Cybercrime Archives - Page 2 of 45 - Cyber Security Minute

Apache Struts 2 vulnerability discovered, as proof of concept circulates

Issued by: CSO Online

A new vulnerability found in the Apache Struts 2 framework has received a critical severity rating from NIST’s national database. A new vulnerability in the Struts 2 web application framework can potentially enable a remote attacker to execute code on systems running apps based on earlier versions of the software. The vulnerability, announced this week…

Malware & Threats

Toyota Financial Services discloses a data breach

Issued by: Security Affairs

Toyota Financial Services (TFS) is warning customers it has suffered a data breach that exposed sensitive personal and financial data. “Due to an attack on the systems, unauthorized persons gained access to personal data. Affected customers have now been informed. Toyota Kreditbank’s systems have been gradually restarted since December 1st.” reads a statement published by…

Malware & Threats

Is the Ragnar Locker Ransomware Group Headed for Oblivion?

Issued by: DataBreach Today

The data leak and negotiation sites for the Ragnar Locker ransomware group went offline Thursday after an international law enforcement operation seized its infrastructure. Law enforcement agencies participating in the crackdown include the FBI, as well as authorities in France, Germany, Italy, Spain and the Netherlands, backed by Europol’s European Cybercrime Center as well as…

News

Ransomware attack on MGM Resorts costs $110 Million

Issued by: Security Affairs

In September the hospitality and entertainment company MGM Resorts was hit by a ransomware attack that shut down its systems at MGM Hotels and Casinos. The incident affected hotel reservation systems in the United States and other IT systems that run the casino floors. The company now revealed that the costs from the ransomware attack…

Malware & Threats

Chinese Hackers Target Routers in IP Theft Campaign

Issued by: DataBreach Today

A Chinese hacking group linked to state authorities in Beijing has upgraded its espionage capabilities to target companies with headquarters in the United States and East Asia, warned an alert from Japanese and American cyber agencies. The latest campaign from BlackTech has targeted networks of regional subsidiaries across government, industrial, technology and defense industrial base…

Malware & Threats

Why Criminals Keep Reusing Leaked Ransomware Builders

Issued by: DataBreach Today

When is a LockBit ransomware attack not actually a LockBit attack? Cyber defenders are reporting a profusion of attacks involving stolen or reused strains of ransomware. Blame a variety of factors, including law enforcement crackdowns on big-name brands, evolving ransomware business models and at least one case of a ransomware group leader with poor people…

Malware & Threats

Law Enforcement Takes Down Phishing As A Service Site

Issued by: DataBreach Today

An international law enforcement operation took down a phishing-as-a-service website that security researchers say was responsible for more than 150,000 phishing domains. Authorities in Indonesia arrested the site’s alleged administrator and another man, while Japanese police arrested an additional suspect, Interpol announced Tuesday. The site, 16shop, has been in existence since at least 2017. It…

News

Orgs Face Record $4.5M Per Data Breach Incident

Issued by: Dark Reading

The average cost per data breach for business in 2023 jumped to $4.45 million, a 15% increase over three years. But instead of investing in cybersecurity, 57% of breached organizations told IBM they were inclined to just pass those costs onto consumers. The final total for the year could be even higher: With organizations struggling…

Malware & Threats

Romanian cybercrime gang Diicot builds DDoS botnet with Mirai variant

Issued by: CSO Online

A cybercriminal group calling itself Diicot is performing mass SSH brute-force scanning and deploying a variant of the Mirai IoT botnet on compromised devices, according to researchers. The group also deploys a cryptocurrency mining payload on servers with CPUs that have more than four cores. “Although Diicot have traditionally been associated with cryptojacking campaigns, Cado…

News

Gozi banking malware “IT chief” finally jailed after more than 10 years

Issued by: Naked Security

Yesterday, we wrote about cybercrime charges that were finally unsealed for a massive cryptocurrency heist that was allegedly conducted over a three-year period starting back in 2011. Today’s long-term cybercrime justice story concerns the last member of the so-called Gozi Troika, three men who were originally charged in January 2013 for malware-related crimes that apparently…