Remember the recent North Korea sponsored attack on security researchers? This article has a screenshot of one of the actual Phishing messages.
https://safernet.it/state-sponsored-hackers-cybersecurity/
They have been busy little bees.
https://us-cert.cisa.gov/ncas/curren...vity-applejeusCISA, the Federal Bureau of Investigation, and the Department of the Treasury have released a Joint Cybersecurity Advisory and seven Malware Analysis Reports (MARs) on the North Korean government’s dissemination of malware that facilitates the theft of cryptocurrency—referred to by the U.S. Government as “AppleJeus.”
The U.S. Government refers to malicious cyber activity by the North Korean government as HIDDEN COBRA.
CISA encourages users and administrators to review the following resources for more information.
- Joint Cybersecurity Advisory: AppleJeus: Analysis of North Korea’s Cryptocurrency Malware
- MAR-10322463-1.v1: AppleJeus – Celas Trade Pro
- MAR-10322463-2.v1: AppleJeus – JMT Trading
- MAR-10322463-3.v1: AppleJeus – Union Crypto
- MAR-10322463-4.v1: AppleJeus – Kupay Wallet
- MAR-10322463-5.v1: AppleJeus – CoinGoTrade
- MAR-10322463-6.v1: AppleJeus – Dorusio
- MAR-10322463-7.v1: AppleJeus – Ants2Whale
- North Korean Malicious Cyber Activity page
The big guy can't feed his own people but has plenty of cash to train and/or hire some of the world's best hackers. Piece of work.
I don't normally post tweets but Microsoft don't normally use the word "rampant".
https://twitter.com/MsftSecIntel/sta...62191304019968We’re tracking a rampant phishing attack that uses DGA domains, free email services, and even compromised email accounts to send massive numbers of phishing emails. These emails are linked by open redirector URLs that begin with a distinct pattern: hxxps://t[.]domain[.]tld/r/?
A user on a popular hacker forum is selling three databases that purportedly contain user credentials and device data stolen from three different Android VPN services – SuperVPN, GeckoVPN, and ChatVPN – with 21 million user records being sold in total.
https://cybernews.com/security/one-of-the-biggest-android-vpns-hacked-data-of-21-million-users-from-3-android-vpns-put-for-sale-online/?web_view=true
So stay away from Xerox multifunction printers then....
A legal demand has allegedly prevented a security conference speaker from holding a talk on Xerox printers.
On February 18, a copy of a notice published by Infiltrate security conference organizers was posted to Twitter. The statement revealed that a planned talk by Raphaël Rigo, a security researcher from Airbus Security Lab, was canceled.
The presentation was due to happen on February 18 at 11:00 EST. However, with what appeared to be less than an hour to go, Infiltrate said the event was canceled and “apologized for the inconvenience”.
“I regret to inform you that we received notification this morning that ‘pending legal action’ we cannot present Raphaël’s Xerox research,” the notice from Infiltrate reads.
“Sadly, we must cancel the event today. We must cease and desist publication, presentation, and discussions related to the content of Raphaël’s talk.”
https://portswigger.net/daily-swig/xerox-legal-threat-reportedly-silences-researcher-at-infiltrate-security-conference
New ransomware doesn't demand money, but instead requires victims to join a Discord server. And if you can't join the server, they decode your stuff anyway. Looks like someone is practicing for something bigger.
https://www.bleepingcomputer.com/news/security/new-ransomware-only-decrypts-victims-who-join-their-discord-server/
US Preparing Cyberattack Against Russia Over SolarWinds Hack: Report
According to a report from The New York Times, the Biden administration is planning cyberattacks against Russia in the coming weeks. The cyber offensive could come with new sanctions and would mark a serious escalation towards Moscow from the new administration.
Anonymous US officials told the Times that the first "major move" is expected to happen over the next three weeks. It will consist of a "series of clandestine actions across Russian networks that are intended to be evident to President Vladimir Putin and his intelligence services and military but not to the wider world."
Watch all the Russophobes cheer this on. Yes ! Lets attack our only nuclear equal. Great idea !
^ The only suggested alternative so far, which means by default that it's the best.
Probably should have done that a bit earlier...
Ouch
Acer reportedly hit with $50 million ransomware demand - The VergeAcer reportedly hit with $50 million ransomware demand
The attack looks to be the work of the REvil group that hit Travelex last year
Am I bad for laughing?
"CNA is one of the larger providers of cyber insurance in the country".
OK this is getting serious. Now the bastards are nicking your porn!
'We have your porn collection': The rise of extortionware
Big Oops.
Whistleblower: Ubiquiti Breach “Catastrophic” — Krebs on SecurityWhistleblower: Ubiquiti Breach “Catastrophic”
Facebook data on millions of user accounts leaked online in latest breach
Leaked data from 533 million Facebook users across the world was posted online. Information security experts believe the leaked information will be used for cybercrimes by bad actors.
Facebook data on millions of user accounts leaked online in latest breach | News | DW | 04.04.2021
Feds say hackers are likely exploiting critical Fortinet VPN vulnerabilities | Ars TechnicaFeds say hackers are likely exploiting critical Fortinet VPN vulnerabilities.
Exploits allow hackers to log into VPNs and then access other network resources.
None of these exploits are new and anyone getting hit by them deserves it for appalling security hygiene.
advanced persistent threat (APT) actors are actively exploiting known Fortinet FortiOS vulnerabilities CVE-2018-13379, CVE-2020-12812, and CVE-2019-5591.
Now it's SAP's turn....
Malicious Cyber Activity Targeting Critical SAP Applications | CISA
There are currently 11 users browsing this thread. (0 members and 11 guests)