The U.S. Department of Justice has charged a man with hacking-related crimes as part of an investigation into a group of foreign scammers accused of targeting more than 300 organizations throughout the world. Prosecutors in the Western District of Washington charged Andrey Turchin, who resides in Kazakhstan, with five felony counts in connection with a year-long fraud effort. READ MORE...
Since its launch three years ago, the Keeper threat group has compromised more than 570 e-commerce websites, from online liquor stores to Apple product resellers. And experts warn of future, increasingly sophisticated attacks against online merchants worldwide. The Keeper group, a faction of the Magecart umbrella, consists of an interconnected network of 64 attacker domains and 73 exfiltration domains. READ MORE...
US security researcher Zach Edwards recently tweeted about finding 250 company website names that had been taken over by cybercriminals. He didn't name the brands, but insists that the organisations affected include banks, healthcare companies, restaurant chains, civil rights groups and more. The issue here is that the websites themselves haven't been hacked, but their DNS entries have. READ MORE...
Microsoft took control of domains used by cybercriminals as part of the infrastructure needed to launch phishing attacks designed to exploit vulnerabilities and public fear resulting from the COVID-19 pandemic. The threat actors who controlled these domains were first spotted by Microsoft's Digital Crimes Unit (DCU) while attempting to compromise Microsoft customer accounts in December 2019 using phishing emails designed to help harvest contact lists, sensitive documents, and other sensitive information. READ MORE...
German law enforcement officials have seized a server belonging to an anti-secrecy organization that recently published a trove of data stolen from U.S. police agencies, the group's co-founder says. Emma Best, who helps lead the Distributed Denial of Secrets group, said in a tweet Tuesday that prosecutors in the municipality of Zwickau have taken the group's "primary public download server." In an advisory that Best tweeted, police said the server was seized by the department of public prosecution. READ MORE...
Poor coding of the ThiefQuest ransomware in disguise that targets macOS users allows recovery of encrypted files, which would remain lost in lack of a backup. While the malware (initially named EvilQuest) deploys the encryption routine immediately after infecting a system, paying a ransom is not an option because it offers no way to contact the attackers. The ransom note informs victims that they have 72 hours to pay $50 if they want to unlock the encrypted files. READ MORE...
A harmless-looking currency converter application downloaded by more than 10,000 users from Google Play was designed to deliver the Cerberus banking Trojan. A Malware-as-a-Service (Maas), Cerberus is known for its mobile remote access Trojan (mRAT) capabilities, as well as functionality through which it logs keystrokes and steals credentials, information from Google Authenticator, and SMS messages. READ MORE...
On average, an exposed Mongo database is breached within 13 hours of being connected to the internet. The fastest breach recorded was carried out 9 minutes after the database was set up, according to Intruder. MongoDB is a general purpose, document-based, distributed database that consistently ranks in the top 5 most-used databases worldwide. It is used by a wide range of organizations all over the globe to store and secure sensitive application and customer data. READ MORE...