A newly identified version of the Mirai Internet of Things (IoT) botnet includes an exploit for a vulnerability impacting Comtrend routers.Initially discovered in 2016 and having its source code released online in October of the same year, Mirai has been the base of numerous distributed denial of service (DDoS) botnets, several of which emerged over the past

The United States Secret Service has announced the launch of a Cyber Fraud Task Force (CFTF), created through the merger of the Electronic Crimes Task Forces (ECTFs) and Financial Crimes Task Forces (FCTFs).Mainly aimed at improving data sharing, interoperability, and the development of investigative skills, the CFTF will be focused on the prevention, detect

A Russian national accused of hacking into online platforms LinkedIn, Formspring, and Dropbox was found guilty by a United States jury last week.The man, Yevgeniy Aleksandrovich Nikulin, 32, was arrested in 2016 in the Czech Republic, and remained incarcerated there for two years, before being extradited to the U.S.In 2016, U.S. authorities charged Nikulin w

The Russian hacker Yevgeniy Nikulin found guilty for LinkedIn, Dropbox, and Formspring data breach back in 2012 and the sale of their users’ data. A jury found Russian hacker Yevgeniy Nikulin guilty for the hack of LinkedIn, Dropbox, and Formspring back in 2012 and for the sale of the stolen data on cybercrime black marketplaces. The Russian crim

At the behest of the U.S. government, German authorities have seized a computer server that hosted a huge cache of files from scores of U.S. federal, state and local law enforcement agencies obtained in a Houston data breach last month.The server was being used by a WikiLeaks-like data transparency collective called Distributed Denial of Secrets to share doc

A new ransomware family packs multiple unique features, including to improve performance and give its operators the option to only target networked SMB shares, VMware-owned Carbon Black reveals.Dubbed Conti, the malware improves performance through the use of “up to 32 simultaneous encryption efforts,” and is likely directly controlled by its operators, whic

More than 15 billion username and password pairs have been offered on cybercrime marketplaces, including over 5 billion unique credentials, according to a report published on Wednesday by San Francisco-based risk protection solutions provider Digital Shadows.Over the past few years, Digital Shadows added to its breach repository more than 15 billion credenti

Over the past three years, one of the groups operating under the Magecart umbrella has targeted over 570 e-commerce websites and likely made more than $7 million, threat intelligence company Gemini Advisory reports.Referred to as Keeper, the group operates 64 attacker and 73 exfiltration domains and has hit targets in 55 countries since April 1, 2017. All do

Researchers have found a way to bypass one of the mitigations proposed by F5 Networks for the actively exploited BIG-IP vulnerability, but malicious hackers leveraged the bypass method before its public disclosure.F5’s BIG-IP application delivery controller (ADC), specifically its Traffic Management User Interface (TMUI) configuration utility, is affected by

Researchers at endpoint security company SentinelOne have created a tool that enables users to recover files encrypted by the Mac malware named ThiefQuest, which poses as ransomware.ThiefQuest, initially named EvilQuest, is designed to encrypt files on compromised systems, but also allows its operators to log keystrokes, steal files, and take full control of

Over the past year, a Russian cybercrime group has launched over 200 business email compromise (BEC) campaigns targeting multinational organizations.Referred to as Cosmic Lynx, the threat actor has targeted individuals in 46 countries on six continents, nearly all of whom were employees of Fortune 500 or Global 2000 companies.“Even employees in countries not

Two weeks after a cyber-security firm released the identity of an alleged hacker from Kazakhstan, federal authorities in Seattle on Tuesday unsealed a 2018 indictment charging the man with an array of computer crimes.Andrey Turchin, known in hacking circles as “fxmsp,” and his accomplices ran a prolific hacking ring that attacked hundreds of victims, includi

A harmless-looking currency converter application downloaded by more than 10,000 users from Google Play was designed to deliver the Cerberus banking Trojan.A Malware-as-a-Service (Maas), Cerberus is known for its mobile remote access Trojan (mRAT) capabilities, as well as functionality through which it logs keystrokes and steals credentials, information from

Microsoft has filed a lawsuit in an effort to seize control of several domains used to launch COVID-19-themed cyberattacks against the company’s customers in 62 countries.The tech company started tracking the malicious activity in December 2019, after identifying it as a phishing scheme attempting to compromise Microsoft customer accounts and access emails,

Renewable energy company EDP Renewables North America (EDPR NA) has started informing customers that its internal systems were breached by cybercriminals.EDPR NA is part of energy provider EDP Renováveis, which is headquartered in Madrid, Spain, and is a subsidiary of Energias de Portugal, the electric utilities company founded in 1976 by the government of P