IT Security Newsletter - 5/1/2025
Alleged 'Scattered Spider' Member Extradited to U.S.
A 23-year-old Scottish man thought to be a member of the prolific Scattered Spider cybercrime group was extradited last week from Spain to the United States, where he is facing charges of wire fraud, conspiracy and identity theft. U.S. prosecutors allege Tyler Robert Buchanan and co-conspirators hacked into dozens of companies in the United States and abroad, and that he personally controlled more than $26 million stolen from victims. READ MORE...
Canadian Electric Utility Hit by Cyberattack
Canadian electric utility Nova Scotia Power and its parent company Emera are responding to a disruptive cyberattack. The attack came to light on April 25, when Emera and Nova Scotia Power discovered unauthorized access to some parts of their Canadian network and servers used for business applications. Impacted servers were shut down and isolated in response to the hack. IT systems, including the utility's customer care phone line and online portal, were disrupted. READ MORE...
Putin's Cyberattacks on Ukraine Rise 70%, With Little Effect
Russian cyberattacks against Ukraine rose approximately 70% last year, but the number of truly critical incidents dropped even more, to 84%. New data from the Computer Emergency Response Team of Ukraine (CERT-UA) shows that in 2024, Ukraine faced more cyberattacks from Russia than ever before, and by some distance. At the same time, though, a historically low number of those have actually materialized into serious events with real consequences. READ MORE...
FBI shares massive list of 42,000 LabHost phishing domains
The FBI has shared 42,000 phishing domains tied to the LabHost cybercrime platform, one of the largest global phishing-as-a-service (PhaaS) platforms that was dismantled in April 2024. The published domains were registered between November 2021 and April 2024, the time of its seizure, and are being shared to increase awareness and provide indicators of compromise. LabHost was a major PhaaS platform that sold access to an extensive set of phishing kits targeting U.S. and Canadian banks. READ MORE...
Zero-day attacks on browsers and smartphones drop, says Google
Cybercriminals are having less success targeting end-user technology with zero-day attacks, said Google's security team this week. While most attacks do still target personal technology like smartphones and browsers, the focus is moving increasingly to enterprise tech. Zero-day vulnerabilities are those that are exploited before vendors have a chance to patch them - and often before they even know about them. Attackers using these flaws to compromise systems are still primarily espionage groups. READ MORE...
The 3 biggest cybersecurity threats to small businesses
In an online world filled with extraordinarily sophisticated cyberattacks, small businesses are forced to prioritize a different type of cyberattack: The type that gets through. Without robust IT budgets or fully staffed cybersecurity departments, small businesses often rely on their own small stable of workers to stay safe online. That means that what worries these businesses most in cybersecurity is what is most likely to work against them. READ MORE...
Prolific RansomHub Operation Goes Dark
RansomHub, an aggressive ransomware-as-a-service (RaaS) operation that gained prominence over the past year in the wake of law enforcement actions against LockBit and ALPHV, appears to have abruptly gone dark earlier this month. In a new report this week that offers an in-depth look at RansomHub's affiliate recruitment methods, negotiation tactics, and aggressive extortion strategies, researchers at Group-IB described the operation as inactive since April 1. READ MORE...
WordPress plugin disguised as a security tool injects backdoor
A new malware campaign targeting WordPress sites employs a malicious plugin disguised as a security tool to trick users into installing and trusting it. According to Wordfence researchers, the malware provides attackers with persistent access, remote code execution, and JavaScript injection. At the same time, it remains hidden from the plugin dashboard to evade detection. Wordfence first discovered the malware during a site cleanup in late January 2025. READ MORE...
Maryland man pleads guilty to outsourcing US govt work to North Korean dev in China
A Maryland man has pleaded guilty to fraud after landing a job with a contractor working on US government software, and then outsourcing the work to a self-described North Korean developer in China. Minh Phuong Ngoc Vong is a Vietnamese-born naturalized US citizen. He recently pleaded guilty conspiracy to commit wire fraud for his role in a multi-year scheme that defraud US companies into hiring him as a remote software developer, while the actual work was carried out by individuals overseas. READ MORE...
SentinelOne Targeted by North Korean IT Workers, Ransomware Groups, Chinese Hackers
Enterprise cybersecurity solutions provider SentinelOne has shared some information on the types of threat actors that have targeted the company recently. It's not uncommon for cybersecurity firms to be targeted by threat actors. Companies such as Avast, Dragos, Doctor Web, FireEye, Kaspersky, and Zscaler confirmed being attacked in the past. SentinelOne reported this week that it too is regularly targeted by threat actors. READ MORE...
- ...in 1893, the World's Columbian Exposition opens in Chicago, with such attractions as the original Ferris Wheel and the first moving walkway.
- ...in 1930, the dwarf planet Pluto is officially named, based on a suggestion from an English schoolgirl, Venetia Burney.
- ...in 1931, the Empire State Building is dedicated in New York City. It remains the world's tallest building for nearly 40 years.
- ...in 1960, an American U-2 spy plane piloted by Gary Francis Powers is shot down while conducting espionage over the Soviet Union.
- ...in 1999, the cartoon series "SpongeBob SquarePants", created by former marine biologist Stephen Hillenburg, premieres on Nickelodeon.