Crimeware Kit | Breaking Cybersecurity News | The Hacker News

Recently we published an article on the attacks against Japanese banks using a new variant of the popular Zeus , one of the most prolific malware of recent history, security experts in fact have detected various versions of the popular malicious code that hit also mobile and social networking platforms . Due its flexibility the malware has been re-engineered several times by cyber criminals that adapted its structure to specific purposes and context, leaving unchanged its core capabilities of stealing banking credentials of victims. Zeus has been a huge success in the criminal circles especially for the sales model, as malware as service, implemented by its authors on many underground sites, let's remind for example the Citadel Trojan one of the most popular on the crimeware market. Fortunately its author, known as Aquabox , has been banned from a large online forum that sells malware and other services to cyber criminals, but many security firms consider Citadel Trojan still very ...

A new Cyber Crimeware kit arrived in Hacking scenes called 'PiceBOT' just like other Latin American botnets such as vOlk (Mexico) & S.A.P.Z (Peru) and  cost just $140 in underground market for Cyber criminals. Like other amazing exploit kits, the main purpose is the distribution of malware that steals financial information through local pharming attacks. Bad bots perform malicious tasks allowing an attacker to take complete control over an affected computer for the criminal to control remotely. Once infected, these machines may also be referred to as 'zombies'. Kaspersky uncovered that this kit has already been adopted by Latin American cyber criminals to target clients of major banks and so far financial bodies from Chile, Peru, Panama, Costa Rica, Mexico, Colombia, Uruguay, Venezuela, Ecuador, Nicaragua and Argentina under attack. Detected as  Trojan-Dropper.Win32.Injector , the malware having couple of dozen variants. Malware is sti...

In cybersecurity, confidence is a double-edged sword. Organizations often operate under a false sense of security , believing that patched vulnerabilities, up-to-date tools, polished dashboards, and glowing risk scores guarantee safety. The reality is a bit of a different story. In the real world, checking the right boxes doesn't equal being secure. As Sun Tzu warned, "Strategy without tactics is the slowest route to victory. Tactics without strategy is the noise before defeat." Two and a half millennia later, the concept still holds: your organization's cybersecurity defenses must be strategically validated under real-world conditions to ensure your business's very survival. Today, more than ever, you need Adversarial Exposure Validation (AEV) , the essential strategy that's still missing from most security frameworks. The Danger of False Confidence Conventional wisdom suggests that if you've patched known bugs, deployed a stack of well-regarded security tools, and passed the nec...