Security News
Microsoft said today that security vulnerabilities found to impact a web server discontinued since 2005 have been used to target and compromise organizations in the energy sector. The attackers gained access to the internal networks of the hacked entities via Internet-exposed cameras on their networks as command-and-control servers.
The FBI and U.S. Postal Inspection Service have seized eighteen web domains used to recruit money mules for work-from-home and reshipping scams. The seized domains now display a seizure notice with links [1, 2] warning employment seekers of the risks of home job and reshipping scams.
Multiple high-severity flaws have been uncovered in the open source OpenLiteSpeed Web Server as well as its enterprise variant that could be weaponized to achieve remote code execution. "By chaining and exploiting the vulnerabilities, adversaries could compromise the web server and gain fully privileged remote code execution," Palo Alto Networks Unit 42 said in a Thursday report.
Dark web marketplaces sell a plethora of tools, stolen data, and forged documents, and some of the things for sale are priced higher than the rest. The dark web also houses victims' personal information, including national insurance numbers, passports, and their driver's license details.
The U.S. Department of Justice on Monday said it seized 50,676 Bitcoin in November 2021 that was stolen in the 2012 hack of the now-defunct Silk Road dark web marketplace.The bitcoin, which was obtained in 2012 and valued at $3.36 billion when it was discovered last year, is now worth $1.04 billion.
The Alliance for Creativity and Entertainment has shut down 42 websites for the pirated streaming of televised soccer games and live TV, seizing their domains and taking down the illegal streaming services. All 42 websites were operated by an Argentinian man and drew the majority of their traffic from the Latin American country, offering unauthorized streams of live matches of the Argentine Professional Soccer League, LaLiga, UEFA Champions League, and more.
A 22-year-old student German federal police believe to be the administrator of one of the largest German-speaking, dark-web forums has been arrested. According to German law enforcement, the student, from Lower Bavaria, served as the operator of the third version of Deutschland im Deep Web since November 2018.
A threat group that targets corporate emails is delivering dropper malware through a novel technique that uses Microsoft Internet Information Services logs to send commands disguised as web access requests. The dropper, dubbed Geppei, is being used by a group Symantec threat researchers call Cranefly to install other undocumented malware.
Germany's Federal Criminal Police Office has arrested a 22-year-old student in Bavaria, who is suspected of being the administrator of 'Deutschland im Deep Web', one of the largest darknet markets in the country. The platform had already gone offline in March 2022, with 16,000 registered users, 28,000 posts, and 72 high-volume sellers of prohibited goods, including weapons and drugs.
The Cranefly hacking group, aka UNC3524, uses a previously unseen technique of controlling malware on infected devices via Microsoft Internet Information Services web server logs. Like any web server, when a remote user accesses a webpage, IIS will log the request to log files that contain the timestamp, source IP addresses, the requested URL, HTTP status codes, and more.