Interpol operation nets 41 arrests, takedown of 22,000 malicious IPs
The global operation was intended to root out malicious IP addresses used for phishing, ransomware and infostealer malware.
cyberveille.decio.ch
EDR Bypass Testing Reveals Extortion Actor's Toolkit
A threat actor attempted to use an AV/EDR bypass tool in an extortion attempt. Instead, the tool provided Unit 42 insight into the threat actor.
ClickFix tactic: Revenge of detection
Detect the ClickFix tactic: a social engineering technique using fake video calls and CAPTCHA pages to deploy malicious code.
Cisco notifies ‘limited set’ of customers after hacker accessed non-public files
The company has said it didn't suffer a breach, but announced a threat actor downloaded data on a public-facing DevHub environment.
Schneider Electric confirms dev platform breach after hacker steals data
Schneider Electric has confirmed a developer platform was breached after a threat actor claimed to steal 40GB of data from the company's JIRA server.
CRON#TRAP: Emulated Linux Environments as the Latest Tactic in Malware Staging - Securonix
In a rather novel attack chain, attackers deploy a custom-made emulated QEMU Linux box to persist on endpoints, delivered through phishing emails.
The story behind HISAA
Health care breaches lead to legislation Highlights of the new standard include: Performing and documenting a security risk analysis of exposure Documentation of a business continuity plan (BCP) Stress test of resiliency and documentation of any planned changes to the BCP A signed statement by both the CEO and CISO of compliance * A third-party audit to certify compliance (no later than six months after enactment)
SmokeBuster Tool
- ThreatLabz has developed a tool named SmokeBuster to detect, analyze, and remediate infections. SmokeBuster supports 32-bit and 64-bit instances of SmokeLoader and versions 2017-2022. The tool is compatible with Windows 7 to Windows 11. SmokeLoader is a malware downloader that originated in 2011. The malware is primarily designed to deliver second-stage payloads, which include information stealers and ransomware. Despite a major disruption by Operation Endgame in May 2024, SmokeLoader continues to be used by numerous threat groups largely due to numerous cracked versions publicly available on the internet. The last four versions of SmokeLoader contain coding flaws that significantly impact an infected system’s performance.
Censorship Attack against the Tor network
In the last few days, many Tor relay operators - mainly hosting relay nodes on providers like Hetzner - began receiving abuse notices. All the abuses reported many failed SSH login attempts - part of a brute force attack - coming from their Tor relays. Tor relays normally only transport traffic between a guard and an exit node of the Tor network, and per-se should not perform any SSH connections to internet-facing hosts, let alone performing SSH brute force attacks.
Massive hack-for-hire scandal rocks Italian political elites
The president and former prime minister were among targets of hackers selling highly sensitive data.
Un prestataire des missions locales victime d’un acte de cyber-malveillance
Le ministère du Travail et de l’Emploi a pris connaissance de la violation du système d’information, porté par un prestataire de services, utilisé par le réseau des Missions locales. Cette cyber-attaque a eu lieu dans la nuit du 23 octobre 2024 au 24 octobre 2024. Des investigations sont en cours chez le prestataire pour connaître l’origine de cet évènement. La sécurité des systèmes d’information du réseau des Missions locales elles-mêmes n’est pas en cause.
Cyber attack on pharmaceutical distributor AEP
AEP GmbH was the victim of a targeted cyber attack on October 28, which led to the partial encryption of the company's IT systems. The company's own security systems detected the attack. The company provides information about this on its website.
DDoS site Dstat.cc seized and two suspects arrested in Germany
The Dstat.cc DDoS review platform has been seized by law enforcement, and two suspects have been arrested after the service helped fuel distributed denial-of-service attacks for years.
Zero-Click Flaw Exposes Potentially Millions of Popular Storage Devices to Attack
A vulnerability categorized as “critical” in a photo app installed by default on Synology network-attached storage devices could give attackers the ability to steal data and worse.
Inside Sophos' 5-Year War With the Chinese Hackers Hijacking Its Devices
Sophos went so far as to plant surveillance “implants” on its own devices to catch the hackers at work—and in doing so, revealed a glimpse into China's R&D pipeline of intrusion techniques.
Botnet 7777: Are You Betting on a Compromised Router?
Discover the latest insights on the Quad7 / 7777 botnet in our detailed analysis. Learn about the expansion of this resilient threat, its targeting patterns, and proactive measures to defend against compromised routers. Stay informed with our up-to-date findings and recommendations.
Chinese threat actor Storm-0940 uses credentials from password spray attacks from a covert network
Since August 2023, Microsoft has observed intrusion activity targeting and successfully stealing credentials from multiple Microsoft customers that is enabled by highly evasive password spray attacks. Microsoft has linked the source of these password spray attacks to a network of compromised devices we track as CovertNetwork-1658, also known as xlogin and Quad7 (7777). Microsoft is […]
Exclusive: Chinese researchers develop AI model for military use on back of Meta's Llama
- Papers show China reworked Llama model for military tool China's top PLA-linked Academy of Military Science involved Meta says PLA 'unauthorised' to use Llama model * Pentagon says it is monitoring competitors' AI capabilities
Jumpy Pisces Engages in Play Ransomware
A first-ever collaboration between DPRK-based Jumpy Pisces and Play ransomware signals a possible shift in tactics.
Pacific Rim: Inside the Counter-Offensive—The TTPs Used to Neutralize China-Based Threats
Sophos X-Ops unveils five-year investigation tracking China-based groups targeting perimeter devices
Every Doggo Has Its Day: Unleashing the Xiū Gǒu Phishing Kit
Key data This article explores Netcraft’s research into Xiū gǒu (修狗), a phishing kit in use since at least September 2024 to deploy phishing campaigns ...
Update your iPhone, Mac, Watch: Apple issues patches for several vulnerabilities | Malwarebytes
Apple has issued patches for several of its operating systems. The ones for iOS and iPadOS deserve your immediate attention.
Amazon identified internet domains abused by APT29
APT29 aka Midnight Blizzard recently attempted to phish thousands of people. Building on work by CERT-UA, Amazon recently identified internet domains abused by APT29, a group widely attributed to Russia’s Foreign Intelligence Service (SVR). In this instance, their targets were associated with government agencies, enterprises, and militaries, and the phishing campaign was apparently aimed at […]
Midnight Blizzard conducts large-scale spear-phishing campaign using RDP files
Since October 22, 2024, Microsoft Threat Intelligence has observed Russian threat actor Midnight Blizzard sending a series of highly targeted spear-phishing emails to individuals in government, academia, defense, non-governmental organizations, and other sectors. This activity is ongoing, and Microsoft will continue to investigate and provide updates as available. Based on our investigation of previous Midnight […]
ClickFix tactic: The Phantom Meet
Analyse the ClickFix tactic and related campaigns. Uncover a ClickFix campaign impersonating Google Meet and cybercrime infrastructure.
Attacker Abuses Victim Resources to Reap Rewards from Titan Network
- Trend Micro researchers observed an attacker exploiting the Atlassian Confluence vulnerability CVE-2023-22527 to achieve remote code execution for cryptomining via the Titan Network. The malicious actor used public IP lookup services and various system commands to gather details about the compromised machine. The attack involved downloading and executing multiple shell scripts to install Titan binaries and connect to the Titan Network with the attacker’s identity. * The malicious actor connects compromised machines to the Cassini Testnet, which allows them to participate in the delegated proof of stake system for reward tokens.
Elon Musk-Funded PAC Supercharges ‘Progress 2028’ Democrat Impersonation Ad Campaign
An Elon Musk-funded PAC is targeting Republicans with ads that depict a fever-dream caricature of what Harris would do if elected president.
ReliaQuest Uncovers New Black Basta Social Engineering Technique - ReliaQuest
ReliaQuest has observed a new Black Basta social engineering campaign targeting users via Microsoft Teams and malicious QR codes.
Change Healthcare says 100 million people impacted by February ransomware attack
Change Healthcare updated filings with the federal government to warn that about 100 million people had information accessed by hackers during a ransomware attack in February. The Department of Health and Human Services’s (HHS) Office for Civil Rights said Change Healthcare notified them on October 22 that “approximately 100 million individual notices have been sent regarding this breach.”
US names and charges Maxim Rudometov with developing the Redline infostealer
An unsealed criminal complaint says U.S. investigators used public evidence from various online platforms to identify a Russian national as the alleged creator of the Redline malware.