Underground marketplace pricing on RDP server access, compromised payment card data and DDoS-For-Hire services are surging.
Cybercriminals are vying for Remote Desktop Protocol (RDP) access, stolen payment cards and DDoS-for-Hire services, based on a recent analysis of underground marketplace pricing.
During the COVID-19 pandemic, cybercriminals have profited with “increasingly advantageous positions to benefit from the disruption,” said researchers and this has also been reflected on underground markets, where new services like targeted ransomware and advanced SIM swapping are popping up.
“As a result of COVID-19 and associated global trends, demand for malicious and illicit goods, services and data have reached new peak highs across dark web marketplaces (DWMs),” said researchers in a Friday analysis. “Flashpoint has also observed what can only be described as impressive, shrewd innovation throughout the cybercrime ecosystem.”
minute read
Share this article:
Customer data from a June attack against cryptocurrency wallet firm Ledger is now public and actively being used in attacks.
On Monday a hacker dumped sensitive data stolen earlier this year from the Ledger cryptocurrency wallet’s website. The data was put up for grabs on sites frequented by criminals. And in a twist that surprised no one, the data is now actively being exploited in phishing campaigns.
Researchers at security firm Cyble discovered files from the Ledger leak published Monday on a hacker forum, according to a report in BleepingComputer.
An archive includes two files named “All Emails (Subscription).txt” and “Ledger Orders (Buyers) only.txt” that contain sensitive data from the breach. The first includes email addresses of 1,075,382 people who subscribed to the Ledger newsletter, according to the report.
The bugs rate 10 out of 10 on the vulnerability-severity scale, thanks to the ease of exploitation.
Dell has patched two critical security vulnerabilities in its Dell Wyse Thin Client Devices, which are small form-factor computers optimized for connecting to a remote desktop. The bugs allow arbitrary code execution and the ability to access files and credentials, researchers said.
Thin clients contain none of the typical processing power or intelligence on board that normal PCs would have; instead, they act as less-smart terminals that connect to applications hosted on a remote computer. They’re often used in environments where employers give workers access to only a certain set of applications or resources; or for remote workers to connect back to headquarters.
minute read
Share this article:
Researchers predict software security will continue to struggle to keep up with cloud and IoT in the new year.
IT security professionals have largely spent the year managing a once-in-a-generation workforce shift from office to home in 2020. With the initial push over, experts predict that 2021 will be focused on shoring up the cloud and re-imagining organizational workflows under this new normal. Software security will be critical in this environment.
That’s according to researchers from Checkmarx, which just published its 2021 Software Security Predictions report. It envisions a new era for software-development teams, including a focus on better application security tools, scaling on-premise security tools to the cloud and better protecting internet-of-things (IoT) devices.