Nearly 71 million unique credentials stolen for logging into websites such as Facebook, Roblox, eBay, and Yahoo have been circulating on the Internet for at least four months, a researcher said Wednesday. Troy Hunt, operator of the Have I Been Pwned? breach notification service, said the massive amount of data was posted to a well-known underground market that brokers sales of compromised credentials. READ MORE...
A series of misconfigurations and security vulnerabilities allowed a researcher to access customer information stored in an email account at Toyota Tsusho Insurance Broker India (TTIBI). The unauthorized access, US-based researcher Eaton Zveare explains, was possible because the TTIBI site had a dedicated Eicher Motors subdomain, with a premium calculator. TTIBI is an insurance broker under the Toyota Tsusho Insurance Management Corporation in Japan. READ MORE...
The rapper and social media personality Punchmade Dev is perhaps best known for his flashy videos singing the praises of a cybercrime lifestyle. With memorable hits such as "Internet Swiping" and "Million Dollar Criminal" earning millions of views, Punchmade has leveraged his considerable following to peddle tutorials on how to commit financial crimes online. But until recently, there wasn't much to support a conclusion that Punchmade was actually doing the cybercrime things he promotes in his songs. READ MORE...
A new campaign targeting vulnerable Docker services deploys an XMRig miner and the 9hits viewer app on compromised hosts, allowing a dual monetization strategy. 9hits is a web traffic exchange platform where members can drive traffic to each others' sites. This traffic is generated by a 9hits viewer app that is installed on members' devices, which uses a headless Chrome instance to visit websites requested by other members. READ MORE...
The FBI and the US Cybersecurity and Infrastructure Security Agency (CISA) have issued an alert about a malware campaign targeting Apache webservers and websites using the popular Laravel Web application framework, leveraging known bugs for initial compromise. The end goal of the campaign is to steal credentials to high-profile applications such as Amazon Web Services, Microsoft 365, Twilio, and SendGrid, so the threat actors can access sensitive data in the apps or use the apps for other malicious operations. READ MORE...
A previously unknown cybercrime syndicate named 'Bigpanzi' has been making significant money by infecting Android TV and eCos set-top boxes worldwide since at least 2015. Beijing-based Qianxin Xlabs reports that the threat group controls a large-scale botnet of approximately 170,000 daily active bots. However, the researchers have seen 1.3 million unique IP addresses associated with the botnet since August, most in Brazil. READ MORE...
Foxsemicon Integrated Technology, a subsidiary of Taiwanese electronics giant Foxconn, appears to have been targeted by the notorious LockBit ransomware group. Foxsemicon specializes in semiconductor equipment manufacturing. The company's website was defaced this week with a message claiming that data has been stolen and encrypted. The message said 5 Tb of data has been taken from the company's systems. READ MORE...
A Russian government-linked cyber espionage and influence operation known to target entities around the world has added custom backdoor malware to its arsenal, researchers said Thursday, demonstrating the continued evolution of one of Moscow's most prolific cyber groups. Researchers with Google's Threat Analysis Group said in a blog post Thursday that the group, which it tracks as "Cold River," has been using its first publicly known custom malware, dubbed "SPICA." READ MORE...
Just over a decade ago, Bitcoin appeared to many of its adherents to be the crypto-anarchist holy grail: truly private digital cash for the Internet. Satoshi Nakamoto, the cryptocurrency's mysterious and unidentifiable inventor, had stated in an email introducing Bitcoin that "participants can be anonymous." And the Silk Road dark-web drug market seemed like living proof of that potential, enabling the sale of illegal contraband for bitcoin while flaunting its impunity from law enforcement. READ MORE...
Google has patched a high-severity zero-day bug in its Chrome Web browser that attackers are actively exploiting. It paves the way for code execution and other cyberattacks on targeted endpoints. The vulnerability, assigned as CVE-2024-0519, is the first Chrome zero-day bug that Google has disclosed in 2024, and the second in the browser in less than a calendar month. In 2023, Google disclosed a total of eight zero-day vulnerabilities in Chrome, which is by far the most widely used browser currently. READ MORE...