Cyber Crime

Pierluigi Paganini September 08, 2015
Adult Player, pornography-focused ransomware takes secret photos of victims

Security firm Zscaler spotted Adult Player, a new malicious pornography-focused ransomware that takes secret photos of victims to blackmail. Security firm Zscaler spotted a new malicious Android app used in a classic extortion scheme to request a ransom to the victims. The malicious app dubbed Adult Player appeared offers pornographic content to its users, but in […]

Pierluigi Paganini September 08, 2015
Hundreds million legit websites could serve Ransomware because of Script Injection compromise

Heimdal Security published an interesting post on the increase in malicious scripts that are being injected into legit websites in order to serve ransomware. Heimdal Security recently published an interesting blog post on the increase in malicious scripts that are being injected into legit websites in order to serve malware. The attackers compromise websites running […]

Pierluigi Paganini September 07, 2015
Chinese law enforcement arrested 15,000 for cybercrime under the op “Cleaning the Internet”

The Government of Beijing has arrested nearly 15,000 people involved in cybercrime as part of the operation “Cleaning the Internet.” The Chinese authorities have arrested nearly 15,000 people involved in criminal activities online as part of the operation against the cybercrime is dubbed “Cleaning the Internet.” The Chinese Government accused the suspect to have “jeopardized Internet security.” According […]

Pierluigi Paganini September 07, 2015
Ashley Madison Users victims of extortion and phishing

Security researchers have observed a spike in extortion attempts and phishing campaigns against the Ashley Madison users … are they effective? The hack of the Ashley Madison website has demonstrated us how much dangerous could be a cyber attack against a website that manage sensitive and confidential information of millions users. The disclosure of the Ashley Madison dump has […]

Pierluigi Paganini September 06, 2015
DoJ defines new rules for spying with the Stingray technology

The US Justice Department issued guidelines for StingRay Surveillance devices, new rules define aim to ensure privacy protection and transparency. Do you know what is a StingRay? If you want further details give a look to a post I wrote for the Infosec Institute on the StingRay Technology: “StingRay is an IMSI-catcher (International Mobile Subscriber […]

Pierluigi Paganini September 06, 2015
Carbanak trojan reloaded! A new variant spotted in the wild

The CSIS Security Group has spotted a new version of the notorious Carbanak Trojan in the wild targeting financial organizations in Europe and US. Do you remember the Carbanak gang? In February, researchers from Kaspersky discovered that a multinational gang of hackers dubbed Carbanak that swiped 1 Billion dollars from 100 financial institutions across 30 countries, most of the […]

Pierluigi Paganini September 05, 2015
Mozilla Bugzilla accessed, private flaws compromised since at least 2014

Mozilla said that data stolen from its bug tracking system was used to attack Firefox users in the wild, but attackers probably have had access since 2013. A threat actor that stole sensitive vulnerability information from the Mozilla’s Bugzilla bug tracking system last year has likely used it to target Firefox users. Mozilla explained that it did […]

Pierluigi Paganini September 05, 2015
Fake recruiters on LinkedIn spy on security experts

Security researchers have uncovered a group of fake recruiting accounts on LinkedIn used for intelligence gathering about security experts. A group of fake recruiter accounts is abusing the LinkedIn professional social network to send invitations to security professionals in various industries. The fake recruiters attempt to deceive targets usually by using a LinkedIn profile with […]

Pierluigi Paganini September 04, 2015
Barclays creates its own red team to attack its systems to find flaws

Barclays has created a red team to hack its own computer systems to discover and exploit security vulnerabilities before external attacker do. For someone working in the security area, it’s known that many companies have red teams to attack their own system, but this information is never recognized by the company. Barclays did exactly the […]

Pierluigi Paganini September 04, 2015
Match com, millions online daters at risk due to a malvertising campaign

Malwarebytes has uncovered a new malvertising campaign targeting the Match.com ‘s ad network which has been breached by a malware campaign. Are you a UK single looking for love and passion? Be aware another threat is menacing dating communities, this time the popular dating web site Match.com and its  5.5 million British users suffered a […]