Cyber Crime

Pierluigi Paganini October 09, 2016
Also Spotify in the list of services victim of a malvertising campaign

The users of the free version of the popular Spotify online music service have been served malicious advertisements. Spotify users have been targeted by a malvertising campaign, the malicious advertising served to the victims could automatically open a web browser and redirect victims websites hosting malware. Spotify is a popular online music service that allows its […]

Pierluigi Paganini October 09, 2016
Authorities warn of cyber threat related to malicious ‘Hurricane Matthew’ emails

As the Hurricane Matthew batters the South Carolina coast, authorities are warning of a series of cyber attacks against residents. Cyber criminals have no scruples and are ready to bring in any tragic event in their favor. In the past crooks exploited the media interest in tragic events like the Boston Marathon attack and the […]

Pierluigi Paganini October 08, 2016
OilRig campaign, Iran-Linked Hackers Target US Government & Energy Grid

OilRig campaign – An Iran-linked hacker group which previously targeted organizations in Saudi Arabia has now set its sights on other countries. Iranian hackers which previously targeted organizations in Saudi Arabia are now targeting organizations in other countries, including the US, as part of a campaign identified as OilRig campaign. In addition to expanding its reach, the group has been enhancing its malware tools. Researchers at Palo Alto Networks have been monitoring the group for some time and have  reported observing attacks launched by a threat actor against financial institutions and technology  companies in Saudi Arabia and on the Saudi defense industry. This campaign referred to as “OilRig,” by Palo Alto Networks, entails weaponized Microsoft Excel spreadsheets tracked as  “Clayslide” and a backdoor called “Helminth.”   Bank attacks by the Iran-linked group were analyzed and documented by FireEye in May. Security  Week reports that Palo Alto Networks, “discovered that it has also targeted a company in Qatar  and government organizations in the United States, Israel and Turkey.”  Helminth is delivered, by the threat actors behind OilRig, by way of spear-phishing emails and  malicious macro-enabled Excel documents. For instance, in the caseof a Turkish government organization, the Excel file was designed to replicate a login portal for an airline.  There are four variants of the Helminth malware and the threat, capable of communicating with its  command and control (C&C) server over both HTTP and DNS, can gain information on the  infected device and download additional files via a remote server. One type of Helminth malware  relies on VBScript and PowerShell scripts. Another is deployed as an executable file. Delivered by  […]

Pierluigi Paganini October 07, 2016
Magecart campaign – Hackers target eCommerce sites with web-based keylogger injection attacks

Researchers have been monitoring a campaign dubbed Magecart that compromised many ecommerce websites to steal payment card and other sensitive data. Researchers have been monitoring a campaign in which cybercriminals compromised many e-commerce websites in an effort to steal payment card and other sensitive information provided by their customers. Security experts from cloud-based security solutions provider […]

Pierluigi Paganini October 07, 2016
New FastPoS PoS malware implements a ‘quickly and dirty’ approach to steal card data

The author of the FastPoS PoS malware issued an update that profoundly changes its behavior, preferring a quick exfiltration activity even if is noisier. Christmas is approaching, and the experts are already at work, including the authors of PoS malware that at that time maximize their profits. The criminal group behind the FastPoS PoS malware have updated […]

Pierluigi Paganini October 07, 2016
Authorities arrested 2 teenagers suspected to be members of Lizard Squad

A joint operation of international law enforcement agencies allowed the arrest of suspected Lizard Squad Hackers in the US and Netherlands. Law enforcement in the US and in the Netherlands have arrested last month two teenagers suspected of being members of the dreaded hacking groups Lizard Squad and PoodleCorp. Both hacking teams are known for powerful […]

Pierluigi Paganini October 06, 2016
Which are principal cities hostages of malicious botnets?

Which are principal cities hostages of malicious botnets? Symantec has tried to reply the difficult questions with an interesting study. It is not a mystery, there is a strict link between cybercrime and Geography. Cyber criminal organization used different tactics and offer different products depending on the country where they operate. Russian criminal communities specialize in […]

Pierluigi Paganini October 06, 2016
New Cerber ransomware variant kills common database-related processes

A new variant of the Cerber ransomware kills common database-related processes like those of the MySQL, Oracle and Microsoft SQL servers to encrypt files. According to experts the BleepingComputer.com forum, a new variant of the Cerber ransomware is the wild attempts to shut down database connections to increase the effects of the infection. The principal goal […]

Pierluigi Paganini October 04, 2016
Peace_of_Mind hacked the hacking forum w0rm_ws and doxed its alleged owner

The notorious hacker Peace_of_Mind has hacked and defaced the official hacking and trading forum w0rm.ws and doxed its alleged owners. ‘Peace_of_Mind‘ (PoM) is a very active actor in The Real Deal Market and The Hell black markets, he offered for sale the dumps from clamorous data breaches, including Yahoo, LinkedIn and MySpace The w0rm.ws a famous hacking platform, it is an ‘invite only’ […]

Pierluigi Paganini October 03, 2016
The source code of the Mirai IoT botnet leaked online. Do you trust it?

A hacker released the source code of the Mirai malware that powered the record-breaking DDoS attack against the Brian Krebs Website, but … A couple of weeks ago the unknown hackers launched a massive Distributed Denial of Service (DDoS) attack against the website of the popular cyber security investigator Brian Krebs. Further investigation revealed the involvement of […]