#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

ransomware | Breaking Cybersecurity News | The Hacker News

E-Root Marketplace Admin Sentenced to 42 Months for Selling 350K Stolen Credentials

E-Root Marketplace Admin Sentenced to 42 Months for Selling 350K Stolen Credentials

Mar 19, 2024 Threat Intel / Cybercrime
A 31-year-old Moldovan national has been sentenced to 42 months in prison in the U.S. for operating an illicit marketplace called E-Root Marketplace that offered for sale hundreds of thousands of compromised credentials, the Department of Justice (DoJ) announced. Sandu Boris Diaconu was charged with conspiracy to commit access device and computer fraud and possession of 15 or more unauthorized access devices. He pleaded guilty on December 1, 2023. "The E-Root Marketplace operated across a widely distributed network and took steps to hide the identities of its administrators, buyers, and sellers," the DoJ  said  last week. "Buyers could search for compromised computer credentials on E-Root, such as usernames and passwords that would allow buyers to access remote computers for purposes of stealing private information or manipulating the contents of the remote computer." Prospective customers could also search for RDP and SSH credentials based on various filter c
LockBit Ransomware Hacker Ordered to Pay $860,000 After Guilty Plea in Canada

LockBit Ransomware Hacker Ordered to Pay $860,000 After Guilty Plea in Canada

Mar 14, 2024 Ransomware / Cyber Crime
A 34-year-old Russian-Canadian national has been sentenced to nearly four years in jail in Canada for his participation in the LockBit global ransomware operation. Mikhail Vasiliev , an Ontario resident, was  originally arrested  in November 2022 and charged by the U.S. Department of Justice (DoJ) with "conspiring with others to intentionally damage protected computers and to transmit ransom demands in connection with doing so." News of Vasiliev's jail term was  first reported  by CTV News.  The defendant, who had his home searched by Canadian law enforcement authorities in August and October 2022, is said to have kept a list of "prospective or historical" victims and screenshots of communications exchanged with "LockBitSupp" on the Tox messaging platform. The raid also uncovered a text file with instructions to deploy LockBit ransomware, the ransomware source code, and a control panel used by the e-crime group to deliver the file-locking malware.
How to Find and Fix Risky Sharing in Google Drive

How to Find and Fix Risky Sharing in Google Drive

Mar 06, 2024Data Security / Cloud Security
Every Google Workspace administrator knows how quickly Google Drive becomes a messy sprawl of loosely shared confidential information. This isn't anyone's fault; it's inevitable as your productivity suite is purposefully designed to enable real-time collaboration – both internally and externally.  For Security & Risk Management teams, the untenable risk of any Google Drive footprint lies in the toxic combinations of sensitive data, excessive permissions, and improper sharing. However, it can be challenging to differentiate between typical business practices and potential risks without fully understanding the context and intent.  Material Security, a company renowned for its innovative method of protecting sensitive data within employee mailboxes, has recently launched  Data Protection for Google Drive  to safeguard the sprawl of confidential information scattered throughout Google Drive with a powerful discovery and remediation toolkit. How Material Security helps organ
BianLian Threat Actors Exploiting JetBrains TeamCity Flaws in Ransomware Attacks

BianLian Threat Actors Exploiting JetBrains TeamCity Flaws in Ransomware Attacks

Mar 11, 2024 Ransomware / Vulnerability
The threat actors behind the BianLian ransomware have been observed exploiting security flaws in JetBrains TeamCity software to conduct their extortion-only attacks. According to a  new report  from GuidePoint Security, which responded to a recent intrusion, the incident "began with the exploitation of a TeamCity server which resulted in the deployment of a PowerShell implementation of BianLian's Go backdoor." BianLian  emerged  in June 2022, and has since pivoted exclusively to exfiltration-based extortion following the  release of a decryptor  in January 2023. The attack chain observed by the cybersecurity firm entails the exploitation of a vulnerable TeamCity instance using  CVE-2024-27198  or  CVE-2023-42793  to gain initial access to the environment, followed by creating new users in the build server and executing malicious commands for post-exploitation and lateral movement. It's currently not clear which of the two flaws were weaponized by the threat acto
cyber security

Uncover Critical Gaps in 7 Core Areas of Your Cybersecurity Program

websiteArmor PointCyber Security / Assessment
Turn potential vulnerabilities into strengths. Start evaluating your defenses today. Download the Checklist.
CISA Warns of Actively Exploited JetBrains TeamCity Vulnerability

CISA Warns of Actively Exploited JetBrains TeamCity Vulnerability

Mar 08, 2024 Vulnerability / Threat Intelligence
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday  added  a critical security flaw impacting JetBrains TeamCity On-Premises software to its Known Exploited Vulnerabilities ( KEV ) catalog, based on evidence of active exploitation. The vulnerability, tracked as CVE-2024-27198 (CVSS score: 9.8), refers to an authentication bypass bug that allows for a  complete compromise  of a susceptible server by a remote unauthenticated attacker. It was addressed by JetBrains earlier this week alongside CVE-2024-27199 (CVSS score: 7.3), another moderate-severity authentication bypass flaw that allows for a "limited amount" of information disclosure and system modification. "The vulnerabilities may enable an unauthenticated attacker with HTTP(S) access to a TeamCity server to bypass authentication checks and gain administrative control of that TeamCity server," the company  noted  at the time. Threat actors have been observed weaponizing the twin flaws to de
Hacked WordPress Sites Abusing Visitors' Browsers for Distributed Brute-Force Attacks

Hacked WordPress Sites Abusing Visitors' Browsers for Distributed Brute-Force Attacks

Mar 07, 2024 Vulnerability / Web Security
Threat actors are conducting brute-force attacks against WordPress sites by leveraging malicious JavaScript injections, new findings from Sucuri reveal. The attacks, which take the form of distributed brute-force attacks, "target WordPress websites from the browsers of completely innocent and unsuspecting site visitors," security researcher Denis Sinegubko  said . The activity is part of a  previously documented attack wave  in which compromised WordPress sites were used to inject crypto drainers such as Angel Drainer directly or redirect site visitors to Web3 phishing sites containing drainer malware. The latest iteration is notable for the fact that the injections – found on  over 700 sites  to date – don't load a drainer but rather use a list of common and leaked passwords to brute-force other WordPress sites. The attack unfolds over five stages, enabling a threat actor to take advantage of already compromised websites to launch distributed brute-force attacks against other po
Cybersecurity Resources