Security News
A federal judge in Connecticut today handed down a sentence of time served to spam kingpin Peter "Severa" Levashov, a prolific purveyor of malicious and junk email, and the creator of malware strains that infected millions of Microsoft computers globally. A native of St. Petersburg, Russia, the 40-year-old Levashov operated under the hacker handle "Severa." Over the course of his 15-year cybercriminal career, Severa would emerge as a pivotal figure in the cybercrime underground, serving as the primary moderator of a spam community that spanned multiple top Russian cybercrime forums.
Researchers have seen a new variant of the IcedID banking trojan sliding in via two new spam campaigns. ZIP files full of the malware - or links to such ZIP files - the new twist on the old banking trojan is a tweaked downloader, which the threat actors moved from the initial x86 version to the latest: an x86-64 version.
A new trend has emerged on dating apps like Tinder with spammers sneaking in links within profile images. Multiple such Tinder spam profiles reviewed by BleepingComputer shared some common characteristics.
Spammers are abusing affiliate programs to promote online casinos, such as Raging Bull Casino, Sports and Casino, Ducky Luck, and Royal Ace Casino, with misleading emails. To refer users, the affiliates will create specially crafted URLs that contain an affiliates ID or drops a cookie that allows the casino to give them credit when a referral registers a new account.
Scammers use fake 'unsubscribe' spam emails to confirm valid email accounts to be used in future phishing and spam campaigns. For some time, spammers have been sending emails that simply ask if you wish to unsubscribe or subscribe.
American Express Services Europe has been fined £90,000 by a U.K. regulator, which found the company illegally blasted out 4 million marketing emails to customers who had opted out of receiving them. Amex claimed the emails weren't marketing messages, but service communications, which are allowed under U.K. information privacy regulations.
The UK data regulator has fined American Express £90,000 for sending over 4 million spam emails to customers within one year. "During the investigation the ICO found that Amex had sent over 50 million, of what it classed as, servicing emails to its customers," the UK Information Commissioner's Office said.
The Cuba Ransomware gang has teamed up with the spam operators of the Hancitor malware to gain easier access to compromised corporate networks. Similar to how Ryuk and Conti partnered with TrickBot and Egregor and ProLock worked with QBot, the Cuba Ransomware has partnered with Hancitor to gain access to compromised networks.
An SQL-injection vulnerability discovered in a WordPress plugin called "Spam protection, AntiSpam, FireWall by CleanTalk" could expose user emails, passwords, credit-card data and other sensitive information to an unauthenticated attacker. Spam protection, AntiSpam, FireWall by CleanTalk is installed on more than 100,000 sites, and is mainly used to weed out spam and trash comments on website discussion boards.
Enterprise software developer Proxmox Server Solutions GmbH has released Proxmox Mail Gateway 6.4, the latest version of its open-source email security solution. Proxmox Mail Gateway is a complete operating system based on Debian Buster 10.9, but using Linux kernel 5.4.106, which is under long term support status.