Recent Posts

Pages: [1] 2 3 ... 10
 LuminosityLink was sold and supported online by defendant and his affiliates.

 BY: Dan Goodin - 7/16/2018, 7:29 PM

A Kentucky man has pleaded guilty to federal charges he developed, marketed, and provided technical support for software he knew customers used illegally to take control of other people’s computers.

Colton Grubbs used the handle KFC Watermelon to advertise the LuminosityLink administrative tool on Hackforums[dot]net, federal prosecutors alleged in an indictment filed last month. The indictment said the tool provided a variety of malicious capabilities including the ability for purchasers to control others’ computers, surreptitiously record users’ activities, and to view their files, login credentials, and personal information. The defendant, prosecutors said, also used the hacker forum and a website located at luminosity[dot]link to teach users how to conceal their identities and prevent antivirus programs from detecting the tool.

full article here:
BY: July 16, 2018  By Pierluigi Paganini

The Director of National Intelligence Dan Coats warned last week of a devastating cyber threat to US infrastructure, he used the following words to express his concerns:

“warning lights are blinking red again”

The U.S. intelligence chief highlighted that computer networks of US government agencies, enterprises, and academic institutions are under incessant attack launched by foreign states.

Russia, North Korea, China, and Iran are the most persistent attacker, the number of their attacks continue to increase and the level of sophistication is growing too.

full article here:
BY: Brian Krebs

A 21-year-old Kentucky man has pleaded guilty to authoring and distributing a popular hacking tool called “LuminosityLink,” a malware strain that security experts say was used by thousands of customers to gain unauthorized access to tens of thousands of computers across 78 countries worldwide.

Federal prosecutors say Colton Ray Grubbs of Stanford, Ky. conspired with others to market and distribute the LuminosityLink RAT, a $40 Remote Access Tool that made it simple for buyers to hack into computers to surreptitiously view documents, photographs and other files on victim PCs. The RAT also let users view what victims were typing on their keyboards, disable security software, and secretly activate the webcam on the target’s computer.

Krebs On Security:
VoodooShield / Re: VoodooShield v4 STABLE Thread
« Last post by ssherjj on Today at 01:26:39 am »
Dan, Everything is running great with the VS v4.51.

Thank you so much for all the hard work involved and for the thorough and informative posts. It is nice to know how this VS all came together. Very interesting indeed! beta

By AFP on July 16, 2018

Russia was the target of almost 25 million cyber-attacks during the World Cup, President Vladimir Putin said, though he did not indicate who may have been behind the attacks.

"During the period of the World Cup, almost 25 million cyber-attacks and other criminal acts on the information structures in Russia, linked in one way or another to the World Cup, were neutralised," Putin said during a meeting on Sunday with security services.

The president, whose comments were reported by the Kremlin on Monday, gave no information on the nature or possible origins of the cyber-attacks.

"Behind this (World Cup) success lies huge preparatory, operational, analytical and information work, we operated at maximum capacity and concentration," said Putin.

full article here:

By Ionut Arghire on July 16, 2018
Following the compromise of an ESLint maintainer’s account last week, malicious packages that attempted to steal login tokens from the npm software registry were published without authorization.

 Originally created by Nicholas Zakas, ESLint is described as an open source "pluggable and configurable linter tool" for identifying and reporting on patterns in JavaScript.

The issue affected version 3.7.2 of the popular package eslint-scope, as well as version 5.0.2 of eslint-config-eslint. The former is a scope analysis library used by older versions of eslint, and the latest versions of babel-eslint and webpack, while the latter is a configuration used internally by the ESLint team.

full article here:
BY: Lindsey O'Donnell
July 16, 2018 4:47 pm

Researchers found a new version of GandCrab – but no evidence that the ransomware is using the same SMB exploit as Wannacry.

A new version of the evolving ransomware threat GandCrab has been identified by researchers – but evidence of the new malware self-propagating via the Windows transport protocol Server Message Block (SMB) exploit still remains to be seen.

Security researchers at Fortinet said that they have spotted version 4.1 of GandCrab in the wild. The ransomware was first spotted six months ago, but has already grown and continuously evolved to become a formidable and threatening ransomware sample in 2018.

full article here:
BY: Lindsey O'Donnell
July 16, 2018 12:13 pm

A new phishing scam purports to be MYOB invoices – but really contains a novel banking trojan.

The recently-discovered DanaBot banking trojan is making the rounds in a phishing campaign that targets potential victims with fake invoices from software company MYOB.

The emails purport to be invoices from MYOB, an Australian multinational corporation that provides tax, accounting and other business services software for SMBs. But in reality, the missives contain a dropper file that downloads the DanaBot banking trojan, which once downloaded steals private and sensitive information, and sends screenshots of the machine’s system and desktop to the Command and Control server.

full article here:
By Catalin Cimpanu

Russia's national vulnerability database (BDU) indexes and lists about a tenth of the security flaws it should be indexing on a normal basis.

This is because the Russian BDU doesn't appear to function on the same principles as the US NVD (National Vulnerability Database), according to a year-long investigation carried out by US threat intelligence firm Recorded Future.

Furthermore, the BDU is also extremely slow at indexing these flaws to begin with. Experts say the BDU is on average 83 days slower than China's National Vulnerability Database, and 50 days behind the US NVD when it comes to publishing details about a vulnerability, details that could be crucial in companies and government agencies putting up defenses against possible attacks

full article here:
By Catalin Cimpanu

After spending nine months targeting only South Korean users, the Magniber ransomware has expanded its targeting spectrum and is now also capable of infecting users who also feature a Chinese (Macau, China, Singapore) and Malay (Malaysia, Brunei) PC language setting.

The change was first spotted on July 5 by independent security researcher MalwareHunter. Bleeping Computer along with several other security researchers have kept an eye on this issue.

The Magniber ransomware has historically encrypted files only for users located in South Korea and with a PC language setting specific to that zone. But often, South Korean users were infected while traveling abroad or using proxies with a South Korean IP.

There have been such false alarms in the past when security researchers saw a few victims and jumped to the conclusion that Magniber has expanded to other countries.

full article here:
Pages: [1] 2 3 ... 10