The Link Between AWM Proxy & the Glupteba Botnet

On December 7, 2021, Google announced it had sued two Russian men allegedly responsible for operating the Glupteba botnet, a global malware menace that has infected millions of computers over the past decade. That same day, AWM Proxy — a 14-year-old anonymity service that rents hacked PCs to cybercriminals — suddenly went offline. Security experts had long seen a link between Glupteba and AWM Proxy, but new research shows AWM Proxy’s founder is one of the men being sued by Google. Continue reading The Link Between AWM Proxy & the Glupteba Botnet

Tech companies are selling domains suggesting illegal sales of guns, malware

COVID-19-related domains remain a concern.

The post Tech companies are selling domains suggesting illegal sales of guns, malware appeared first on CyberScoop.

Continue reading Tech companies are selling domains suggesting illegal sales of guns, malware

Who is the Network Access Broker ‘Wazawaka?’

In a great many ransomware attacks, the criminals who pillage the victim’s network are not the same crooks who gained the initial access to the victim organization. More commonly, the infected PC or stolen VPN credentials the gang used to break in were purchased from a cybercriminal middleman known as an initial access broker. This post examines some of the clues left behind by Wazawaka, the handle chosen by a major access broker in the Russian-speaking cybercrime scene. Continue reading Who is the Network Access Broker ‘Wazawaka?’

Who Is the Network Access Broker ‘Babam’?

Rarely do cybercriminal gangs that deploy ransomware gain the initial access to the target themselves. More commonly, that access is purchased from a cybercriminal broker who specializes in stealing remote access credentials — such as usernames and passwords needed to remotely connect to the target’s network. In this post we’ll look at the clues left behind by “Babam,” the handle chosen by a cybercriminal who has sold such access to ransomware groups on many occasions over the past few years. Continue reading Who Is the Network Access Broker ‘Babam’?

DomainTools acquires Farsight Security to enhance its threat intelligence capabilities

DomainTools announced the acquisition of Farsight Security, a provider of DNS intelligence and passive DNS cyber security data solutions. The acquisition comes as a natural extension of both companies’ long-standing partnership to deliver Farsight&#821… Continue reading DomainTools acquires Farsight Security to enhance its threat intelligence capabilities

Bandura Cyber Intelligence Marketplace deploys cyber intelligence data across network in real-time

Bandura Cyber released “Cyber Intelligence Marketplace,” allowing Bandura Cyber clients to discover, access, acquire, deploy and enforce a curated collection of high quality cyber intelligence data within minutes across their entire network and edge &#… Continue reading Bandura Cyber Intelligence Marketplace deploys cyber intelligence data across network in real-time

3 areas of implicitly trusted infrastructure that can lead to supply chain compromises

The SolarWinds compromise in December 2020 and the ensuing investigation into their build services put a spotlight on supply chain attacks. This has generated a renewed interest by organizations to reevaluate their supply chain security posture, lest t… Continue reading 3 areas of implicitly trusted infrastructure that can lead to supply chain compromises

Amid an Embarrassment of Riches, Ransom Gangs Increasingly Outsource Their Work

There’s an old adage in information security: “Every company gets penetration tested, whether or not they pay someone for the pleasure.” Many organizations that do hire professionals to test their network security posture unfortunately tend to focus on fixing vulnerabilities hackers could use to break in. But judging from the proliferation of help-wanted ads for offensive pentesters in the cybercrime underground, today’s attackers have exactly zero trouble gaining that initial intrusion: The real challenge seems to be hiring enough people to help everyone profit from the access already gained. Continue reading Amid an Embarrassment of Riches, Ransom Gangs Increasingly Outsource Their Work

5 simple steps to bring cyber threat intelligence sharing to your organization

Cyber threat intelligence (CTI) sharing is a critical tool for security analysts. It takes the learnings from a single organization and shares it across the industry to strengthen the security practices of all. By sharing CTI, security teams can alert … Continue reading 5 simple steps to bring cyber threat intelligence sharing to your organization

Voice Phishers Targeting Corporate VPNs

The COVID-19 epidemic has brought a wave of email phishing attacks that try to trick work-at-home employees into giving away credentials needed to remotely access their employers’ networks. But one increasingly brazen group of crooks is taking your standard phishing attack to the next level, marketing a voice phishing service that uses a combination of one-on-one phone calls and custom phishing sites to steal VPN credentials from employees. Continue reading Voice Phishers Targeting Corporate VPNs