IT Security Newsletter

IT Security Newsletter - 11/22/2024

Written by Cadre | Fri, Nov 22, 2024

Feds Charge Five Men in 'Scattered Spider' Roundup

Federal prosecutors in Los Angeles this week unsealed criminal charges against five men alleged to be members of a hacking group responsible for dozens of cyber intrusions at major U.S. technology companies between 2021 and 2023, including LastPass, MailChimp, Okta, T-Mobile and Twilio. The five men, aged 20 to 25, are allegedly members of a hacking conspiracy dubbed "Scattered Spider" and "Oktapus," which specialized in SMS-based phishing attacks. READ MORE...

Active network of North Korean IT front companies exposed

An analysis of the websites belonging to companies that served as a front for getting North Korean IT workers remote jobs with businesses worldwide has revealed an active network of such companies originating in China. US authorities have been warning about North Korean IT workers' tactics to bypass sanctions for a number of years, and have repeatedly seized website domains that looked like they belong to legitimate IT services companies. READ MORE...

Russian Cyberespionage Group Hit 60 Victims in Asia, Europe

A Russia-linked cyberespionage group has made over 60 victims in Asia and Europe, mainly in the government, human rights, and education sectors, Recorded Future reports. Initially identified in May 2023 and tracked as TAG-110, the threat actor's activity overlaps that of UAC-0063, which Ukraine's CERT team has linked to Russian state-sponsored advanced persistent threat (APT) actor APT28 (also known as BlueDelta, Fancy Bear, Forrest Blizzard, Sednit, and Sofacy). READ MORE...

US Takes Down Stolen Credit Card Marketplace PopeyeTools

The US Department of Justice this week announced the seizure of PopeyeTools, a marketplace for trading stolen credit card information, and charges against three of its administrators. PopeyeTools, DoJ announced, was disrupted after the US legally seized its .com, .co.uk, and .to domains that facilitated access to the marketplace. According to court documents, in or around 2016, PopeyeTools was already a significant online marketplace for trading financial information and tools. READ MORE...

The limits of AI-based deepfake detection

In this Help Net Security interview, Ben Colman, CEO of Reality Defender, discusses the challenges of detecting high-quality deepfakes in real-world applications. He addresses the effectiveness and limitations of watermarking, AI-based detection, and the potential of emerging technologies in securing media authenticity. Colman also emphasizes the importance of public education, sector-specific AI implementation, and proactive research collaboration to counter rapidly advancing deepfake tactics. READ MORE...

Study Finds 76% of Cybersecurity Professionals Believe AI Should Be Heavily Regulated

As artificial intelligence (AI) continues to revolutionize industries, the cybersecurity field faces a dual-edged sword of opportunities and threats. StrongDM's latest report, "The State of AI in Cybersecurity," highlights the growing concerns and readiness of cybersecurity professionals to tackle AI-driven challenges. Based on a survey of 600 cybersecurity professionals, the report sheds light on pressing issues around AI regulation, perceived threats, defense confidence, and more. READ MORE...

SafePay ransomware gang claims Microlise attack that disrupted prison van tracking

The new SafePay ransomware gang has claimed responsibility for the attack on UK telematics biz Microlise, giving the company less than 24 hours to pay its extortion demands before leaking data. SafePay claims to have stolen 1.2 TB. Microlise, which offers vehicle tracking services and more to the likes of DHL and Serco - both of which were confirmed as collateral damage in Microlise's incident - told The Register that some of its data was stolen earlier this month. READ MORE...

Chinese hackers target Linux with new WolfsBane malware

A new Linux backdoor called 'WolfsBane' has been discovered, believed to be a port of Windows malware used by the Chinese 'Gelsemium' hacking group. ESET security researchers who analyzed WolfsBane report that WolfsBane is a complete malware tool featuring a dropper, launcher, and backdoor, while it also uses a modified open-source rootkit to evade detection. The researchers also discovered 'FireWood,' another Linux malware that appears linked to the 'Project Wood' Windows malware. READ MORE...

Meta cracks down on millions of accounts it tied to pig-butchering scams

Facebook and Instagram parent company Meta has taken down millions of accounts this year linked to overseas scam centers that enable a kind of cyber-related, fast-growing fraud known as "pig butchering," the social media giant said Thursday. The account takedowns are part of a multifaceted Meta strategy to combat scams that have cost U.S. victims billions of dollars of losses in recent years, and the result of two years' worth of efforts from the company. READ MORE...

Microsoft seizes websites tied to Egypt-based DIY phishing kit-maker

Microsoft obtained a court order allowing it to seize 240 websites it says are linked to an Egypt-based seller of do-it-yourself phishing kits used to break into the tech giant's user accounts, the company said Thursday. The kit-maker, Abanoub Nady - known online as MRxC0DER - used the brand name ONNX to sell the services, the trademark name of which is owned by the Linux Foundation. Linux is a co-plaintiff in the civil court order unsealed in the Eastern District of Virginia. READ MORE...

  • ...in 1958, actress Jamie Lee Curtis ("Halloween", "A Fish Called Wanda") is born in Santa Monica, CA.
  • ...in 1965, actor Mads Mikkelsen ("Casino Royale", "Hannibal") is born in Copenhagen, Denmark.
  • ...in 1968, The Beatles release a self-titled double album, popularly known as "The White Album" for its minimal cover design.
  • ...in 1995, Disney releases the Pixar movie "Toy Story", the first full-length animated feature film made entirely with computer-generated imagery.