Karma Catches Up to Global Phishing Service 16Shop

Youve probably never heard of "16Shop," but theres a good chance someone using it has tried to phish you. A 16Shop phishing page spoofing Apple and targeting Japanese users. Image: Akamai.com. The international police organization INTERPOL said last week it had shuttered the notorious 16Shop, a...

CVE-2023-27350: Ongoing Exploitation of PaperCut Remote Code Execution Vulnerability

CVE-2023-27350 is an unauthenticated remote code execution vulnerability in PaperCut MF/NG print management software that allows attackers to bypass authentication and execute arbitrary code as SYSTEM on vulnerable targets. A patch is available for this vulnerability and should be applied on an...

KmsdBot Botnet Suspected of Being Used as DDoS-for-Hire Service

An ongoing analysis of the KmsdBot botnet has raised the possibility that it's a DDoS-for-hire service offered to other threat actors. This is based on the different industries and geographies that were attacked, web infrastructure company Akamai said. Among the notable targets included FiveM and...

‘Callback’ Phishing Campaign Impersonates Security Firms

A new callback phishing campaign is impersonating prominent security companies to try to trick potential victims into making a phone call that will instruct them to download malware. Researchers at CrowdStrike Intelligence discovered the campaign because CrowdStrike is actually one of the...

Firms Push for CVE-Like Cloud Bug System

Big gaps exist in the 22-year-old Common Vulnerability and Exposures CVE system that do not address dangerous flaws in cloud services that drive millions of apps and backend services. Too often, cloud providers needlessly expose customers to risk by not sharing the details of bugs discovered on...

Conti Ransomware Gang's Internal Chats Leaked Online After Siding With Russia

Days after the Conti ransomware group broadcasted a pro-Russian message pledging its allegiance to Vladimir Putin's ongoing invasion of Ukraine, an anonymous security researcher using the Twitter handle @ContiLeaks has leaked the syndicate's internal chats. The file dump, published by malware...

FBI Email Hoaxer ID’ed by the Guy He Allegedly Loves to Torment

Vinny Troia, the cybersecurity researcher mentioned in a fake alert gushed out to thousands of people from the FBI’s own email system on Friday night, has fingered the guy who allegedly pulled off the exploit. Register now for our LIVE event! Troia – white hat threat hunter, cybercrime investigat...

The ‘Groove’ Ransomware Gang Was a Hoax

A number of publications in September warned about the emergence of "Groove," a new ransomware group that called on competing extortion gangs to unite in attacking U.S. government interests online. It now appears that Groove was all a big hoax designed to toy with security firms and journalists...

Emotet Returns to Hit 100K Mailboxes Per Day

After a lull of nearly two months, the Emotet botnet has returned with updated payloads and a campaign that is hitting 100,000 targets per day. Emotet started life as a banking trojan in 2014 and has continually evolved to become a full-service threat-delivery mechanism. It can install a collecti...

Researchers Mixed on Sanctions for Ransomware Negotiators

Ransomware negotiators may have to pay up in new ways if they intercede with cybercriminals on companies’ behalf. Several researchers weighed in on the wisdom of the move, with mixed reactions. The U.S. Department of the Treasury said Thursday that companies that facilitate ransomware payments to...

400 Vet Locations Nipped by Ryuk Ransomware

National Veterinary Associates NVA has been hit with the Ryuk ransomware, in an attack that affects 400 clinics across the country. The California company said that it could take a week for its facilities to be fully back up and running normally. Patient records, payment systems and practice...

Canadian Police Raid ‘Orcus RAT’ Author

Canadian police last week raided the residence of a Toronto software developer behind “Orcus RAT,” a product that’s been marketed on underground forums and used in countless malware attacks since its creation in 2015. Its author maintains Orcus is a legitimate Remote Administration Tool that is...

Payroll Provider Gives Extortionists a Payday

Payroll software provider Apex Human Capital Management suffered a ransomware attack this week that severed payroll management services for hundreds of the company's customers for nearly three days. Faced with the threat of an extended outage, Apex chose to pay the ransom demand and begin the...

Alleged Russian Hacker Pleads Not Guilty After Extradition to United States

A Russian hacker indicted by a United States court for his involvement in online ad fraud schemes that defrauded multiple American companies out of tens of millions of dollars pleaded not guilty on Friday in a courtroom in Brooklyn, New York. Aleksandr Zhukov, 38, was arrested in November last ye...

Black Hat 2018: Patrick Wardle on Breaking and Bypassing MacOS Firewalls

LAS VEGAS – Taking aim at the status-quo of macOS firewalls, researcher Patrick Wardle has made his case for Apple and third-party security firms to beef up their protections. At a session here at Black Hat 2018, Wardle, chief research officer at Digita Security and founder of Mac security compan...

Who and What Is Coinhive?

Multiple security firms recently identified cryptocurrency mining service Coinhive as the top malicious threat to Web users, thanks to the tendency for Coinhive's computer code to be used on hacked Web sites to steal the processing power of its visitors' devices. This post looks at how Coinhive...

Suspected Chinese Cyber Espionage Group (TEMP.Periscope) Targeting U.S. Engineering and Maritime Industries

Intrusions Focus on the Engineering and Maritime Sector Since early 2018, FireEye including our FireEye as a Service FaaS, Mandiant Consulting, and iSIGHT Intelligence teams has been tracking an ongoing wave of intrusions targeting engineering and maritime entities, especially those connected to...

Shenzhen, China, a manufacturer of smart cameras exposed vulnerability: at least 17.5 million devices can be remote attack-vulnerability warning-the black bar safety net

Security firms Bitdefender and Checkmarx are released report, security researcher at a plurality of conventional smart cameras found in a remote intrusion vulnerability, relates to the VStarcam, the Loftek, as well as Neo IP camera. One of Neo IP camera is Shenzhen, China manufacturer beautiful...

Credit Card Breach at Kmart Stores. Again.

For the second time in less than three years, Kmart Stores is battling a malware-based security breach of its store credit card processing systems. Last week I began hearing from smaller banks and credit unions who said they strongly suspected another card breach at Kmart. Some of those...

Stakeholders Argue Against Restrictive Wassennaar Proposal

The commenting period regarding the Wassenaar Arrangement expired on Monday but the echo chamber around the largely maligned proposal continues to reverberate. Several stakeholders implicated in the proposal added their voices to that chamber on Friday morning, urging the government to revise...