Admins of MFA bypass service plead guilty to fraud
Three men have pleaded guilty to running OTP.Agency, an online platform that provided social engineering help to obtain one-time passcodes from customers of various banks and services in the U.K.
Cryptojacking via CVE-2023-22527: Dissecting a Full-Scale Cryptomining Ecosystem
We provide a technical analysis on how CVE-2023-22527 can be exploited by malicious actors for cryptojacking attacks that can spread across the victim’s system.
The Malware That Must Not Be Named: Suspected Espionage Campaign Delivers “Voldemort”
Key findings Proofpoint researchers identified an unusual campaign delivering malware that the threat actor named “Voldemort”. Proofpoint assesses with moderate confidence the goal of the activi...
Identity of Notorious Hacker USDoD Revealed
The notorious hacker USDoD, who is best known for high-profile data leaks, appears to be a man from Brazil, according to investigations conducted by CrowdStrike and others. Over the past few years, USDoD, aka EquationCorp, has leaked vast amounts of information stolen from major organizations. His targets include the FBI’s InfraGard portal, Airbus, credit reporting firm TransUnion, background checking service National Public Data (NPD), and many others.
Behind the arrest of Telegram boss, a small Paris cybercrime unit with big ambitions
- Durov's arrest marks a shift in dealing with tech chiefs Brousse's unit goes after its biggest ever target Legal experts question the prosecution's argument The investigation into Telegram boss Pavel Durov that has fired a warning shot to global tech titans was started by a small cybercrime unit within the Paris prosecutor's office, led by 38-year-old Johanna Brousse. The arrest of Durov, 39, last Saturday marks a significant shift in how some global authorities may seek to deal with tech chiefs reluctant to police illegal content on their platforms. The arrest signalled the mettle of the J3 cybercrime unit, but the true test of its ambitions will be whether Brousse can secure a conviction based on a largely untested legal argument, lawyers said.
Après un ransomware, l'université Paris-Saclay lance un site provisoire
Comme d’autres services publics avant elle, l’université Paris-Saclay a subi une cyberattaque par le biais d’un ransomware sur ses serveurs. L’attaque qui a eu lieu le 11 août a affecté les services centraux de l’établissement, ainsi que ses composantes (facultés, IUT, Polytech Paris-Saclay, Observatoire des sciences de l’univers). Sont notamment indisponibles un certain nombre de services comme la messagerie électronique, l’intranet, les espaces partagés et certaines applications métier. Un site provisoire a été mis en ligne afin d’assurer, durant les prochaines semaines, la communication auprès des personnels et des étudiants. Une foire aux questions, relative à la cyberattaque, régulièrement complétée et actualisée y est affichée.
Spoofed GlobalProtect Used to Deliver Unique WikiLoader Variant
Unit 42 discusses WikiLoader malware spoofing GlobalProtect VPN, detailing evasion techniques, malicious URLs, and mitigation strategies. Unit 42 discusses WikiLoader malware spoofing GlobalProtect VPN, detailing evasion techniques, malicious URLs, and mitigation strategies.
Fake Google Authenticator Website Installs Malware
See how adversaries are impersonating Google Authenticator in Google Ads to deliver the DeerStealer information-stealing malware.
Cicada 3301 - Ransomware-as-a-Service - Technical Analysis
Discover the latest insights on the emerging ransomware group Cicada3301, first detected in June 2024. Truesec's investigation reveals key findings about this group, named after a famous cryptography game, now targeting multiple victims.
Docker-OSX image used for security research hit by Apple DMCA takedown
The popular Docker-OSX project has been removed from Docker Hub after Apple filed a DMCA (Digital Millennium Copyright Act) takedown request, alleging that it violated its copyright.
Cybercriminals operating ransomware as a service from overseas continue to be responsible for most high-profile cybercrime attacks against the UK
The deployment of ransomware remains the greatest serious and organised cybercrime threat, the largest cybersecurity threat, and also poses a risk to the UK’s national security. Ransomware attacks can have a significant impact on victims due to financial, data, and service losses, which can lead to business closure, inaccessible public services, and compromised customer data. Threat actors are typically based in overseas jurisdictions where limited cooperation makes it challenging for UK law enforcement to disrupt their activities.
Germany's Sovereign Tech Fund Puts Over $750K Into FreeBSD Infrastructure Projects - FOSS Force
The FreeBSD Foundation will organize and manage the projects that STF is funding, which mainly focuses on security.
Fake Palo Alto GlobalProtect used as lure to backdoor enterprises
Threat actors target Middle Eastern organizations with malware disguised as the legitimate Palo Alto GlobalProtect Tool that can steal data and execute remote PowerShell commands to infiltrate internal networks further.
Dutch cabinet bans phones in meetings over espionage fears
Devices are kept in vault during weekly gatherings, prime minister said.
Scam Sites at Scale: LLMs Fueling a GenAI Criminal Revolution
This article explores Netcraft’s research into the use of generative artificial intelligence (GenAI) to create text for fraudulent websites in 2024. Insight ...
State-backed attackers and commercial surveillance vendors repeatedly use the same exploits
We’re sharing an update on suspected state-backed attacker APT29 and the use of exploits identical to those used by Intellexa and NSO.
Beware the Unpatchable: Corona Mirai Botnet Spreads via Zero-Day
- The Akamai Security Intelligence and Response Team (SIRT) has observed a botnet campaign that is abusing several previously exploited vulnerabilities, as well as a zero-day vulnerability discovered by the SIRT. CVE-2024-7029 (discovered by Aline Eliovich) is a command injection vulnerability found in the brightness function of AVTECH closed-circuit television (CCTV) cameras that allows for remote code execution (RCE). Once injected, the botnet spreads a Mirai variant with string names that reference the COVID-19 virus that has been seen since at least 2020. * We have included a list of indicators of compromise (IOCs) to assist in defense against this threat.
Hacktivist Response to Telegram CEO Arrest
Telegram is vital to hacktivist groups and their operations. They would have limited platforms to operate on without Telegram, they try X but are often shut-down and they would likely get drowned out if they tried to operate on underground forums.
HZ Rat backdoor for macOS harvests data from WeChat and DingTalk
Kaspersky experts discovered a macOS version of the HZ Rat backdoor, which collects user data from WeChat and DingTalk messengers.
Telegram CEO’s brother also wanted by French authorities
Arrest warrants for Pavel and Nikolai Durov were issued months earlier than previously known.
Unprecedented 3.15 Billion Packet Rate DDoS Attack Mitigated by Global Secure Layer
On August 25th 2024, Global Secure Layer mitigated the largest packet rate DDoS attack recorded against our platform
Threat Actors Retaliate After Durov’s Arrest
Threat Actors Retaliate After Durov’s Arrest Discover the latest security threats and database leaks, including unauthorized VPN access and email breaches, in the cyber underground world.Stay informed about emerging cyber threats, such as unauthorized access to databases and sensitive information leaks, affecting global companies and organizations.Learn about the latest cyber incidents, including DDoS attacks and malware threats targeting cryptocurrency wallets and financial institutions.
%3Aquality(70)%3Afocal(1724x803%3A1734x813)%2Fcloudfront-eu-central-1.images.arcpublishing.com%2Fliberation%2FEWWZ75RCFRGQFFYRQ7ZC5SHBUY.jpg?width=92&height=&ar=&mode=&format=avif&dpr=2)
Après l’arrestation de Pavel Durov, une vague de cyberattaques cible la France
Ces dernières heures, plusieurs sites français disent avoir été visés par des attaques informatiques. A l’origine de ces actions : des petits groupes de hackeurs qui réclament la libération du patron de Telegram.
New 0-Day Attacks Linked to China’s ‘Volt Typhoon’
Malicious hackers are exploiting a zero-day vulnerability in Versa Director, a software product used by many Internet and IT service providers. Researchers believe the activity is linked to Volt Typhoon, a Chinese cyber espionage group focused on infiltrating critical U.S.…
Paris court explains why it's arrested Telegram founder, Pavel Durov
When Pavel Durov, founder and CEO of messaging app Telegram, was arrested on August 24, French authorities did not respond to requests for comment. The
Malicious Plugin
Pidgin is a universal chat client, allowing you to consolidate all your different messaging apps into a single tool.
17-Year-old Student Exposes Germany's 'Secret' Pirate Site Blocklist
A 17-year-old student has launched a dedicated portal to exposing Germany's 'secret' pirate site blocklist to the public.
WordPress Websites Used to Distribute ClearFake Trojan Malware
Learn about the ClearFake Trojan malware distributed via WordPress sites, its tactics, and how to safeguard your online experience.
Is Telegram really an encrypted messaging app? – A Few Thoughts on Cryptographic Engineering
This blog is reserved for more serious things, and ordinarily I wouldn't spend time on questions like the above. But much as I'd like to spend my time writing about exciting topics, sometimes the world requires a bit of what Brad Delong calls "Intellectual Garbage Pickup," namely: correcting wrong, or mostly-wrong ideas that spread unchecked…
%2Fcdn.vox-cdn.com%2Fuploads%2Fchorus_asset%2Ffile%2F25588987%2F511820410.jpg?width=92&height=&ar=&mode=&format=avif&dpr=2)
Telegram says CEO has ‘nothing to hide’ after being arrested in France
The messaging app says “it is absurd to claim that a platform or its owner are responsible for abuse of that platform” after CEO Pavel Durov was arrested by French authorities.