Security News

American prosecutors on Monday accused 13 people of committing espionage-linked crimes in the US on behalf of the Chinese government. Their charges, spread over three separate cases, include: attempting to force a Chinese national in America to return to China; attempting to interfere with the federal criminal prosecution of a Chinese company, said to be Huawei; and attempting to recruit US academics and government officials in the US to spy for China.

You paste the hexadecimal code from the BTC transaction into the ransomware "Login page", and the process fires up a decryption program left behind by the crooks that unscrambles all your data. Loosely speaking, once Bitcoin miners see that a not-yet-processed transaction involves funds that someone else has already "Mined", they simply stop working on the unfinished transaction, on the grounds that it's now worthless to them.

A car theft ring that used fraudulent software to "Hack" and steal vehicles with remote keyless entry and ignition systems has been dismantled by the French National Gendarmerie, Europol announced on Monday. "The criminals targeted vehicles with keyless entry and start systems, exploiting the technology to get into the car and drive away," the EU law enforcement agency said.

Authorities from France, Latvia, and Spain arrested 31 suspects believed to be part of a car theft ring that targeted vehicles from two French car manufacturers. The criminals only targeted cars that use keyless entry and start systems and stole them after exploiting their keyless technology to unlock the doors and start the engines without having to use the key fobs.

"This platform has an intuitive interface and comes at a relatively low cost while providing a multitude of features and tools to its criminal clients to orchestrate and automate core elements of their phishing campaigns," Mandiant said in a new report. Some of the core features offered by the platform comprise the ability to craft customized phishing kits, manage redirect pages, dynamically generate URLs that host the payloads, and track the success of the campaigns.

It said the Eternity group - also known as EternityTeam and Eternity Project - is offering the multifunction LilithBot malware through a dedicated Telegram group and a Tor link where cybercriminals can acquire various payloads via subscriptions. The malware as a service group has been active since at least January, distributing a range of modules under the Eternity brand that - along with the stealer and miner malware - include ransomware, a distributed denial-of-service bot, worm and dropper, and a clipper that spoofs crypto addresses in wallets, the researchers wrote in a report.

A recently discovered malware builder called Quantum Builder is being used to deliver the Agent Tesla remote access trojan. Sold on the dark web for €189 a month, Quantum Builder is a customizable tool for generating malicious shortcut files as well as HTA, ISO, and PowerShell payloads to deliver next-stage malware on the targeted machines, in this case Agent Tesla.

Hornetsecurity released an Email Threat Review, which cited a decline in Excel attacks, but reported a sharp increase in Intuit phishing attacks. This Help Net Security video reveals how criminals impersonate company brands and organizations to steal information.

NATO officials are investigating after criminals put up some data for sale on dark forums that they claim is "Classified" information stolen from European missile maker MBDA. MBDA has denied any sensitive material has been compromised and said it had refused to pay the gang a ransom, claiming the data for sale was obtained from an "External hard drive" rather than its systems. According to the BBC, which saw samples of the files and has reportedly spoken to the miscreants, 80GB of data - which it was unable to verify - is being offered up for 15 Bitcoins, or approximately $297,000, and the extortionists claim to have made at least one sale.

Several new marketplaces have appeared on the dark web, claiming to be the dedicated online portals for notorious criminal cartels from Mexico. The emergence of these markets was spotted by DarkOwl analysts, who identified a trend, shifting from large markets that drew law enforcement attention to smaller, less publicized sites.