Tourists Give Themselves Away by Looking Up. So Do Most Network Intruders.

Credit to Author: BrianKrebs| Date: Tue, 22 Aug 2023 17:45:28 +0000

In large metropolitan areas, tourists are often easy to spot because they’re far more inclined than locals to gaze upward at the surrounding skyscrapers. Security experts say this same tourist dynamic is a dead giveaway in virtually all computer intrusions that lead to devastating attacks like ransomware, and that more organizations should set simple virtual tripwires that sound the alarm when authorized users and devices are spotted exhibiting this behavior.

Read more

Wormable Flaw, 0days Lead Sept. 2022 Patch Tuesday

Credit to Author: BrianKrebs| Date: Wed, 14 Sep 2022 00:23:45 +0000

This month’s Patch Tuesday offers a little something for everyone, including security updates for a zero-day flaw in Microsoft Windows that is under active attack, and another Windows weakness experts say could be used to power a fast-spreading computer worm. Also, Apple has also quashed a pair of zero-day bugs affecting certain macOS and iOS users, and released iOS 16, which includes a nifty new privacy and security feature called “Lockdown Mode.” And Adobe axed 63 vulnerabilities in a range of products.

Read more

Wazawaka Goes Waka Waka

Credit to Author: BrianKrebs| Date: Mon, 14 Feb 2022 18:22:38 +0000

In January, KrebsOnSecurity examined clues left behind by “Wazawaka,” the hacker handle chosen by a major ransomware criminal in the Russian-speaking cybercrime scene. Wazawaka has since “lost his mind” according to his erstwhile colleagues, creating a Twitter account to drop exploit code for a widely-used virtual private networking (VPN) appliance, and publishing bizarre selfie videos taunting security researchers and journalists. In last month’s story, we explored clues that led from Wazawaka’s multitude of monikers, email addresses, and passwords to a 30-something father in Abakan, Russia named Mikhail Pavlovich Matveev. This post concerns itself with the other half of Wazawaka’s identities not mentioned in the first story, such as how Wazawaka also ran the Babuk ransomware affiliate program, and later became “Orange,” the founder of the ransomware-focused Dark Web forum known as “RAMP.”

Read more

Threat Spotlight: Sodinokibi ransomware attempts to fill GandCrab void

Credit to Author: Jovi Umawing| Date: Thu, 18 Jul 2019 17:58:26 +0000

There’s a new ransomware-as-a-service (RaaS) in town, and it can twist tongues for giggles as much as twist organizations’ arms for cash. Get to know the Sodinokibi ransomware, including how to protect against this fledgling threat.

Categories:

Tags:

(Read more…)

The post Threat Spotlight: Sodinokibi ransomware attempts to fill GandCrab void appeared first on Malwarebytes Labs.

Read more

Is ‘REvil’ the New GandCrab Ransomware?

Credit to Author: BrianKrebs| Date: Mon, 15 Jul 2019 15:58:30 +0000

The cybercriminals behind the GandCrab ransomware-as-a-service (RaaS) offering recently announced they were closing up shop and retiring after having allegedly earned more than $2 billion in extortion payments from victims. But a growing body of evidence suggests the GandCrab team have instead quietly regrouped behind a more exclusive and advanced ransomware program known variously as “REvil,” “Sodin,” and “Sodinokibi.”

Read more

A Year Later, Cybercrime Groups Still Rampant on Facebook

Credit to Author: BrianKrebs| Date: Mon, 08 Apr 2019 19:39:41 +0000

Almost exactly one year ago, KrebsOnSecurity reported that a mere two hours of searching turned up more than 100 Facebook groups with some 300,000 members openly advertising services to support all types of cybercrime, including spam, credit card fraud and identity theft. Facebook responded by deleting those groups. Last week, a similar analysis found some 74 cybercrime groups operating openly on Facebook with more than 385,000 members.

Read more

A Deep Dive on the Recent Widespread DNS Hijacking Attacks

Credit to Author: BrianKrebs| Date: Mon, 18 Feb 2019 13:51:01 +0000

The U.S. government — along with a number of leading security companies — recently warned about a series of highly complex and widespread attacks that allowed suspected Iranian hackers to siphon huge volumes of email passwords and other sensitive data from multiple governments and private companies. But to date, the specifics of exactly how that attack went down and who was hit have remained shrouded in secrecy. This post seeks to document the extent of those attacks, and traces the origins of this overwhelmingly successful cyber espionage campaign back to a cascading series of breaches at key Internet infrastructure providers.

Read more

Bomb Threat, Sextortion Spammers Abused Weakness at GoDaddy.com

Credit to Author: BrianKrebs| Date: Wed, 23 Jan 2019 02:44:28 +0000

Two of the most disruptive and widely-received spam email campaigns over the past few months — including an ongoing sextortion email scam and a bomb threat hoax that shut down dozens of schools, businesses and government buildings late last year — were made possible thanks to an authentication weakness at GoDaddy.com, the world’s largest domain name registrar, KrebsOnSecurity has learned. Perhaps more worryingly, experts warn this same weakness that let spammers hijack domains registered through GoDaddy also affects a great many other major Internet service providers, and is actively being abused to launch phishing and malware attacks which leverage dormant Web site names currently owned and controlled by some of the world’s most trusted corporate names and brands.

Read more