#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

Pony botnet | Breaking Cybersecurity News | The Hacker News

Pony Botnet steals $220,000 from multiple Digital Wallets

Pony Botnet steals $220,000 from multiple Digital Wallets

Feb 25, 2014
Are you the one of the Digital Currency Holder? PONY is after You.  A Group of cyber criminals has used hundreds of thousands of infected computers of the digital currency holders to filch approximately $220,000 worth of Bitcoins and other virtual currencies. The researchers at the security firm, Trustwave have uncovered the Bitcoin Heist that was accomplished by the computers infected with a new class of malware that has been dubbed as ' Pony ', a very powerful type of Spying Keylogger Malware with very dangerous features that was last time found two months ago. Pony, for those who have not yet heard about it, is a bot controller much like any other, with the capability to capture all kinds of confidential information and access passwords. It contains a control panel, user management, logging features, a database to manage all the data and, of course, the statistics. It can see the passwords and login credentials of infected users when they access applications and
Two Million stolen Facebook, Twitter login credentials found on 'Pony Botnet' Server

Two Million stolen Facebook, Twitter login credentials found on 'Pony Botnet' Server

Dec 04, 2013
Security researchers at Trustwave's SpiderLabs found a Netherlands-based Pony Botnet Controller Server with almost two Million usernames and passwords, stolen by cybercriminals from users of Facebook, Twitter, Google, Yahoo and other websites. In a blog post, the researchers mentioned that after the Pony Version 1.9  Source code was made public and they found a way to get into the Botnet 's Admin area, from where they collected stolen database and statistics. The Pony Control panel, written in Russian language, indicated Facebook was the worst impacted and two Russian Social Media sites i.e. vk.com and odnoklassniki.ru, credentials were also included in the database. It is not clear at this time that how exactly the login credentials were originally obtained, but one possibility is that, they were captured using some keyloggers or similar malware. Statistics of stolen login credentials: 1,580,000 website login credentials stolen (including 318,121 Facebook login credentia
Midnight Blizzard and Cloudflare-Atlassian Cybersecurity Incidents: What to Know

Midnight Blizzard and Cloudflare-Atlassian Cybersecurity Incidents: What to Know

Feb 13, 2024SaaS Security / Data Breach
The Midnight Blizzard and Cloudflare-Atlassian cybersecurity incidents raised alarms about the vulnerabilities inherent in major SaaS platforms. These incidents illustrate the stakes involved in SaaS breaches — safeguarding the integrity of SaaS apps and their sensitive data is critical but is not easy. Common threat vectors such as sophisticated spear-phishing, misconfigurations and vulnerabilities in third-party app integrations demonstrate the complex security challenges facing IT systems. In the case of Midnight Blizzard, password spraying against a test environment was the initial attack vector. For Cloudflare-Atlassian, threat actors initiated the attack via compromised  OAuth tokens  from a prior breach at Okta, a SaaS identity security provider.  What Exactly Happened? Microsoft Midnight Blizzard Breach Microsoft was targeted by the Russian "Midnight Blizzard" hackers (also known as Nobelium, APT29, or Cozy Bear) who are linked to the SVR, the Kremlin's forei
Cybersecurity Resources