iPhones of US diplomats hacked using "0-click" exploits from embattled NSO
The iPhones of nine US State Department officials were infected by powerful and stealthy malware developed by NSO Group, the Israeli exploit seller that has come under increasing scrutiny for selling its wares to customers who in turn use it to spy on journalists, lawyers, activists, and US allies. The US officials, either stationed in Uganda or focusing on issues related to that country, received warnings like this one from Apple informing them their iPhones were being targeted by hackers. READ MORE...
Cyberattack Causes Significant Disruption at Colorado Electric Utility
An electric utility in Colorado has disclosed an apparent ransomware attack that resulted in significant disruption and damage. The Delta-Montrose Electric Association (DMEA) is a member-owned and locally controlled rural electric cooperative that serves more than 34,000 customers in Colorado's Montrose, Delta, and Gunnison counties. It is part of Touchstone Energy Cooperatives, a cooperative federation that has over 750 members across the United States. READ MORE...
Convincing Microsoft phishing uses fake Office 365 spam alerts
A persuasive and ongoing series of phishing attacks are using fake Office 365 notifications asking the recipients to review blocked spam messages, with the end goal of stealing their Microsoft credentials. What makes these phishing emails especially convincing is the use of quarantine[at]messaging.microsoft[.]com to send them to potential targets and the display name matching the recipients' domains. READ MORE...
Who Is the Network Access Broker 'Babam'?
Rarely do cybercriminal gangs that deploy ransomware gain the initial access to the target themselves. More commonly, that access is purchased from a cybercriminal broker who specializes in acquiring remote access credentials - such as usernames and passwords needed to remotely connect to the target's network. In this post we'll look at the clues left behind by "Babam," the handle chosen by a cybercriminal who has sold such access to ransomware groups on many occasions over the past few years. READ MORE...
Iranians Charged for Cryptojacking After U.S. Firm Gets $760,000 Cloud Bill
Two Iranian nationals have been charged this week in Missouri for allegedly running a cryptojacking operation that targeted at least one company in the United States. The accused are Danial Jeloudar and Saeeid Safaei, and they are both believed to be living abroad. They have been charged with conspiracy to commit wire fraud. According to prosecutors, Jeloudar and Safaei "fraudulently" gained access to a cloud services account used by a tech company in St Charles, Missouri. READ MORE...
FBI: Cuba ransomware breached 49 US critical infrastructure orgs
The Federal Bureau of Investigation (FBI) has revealed that the Cuba ransomware gang has compromised the networks of at least 49 organizations from US critical infrastructure sectors. "The FBI has identified, as of early November 2021 that Cuba ransomware actors have compromised at least 49 entities in five critical infrastructure sectors, including but not limited to the financial, government, healthcare, manufacturing, and information technology sectors," the federal law enforcement agency said. READ MORE...
Emails show what happened before Missouri gov. falsely called journalist a "hacker"
Missouri state government officials planned to publicly thank a journalist who discovered a security flaw until a drastic change in strategy resulted in the governor labeling the journalist a "hacker," while threatening both a lawsuit and prosecution. As we wrote on October 14, St. Louis Post-Dispatch reporter Josh Renaud identified a security flaw that exposed the Social Security numbers of teachers and other school employees in unencrypted form in the HTML source code of a publicly accessible website. READ MORE...
Netgear router flaws exploitable with authentication ... like the default creds on Netgear's website
Two arbitrary code execution vulnerabilities affecting a number of Netgear routers aimed at small businesses have been patched following research by Immersive Labs. The vulns rely on authenticated access to affected devices so aren't an immediate threat. They do, however, allow someone with remote access to the router to pwn the device's underlying OS, threatening the security of data passing through the router. READ MORE...
- ...1884, the Washington Monument is completed in Washington, D.C.
- ...in 1865, the Thirteenth Amendment to the U.S. Constitution is ratified, abolishing slavery and involuntary servitude, except as punishment for a crime.
- ...in 1920, jazz pianist and composer Dave Brubeck ("Take Five") is born in Concord, CA.
- ...in 1955, deadpan comedian and writer Steven Wright ("It's a small world, but I wouldn't want to paint it.") is born in Cambridge, MA.
