A new malware campaign is taking advantage of people's willingness to support Ukraine's cyber warfare against Russia to infect them with password-stealing Trojans. Last month, the Ukrainian government announced a new IT Army composed of volunteers worldwide who conduct cyberattacks and DDoS attacks against Russian entities. This initiative has led to a outpouring of support by many people worldwide who have been helping target Russian organizations and sites, even if that activity is considered illegal. READ MORE...
US prosecutors on Thursday said they have extradited a Canadian man to America to face charges that he conspired to distribute ransomware. Sébastien Vachon-Desjardins, 34, of Gatineau, Quebec, was detained by Canadian authorities on January 27, 2021. Upon executing a warrant to search his residence, officials found and seized more than 20TB of data including digital wallets containing 719 Bitcoin - worth about $28.5m presently - and $619,000 in cash, some of which was stored in bank safety deposit boxes. READ MORE...
A credential stealer that first rose to popularity a couple of years ago is now abusing Telegram for command-and-control (C2). A range of cybercriminals continue to widen its attack surface through creative distribution means like this, researchers have reported. Raccoon Stealer, which first appeared on the scene in April 2019, has added the ability to store and update its own actual C2 addresses on Telegram's infrastructure. READ MORE...
Russia has created its own trusted TLS certificate authority (CA) to solve website access problems that have been piling up after sanctions prevent certificate renewals. The sanctions imposed by western companies and governments are preventing Russian sites from renewing existing TLS certificates, causing browsers to block access to sites with expired certificates. READ MORE...
The continuous growth of e-commerce could be behind a surge in shipping fraud, which is now the fastest growing type of digital fraud worldwide, according to a TransUnion report. There was an influx in shipping fraud in 2021, resulting in a 780.5% year-over-year (YoY) global increase. When compared to a two-year timeframe from 2019 to 2021, TransUnion data shows shipping fraud grew more than 1,500+%. READ MORE...
Three months after the Apache Foundation disclosed the infamous Lo4j vulnerability [CVE-2021-44228] and issued a fix for it, more than 4 in 10 downloads of the logging tool from the Maven Central Java package repository continue to be known vulnerable versions. A dashboard that Maven Central administrator Sonatype launched soon after news of the so-called Log4Shell flaw first surfaced shows that 41% of Log4j packages downloaded between Feb. 4 and March 10, 2022, are versions prior to Log4j 2.15.0. READ MORE...