Tag Archive for: Developing

Russian national accused of developing, selling malware appears in U.S. court

/in


A Russian national accused of developing and licensing the “NLBrute” malware and selling at least 35,000 compromised logins appeared in a Florida federal court on Tuesday facing charges of conspiracy, access device fraud and computer fraud.

Dariy Pankov, also known as “dpxaker,” was arrested in the Republic of Georgia on Oct. 4, 2022 and was recently extradited to the United States, U.S. Attorney Roger B. Handberg said in a statement Wednesday. Pankov faces a maximum of 47 years in federal prison if convicted on all counts, Handberg said.

Pankov stands accused of developing NLBrute — also known as nl.exe or nlbrute.exe — and advertising it for sale on an underground forum as early as June 2016, according to an indictment unsealed this week. During that time he also sold more than 35,000 compromised login credentials for access to systems around the world, including in the United States, France, the United Kingdom, Italy and Australia. At least two of those sales were to undercover U.S. law enforcement officers, according to the indictment, and involved login credentials for two separate Florida-based law firms.

Credentials sold by Pankov were “used to facilitate a wide range of illegal activity, including ransomware attacks and tax fraud,” Handberg’s statement said.

Between August 2016 and January 2019 Pankov netted nearly $360,000 from both credential sales and offering access to NLBrute, prosecutors allege. The indictment was originally filed in April 2019 and includes notice that the government intends to take $358,437 in restitution.

Pankov’s attorney did not immediately respond to a request for comment Thursday.

Source…

Week in review: MS Exchange zero-days exploited, AD attack paths, developing secure APIs

/in


OPIS

SpyCast: Cross-platform mDNS enumeration tool
SpyCast is a cross-platform mDNS enumeration tool that can work either in active mode by recursively querying services or in passive mode by only listening to multicast packets.

Attackers use novel technique, malware to compromise hypervisors and virtual machines
Unknown attackers wielding novel specialized malware have managed to compromise VMware ESXi hypervisors and guest Linux and Windows virtual machines, Mandiant threat analysts have discovered.

To encrypt or to destroy? Ransomware affiliates plan to try the latter
Researchers from Symantec, Cyderes and Stairwell have recently analyzed a new version of the Exmatter data exfiltration tool and have spotted a new capability: data corruption.

MS SQL servers are getting hacked to deliver ransomware to orgs
Cybercriminals wielding the FARGO (aka Mallox, aka TargetCompany) ransomware are targeting Microsoft SQL (MS SQL) servers, AhnLab’s ASEC analysis team has warned.

3 ways to gauge your company’s preparedness to recover from data loss
Where you store your data backup is nearly as important as creating copies in the first place. Storing your data in the cloud does not mean it is secure.

Two Microsoft Exchange zero-days exploited by attackers (CVE-2022-41040, CVE-2022-41082)
Attackers are leveraging two zero-day vulnerabilities (CVE-2022-41040, CVE-2022-41082) to breach Microsoft Exchange servers.

Phishing attacks skyrocketing, over 1 million observed
The APWG’s Phishing Activity Trends Report reveals that in the second quarter of 2022, the APWG observed 1,097,811 total phishing attacks — the worst quarter for phishing that APWG has ever observed.

RCE in Sophos Firewall is being exploited in the wild (CVE-2022-3236)
Sophos has patched an actively exploited remote code execution vulnerability (CVE-2022-3236) in its Firewall solutions, and has pushed the fix to customers who have automatic installation of hotfixes enabled.

The various ways ransomware impacts your organization
Despite increased investment in tools to fight ransomware, 90% of organizations were affected by ransomware in some capacity over the past 12 months, according to SpyCloud’s 2022 Ransomware Defense…

Source…

GBT is Expanding its Cybersecurity R&D Efforts with the goal of Developing Threat Intelligence Technology

/in


News and research before you hear about it on CNBC and others. Claim your 1-week free trial to StreetInsider Premium here.

SAN DIEGO, Sept. 08, 2022 (GLOBE NEWSWIRE) — GBT Technologies Inc. (OTC PINK: GTCH) (“GBT” or the “Company”), is expanding its cybersecurity research and development efforts with the goal of developing threat intelligence technology. The Company intends to invest further R&D resources to detect and track ever-evolving, global, cyber threats and to provide real time, automated incident response and remediation. Cyber incidents have become a big data challenge. A significant amount of data requires rapid analysis to make a decision and take a proper action; quickly. GBT is seeking to develop advanced security algorithms and techniques to evaluate the nature, severeness and possible impacts of threats, providing intelligent categorization and prioritization to make accurate decisions, and taking the necessary actions. The planned technology will proactively hunt for hidden threats that have bypassed security mechanisms with deep learning algorithms to investigate suspicious threats, predicting possible incidents, and prepare ahead-of-time responses. The Company plans to develop a global platform that can handle the necessary huge data capacity and have an intelligent skillset to handle complex security incidents. The Company is seeking to develop a system that will have the ability to be fully automated, within global networks and cybersecurity systems, monitoring, predicting, detecting and responding to threats targeting individuals and businesses, 24/7. The goal of GBT’s planned automated security system will be to significantly strengthen defenses and resilience against cyber criminals.

“Cybersecurity incidents are constantly on the rise and we are preparing an intelligent solution with the goal of addressing malicious attacks against individuals, businesses and governmental institutions. With today’s vast amount of information, cyber threats are becoming a big data case. Networks, sensitive apparatus, industrial systems and personal devices are operating with huge data and bandwidths which makes it harder to detect, identify and differentiate…

Source…

Why AI is the key to developing cutting-edge cybersecurity – World Economic Forum

/in



Why AI is the key to developing cutting-edge cybersecurity  World Economic Forum

Source…