Web Hacking Service ‘Araneida’ Tied to Turkish IT Firm

Credit to Author: BrianKrebs| Date: Thu, 19 Dec 2024 17:07:30 +0000

Cybercriminals are selling hundreds of thousands of credential sets stolen with the help of a cracked version of Acunetix, a powerful commercial web app vulnerability scanner, new research finds. The cracked software is being resold as a cloud-based attack tool by at least two different services, one of which KrebsOnSecurity traced to an information technology firm based in Turkey.

Read more

Scam ‘Funeral Streaming’ Groups Thrive on Facebook

Credit to Author: BrianKrebs| Date: Wed, 18 Sep 2024 13:43:51 +0000

Scammers are flooding Facebook with groups that purport to offer video streaming of funeral services for the recently deceased. Friends and family who follow the links for the streaming services are then asked to cough up their credit card information. Recently, these scammers have branched out into offering fake streaming services for nearly any kind of event advertised on Facebook. Here’s a closer look at the size of this scheme, and some findings about who may be responsible.

Read more

Using Google Search to Find Software Can Be Risky

Credit to Author: BrianKrebs| Date: Thu, 25 Jan 2024 18:38:43 +0000

Google continues to struggle with cybercriminals running malicious ads on its search platform to trick people into downloading booby-trapped copies of popular free software applications. The malicious ads, which appear above organic search results and often precede links to legitimate sources of the same software, can make searching for software on Google a dicey affair.

Read more

Phishers Spoof USPS, 12 Other Natl’ Postal Services

Credit to Author: BrianKrebs| Date: Mon, 09 Oct 2023 20:39:43 +0000

Recent weeks have seen a sizable uptick in the number of phishing scams targeting U.S. Postal Service (USPS) customers. Here’s a look at an extensive SMS phishing operation that tries to steal personal and financial data by spoofing the USPS, as well as postal services in at least a dozen other countries worldwide.

Read more

LeakedSource Owner Quit Ashley Madison a Month Before 2015 Hack

Credit to Author: BrianKrebs| Date: Tue, 18 Jul 2023 14:57:04 +0000

[This is Part III in a series on research conducted for a recent Hulu documentary on the 2015 hack of marital infidelity website AshleyMadison.com.] In 2019, a Canadian company called Defiant Tech Inc. pleaded guilty to running LeakedSource[.]com, a service that sold access to billions of passwords and other data exposed in countless data breaches. KrebsOnSecurity has learned that the owner of Defiant Tech, a 32-year-old Ontario man named Jordan Evan Bloom, was hired in late 2014 as a developer for the marital infidelity site AshleyMadison.com. Bloom resigned from AshleyMadison citing health reasons in June 2015 — less than one month before unidentified hackers stole data on 37 million users — and launched LeakedSource three months later.

Read more

Who’s Behind the DomainNetworks Snail Mail Scam?

Credit to Author: BrianKrebs| Date: Mon, 03 Jul 2023 14:56:35 +0000

If you’ve ever owned a domain name, the chances are good that at some point you’ve received a snail mail letter which appears to be a bill for a domain or website-related services. In reality, these misleading missives try to trick people into paying for useless services they never ordered, don’t need, and probably will never receive. Here’s a look at the most recent incarnation of this scam — DomainNetworks — and some clues about who may be behind it.

Read more

Interview With a Crypto Scam Investment Spammer

Credit to Author: BrianKrebs| Date: Tue, 23 May 2023 00:15:30 +0000

Social networks are constantly battling inauthentic bot accounts that send direct messages to users promoting scam cryptocurrency investment platforms. What follows is an interview with a Russian hacker responsible for a series of aggressive crypto spam campaigns that recently prompted several large Mastodon communities to temporarily halt new registrations. According to the hacker, their spam software has been in private use until the last few weeks, when it was released as open source code.

Read more

Who’s Behind the NetWire Remote Access Trojan?

Credit to Author: BrianKrebs| Date: Thu, 09 Mar 2023 18:52:25 +0000

A Croatian national has been arrested for allegedly operating NetWire, a Remote Access Trojan (RAT) marketed on cybercrime forums since 2012 as a stealthy way to spy on infected systems and siphon passwords. The arrest coincided with a seizure of the NetWire sales website by the U.S. Federal Bureau of Investigation (FBI). While the defendant in this case hasn’t yet been named publicly, the NetWire website has been leaking information about the likely true identity and location of its owner for the past 11 years.

Read more

The Link Between AWM Proxy & the Glupteba Botnet

Credit to Author: BrianKrebs| Date: Tue, 28 Jun 2022 18:33:31 +0000

On December 7, 2021, Google announced it had sued two Russian men allegedly responsible for operating the Glupteba botnet, a global malware menace that has infected millions of computers over the past decade. That same day, AWM Proxy — a 14-year-old anonymity service that rents hacked PCs to cybercriminals — suddenly went offline. Security experts had long seen a link between Glupteba and AWM Proxy, but new research shows AWM Proxy’s founder is one of the men being sued by Google.

Read more

Who is the Network Access Broker ‘Wazawaka?’

Credit to Author: BrianKrebs| Date: Wed, 12 Jan 2022 05:17:31 +0000

In a great many ransomware attacks, the criminals who pillage the victim’s network are not the same crooks who gained the initial access to the victim organization. More commonly, the infected PC or stolen VPN credentials the gang used to break in were purchased from a cybercriminal middleman known as an initial access broker. This post examines some of the clues left behind by Wazawaka, the handle chosen by a major access broker in the Russian-speaking cybercrime scene.

Read more