Cybercrime


NEWS 
  • SapphireStealer: Open-source information stealer enables credential and data theft

    August 31, 2023

    SapphireStealer, an open-source information stealer, has been observed across public malware repositories with increasing frequency since its initial public release in December 2022. Information-stealing malware like SapphireStealer can be used to obtain sensitive information, including corporate credentials, which are often resold to other threat actors who leverage the access for additional attacks, including operations related ...

  • New hierarchy, heightened threat: Classiscam’s sustained global campaign

    August 31, 2023

    Classiscam was initially launched as a relatively straightforward scam operation. Cybercriminals created fake ads on marketplaces and classified sites, and leveraged social engineering techniques to trick users into “buying” the falsely-advertised goods or services, whether by transferring money directly to the scammers or by debiting money from the victim’s bank card. Over time, Classiscam schemes have ...

  • UK: National Grid plots ‘honeypots’ to catch hackers as cyber attacks ramp up

    August 30, 2023

    National Grid is to set “honeypots” and plant false documents online as part of efforts to counter a surge in cyber attackers. The Grid has advertised a contract worth more than a million pounds to secure advanced cyber “deception” technology to help improve its digital defences. The London-listed infrastructure provider, which runs Britain’s electricity network and ...

  • CISA and FBI Publish Joint Advisory on QakBot Infrastructure

    August 30, 2023

    Today, the Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) released a joint Cybersecurity Advisory (CSA), Identification and Disruption of QakBot Infrastructure, to help organizations detect and protect against newly identified QakBot-related activity and malware. QakBot—also known as Qbot, Quackbot, Pinkslipbot, and TA570—is responsible for thousands of malware infections globally. Originally used ...

  • Exploring the Inner Workings of DuckTail

    August 30, 2023

    In their persistent quest to decode DuckTail’s maneuvers, Zscaler ThreatLabz began an intelligence collection operation in May 2023. Through an intensive three-month period of monitoring, Zscaler researchers obtained critical details about DuckTail’s operational framework. This expedition granted them unprecedented visibility into DuckTail’s end-to-end operations, spanning the entire kill chain from reconnaissance to post-compromise. Zscaler team yielded valuable ...

  • For the win? Offensive research contests on criminal forums

    August 29, 2023

    If you’re a security researcher who wants to share your innovations and insights with the wider community (and gain some peer recognition into the bargain), you’ve got a few options: present at conferences; write papers, blogs etc. The legitimate side of the house is awash with opportunities. But what if you’re a threat actor, whose research ...

  • CISA Releases IOCs Associated with Malicious Barracuda Activity

    August 29, 2023

    CISA has released additional indicators of compromise (IOCs) associated with exploitation of CVE-2023-2868. CVE-2023-2868 is a remote command injection vulnerability affecting Barracuda Email Security Gateway (ESG) Appliance, versions 5.1.3.001-9.2.0.006. Malicious threat actors exploited this vulnerability as a zero day as early as October 2022 to gain access to ESG appliances. Read more… Source: U.S. Cybersecurity and Infrastructure ...

  • Deconstructing ransomware, cybercriminals and their modus operandi

    August 29, 2023

    The problem of ransomware is a seemingly age-old problem that is not going away, at least not any time soon. Governments and law enforcement are banding together to try to battle this issue with financial sanctions and takedowns of the groups behind ransomware attacks but they’re like the mythical beast Hydra – take the head ...

  • Leaseweb trying to restore service following cyberattack

    August 28, 2023

    Cloud provider Leaseweb was forced to take some of its critical systems down to mitigate the effects of an ongoing cyberattack. One of the world’s largest cloud and hosting providers, Leasweb contacted its customers to alert them it spotted “unusual” activity in some parts of its infrastructure. To minimize the potential damages and oust the unauthorized ...

  • Personal Data Leaked After Cyber Attack on Maryland Schools

    August 28, 2023

    Prince George’s County, Md., Public Schools officials said some of the personal data stolen in a recent cyber attack has leaked online. The Washington, D.C., area school system is one of the 20 largest school districts in the U.S., with 201 schools and centers. The school system discovered an attack on its network on Aug. 14, ...