#Cyberattack - Mastodon

Recent searches

Search options

Only available when logged in.

50 posts20 participants0 posts today

Pyrzout @jos1264@social.skynetcloud.site

Russian Host Proton66 Tied to SuperBlack and WeaXor Ransomware – Source:hackread.com https://ciso2ciso.com/russian-host-proton66-tied-to-superblack-and-weaxor-ransomware-sourcehackread-com/ #1CyberSecurityNewsPost #CyberSecurityNews #cybersecurity #CyberAttacks #CyberAttack #CyberCrime #Ransomware #SuperBlack #Hackread #Proton66 #security #WeaXor

russian-host-proton66-tied-to-superblack-and-weaxor-ransomware-–-source:hackread.com

CISO2CISO.COM & CYBER SECURITY GROUP · 11hRussian Host Proton66 Tied to SuperBlack and WeaXor Ransomware – Source:hackread.comSource: hackread.com - Author: Deeba Ahmed. Threat actors are exploiting bulletproof hosting service Proton66 for malicious activities, including campa

Pyrzout @jos1264@social.skynetcloud.site

Russian Host Proton66 Tied to SuperBlack and WeaXor Ransomware https://hackread.com/russian-host-proton66-superblack-weaxor-ransomware/ #Cybersecurity #CyberAttacks #CyberAttack #CyberCrime #Ransomware #SuperBlack #Security #Proton66 #WeaXor

Threat actors are exploiting bulletproof hosting service Proton66 for malicious activities, including campaigns from SuperBlack ransomware operators, Android malware distribution via hacked WordPress, targeted attacks using XWorm and Strela Stealer, and potential connections to Chang Way Technologies. Cybersecurity experts at Trustwave's SpiderLabs have discovered an increase in malicious online activities originating from a Russian "bulletproof" hosting provider known as Proton66. These services, often favoured by cybercriminals due to their relaxed policies, have been linked to a wave of attacks targeting organizations worldwide since January 8, 2025. Researchers have detailed their findings in a two-part series. The first part highlights a major increase in "mass scanning, credential brute-forcing, and exploitation attempts" coming from Proton66's network (ASN 198953). This means attackers were actively probing for weaknesses in systems and trying to guess login details on a large scale. SpiderLabs has also noticed an increase in scanning and exploiting traffic from Proton66's network from January 8, 2025, with a sharp decline in February. The attacks targeted specific network blocks, the most active being 45.135.232.0/24 and 45.140.17.0/24, while some had been inactive for a significant period, with the last reported malicious activity dating back to July and November 2021. Traffic Volume Analysis (Source: SpiderLabs) Notably, the address 193.143.1.65, was observed connected to the operators of a new ransomware strain called SuperBlack, and its operators were distributing "some of the latest critical priority exploits,” researchers noted in the blog post. The second part discusses malware campaigns linked to Proton66, including compromised WordPress websites redirecting Android users to fake Google Play Store pages likely to steal their information or install malicious apps. The domain naming conventions used suggest targets speaking English ("us-playmarket.com"), French ("playstors-france.com"), Spanish ("updatestore-spain.com"), and Greek ("playstors-gr.com"). SpiderLabs also discovered operators deploying Strela Stealer, an information-stealing tool that extracts email login credentials from targeted systems, between January and February 2025. Another campaign involved XWorm malware targeting users of Korean-speaking chat rooms. Additionally, connections to WeaXor ransomware, a modified version of Mallox that encrypts files and demands a ransom for recovery, were detected. At the time of the report, the WeaXor group was asking for "$2,000, transferred in BTC or USDT." Sample Ransom Note (Source: SpiderLabs) Interestingly, SpiderLabs' investigation reveals a potential rebranding or connection between Proton66 and Hong Kong-based company, Chang Way Technologies Co. Limited. In November 2024, security firm Intrinsec linked Proton66 and PROSPERO to bulletproof hosting services advertised on underground forums as UNDERGROUND and BEARHOST. SpiderLabs’s investigation revealed that while the Russian control panel for UNDERGROUND/BEARHOST customers remained at my.31337.ru, the my.31337.hk page was updated with a "CHANGWAY / HOSTWAY" theme. Still, technical connections between the infrastructures remained, suggesting an underlying link. Technology and financial organizations are the prime targets of this campaign. However, the SuperBlack ransomware group preferred targeting non-profit, engineering, and financial sectors. Research by Forescout linked this IP address to the Mora_001 threat actor who exploited vulnerabilities in Fortinet FortiOS devices, leading to the deployment of the SuperBlack ransomware. It is worth noting that hackers have exploited vulnerabilities in Palo Alto Networks' PAN-OS software (CVE-2025-0108), Mitel MiCollab (CVE-2024-41713), and D-Link NAS devices (CVE-2024-10914). D-Link has announced that the affected devices have reached their end-of-life, therefore, no security updates will be provided. Nevertheless, researchers strongly recommend that organizations block all the internet address ranges associated with both Proton66 and Chang Way Technologies to protect themselves from potential compromise. Trey Ford, Chief Information Security Officer at Bugcrowd, a San Francisco, Calif.-based leader in crowdsourced cybersecurity, commented on the development, stating that while IPs aren’t reliable indicators of threat actors, since changing scan sources is cheap, patterns like consistent brute-force attempts still matter. “It’s a reminder to monitor login velocity, harden exposed services, and make attacks costly for low-effort actors,” he said.

Hackread - Latest Cybersecurity, Hacking News, Tech, AI & Crypto · 18hRussian Host Proton66 Tied to SuperBlack and WeaXor RansomwareFollow us on Bluesky, Twitter (X), Mastodon and Facebook at @Hackread

2rZiKKbOU3nTafniR2qMMSE0gwZ @2rZiKKbOU3nTafniR2qMMSE0gwZ@activitypub.awakari.com

Cyberattack Knocks Texas City’s Systems Offline The city of Abilene, Texas, is scrambling to re...

https://www.securityweek.com/cyberattack-knocks-texas-citys-systems-offline/

#Cybercrime #city #cyberattack #Texas

Result Details

Pyrzout @jos1264@social.skynetcloud.site

Cyberattack Knocks Texas City’s Systems Offline https://www.securityweek.com/cyberattack-knocks-texas-citys-systems-offline/ #cyberattack #Cybercrime #Texas #city

Pyrzout @jos1264@social.skynetcloud.site

Cyberattack Knocks Texas City’s Systems Offline https://www.securityweek.com/cyberattack-knocks-texas-citys-systems-offline/ #cyberattack #Cybercrime #Texas #city

Pyrzout @jos1264@social.skynetcloud.site

Cybercriminals Exploit Network Edge Devices to Infiltrate SMBs https://gbhackers.com/cybercriminals-exploit-network-edge-devices/ #CyberSecurityNews #NetworkSecurity #cybersecurity #CyberAttack

2rZiKKbOU3nTafniR2qMMSE0gwZ @2rZiKKbOU3nTafniR2qMMSE0gwZ@activitypub.awakari.com

Marks & Spencer confirms cybersecurity incident amid ongoing disruption The company said it w...

https://techcrunch.com/2025/04/22/marks-spencer-confirms-cybersecurity-incident-amid-ongoing-disruption/

#Security #cyberattack #cybersecurity #data #breach #retail

Result Details

TechCrunch · 16hMarks & Spencer confirms cybersecurity incident amid ongoing disruption | TechCrunch

More from

Pyrzout @jos1264@social.skynetcloud.site

Magecart Launches New Attack Using Malicious JavaScript to Steal Credit Card Data https://gbhackers.com/magecart-launches-new-attack-using-malicious-javascript/ #CyberSecurityNews #cybersecurity #CyberAttack #JavaScript

GBHackers Security | #1 Globally Trusted Cyber Security News Platform · 19hMagecart Launches New Attack Using Malicious JavaScript to Steal Credit Card DataThe notorious Magecart group has been identified by the Yarix Incident Response Team as the culprits behind a recent credit card data.

Pyrzout @jos1264@social.skynetcloud.site

Japan Sounds Alarm Over Hackers Draining Millions from Compromised Trading Accounts https://gbhackers.com/japan-sounds-alarm-over-hackers-draining-millions/ #CyberSecurityNews #cybersecurity #CyberAttack

GBHackers Security | #1 Globally Trusted Cyber Security News Platform · 20hJapan Sounds Alarm Over Hackers Draining Millions from Compromised Trading AccountsCybersecurity in Japan has hit a new low as the Financial Services Agency (FSA) reports a staggering increase in unauthorized access.

Pyrzout @jos1264@social.skynetcloud.site

MITRE Launches D3FEND CAD Tool to Revolutionize Cybersecurity Modeling https://thecyberexpress.com/mitre-launches-d3fend-cad-tool/ #CyberAttack-Defense.CAD #TheCyberExpressNews #TheCyberExpress #FirewallDaily #cybersecurity #CyberNews #D3FENDCAD

D3FEND CAD

The Cyber Express · 21hMITRE Launches D3FEND CAD Tool to Enhance CybersecurityBy Ashish Khaitan

Winbuzzer @winbuzzer@mastodon.social

Google Email Systems Spoofed by Phishing Campaign Reusing Valid DKIM Signatures

#Cybersecurity #Gmail #Phishing #DKIM #DMARC #EmailSecurity #Google #Spoofing #OAuth #InfoSec #CyberAttack

https://winbuzzer.com/2025/04/22/google-email-spoofed-by-phishing-campaign-reusing-valid-dkim-signatures-xcxwbn/

Pyrzout @jos1264@social.skynetcloud.site

Booking.com Phishing Scam Uses Fake CAPTCHA to Install AsyncRAT – Source:hackread.com https://ciso2ciso.com/booking-com-phishing-scam-uses-fake-captcha-to-install-asyncrat-sourcehackread-com/ #1CyberSecurityNewsPost #CyberSecurityNews #cybersecurity #PhishingScam #CyberAttack #0CISO2CISO #Bookingcom #AsyncRAT #Hackread #security #Captcha #malware #Fraud #Scam

bookingcom-phishing-scam-uses-fake-captcha-to-install-asyncrat-–-source:hackread.com

CISO2CISO.COM & CYBER SECURITY GROUP · 1dBooking.com Phishing Scam Uses Fake CAPTCHA to Install AsyncRAT – Source:hackread.comSource: hackread.com - Author: Waqas. Fake Booking.com emails trick hotel staff into running AsyncRAT malware via fake CAPTCHA, targeting systems with

Pyrzout @jos1264@social.skynetcloud.site

Infostealer Attacks Surge 84% Weekly Through Phishing Emails https://gbhackers.com/infostealer-attacks-surge-84-weekly/ #CyberSecurityNews #cybersecurity #CyberAttack #Phishing

Pyrzout @jos1264@social.skynetcloud.site

North Korean IT Workers Use Real-Time Deepfakes to Infiltrate Organizations Through Remote Jobs https://gbhackers.com/north-korean-it-workers-use-real-time-deepfakes-to-infiltrate-organizations/ #CyberSecurityNews #cybersecurity #CyberAttack #Malware

GBHackers Security | #1 Globally Trusted Cyber Security News Platform · 1dNorth Korean IT Workers Use Real-Time Deepfakes to Infiltrate Organizations Through Remote JobsA division of Palo Alto Networks, have revealed a sophisticated scheme by North Korean IT workers to infiltrate organizations globally.

Pyrzout @jos1264@social.skynetcloud.site

Akira Ransomware Launches New Cyberattacks Using Stolen Credentials and Public Tools https://gbhackers.com/akira-ransomware-launches-new-cyberattacks-using-stolen-credentials/ #CyberSecurityNews #cybersecurity #CyberAttack #Ransomware

Pyrzout @jos1264@social.skynetcloud.site

Native Language Phishing Spreads ResolverRAT to Healthcare https://hackread.com/native-language-phishing-resolverrat-healthcare/ #Cybersecurity #CyberAttacks #PhishingScam #CyberAttack #ResolverRAT #Healthcare #Phishing #Malware #Fraud #Scam

Native Language Phishing Spreads ResolverRAT to Healthcare

Hackread - Latest Cybersecurity, Hacking News, Tech, AI & Crypto · 1dNative Language Phishing Spreads ResolverRAT to HealthcareFollow us on Bluesky, Twitter (X), Mastodon and Facebook at @Hackread

Pyrzout @jos1264@social.skynetcloud.site

Booking.com Phishing Scam Uses Fake CAPTCHA to Install AsyncRAT https://hackread.com/booking-com-phishing-scam-fake-captcha-asyncrat/ #Cybersecurity #PhishingScam #CyberAttack #Bookingcom #Security #AsyncRAT #Captcha #Malware #Fraud #Scam

Booking.com Phishing Scam Uses Fake CAPTCHA to Install AsyncRAT

Hackread - Latest Cybersecurity, Hacking News, Tech, AI & Crypto · 1dBooking.com Phishing Scam Uses Fake CAPTCHA to Install AsyncRATFollow us on Bluesky, Twitter (X), Mastodon and Facebook at @Hackread

Pyrzout @jos1264@social.skynetcloud.site

North Korea, Iran, Russia-Backed Hackers Deploy ClickFix in New Attacks https://hackread.com/north-korea-iran-russia-hackers-clickfix-attacks/ #Cybersecurity #Vulnerability #CyberAttacks #CyberAttack #NorthKorea #Security #ClickFix #Malware #Russia #Iran

North Korea, Iran, Russia-Backed Hackers Deploy ClickFix in New Attacks

Hackread - Latest Cybersecurity, Hacking News, Tech, AI & Crypto · 1dNorth Korea, Iran, Russia-Backed Hackers Deploy ClickFix in New AttacksFollow us on Bluesky, Twitter (X), Mastodon and Facebook at @Hackread

Pyrzout @jos1264@social.skynetcloud.site

Native Language Phishing Spreads ResolverRAT to Healthcare – Source:hackread.com https://ciso2ciso.com/native-language-phishing-spreads-resolverrat-to-healthcare-sourcehackread-com/ #1CyberSecurityNewsPost #CyberSecurityNews #cybersecurity #CyberAttacks #PhishingScam #CyberAttack #ResolverRAT #healthcare #Hackread #Phishing #malware #Fraud #Scam

Pyrzout @jos1264@social.skynetcloud.site

North Korea, Iran, Russia-Backed Hackers Deploy ClickFix in New Attacks – Source:hackread.com https://ciso2ciso.com/north-korea-iran-russia-backed-hackers-deploy-clickfix-in-new-attacks-sourcehackread-com/ #1CyberSecurityNewsPost #CyberSecurityNews #cybersecurity #Vulnerability #CyberAttacks #CyberAttack #NorthKorea #ClickFix #Hackread #security #malware #Russia #Iran

Drag & drop to upload