Cybercrime

Pierluigi Paganini July 10, 2013
Critical Facebook flaw exposed email address for any account

A critical Facebook flaw exposed email address for any account, the discovery was made by Stephen Sclafani, security researcher and founder of PlayToWin. Another vulnerability menaces privacy of Facebook users allowing the disclosure of primary email address of any account. Stephen Sclafani, security researcher and founder of PlayToWin, described the attack technique in a blog post titled […]

Pierluigi Paganini July 08, 2013
Profiling for underground service harvests mobile phone numbers

Dancho Danchev profiled a new service harvests mobile phone numbers advertised in the underground, the vendor also proposing SMS spamming and phone number verification service. A new service harvests mobile phone numbers advertised in the underground is the demonstration that mobile is becoming a privileged target for cybercrime. Botnets, mobile malware, ransomware, DDoS applications and hacking […]

Pierluigi Paganini July 05, 2013
Android vulnerability makes 99% of mobile devices attackable

Bluebox Labs recently discovered an Android vulnerability in the OS’s security model that allows hackers to attack 99% of Android devices on the market. Android vulnerability allows app modification preserving signatures … this is the shocking discovery announced by Bluebox Labs. During this week we have had the opportunity to discuss about mobile botnets and […]

Pierluigi Paganini July 03, 2013
The cybercrime ecosystem, resources,motivations and methods

Information provided by the results of principal researches on the cybercrime reveals resources,motivations and methods and cost illegal operations. Fortinet has published early 2013 the Fortinet’s 2013 cybercrime report, an interesting study on cybercriminal ecosystem, identifying the operations, the motivations, the methods, the resource used and countermeasure adoptable to mitigate the cyber threats As demonstrated […]

Pierluigi Paganini July 01, 2013
Android botnets on the rise – case study

Principal Security experts are confident that in the next months we will assist to the explosion for Android botnets and in general of mobile cyber threats. Mobile botnets are malicious infrastructures that are increasing with impressive trend especially the Android botnets, considering the capillary diffusion for the Google mobile OS. Android devices are in the hands […]

Pierluigi Paganini June 30, 2013
Self-propagating ZeuS source code offered for sale in the underground

A new variant of Zeus trojan is offered for sale in the underground. It is a Self-propagating version that exploits Facebook, the RDP and the email. The criminal history taught us that after the diffusion of source code of malicious agent such as the popular Zeus it is possible to assist to a real explosion […]

Pierluigi Paganini June 25, 2013
Attacks-as-a-Service, MaaS, FaaS different terms same success history

Attacks-as-a-Service, Malware-as-a-Service and Fraud-as-a-Service, are all terms used to better qualify the complex evolution of cybercrime offer. Attacks-as-a-Service , Malware-as-a-Service and Fraud-as-a-Service are all terms commonly used for providing of illegal activities by cyber criminals. These models of sale represent the natural evolution of the offer in the underground that responds to a demand in constant growth. In the past we have discussed […]

Pierluigi Paganini June 21, 2013
US law enforcers suggest a kill switch for mobile and Apple adapts

US law enforcers suggest a kill switch for mobile devices to principal manufactures and Apple adapts. The idea of US law enforcers is the realization of a kill switch on mobile devices that would be used in case of theft. New York’s top prosecutor, State Attorney General Eric Schneiderman, and San Francisco District Attorney George Gascón promoted […]

Pierluigi Paganini June 19, 2013
Carberp banking Trojan source code for sale at $5K in the underground

Security firm Group-IB has discovered on an forum in the underground the sale for Carberp banking Trojan source code at $5K. Carberp banking Trojan is experiencing a new youth in the underground, in the last months investigation at security firm Group-IB have identified in an underground forum the resumption of sale for the malware. The version proposed […]

Pierluigi Paganini June 18, 2013
Zeus Trojan steals funds and recruits Money Mules

Security firm Trusteer detected a new variant of Zeus Trojan that steals funds and recruits Money Mules proposing jobs ads to the victims using Man-in-the-Browser (MitB) techniques. Zeus Trojan is becoming even more complex, its evolution is unpredictable due to the intense activity in the underground on its source code. Various forums in the underground offer customization […]