Cybercrime

Pierluigi Paganini November 09, 2017
Hack the hackers. Watch out the NEW IPCAM EXPLOIT, it is a scam!

Security experts have discovered a new hacking tool dubbed NEW IPCAM EXPLOIT containing a backdoor that is offered on several underground hacking forums. Wannabe hackers, be careful out of free hacking tools, many of them are scams. Recently security experts reported several cases of fake hacking tools hiding backdoors, for example, a fake Facebook hacking tool or the Cobian RAT. […]

Pierluigi Paganini November 06, 2017
The GIBON Ransomware appears in the threat landscape

A new strain of ransomware dubbed GIBON ransomware was spotted by the ProofPoint researcher Matthew Mesa that observed it being distributed via malspam. The spam messages use a malicious document as attachment containing macros that once enabled will download and install the ransomware on a victim’s machine. The researcher dubbed the ransomware GIBON because of the presence of the string “GIBON” in two […]

Pierluigi Paganini November 05, 2017
The NIC Asia Bank is the last victim of the SWIFT hackers

The NIC Asia Bank requested the support of the Central Investigation Bureau of Nepal Police to track down the crooks who hacked the SWIFT server. Once again hackers targeted SWIFT systems to steal money from a financial institution. The victim is the NIC Asia Bank that once discovered illegal fund transfer with its SWIFT server requested support from the […]

Pierluigi Paganini November 04, 2017
Hacker threatens Canadian University to dump student info unless the university pay a ransom

A hacker is attempting to extort the Canadian University of Fraser Valley (UFV), threatening to dump student information unless the university pays a ransom. Extortion is a winning criminal model for crooks, a hacker is attempting to extort the Canadian University of Fraser Valley (UFV), threatening to dump student information unless the university pay 30,000 […]

Pierluigi Paganini November 03, 2017
Hackers poisoned Google Search results to spread Zeus Panda banking Trojan

Experts at Cisco Talos observed crooks exploiting black Search Engine Optimization (SEO) to spread the Zeus Panda banking Trojan. Threat actors behind the Zeus Panda banking Trojan leveraged black Search Engine Optimization (SEO) to propose malicious links in the search results. Crooks were focused on financial-related keyword queries. The campaign was first spotted by experts at Cisco Talos, attackers […]

Pierluigi Paganini November 02, 2017
Threat actors using default SSH credentials to hijack Ethereum miners

Attackers scanned for the entire IPv4 range and look for Ethereum miners with open SSH connections. Hackers target Ethereum-mining farms in the attempt to hijack the funds by replacing the user’s wallet with their one. The attacks were first spotted on Monday, threat actors attempted to change the default configuration of Ethereum miners. “Illicit digital currency mining, either directly […]

Pierluigi Paganini November 01, 2017
Silence Group is borrowing Carbanak TTPs in ongoing bank attacks

A cybercrime gang called Silence targeted at least 10 banks in Russia, Armenia, and Malaysia borrowing hacking techniques from the Carbanak group. A cybercrime gang called Silence targeted at least 10 banks in Russia, Armenia, and Malaysia borrowing hacking techniques from the dreaded Carbanak hacker group that stole as much as $1 billion from banks worldwide. […]

Pierluigi Paganini November 01, 2017
CSE Malware ZLab – Full report of Bad Rabbit attack

The researchers at CSE Cybsec ZLab have completed their analysis the Bad Rabbit ransomware, the report follows our preliminary analysis. Introduction Recently a new ransomware, called BadRabbit, infected systems in many countries, most of in East Europe, such as Ukraine and Russia. The malware was not totally new, it seems to be an evolution of the old […]

Pierluigi Paganini November 01, 2017
MBR-ONI ransomware involved in targeted attacks against Japanese organizations

MBR-ONI is a new ransomware that is being used for targeted attacks in Japan, experts speculate it was used to cover larger hacking campaigns. MBR-ONI is a new ransomware that is being used for targeted attacks in Japan, it is a bootkit ransomware that uses a modified version of the legitimate open-source disk encryption utility DiskCryptor to […]

Pierluigi Paganini October 31, 2017
Experts spotted a new strain of the Sage Ransomware that implements Anti-Analysis capabilities

Security experts from Fortinet spotted a new strain of the Sage ransomware that included new functionalities, such as anti-analysis capabilities. Sage 2.0 is a new ransomware first observed in December and not now it is distributed via malicious spam. Sage is considered a variant of CryLocker ransomware, it is being distributed by the Sundown and RIG exploit kits. The […]