An underground market peddling hacked servers was a unique find, even for a seasoned researcher such Juan Andres Guerrero-Saade of Kaspersky Lab. But there it was, xDedic[.]biz selling access to tens of thousands of servers for pennies on the dollar. A Russian-speaking hacker group was meticulously managing this trading platform and selling for as little...

Business-related inbox scams are reaching epidemic levels with the total cost to business reaching a whopping $3.1 billion. The dire warning comes from the FBI that says skyrocketing losses represent a 1,300 percent increase since January 2015. Identified by the FBI as business e-mail compromise (BEC) crimes, the scams attempt to trick email recipients into...

Criminals and advanced attackers for two years have had at their disposal an extensive trading platform selling access to hacked servers worldwide. For as little as $6 USD, attackers can purchase access to a compromised machine and launch attacks or get a one-time peek at all the data on a server. Researchers at Kaspersky Lab...

A flaw in the popular Telegram Messenger app that allows attackers to crash devices and run up wireless data charges is being disputed by the app maker who calls the claims false. According to two Iranian-based researchers, Sadegh Ahmadzadegan and Omid Ghaffarinia, Telegram users are vulnerable to attacks via specially crafted messages that can bypass...

Verizon fixed a critical flaw in its Verizon.net messaging system that permitted attackers to hack the email settings of other customers and forward email to any email account. The flaw, found by Randy Westergren, a senior software developer with XDA Developers, impacted any of Verizon’s estimated 7 million FiOS subscribers who depended on their Verizon.net...

Two separate APT groups believed to have ties to the Russian government have been fingered in attacks against the Democratic National Committee resulting in the theft of research done by the DNC on presumptive Republican nominee Donald Trump. Researchers at Crowdstrike, called in to investigate by the DNC, today published some of their findings, including...

Fifty-one million iMesh accounts are for sale on Dark Web for $700, bringing the number of user accounts tied to recent breaches to over 700 million.

More than a year after hackers managed to manipulate the system the Internal Revenue Service has reinstated its Get Transcript service.

Mike Mimoso and Chris Brook discuss news from the week, including how the recent data breaches have fed off password reuse, how a Canadian university paid $20K CDN following a ransomware attack, a scan that showed a lack of secured services on the internet, and more. Download: Threatpost_News_Wrap_June_9_2016.mp3 Music by Chris Gonsalves

A Windows zero-day for sale on the black market for $90,000 just received a price drop. The flaw that allegedly leaves all versions of Windows users exposed to a local privilege escalation (LPE) vulnerability can now be snatched up for $85,000. According to Trustwave, which has been monitoring the price, this is the second price drop...