online fraud | Breaking Cybersecurity News | The Hacker News

Multiple content management system (CMS) platforms like WordPress, Magento, and OpenCart have been targeted by a new credit card web skimmer called Caesar Cipher Skimmer. A web skimmer refers to malware that is injected into e-commerce sites with the goal of stealing financial and payment information .  According to Sucuri, the latest campaign entails making malicious modifications to the checkout PHP file associated with the WooCommerce plugin for WordPress ("form-checkout.php") to steal credit card details. "For the past few months, the injections have been changed to look less suspicious than a long obfuscated script," security researcher Ben Martin said , noting the malware's attempt to masquerade as Google Analytics and Google Tag Manager. Specifically, it utilizes the same substitution mechanism employed in Caesar cipher to encode the malicious piece of code into a garbled string and conceal the external domain that's used to host the payload.

Microsoft on Wednesday said it obtained a court order to seize infrastructure set up by a group called Storm-1152 that peddled roughly 750 million fraudulent Microsoft accounts and tools through a network of bogus websites and social media pages to other criminal actors, netting the operators millions of dollars in illicit revenue. "Fraudulent online accounts act as the gateway to a host of cybercrime, including mass phishing, identity theft and fraud, and distributed denial-of-service (DDoS) attacks," Amy Hogan-Burney, the company's associate general counsel for cybersecurity policy and protection,  said . These cybercrime-as-a-service (CaaS) offerings, per Redmond, are designed to get around identity verification software across various technology platforms and help minimize the efforts needed to conduct malicious activities online, including phishing, spamming, ransomware, and fraud, effectively lowering the barriers to entry for attackers. Multiple threat actors,

As a vCISO, you are responsible for your client's cybersecurity strategy and risk governance. This incorporates multiple disciplines, from research to execution to reporting. Recently, we published a comprehensive playbook for vCISOs, "Your First 100 Days as a vCISO – 5 Steps to Success" , which covers all the phases entailed in launching a successful vCISO engagement, along with recommended actions to take, and step-by-step examples.  Following the success of the playbook and the requests that have come in from the MSP/MSSP community, we decided to drill down into specific parts of vCISO reporting and provide more color and examples. In this article, we focus on how to create compelling narratives within a report, which has a significant impact on the overall MSP/MSSP value proposition.  This article brings the highlights of a recent guided workshop we held, covering what makes a successful report and how it can be used to enhance engagement with your cyber security clients.

Malaysian law enforcement authorities have  announced  the takedown of a phishing-as-a-service (PhaaS) operation called  BulletProofLink . The Royal Malaysia Police said the effort, which was carried out with assistance from the Australian Federal Police (AFP) and the U.S. Federal Bureau of Investigation (FBI) on November 6, 2023, was based on information that the threat actors behind the platform were based out of the country. To that end, eight individuals aged between 29 and 56, including the syndicate's mastermind, have been arrested across different locations in Sabah, Selangor, Perak, and Kuala Lumpur, New Straits Times  reported . Along with the arrests, authorities confiscated servers, computers, jewelry, vehicles, and cryptocurrency wallets containing approximately $213,000. BulletProofLink , also called BulletProftLink, is known for offering ready-to-use phishing templates on a subscription basis to other actors for conducting credential harvesting campaigns. These

A joint four-month operation coordinated by Interpol, the international criminal police organization, has culminated in the arrests of more than 1,000 cybercriminals and the recovery of $27 million in illicit proceeds. Codenamed " HAECHI-II ," the crackdown enabled law enforcement units from across 20 countries, as well as Hong Kong and Macao, close 1,660 cases alongside blocking 2,350 bank accounts linked to the fraudulent illicit funds amassed from a range of online financial crimes, such as romance scams, investment fraud, and money laundering associated with illegal online gambling. "The results of Operation HAECHI-II show that the surge in online financial crime generated by the COVID-19 pandemic shows no signs of waning,"  said  Interpol Secretary General Jürgen Stock in a press statement issued on November 26. The coordinated law enforcement probe took place over a period of four months, starting from June 2021 until September 2021, with ten new criminal

In Brief Two International hackers, Aleksandr Andreevich Panin and Hamza Bendelladj, have been sentenced to a combined 24 years and 6 months in prison for their roles in developing and distributing SpyEye banking trojan, a powerful botnet similar to the infamous ZeuS malware. Both hackers were charged with stealing hundreds of millions of dollars from banking institutions worldwide. Masterminds behind the development and distribution of the infamous " SpyEye " botnet have finally been sentenced to a combined total of 24 years and 6 months in prison. Aleksandr Andreevich Panin and Hamza Bendelladj have been sentenced for their roles in developing and distributing SpyEye malware that is said to have caused hundreds of millions of dollars in losses to the financial sector, the U.S. Justice Department said  on Wednesday. SpyEye, a successor to the notorious Zeus banking malware , has affected financial institutions since 2009. Once infected, the malware connects t

Tanvir Hassan Zoha , a 34-year-old security researcher, who spoke to media on the $81 Million Bangladesh Bank cyber theft , has gone missing since Wednesday night, just days after accusing Bangladesh's central bank officials of negligence. Zoha was investigating a recent cyber attack on Bangladesh's central bank that let hackers stole $81 Million from the banks' Federal Reserve bank account. Though the hackers tried to steal $1 Billion from the bank, a simple typo prevented the full heist. During his investigation, Zoha believed the Hackers, who are still unknown, had installed Malware on the bank's computer systems few weeks before the heist that allowed them to obtain credentials needed for payment transfers. With the help of those credentials, the unknown hackers transferred large sums from Bangladesh's United States account to fraudulent accounts based in the Philippines and Sri Lanka. However, at the same time, Zoha accused senior offic

The recent cyber attack on Bangladesh's central bank that let hackers stole over $80 Million from the institutes' Federal Reserve bank account was reportedly caused due to the Malware installed on the Bank's computer systems. Few days ago, reports emerged of a group of unknown hackers that broke into Bangladesh's central bank, obtained credentials needed for payment transfers from Federal Reserve Bank of New York and then transferred large sums to fraudulent accounts based in the Philippines and Sri Lanka. The criminal group was able to steal a total value of about $81 Million from the Federal Reserve's Bangladesh account through a series of fraudulent transactions, but a typo in some transaction prevented a further $850 Million Heist . However, the question was still there: How the Hackers managed to transfer $80 Million without leaving any Trace? Security researchers from FireEye's Mandiant forensics are helping the Dhaka investigat

Typos are really embarrassing, but this time it saved the Bangladesh Central Bank and the New York Federal Reserve by preventing a nearly $1 Billion ( £700 Million ) heist. Last month, some unknown hackers broke into Bangladesh's central bank, obtained credentials needed for payment transfers and then transfer large sums to fraudulent accounts based in the Philippines and Sri Lanka . But… A single spelling mistake in an online bank transfer instruction prevented the full theft, according to Reuters . Here's what actually was happened: Nearly three dozen requests hit the Federal Reserve Bank of New York on 5 February using the Bangladesh Bank's SWIFT code, out of which four resulted in successful transfers, for a total value of about $81 million. However, when the hackers attempted to make their fifth transfer of $20 Million to a Sri Lankan non-governmental organization called the Shalika Foundation , they made a typo by attempting a transfer to the Shalika "

If your Social Security number gets hacked in any data breaches, including recently hacked T-Mobile , then there's a way to prevent hackers from misusing your identity (i.e. identity theft ). The solution here is that you can institute a security freeze at each of the three credit bureaus, Equifax , Experian , or TransUnion . Once frozen, nobody will be allowed to access your credit report, which will prevent any identity thieves from opening new accounts in your name. Because most creditors required to see your credit report before approving a new account. But, if they are restricted to see your file, they may not extend the credit or open a new account in your name. However, there are some disadvantages of doing so. 1.   Cost The cost of a security freeze differs by state (check yours here ). However, it is often free for already affected people, but the issue is – if you want to let anyone check your credit, you will need to pay a fee every time to

October 1 Liability shift ENDS! Today, 1st October 2015 , is the deadline for US-based Banks and Retailers to roll out Chip-embedded Credit Cards ( powered by EVM Technology ) to customers that will make transactions more secure. EVM Technology stands for Europay , MasterCard and Visa -- a global standard for Payment Cards equipped with Chips used to authenticate chip card transactions. Starting Thursday, Merchants must have new Payment Terminals installed to accept Chip Cards in their stores or restaurants. Otherwise, they will be responsible for credit card frauds. Stephanie Ericksen, Visa's Vice President Risk Products said, " That's the date by which if a merchant doesn't have a chip terminal, and a counterfeit card is used at that location, they may be liable for that fraud on that transaction. '' 60% Customers Still have Old Credit Cards However, If you have not received a new credit card with chip technology, don't worry,

Two former Federal investigators who helped to shut down the infamous black-market website ' Silk Road ' accused of fraud and stealing more than a Million dollars in Bitcoins during their investigation. Silk Road, an infamous online drug market that hosted more than $200 Million in transactions, was seized by the FBI in 2013, but during that period two of FBI agents took advantage of their position. CHARGES AGAINST FEDS The US Department of Justice indictment charges 46-year-old former Drug Enforcement Agency (DEA) special agent Carl Force , and 32-year-old former Secret Service agent Shaun Bridges , with the following charges: Theft of government property Wire fraud Money laundering Conflict of interest MILLION DOLLAR EXTORTION Both Force and Bridges were part of Baltimore's Silk Road Task Force to investigate illegal activity in the black marketplace. The creator of Silk Road, Ross Ulbricht, was arrested and found guilty of running the Tor-h

They didn't use guns, masks or even threatening notes passed to bank tellers. It may be the largest bank robbery in history. A gang of cyber-criminals operating in 26 countries stole $45 million by hacking their way into a database of prepaid debit cards. Reportedly, the group of hackers targeted weaknesses in how banks and payment processors handle prepaid debit cards. Authorities said they arrested these seven U.S. citizens and residents of Yonkers, New York: Jael Mejia Collado, Joan Luis Minier Lara, Evan Jose Peña, Jose Familia Reyes, Elvis Rafael Rodriguez, Emir Yasser Yeje and Chung Yu-Holguin. The eighth defendant charged in the indictment, Alberto Yusi Lajud-Peña, also known as 'Prime' and 'Albertico,' was murdered on April 27 in the Dominican Republic. They're suspected of working with hackers who twice broke into credit card processing companies' computer systems, stole ATM card data and bypassed the withdrawal limits on the accounts.

A federal indictment unsealed earlier today alleges that a 35-year-old Texas man hacked into the computer network of an Eden Prairie business, stealing approximately $274,000. The indictment, filed in Minneapolis on October 13, 2010, charges Jeremy Parker of Houston, Texas, with one count of unauthorized access to a protected computer to further fraud and one count of wire fraud. It was unsealed following Parker's initial appearance in United States District Court. The indictment claims that from December 23, 2008, through October 15, 2009, Parker hacked into the computer network to obtain money belonging to Digital River, Inc., through a subsidiary, SWReg, Inc. SWReg pays independent software developers who write code that can run on Digital River's system. Royalties owed to these developers accumulate at SWReg, allowing developers to view their royalty balances online and cash out those accounts. When a developer cashes out, SWReg electronically transfers the money into the

Money mules have been aggressively recruited this year to help cybercriminals launder money, according to Fortinet. A recent example of this is the worldwide prosecution of a Zeus criminal operation, which included 37 charges against alleged money mules. Recent Zeus stories illustrate how prevalent money mules have become and how they are being used to filter, disguise, and spread money transfers. Today, mules are typically recruited into criminal organizations through legitimate-looking advertisements. A suspect ad may suggest a client is looking for a "payment processing agent," "money transfer agent," or something as vague as an "administrative representative." These recruitment ads can be found anywhere from print and online job sites to direct points of contact. While many mules likely enter into the business relationship knowing the full criminal implications of what they are doing, a surprising number do not. One of the most recent money mule rec

A US court has found two Russian hackers guilty of bank fraud, involving over $1.3 million. The investigation revealed that the fraudsters broke into computer systems of various companies and used the obtained banking data to steal money from their bank accounts. Authorities believe the fraudsters were part of a larger gang that recruited Russian youngsters. These individuals opened bank accounts where the stolen funds were transferred. The Russians then withdrew the money and distributed it among their accomplices. The verdict will be delivered in 90 days. The two convicted criminals, 25-year-old Dmitry Krivosheev and 24-year-old Maksim Illarionov, face fines of about $250,000 and prison sentences of up to 20 years. The third accused, 25-year-old Aleksey Petrov, was released. This case is not an isolated incident. Recently, six other Russian youngsters were accused of a significant computer hacking scam against US banks. Some received fines, while others were sentenced to six month