Security News

A man who spied on unsuspecting victims through their webcams has escaped a prison sentence after buying off-the-shelf LuminosityLink malware and using CCTV software to spy on them. Crown prosecutor Russell Pyne told the court that Wood had been caught by police as part of a wider multinational investigation into LuminosityLink creator Colton Grubbs, who pleaded guilty to US criminal charges over the malware in 2018.

A man who spied on unsuspecting victims through their webcams has escaped a prison sentence after buying off-the-shelf LuminosityLink malware and using CCTV software to spy on them. Crown prosecutor Russell Pyne told the court that Wood had been caught by police as part of a wider multinational investigation into LuminosityLink creator Colton Grubbs, who pleaded guilty to US criminal charges over the malware in 2018.

The coronavirus pandemic brought a new slew of cyber threats, feeding on how "Anxiety and desperation can make it easy to let one's guard down when it comes to online threats," Forcepoint principal security analyst Carl Leonard told TechRepublic in March. Briefly, the 411 on the current cyber threat situation revolves around: Personal devices used for work can be hacked in a multitude of ways; the vast majority of hacks don't use malware; unemotional and undaunted by a lack of feeling, AI is a great tool to use, and won't be jeopardized by human error, and now is the time for companies to adopt and integrate much-needed security measures, supported by great company/employee communication, trainings, etc.

Three cybersecurity experts explained how artificial intelligence and machine learning can be used to evade cybersecurity defenses and make breaches faster and more efficient during a NCSA and Nasdaq cybersecurity summit. Tim Bandos, chief information security officer at Digital Guardian, said that cybersecurity will always need human minds to build strong defenses and stop attacks.

Incident response and detection is a critical part of your security operation - it's hard to defend against what you can't see, particularly when your attack surface now extends from on-prem and into the cloud. Do you feel like it's the criminals and hackers who have grabbed all the benefits of moving to the cloud, being able to scale up their operations at will, leverage technologies like machine learning and AI, and exploit vulnerabilities left as target organizations hybridize their own operations.

Penetration testing tool Cobalt Strike is increasingly being used by black hats in non-simulated attacks as traces show up in scenarios from ransomware infections to state-backed APT threats, says Cisco Talos. Claiming that the tool "Accounted for 66 per cent of all ransomware attacks Cisco Talos Incident Response responded to this quarter," the threat intel firm reckons that both criminal hackers and pentesting security analysts' red teams alike are making great use of Cobalt Strike, especially for its ability to deploy listeners on targeted networks.

Paris prosecutors asked investigating judges on Wednesday to order a criminal trial for Alexander Vinnik, a Russian suspected of money laundering on the bitcoin exchange BTC-e, and who is also wanted by Washington and Moscow. They have also sought an order for Vinnik's continued detention since his extradition in January from Greece, where he was arrested on an American warrant in 2017, the prosecutor's office told AFP. Vinnik, 40, operated the BTC-e exchange until his arrest at the northern Greek tourist resort of Halkidiki, which set off a three-way extradition tussle between the United States, France and Russia.

Dubbed Cosmic Lynx, the group has carried out more than 200 BEC campaigns since July 2019, according to researchers from the email security firm Agari, particularly targeting senior executives at large organizations and corporations in 46 countries. Rather than use free accounts, Cosmic Lynx will register strategic domain names for each BEC campaign to create more convincing email accounts.

Stolen domain admin login credentials can be resold by dark web criminals for up to £95,000 and a total of 15 billion purloined credentials are traded on illicit marketplaces. "Rick Holland, CISO and strategy veep of Digital Shadows, mused:"The sheer number of credentials available is staggering and in just over the past 1.5 years, we've identified and alerted our customers to some 27 million [leaked] credentials which could directly affect them.... "Details exposed from one breach could be re-used to compromise accounts used elsewhere. The message is simple - consumers should use different passwords for every account and organizations should stay ahead of the criminals by tracking where the details of their employees and customers could be compromised."

Two months ago investigators in France and the Netherlands cracked the network's encryption, allowing law enforcement to listen in to criminal communications about selling and trafficking drugs, laundering money and murdering rivals, authorities said. The service's owners apparently became aware of the criminal investigation last month, informing an estimated 60,000 users with a message warning them to get rid of their EncroChat devices because their servers-operating out of France - had been "Seized illegally by government entities," according to the NCA. The service relied on EncroChat devices, which came with pre-loaded apps for instant messaging as well as the ability to make secure internet calls, with no other "Conventional smartphone" functionality, U.K. officials said.