Vigilante found several malicious campaigns emanating from threat actors in the underground economy, which are targeting Canadian citizens who qualify for economic relief from the COVID-19 pandemic under Canada’s Economic Response Plan.
During this extended period of social distancing filled with increased online activity, I can’t help but reflect on all the user data that has been created, stored, hacked, exposed, bought, shared and sold over the last 10 years. Read more here or Link to published article
Prolific hacktivist group, Ghost Squad Hackers—also known as “GSH”— announced several new hacks of various government-affiliated sites and servers in a probable attempt to undermine public confidence in government at a time of universal unease due to the COVID-19 pandemic.
Vigilante discovered an emerging threat actor group attacking large online retailers using brute force checkers with large, frequently updated combo lists of login credentials.
Over the past week, Vigilante has observed an uptick in Deep and Dark Web (DDW) communities experiencing an increase in scams targeting DDW users, overwhelmed DDW moderators, and degraded webpage performance of popular DDW forums and marketplaces.
In this episode of Infosec’s Cyber Work Podcast series, host Chris Sienko spoke with Adam Darrah about foreign vote tampering and other election security concerns for the upcoming 2020 election. Click here to listen to podcast.
With the country in the midst of a developing pandemic and in need of accurate information and resources, government agencies like the Centers for Disease Control (CDC) and the U.S. Department of Health and Human Services (HHS) are vitally important. Criminals will always endeavor to exploit these types of events for their own malicious purposes.
Earlier this month, Vigilante discovered that SMS marketing firm, Rocket Text (rocket-text.com), failed to secure its Mongo database exposing just over 600 million customer emails and 63 million phone numbers.
VIgilante has identified a trend of threat actors are using Remote Desktop Protocol (RDP), not email, to gain access to a victim’s network.