Russia's GRU possibly behind cyberattack on Ukraine's government, SBU says
"All the Justice Ministry's data has been saved. Recovery is underway," Deputy PM and Justice Minister Olha Stefanishyna said.
Palo Alto Releases Patch for PAN-OS DoS Flaw
Palo Alto Networks has disclosed a high-severity vulnerability impacting PAN-OS software that could cause a denial-of-service (DoS) condition on susceptible devices. The flaw, tracked as CVE-2024-3393 (CVSS score: 8.7), impacts PAN-OS versions 10.X and 11.X, as well as Prisma Access running PAN-OS versions. It has been addressed in PAN-OS 10.1.14-h8, PAN-OS 10.2.10-h12, PAN-OS 11.1.5, PAN-OS 11.2.3, and all later PAN-OS versions.
Finnish authorities board ship suspected of cutting subsea Internet and power cables
Four Internet cables cut in latest Baltic Sea incident
Russia is using bitcoin in foreign trade, finance minister says
Russian companies have begun using bitcoin and other digital currencies in international payments following legislative changes that allowed such use in order to counter Western sanctions, Finance Minister Anton Siluanov said on Wednesday. Sanctions have complicated Russia's trade with its major partners such as China or Turkey, as local banks are extremely cautious with Russia-related transactions to avoid scrutiny from Western regulators.
Israel's Mossad spent years orchestrating Hezbollah pager plot
Retired Israeli case agents behind Mossad's boobytrapped pagers and walkie-talkies in Lebanon explain how they got Hezbollah to buy the devices and the plots' impact on the Middle East.
Astrill VPN and Remote Worker Fraud - Spur
"Recently, various intelligence and threat analysis teams have identified a concerning trend: North Korean state actors are infiltrating companies and organizations around the world in an attempt to facilitate the clandestine transfer of funds to support North Korea’s state apparatus. Specifically, these actors have favored the use of Astrill VPN to obscure their digital footprints while applying for remote positions." "While it’s been several months since these articles were published, we continue to see reports from our customers of fraudulent re mote worker campaigns originating from Astrill VPN IP addresses."
Inside Operation Destabilise: How a ransomware investigation linked Russian money laundering and street-level drug dealing
U.K. investigators tell the story of how examining a cybercrime group's extortion funds helped to unravel a money-laundering network reaching from the illegal drug trade to Moscow's elite.
2024-12 Reference Advisory: Session Smart Router: Mirai malware found on systems when the default password remains unchanged
n Wednesday, December 11, 2024, several customers reported suspicious behavior on their Session Smart Network (SSN) platforms. These systems have been infected with the Mirai malware and were subsequently used as a DDOS attack source to other devices accessible by their network. The impacted systems were all using default passwords. Any customer not following recommended best practices and still using default passwords can be considered compromised as the default SSR passwords have been added to the virus database.
Malicious ads push Lumma infostealer via fake CAPTCHA pages
A large-scale malvertising campaign distributed the Lumma Stealer info-stealing malware through fake CAPTCHA verification pages that prompt users to run PowerShell commands to verify they are not a bot.
Effective Phishing Campaign Targeting European Companies and Organizations
A phishing campaign targeting European companies used fake forms made with HubSpot's Free Form Builder, leading to credential harvesting and Azure account takeover. A phishing campaign targeting European companies used fake forms made with HubSpot's Free Form Builder, leading to credential harvesting and Azure account takeover.
APT29 Hackers Target High-Value Victims Using Rogue RDP Servers and PyRDP
The Russia-linked APT29 threat actor has been observed repurposing a legitimate red teaming attack methodology as part of cyber attacks leveraging malicious Remote Desktop Protocol (RDP) configuration files. The activity, which has targeted governments and armed forces, think tanks, academic researchers, and Ukrainian entities, entails adopting a "rogue RDP" technique that was previously documented by Black Hills Information Security in 2022, Trend Micro said in a report.
Judge rules NSO Group is liable for spyware hacks targeting 1,400 WhatsApp user devices
The precedent-setting ruling from a Northern California federal judge could lead to massive damages against NSO Group, whose notorious spyware has been reportedly used by various governments worldwide.
BeyondTrust Remote Support SaaS Service Security Investigation
BeyondTrust identified a security incident that involved a limited number of Remote Support SaaS customers. On December 5th, 2024, a root cause analysis into a Remote Support SaaS issue identified an API key for Remote Support SaaS had been compromised. BeyondTrust immediately revoked the API key, notified known impacted customers, and suspended those instances the same day while providing alternative Remote Support SaaS instances for those customers. 12/12/24 While the security incident forensics investigation remains ongoing, there are no material updates to provide at this time. We continue to pursue all possible paths as part of the forensic analysis, with the assistance of external forensic parties, to ensure we conduct as thorough an investigation as possible. We continue to communicate, and work closely with, all known affected customers. We will continue to provide updates here until our investigation is concluded.
Medion hack? BlackBasta ransomware has allegedly copied 1.5 TB of data | heise online
Cyber criminals claim to have successfully attacked Medion, a distributor of electronic products.
'AI mafia' gang bombards London restaurant with scathing fake Google reviews to extort £10,000
A shell-shocked owner woke to find a barrage of one-star reviews had dragged her Google rating from 4.9 to 2.3 virtually overnight.
China 'compromised' Canadian government networks and stole valuable info: spy agency | CBC News
Threat actors sponsored by China “compromised” government networks over the past five years and collected valuable information, says a new report from Canada’s cyber spy agency.
Ascension: Health data of 5.6 million stolen in ransomware attack
Ascension, one of the largest private U.S. healthcare systems, is notifying over 5.6 million patients and employees that their personal and health data was stolen in a May cyberattack linked to the Black Basta ransomware operation.
DigiEver Fix That IoT Thing!
- A vulnerability in DigiEver DS-2105 Pro DVRs is being exploited to spread malware. The Akamai Security Intelligence Research Team (SIRT) noticed this activity in their honeypots on November 18, 2024. The vulnerability was originally discovered by Ta-Lun Yen and a CVE identifier has been requested by the Akamai SIRT. The malware is a Mirai variant that has been modified to use improved encryption algorithms. We have included a list of indicators of compromise (IoCs) in this blog post to assist in defense against this threat.
NotLockBit: A Deep Dive Into the New Ransomware Threat | Qualys Security Blog
NotLockBit is a new and emerging ransomware family that actively mimics the behavior and tactics of the well-known LockBit ransomware.
A new playground: Malicious campaigns proliferate from VSCode to npm
To avoid compromised packages being introduced as a dependency in a larger project, security teams need to keep an eye peeled for such malicious code.
The Rise of Alliances: NoName057(16)'s Transformation in 2024
In the dynamic and rapidly shifting landscape of hacktivism, few entities have managed to capture as much attention as NoName057(16). Once branded as the
Google Calendar Notifications Bypassing Email Security Policies
Google Calendar is a tool for organizing schedules and managing time, designed to assist individuals and businesses in planning their days efficiently.
Three Months After the Storm: Did Cybercriminals Move to Telegram Alternatives? • KELA Cyber Threat Intelligence
Introduction Telegram, as previously reported by KELA, is a popular and legitimate messaging platform that has evolved in the past few years into a major platform for cybercriminal activities. Its lack of strict content moderation has made the platform cybercriminals’ playground. They use the platform for distribution of stolen data and hacking tools, publicizing their […]
Phishing platform Rockstar 2FA trips, and “FlowerStorm” picks up the pieces – Sophos News
A sudden disruption of a major phishing-as-a-service provider leads to the rise of another…that looks very familiar
Hacker Leaks Cisco Data
IntelBroker has leaked 2.9 Gb of data stolen recently from a Cisco DevHub instance, but claims it’s only a fraction of the total.
Supply Chain Attack on Rspack npm Packages Injects Cryptojac...
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
DHS Says China, Russia, Iran, and Israel Are Spying on People in US with SS7
The Department of Homeland Security knows which countries SS7 attacks are primarily originating from. Others include countries in Europe, Africa, and the Middle East.
China’s Propaganda Expansion: Inside the Rise of International Communication Centers (ICCs)
China's ICCs reshape global propaganda via targeted messaging, social media, and influence networks to amplify the Communist Party's voice globally.
Weibo is losing influencers over legal display name rule - Rest of World
Chinese social media platforms like WeChat, Douyin, Zhihu, Xiaohongshu, and Weibo now required popular users’ legal names to be made visible to the public.
How to Lose a Fortune with Just One Bad Click
Adam Griffin is still in disbelief over how quickly he was robbed of nearly $500,000 in cryptocurrencies. A scammer called using a real Google phone number to warn his Gmail account was being hacked, sent email security alerts directly from…