Microsoft Security have issued a detailed report on a massive phishing-as-a-service operation named BulletProofLink that offered as a subscription all the tools needed to conduct a campaign. The phishing-as-a-service, or PHaaS, model differs from the phishing kits that many gangs have used in that it is more expansive and handles many of the small details that could befuddle a less tech-savvy attacker.

A Nigeria-based ransomware gang is conducting a campaign that dangles a $1 million bribe – or a portion of any ransom collected – to employees of targeted organisations if they will install DemonWare ransomware on their corporate network.

Security researcher Bob Diachenko has discovered an unsecured database containing personal information of 106 million foreign nationals who have visited Thailand in the past decade.

The US Treasury Department is set to announce sanctions and similar guidance designed to disrupt the financial infrastructure that has enabled ransomware attacks. The agency is considering levying fines and other penalties on businesses that cooperate with hackers – including exchanges and mixer services that may allow cybercriminals to launder illicit funds.

Researchers say they have demonstrated how exploits of Microsoft Jet Database Engine vulnerabilities could lead to remote attacks on Microsoft Internet Information Services and Microsoft SQL Server to gain system privileges. Microsoft says it recently patched the flaws.

As the UK and the US look to walk away from 20 years of conflict in Afghanistan, cyber security experts say abandoned embassy’s pose a small cyber risk. “Realistically, any cybersecurity impacts from the rapid evacuation are minimal to non-existent,” says Jake Williams, a former member of the U.S. National Security Agency’s elite hacking team.

Ransomware gangs are plundering companies in Viking like raids, say Britain’s former top cyber spy. Ciaran Martin, the former chief executive of Britain’s National Cyber Security Centre, said: “We should start from the presumption that large scale transfers of wealth to Russian hackers should not be allowed.”

US-based legal giant Campbell Conroy & O’Neil that serves Fortune 500 firms, including Apple and Pfizer, is continuing its investigation on a ransomware attack that resulted in unauthorized access to certain client data.

Ukrainian police have arrested members of a notorious ransomware gang that recently targeted American universities. The Ukraine National Police said it had worked with Interpol and the US and South Korean authorities to charge six members of the Ukraine-based Cl0p hacker group who are allegedly responsible for a half billion-dollar cyber crimewave.

Cyber Security Education: Iranian hackers posed as academics at London’s School of Oriental and African Studies to conduct an online espionage campaign targeting experts on the Middle East. The hacking attempt was carried out by a group called itself ‘Charming Kitten’ and are widely thought to be operating behalf of Iran’s shadowy Revolutionary Guard. Iran — […]