Protecting customers from a private-sector offensive actor using 0-day exploits and DevilsTongue malware

The Microsoft Threat Intelligence Center MSTIC alongside the Microsoft Security Response Center MSRC has uncovered a private-sector offensive actor, or PSOA, that we are calling SOURGUM in possession of now-patched, Windows 0-day exploits CVE-2021-31979 and CVE-2021-33771. Private-sector offensiv...

Indian call center seized over Amazon hacking scam against US citizens

By Deeba Ahmed The call center ran a fake Amazon technical support call center in South Delhi - Now, 26 of its "employees" have been arrested. This is a post from HackRead.com Read the original post: Indian call center seized over Amazon hacking scam against US citizens...

Iranian State-Sponsored Hacking Attempts

Interesting attack: Masquerading as UK scholars with the University of Londons School of Oriental and African Studies SOAS, the threat actor TA453 has been covertly approaching individuals since at least January 2021 to solicit sensitive information. The threat actor, an APT who we assess with hi...

Game over: Apex Legends players locked out by protest message

Messages placed directly in or around games is a common hack technique. It can be used for trolling, phishing, scams, or anything else the message-placer can think of. Messages can also be placed in games for the purposes of advertising but thats a tale for a different day. Recently, players of...

A week in security (June 28 – July 4)

Last week on Malwarebytes Labs: Is it Game Over for VR Advergaming? Lil’ skimmer, the Magecart impersonator What is the WireGuard VPN protocol? Binance receives the ban hammer from UK’s FCA Fired by algorithm: The future’s here and it’s a robot wearing a white collar Second colossal Linkedin...

How REvil Ransomware Took Out Thousands of Business at Once

More details have come to light as to how the notorious hacking group pulled off its unprecedented attack...

Facebook Sues 4 Vietnamese for Hacking Accounts and $36 Million Ad Fraud

Facebook on Tuesday revealed it filed two separate legal actions against perpetrators who abused its ad platform to run deceptive advertisements in violation of the company's Terms and Advertising Policies. "In the first case, the defendants are a California marketing company and its agents...

Details of RCE Bug in Adobe Experience Manager Revealed

Details of an Adobe zero-day bug found in its content-management solution Adobe Experience Manager AEM, which affected customers ranging from Mastercard, LinkedIn and PlayStation, were revealed Monday. The bug, patched in May, allowed hackers to bypass authentication protection and execute code...

Data for 700M LinkedIn Users Posted for Sale

A new posting with 700 million LinkedIn records has appeared on a popular hacker forum, according to researchers. Analysts from Privacy Sharks stumbled across the data put up for sale on RaidForums by a hacker calling himself “GOD User TomLiner.” The advertisement, posted June 22, claims that 700...

SolarWinds Hackers Continue Assault With New Microsoft Breach

The company says the Nobelium hacking group compromised a support agent's computer and levied brute-force attacks against some of its customers...

FIN7 ‘Pen Tester’ Headed to Jail Amid $1B in Losses

A so-called “pen-tester” for the financial cybergang known as FIN7 will spend seven years in the slammer after being convicted for payment-card theft. According to the Department of Justice, Andrii Kolpakov, a Ukrainian national, was also ordered to pay a tidy $2.5 million in restitution for his...

FIN7 Supervisor Gets 7-Year Jail Term for Stealing Millions of Credit Cards

A Ukrainian national and a mid-​level supervisor of the hacking group known as FIN7 has been sentenced to seven years in prison for his role as a "pen tester" and perpetuating a criminal scheme that enabled the gang to compromise millions of customers debit and credit cards. Andrii Kolpakov, 33,...

Squalr - Squalr Memory Editor - Game Hacking Tool Written In C#

Squalr Official Website Join us on our Discord Channel Squalr is performant Memory Editing software that allows users to create and share cheats in their windows desktop games. This includes memory scanning, pointers, x86/x64 assembly injection, and so on. Squalr achieves fast scans through...

How Cyber Safe is Your Drinking Water Supply?

Amid multiple recent reports of hackers breaking into and tampering with drinking water treatment systems comes a new industry survey with some sobering findings: A majority of the 52,000 separate drinking water systems in the United States still havent inventoried some or any of their informatio...

Vulnerability exposed Peloton bike, treadmil to malware attacks

By Deeba Ahmed Peloton workouts are susceptible to hacking leading to malware and spying, claims McAfee's Advanced Threat Research team. This is a post from HackRead.com Read the original post: Vulnerability exposed Peloton bike, treadmil to malware attacks...

Cyber espionage by Chinese hackers in neighbouring nations is on the rise

A string of cyber espionage campaigns dating all the way back to 2014 and likely focused on gathering defense information from neighbouring countries have been linked to a Chinese military-intelligence apparatus. In a wide-ranging report published by Massachusetts-headquartered Recorded Future th...

Bash Ransomware DarkRadiation Targets Red Hat- and Debian-based Linux Distributions

We investigate how certain hacking tools are used to move laterally on victims’ networks to deploy ransomware. These tools contain reconnaissance/spreader scripts, exploits for Red Hat and CentOS, binary injectors, and more. In this blog, we focus on analyzing the worm and ransomware script...

Hackers Steal FIFA 21 Source Code, Tools in EA Breach

Hackers have breached computer game maker Electronic Arts EA and stolen source code and related tools for the company’s extensive game library, the company has confirmed. EA said it’s investigating “a recent incident of intrusion into our network where a limited amount of game source code and...

Russia accused of hacking Dutch police during MH17 investigation

Journalists at the Dutch newspaper "De Volkskrant" have reported that the countrys intelligence service, AIVD, discovered in 2017 that Russian hackers had broken into Dutch police systems. The De Volkskrant report is based on knowledge from anonymous sources. The reason behind this act of espiona...

GitHub Updates Policy to Remove Exploit Code When Used in Active Attacks

Code-hosting platform GitHub Friday officially announced a series of updates to the site's policies that delve into how the company deals with malware and exploit code uploaded to its service. "We explicitly permit dual-use security technologies and content related to research into vulnerabilitie...