Security News

Microsoft's Digital Crimes Unit seized multiple domains used by a Vietnam-based cybercrime group that registered over 750 million fraudulent accounts and raked in millions of dollars by selling them online to other cybercriminals. Storm-1152 is a major cybercrime-as-a-service provider and the number one seller of fraudulent Outlook accounts, as well as other illegal "Products," including an automatic CAPTCHA-solving service to bypass Microsoft's CAPTCHA challenges and register more fraudulent Microsoft email accounts.

A new cybercrime marketplace, OLVX, has emerged and is quickly gaining new customers looking to purchase tools to conduct online fraud and cyberattacks. OLVX follows a recent trend where cybercrime marketplaces are increasingly hosted on the clearnet instead of the dark web, making them more accessible to a broader range of users and possible to promote through search engine optimization.

U.S. cybersecurity and intelligence agencies have released a joint advisory about a cybercriminal group known as Scattered Spider that's known to employ sophisticated phishing tactics to...

A new dropper-as-a-service cybercrime operation named 'SecuriDropper' has emerged, using a method that bypasses the 'Restricted Settings' feature in Android to install malware on devices and obtain access to Accessibility Services. Restricted Settings is a security feature introduced with Android 13 that prevents side-loaded applications installed from outside Google Play to access powerful features like the Accessibility settings and Notification Listener.

The U.S. Department of the Treasury imposed sanctions against a Russian woman for taking part in the laundering of virtual currency for the country's elites and cybercriminal crews, including the...

A threat actor that security researchers call Prolific Puma has been providing link shortening services to cybercriminals for at least four years while keeping a sufficiently low profile to...

The Nigerian Police Form has arrested six suspects and dismantled a mentoring hub linked to cybercrime activities, including business email compromise, romance, and investment scams. After receiving intelligence and investigating a group of individuals suspected of cybercrime, six individuals were arrested on September 13th, 2023, in the Dantata estate area.

A new information stealer named ExelaStealer has become the latest entrant to an already crowded landscape filled with various off-the-shelf malware designed to capture sensitive data from...

Threat actors then distribute infostealer malware and leverage Telegram as the backend where fresh "Logs" are delivered upon successful infection. Finally these log files are then distributed in public and private Telegram channels to other threat actors.

"Without a doubt chatbots or large language models lower the barrier for entry to cybercrime, making it possible to create well-written phishing campaigns and generate malware that less capable coders could not produce alone," said Jack Chapman, VP of Threat Intelligence, Egress. The number one phishing topic was missed voice messages, which accounted for 18.4% of phishing attacks between January to September 2023, making them the most phished topic for the year so far.