One million stolen credit cards leaked to promote carding market
A threat actor is promoting a new criminal carding marketplace by releasing one million credit cards stolen between 2018 and 2019 on hacking forums. Carding is the trafficking and use of stolen credit cards. These credit cards are stolen through point-of-sale malware, magecart attacks on websites, and information stealing trojans. These stolen credit cards are then sold on criminal carding marketplaces where other threat actors purchase them to make online purchases. READ MORE...
Krebs on Security: Phishing Sites Targeting Scammers and Thieves
I was preparing to knock off work for the week on a recent Friday evening when a curious and annoying email came in via the contact form on this site: "Hello I go by the username Nuclear27 on your site Briansclub[.]com," wrote "Mitch," confusing me with the proprietor of perhaps the underground's largest bazaar for stolen credit and identity data. "I made a deposit to my wallet on the site but nothing has shown up yet and I would like to know why." READ MORE...
Android Malware 'FlyTrap' Hijacks Facebook Accounts
Researchers have uncovered a new Android trojan, dubbed FlyTrap, that's spread to more than 10,000 victims via rigged apps on third-party app stores, sideloaded apps and hijacked Facebook accounts. In a report posted on Monday, Zimperium's zLabs mobile threat research teams wrote that FlyTrap has spread to at least 144 countries since March, via malicious apps distributed through Google Play store and third-party app marketplaces. READ MORE...
Splunk spots malware targeting Windows Server on AWS to mine Monero
Data analysis firm Splunk says it's found a resurgence of the Crypto botnet - malware that attacks virtual servers running Windows Server inside Amazon Web Services. Splunk's Threat Research Team (STRT) posted its analysis of the attack on Monday, suggesting it starts with a probe for Windows Server instances running on AWS, and seeks out those with remote desktop protocol (RDP) enabled. READ MORE...
eCh0raix ransomware now targets both QNAP and Synology NAS devices
A newly discovered eCh0raix ransomware variant has added support for encrypting both QNAP and Synology Network-Attached Storage (NAS) devices. This ransomware strain (also known as QNAPCrypt) first surfaced in June 2016, after victims began reporting attacks in a BleepingComputer forum topic. The ransomware hit QNAP NAS devices in multiple waves, with two large-scale ones were reported in June 2019 and in June 2020. READ MORE...
Auth Bypass Bug Exploited, Affecting Millions of Routers
An authentication-bypass vulnerability affecting multiple routers and internet-of-things (IoT) devices is being actively exploited in the wild, according to researchers. The security flaw, tracked as CVE-2021-20090, was disclosed last week by researchers at Tenable. It affects devices from 20 different vendors and ISPs, all of which use the same firmware from Arcadyan. In all, millions of devices worldwide could be vulnerable. READ MORE...
- ...in 1846, the Smithsonian Institution is chartered by the US Congress.
- ...in 1909, inventor and manufacturer Leo Fender, the designer of the classic Telecaster and Stratocaster electric guitars, is born in Anaheim, CA.
- ...in 1950, Billy Wilder's film noir "Sunset Boulevard," starring William Holden and Gloria Swanson, premieres at Radio City Music Hall.
- ...in 1960, NASA launches Discoverer 13 satellite; it would become the first object ever recovered from orbit.
