Tag: cybercrime
-
Cybercrime auf leisen Sohlen: Wie Angreifer unbemerkt ins System schleichen
Sicherheitsverletzungen sind heute Alltag doch sie müssen nicht zur Katastrophe führen. Wer Netzwerke intelligent segmentiert, Rechte einschränkt und Zero Trust lebt, kann Angriffe effektiv eindämmen. Nicht irgendwann sondern in Echtzeit. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/cybercrime-auf-leisen-sohlen-wie-angreifer-unbemerkt-ins-system-schleichen/a41606/
-
PXA Stealer Distributed via Telegram Harvests 200K Passwords and Credit Card Data
SentinelLABS and Beazley Security have uncovered a sophisticated infostealer campaign deploying the Python-based PXA Stealer, which has rapidly evolved since late 2024 to incorporate advanced anti-analysis techniques, decoy content, and hardened command-and-control (C2) infrastructure. This operation, linked to Vietnamese-speaking cybercriminal networks, leverages Telegram’s API for automated data exfiltration and monetization, feeding into underground marketplaces like…
-
Details emerge on BlackSuit ransomware takedown
The Russian cybercrime group attacked more than 180 organizations before members abandoned the brand and dispersed to new ransomware groups earlier this year. First seen on cyberscoop.com Jump to article: cyberscoop.com/blacksuit-ransomware-takedown/
-
Hacking group D4rk4rmy claimed the hack of Monte-Carlo Société des Bains de Mer
The cybercrime D4rk4rmy added the Monte-Carlo Société des Bains de Mer to the list of victims on its Tor dark web leak site. The cybercrime group D4rk4rmy claimed the hack of Monte-Carlo Société des Bains de Mer (SBM). The company is Monaco’s premier luxury hospitality group, established in 1863. It operates iconic properties like the…
-
Vietnamese Hackers Use PXA Stealer, Hit 4,000 IPs and Steal 200,000 Passwords Globally
Cybersecurity researchers are calling attention to a new wave of campaigns distributing a Python-based information stealer called PXA Stealer.The malicious activity has been assessed to be the work of Vietnamese-speaking cybercriminals who monetize the stolen data through a subscription-based underground ecosystem that automates the resale and reuse via Telegram APIs, according to a joint First…
-
Threat Actors Exploit Proofpoint and Intermedia Link Wrapping to Conceal Phishing Payloads
Cybercriminals are increasingly exploiting link wrapping features from vendors like Proofpoint and Intermedia to mask malicious payloads, leveraging the inherent trust users place in these security tools. Link wrapping, intended as a protective measure, reroutes URLs through vendor scanning services such as Proofpoint’s urldefense.proofpoint.com or Intermedia’s url.emailprotection.link to inspect and block threats at click time.…
-
Attackers wrap phishing links through URL scanning services to bypass detection
urldefense.proofpoint.com and url.emailprotection.link (Intermedia).”Link wrapping is designed by vendors like Proofpoint to protect users by routing all clicked URLs through a scanning service, allowing them to block known malicious destinations at the moment of click,” Cloudflare researchers wrote in their report on the attacks. “While this is effective against known threats, attacks can still succeed…
-
Hackers Connected Raspberry Pi to ATM in Bank Heist Attempt
Runners Hired to Connect Device to Bank’s Network, Facilitating Remote Hacks. Researchers tied a cybercrime group tracked as UNC2891 to an attempted Asia-Pacific bank heist, in which remote attackers physically installed a 4G-enabled Raspberry Pi onto an ATM network switch, giving them remote access to the internal IT environment as part of an attempted cashout…
-
Ransomware gangs capitalize on law enforcement takedowns of competitors
After authorities dismantled LockBit and RansomHub, other groups rushed in to snatch up their affiliates, according to a new report that highlights a cybercrime ecosystem in flux. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/ransomware-groups-competition-check-point-report/756451/
-
Silver Fox Hackers Exploit Weaponized Google Translate Tools to Deliver Windows Malware
The Knownsec 404 Advanced Threat Intelligence Team has lately discovered increased activity from the Silver Fox cybercrime gang, which has been using fake versions of popular programs as weapons to spread malware in a complex cyber threat landscape. Tracing back to 2024, these attacks often masquerade as legitimate Google Translate interfaces, employing deceptive JavaScript redirects…
-
Hacker Arrested for Data Theft Targeting Spanish Bank Customers
Spanish authorities have successfully apprehended a sophisticated cybercriminal who allegedly stole sensitive data from major financial institutions, educational organizations, and private companies across the country. The arrest represents a significant victory in the ongoing battle against cybercrime targeting Spanish citizens and businesses. A collaborative effort between the Mossos d’Esquadra (Catalan police) and Spain’s National Police…
-
Cybercriminals ‘Spooked’ After Scattered Spider Arrests
The arrest of members of the Scattered Spider cyber-attack group have temporarily halted new intrusions, however, similar threat actors continue to pose risks First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/cybercriminals-spooked-scattered/
-
Why stolen credentials remain cybercriminals’ tool of choice
It’s often the case that the simplest tools have the longest staying power, because they ultimately get the job done. Take duct tape, for example: it’s a sturdy household … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/07/31/stolen-credentials/
-
Hackers Allegedly Breach Nokia’s Internal Network
A cybercriminal group has allegedly infiltrated Nokia’s internal network through a vulnerable third-party contractor, potentially exposing sensitive information belonging to more than 94,500 employees in what security experts are calling one of the most extensive corporate data breaches affecting the telecommunications giant in recent years. The threat actor, identifying as Tsar0Byte, made claims about the…
-
Dollar Tree denies ransomware claims, says stolen data is from defunct discount chain
Discount retail giant Dollar Tree denied its systems were impacted by ransomware after a cybercriminal group claimed to have attacked the company. First seen on therecord.media Jump to article: therecord.media/dollar-tree-discount-stolen-data
-
What we know about the cybercrime group Scattered Spider
The notorious hacker collective has attracted the attention of government authorities in several nations around the globe.; First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/what-we-know-about-the-cybercrime-group-scattered-spider/756312/
-
Qilin Ransomware Uses TPwSav.sys Driver to Bypass EDR Security Measures
Tags: cyber, cybercrime, data, detection, edr, endpoint, exploit, extortion, ransom, ransomware, service, tactics, vulnerabilityCybercriminals affiliated with the Qilin ransomware-as-a-service (RaaS) operation have demonstrated advanced evasion techniques by exploiting a previously undocumented vulnerable driver, TPwSav.sys, to disable Endpoint Detection and Response (EDR) systems through a bring-your-own-vulnerable-driver (BYOVD) attack. First observed in July 2022, Qilin employs double extortion tactics, exfiltrating data for leakage on dedicated sites if ransoms remain unpaid,…
-
Threat Actors Use LNK Files to Deploy RedLoader Malware on Windows Systems
Sophos analysts have identified a novel infection chain employed by the financially motivated cybercriminal group GOLD BLADE, also known as RedCurl, Red Wolf, and Earth Kapre, to deploy their custom RedLoader malware on Windows systems. This group, active since 2018 and specializing in commercial espionage, has been observed using highly targeted phishing emails to infiltrate…
-
Umfrage unter 3.400 IT-lern beleuchtet Cybercrime-Lage – Teure Angriffe: Die Hälfte aller Ransomware-Opfer zahlt Lösegeld
First seen on security-insider.de Jump to article: www.security-insider.de/weniger-loesegeld-bei-ransomware-angriffen-a-43f5c610a4d5cafd067dd0bb537c3475/
-
CISA and FBI Release Tactics, Techniques, and Procedures of the Scattered Spider Hacker Group
The joint Cybersecurity Advisory AA23-320A, collaboratively issued by agencies such as the FBI, CISA, RCMP, ASD’s ACSC, AFP, CCCS, and NCSC-UK, serves as a critical update on the Scattered Spider cybercriminal group. Originally published in November 2023 and revised multiple times, most recently on July 29, 2025 this advisory highlights the group’s persistent and adaptive…
-
Nimble ‘Gunra’ Ransomware Evolves With Linux Variant
The emerging cybercriminal gang, which initially targeted Microsoft Windows systems, is looking to go cross-platform using sophisticated, multithread encryption. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/nimble-gunra-ransomware-linux-variant
-
Scattered Spider is targeting victims’ Snowflake data storage for quick exfiltration
The latest advisory on Scattered Spider from the FBI and agencies in the U.K., Canada and Australia says the cybercrime group is often looking for Snowflake data storage credentials when it picks a company to attack. First seen on therecord.media Jump to article: therecord.media/scattered-spider-targeting-snowflake-access-data-exfiltration
-
Cybercriminals Use Fake Apps to Steal Data and Blackmail Users Across Asia’s Mobile Networks
Cybersecurity researchers have discovered a new, large-scale mobile malware campaign that’s targeting Android and iOS platforms with fake dating, social networking, cloud storage, and car service apps to steal sensitive personal data.The cross-platform threat has been codenamed SarangTrap by Zimperium zLabs. Users in South Korea appear to be the primary focus.”This extensive campaign involved First…
-
Cybercriminals Attack Seychelles Offshore Banking as a Target
First seen on resecurity.com Jump to article: www.resecurity.com/blog/article/cybercriminals-attack-seychelles-offshore-banking-as-a-target
-
Cybercriminals Attack Seychelles Offshore Banking as a Target
First seen on resecurity.com Jump to article: www.resecurity.com/blog/article/cybercriminals-attack-seychelles-offshore-banking-as-a-target
-
Ransomware will thrive until we change our strategy
We have reached a stage where ransomware isn’t simply a cybercrime issue: it is now clearly a business disruptor, a threat to societal trust, and increasingly, a national … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/07/29/ransomware-national-security-threat/
-
FBI alerts tie together threats of cybercrime, physical violence from The Com
Officials said thousands of people, typically between 11 and 25 years old, are engaged in a growing and evolving online threat to commit crime for money, retaliation, ideology, sexual gratification and notoriety. First seen on cyberscoop.com Jump to article: cyberscoop.com/fbi-warning-the-com-cybercrime-extortion-violence/
-
Tea app data theft scandal worsens as stolen IDs leaked to cybercriminal forum
Makers of the app for women called Tea are continuing to respond to an intrusion into a “legacy data storage system” that exposed photos of users, including images of driver’s licenses. First seen on therecord.media Jump to article: therecord.media/tea-app-data-breach-stolen-ids-leaked