theft, cryptomining, click fraud, and more has already infected more than 100,000 users from over 100 countries

Buried no more: Source code for TreasureHunter POS malware leaked on forum

Someone has leaked the source code for well-established point-of-sale malware TreasureHunter onto an underground Russian-speaking forum, and already cybercriminals are talking about how to further improve and weaponize it now that it's available to the masses.

NIS Directive comes into force to boost infrastructure cyber-security

The Security of Network Information Systems (NIS) Directive, which aims to ensure that critical infrastructure is protected from cyber-attacks and computer network failure, has come into force today with fines for non-compliance.

Encrypted communications lure cybercriminals from dark web to Telegram app

Cybercriminals are branching out from the dark web and into encrypted messaging apps to conduct their nefarious deeds.

U.S. retreat from Iran agreement could spur uptick in cyberattacks

Before the agreement was signed, cybersecurity pros saw increased attack activity against Western critical infrastructure.

Cryptojacking campaign hits 400 Drupal-based sites, many run by governments and universities

Nearly 400 websites running outdated and vulnerable versions of the Drupal content management system, many affiliated with governments and educational institutions, were recently discovered to be running cryptomining programs without their operators' knowledge.

Trojanized CMS plug-ins infect thousands of websites in tech support scam campaign

A recently uncovered tech support scam campaign has compromised thousands of websites with malicious ad injections that redirect users to a browser locker page that claims their computers are infected.

Report: Up to two percent of global Bitcoin nodes act suspiciously on any given day

Using honeypots, internet scanning and connections to active nodes, researchers have estimated that anywhere from 0.6 to two percent of the entire Bitcoin network engages in suspicious or malicious behavior on a given day.

Paris Hilton's hacker steals $130K plus nude photos

A woman who pled guilty to hacking into Parris Hilton' bank accounts and iCloud accounts to steal nude photos and over a $100,000 is scheduled for sentencing Monday.

FLEETCOR Technologies gift card systems breached

FLEETCOR Technologies, a $2.25 billion company specializing in fuel cards and workforce payment products and services, publicly disclosed this past Thursday that its gift card systems were accessed last month by an unauthorized party.

Fake Teleg'e'ram app looks to take advantage of Russia banning Telegram

An imitation of the popular Telegram app made its rounds on Google Play as Russian government ordered the immediate blocking of messaging app.

Phishing campaign aimed at Airbnb guests uses GDPR hook

Phishing emails supposedly from Airbnb hosts seem to be directed to business addresses and ask potential victims to accept a new privacy policy in the lead up to GDPR.