Radiant Capital Post-Mortem. Events Summary
On October 16, 2024, Radiant Capital experienced a security breach resulting in the loss of approximately $50 million USD. The attack compromised three Radiant developers, all of whom are…
Internet Archive breached again through stolen access tokens
The Internet Archive was breached again, this time on their Zendesk email support platform after repeated warnings that threat actors stole exposed GitLab authentication tokens.
HijackLoader evolution: abusing genuine signing certificates
Since mid-September 2024, our telemetry has revealed a significant increase in “Lumma Stealer”1 malware deployments via the “HijackLoader”2 malicious loader. On October 2, 2024, HarfangLab EDR detected and blocked yet another HijackLoader deployment attempt – except this time, the malware sample was properly signed with a genuine code-signing certificate. In response, we initiated a hunt for code-signing certificates (ab)used to sign malware samples. We identified and reported more of such certificates. This report briefly presents the associated stealer threat, outlines the methodology for hunting these certificates, and providees indicators of compromise.
Amazon helps the US Department of Justice thwart international cybercriminal group Anonymous Sudan
Two individuals behind the Anonymous Sudan cybercriminal group were indicted by the U.S. Department of Justice, which acknowledged AWS for its contributions.
Anonymous Sudan Takedown: Akamai's Role
The United States Department of Justice (DOJ) recently announced the takedown of Anonymous Sudan, a prolific entity in the distributed denial-of-service (DDoS) space who are known especially for their politically motivated hacktivism. This takedown is a huge step toward making the internet a safer place, and it required significant effort from multiple parties, including Akamai.
Two Sudanese Nationals Indicted for Alleged Role in Anonymous Sudan Cyberattacks on Hospitals, Government Facilities, and Other Critical Infrastructure in Los Angeles and Around the World
A federal grand jury indictment unsealed today charges two Sudanese nationals with operating and controlling Anonymous Sudan, an online cybercriminal group responsible for tens of thousands of Distributed Denial of Service (DDoS) attacks against critical infrastructure, corporate networks, and government agencies in the United States and around the world.
Swiss identified in Austrian bomb threat investigation
Austrian security authorities have identified a Swiss man as the suspect in a series of emails containing bomb threats.
USDoD hacker behind National Public Data breach arrested in Brazil
A notorious hacker named USDoD, who is linked to the National Public Data and InfraGard breaches, has been arrested by Brazil's Polícia Federal in
Fake recruiter coding tests target devs with malicious Python packages
RL found the VMConnect campaign continuing with malicious actors posing as recruiters, using packages and the names of financial firms to lure developers.
Jetpack fixes critical information disclosure flaw existing since 2016
WordPress plugin Jetpack released a critical security update earlier today, addressing a vulnerability that allowed a logged-in user to access forms submitted by other visitors to the site.
British intelligence services to protect all UK schools from ransomware attacks
GCHQ's National Cyber Security Centre (NCSC) is rolling out a free service that will help protect schools from connecting to malicious internet domains.
Fortinet FortiGate CVE-2024-23113 - A Super Complex Vulnerability In A Super Secure Appliance In 2024
It affected (before patching) all currently-maintained branches, and recently was highlighted by CISA as being exploited-in-the-wild. This must be the first time real-world attackers have reversed a patch, and reproduced a vulnerability, before some dastardly researchers released a detection artefact generator tool of their own. /s At watchTowr's core, we're all about identifying and validating ways into organisations - sometimes through vulnerabilities in network border appliances - without requiring such luxuries as credentials or asset lists.
New Google Project Aims to Become Global Clearinghouse for Scam, Fraud Data
Google launches Global Signal Exchange (GSE), an initiative aimed at fostering the sharing of online fraud and scam intelligence.
MITRE Announces AI Incident Sharing Project
MITRE’s AI Incident Sharing initiative helps organizations receive and hand out data on real-world AI incidents. Non-profit technology and R&D company MITRE has introduced a new mechanism that enables organizations to share intelligence on real-world AI-related incidents. Shaped in collaboration with over 15 companies, the new AI Incident Sharing initiative aims to increase community knowledge of threats and defenses involving AI-enabled systems.
iPhone Mirroring Exposes Employees' Personal Applications
The iPhone Mirroring feature in macOS Sequoia and iOS 18 may expose employees’ private applications to corporate IT environments.
Neo-Nazis head to encrypted SimpleX Chat app, bail on Telegram
App swears there’s no way for law enforcement to track users’ identities.
CTV industry’s unprecedented “surveillance”
48-page report citing Ars Technica urges FTC, FCC investigate connected TV data harvesting. Gen AI, potentially racially discrimniatory practices head concerns.
Ukrainian pleads guilty to operating Raccoon Stealer malware
Ukrainian national Mark Sokolovsky has pleaded guilty to his involvement in the Raccoon Stealer malware-as-a-service (MaaS) cybercrime operation.
Dutch police arrest admin of 'Bohemia/Cannabia' dark web market
An international law enforcement operation led to the arrest of one of the three administrators of the dual dark web market 'Bohemia/Cannabia,' known for hosting ads for drug sales and distributed denial of service (DDoS) attacks.
Personal Information Compromised in Universal Music Data Breach
Universal Music Group is informing hundreds of individuals about a recent data breach impacting personal information.
MoneyGram says hackers stole customers' personal information and transaction data | TechCrunch
The money transfer giant said hackers also stole some customer Social Security numbers during the September cyberattack.
1 bug, $50,000+ in bounties, how Zendesk intentionally left a backdoor in hundreds of Fortune 500 companies
1 bug, $50,000+ in bounties, how Zendesk intentionally left a backdoor in hundreds of Fortune 500 companies - zendesk.md
Telekopye transitions to targeting tourists via hotel booking scam
ESET Research shares new findings about Telekopye, a scam toolkit used to defraud people on online marketplaces, and newly on accommodation booking platforms.
Pokemon developer Game Freak hit with hack, internal info leaking
Pokemon developer Game Freak hit with big hack, leaking source code news about MMO-like game Synapse with ILCA, and more.
UK Ambulance Services targeted by Kremlin-protected Russian hackers
A cyber security expert warns the hack, uncovered by i, presents a 'terrible threat to public health safety'
Hackers Advertise Stolen Verizon Push-to-Talk ‘Call Logs’
The breach does not appear to impact the main consumer Verizon network, and instead involves the company’s push to talk (PTT) product, marketed to public sector agencies and enterprises.
A Mysterious Hacking Group Has 2 New Tools to Steal Data From Air-Gapped Machines | WIRED
It's hard enough creating one air-gap-jumping tool. Researchers say the group GoldenJackal did it twice in five years.
Microsoft deprecates PPTP and L2TP VPN protocols in Windows Server
Microsoft has officially deprecated the Point-to-Point Tunneling Protocol (PPTP) and Layer 2 Tunneling Protocol (L2TP) in future versions of Windows Server, recommending admins switch to different protocols that offer increased security. #Deprecated #L2TP #Microsoft #PPTP #Server #VPN #Windows
Hacked Robot Vacuums Across the U.S. Started Yelling Slurs
"It could have been worse," one owner incredibly concluded.
After breach of billions of records, National Public Data files for bankruptcy | Cybernews
National Public Data, a company responsible for a massive leak of Social Security numbers in the summer, has filed for bankruptcy. That's unsurprising.