Cybercrime News, Articles and Updates

Tables turned: Researcher reportedly creates C&C server to spy on Fruitfly Mac malware

A security researcher looking into a variant of the Mac spyware Fruitfly uncovered a pool of roughly 400 infected victims, after reportedly registering a back-up C&C server that was coded in a sample of the malware and taking it over.

Mirai Botmaster behind Deutsche Telekom router hijack pleads guilty

A 29-year-old hacker has plead guilty in German court to an attack last year which downed internet service all across the country.

Prospective students tricked into handing over confidential information

Prospective Newcastle University students are being scammed into handing over details and making payments for fake courses.

Hacking Nemo: Adversary compromises smart fish tank at casino

An unknown actor recently succeeded in hacking into a casino's smart fish tank and exfiltrating its data to a device in Finland.

"Siren" botnet silenced after spamming Twitter users with porn links

A social media botnet that spams Twitter accounts with links to pornographic content sent more than 8.5 million posts from 90,000 unique accounts before it was finally neutralized, according to a new report.

Election integrity commission holds first meeting amid privacy, security, suppression concerns

Opponents assailed the commission's current mission, saying that resources instead should be put where they are most needed - to safeguard against cyberattacks by nation-states and modernize voting technology.

Cyber-terrorism: the next logical threat to come from IS

Earlier this year the attacks in London and Manchester catapulted terrorism back into the mainstream for many UK citizens.

'Unverified app' warning adds anti-phishing protection to G Suite

Google claims new 'unverified app' warning will cut down on phishing attacks from within G Suite by giving users information on potentially dodgy apps and scripts.

$32 million worth of Ethereum stolen from Parity client

Just days after an attacker made off with $7 million worth of Ethereum, a separate heist managed to make away with nearly $32 million worth of cryptocurrency

Back to school: Exclusive online course aimed at budding payment card fraudsters

The course, found in a Russian forum, says it aims to teach would-be criminals "to become a professional in the world of carding," according to Digital Shadows, which studied the course.

'Combat-grade' Nukebot spotted along with other mods

Three months after the malware's author released source code, 'combat-grade' Nukebot spotted.

150K attempts on S.C. voting system points to widespread hacking

Citing data from the State Election Commission, the Wall Street Journal contended that the high number of attempts could be an indicator that swing states were even more widely targeted.

Bargain-basement credentials stealing malware picks on browsers

"Ovidiy," a recently discovered credentials stealing malware that targets primarily browsers, is being marketed primarily to Russian speakers at the very affordable price of approximately $7-$13 per individual build.

CopyCat adware uses Amazon Web Services, APK segmentation to evade detection

The CopyCat adware that infected over 14 million Android devices employs evasion techniques to avoid detection, including the use of Amazon Web Services and the segmentation of malicious APK files.

Magala trojan hijacks Internet Explorer, then commits click fraud

A click fraud trojan called Magala is hijacking Internet Explorer browsers and opening virtual desktops on infected machines in order to artificially inflate various web pages' click counts.

Mystery user offers Petya/NotPetya decryption for nearly £200,000

There are offers now being made to decrypt the apparently undecryptable endpoints strangled by the Petya/NotPetya attacks.

Breached companies underperform on NASDAQ, study

A recent study found breaches also temporarily hurt a company's stock market status as well.

Report: NotPetya actors created fraudulent payment site on Tor

The actors behind the NotPetya wiper malware created a payment site as a ruse to fool victims into thinking their ravaged files could be salvaged, even though there remains little guarantee of this, according to a new blog post from Cylance.

Report: Adversary hacks dark web hosting provider, accesses its customers' data

At least 91 dark web sites suffered a breach after a malicious actor accessed their hosting provider's server and apparently managed to export files and possibly linked databases as well, BleepingComputer reported on Monday.

Attackers used template injection technique to steal credentials of power plant operators

The hackers responsible for breaching the systems of multiple U.S. energy operators since May 2017 employed a phishing scheme that used malicious attachments to download a template file via an SMB connection, in order to silently harvest credentials, according to a blog post from Cisco Talos.

UPDATE: Trump concerns with election hack met with Putin denial

U.S. Secretary of State Rex Tillerson, who attended the small-group, private meeting, said Trump pressed Putin on the allegations of Russian hacking during the election season.

ACLU New Mexico sues Albuquerque PD for info on StingRay use

The ACLU wants all records pertaining to the purchase and use of StingRays.

Reports: Feds issue alert after adversary breaches power plant business networks

Since May, foreign hackers have breached computer networks at 12 or more U.S. power plants, including nuclear facilities, prompting the FBI and DHS to issue an urgent amber warning to utility companies, according to reports.