IT Security Newsletter - 8/31/2022
China-linked APT40 gang targets wind farms, Australian government
Researchers at security company Proofpoint and PricewaterhouseCoopers (PWC) said on Tuesday they had identified a cyber espionage campaign that delivers the ScanBox exploitation framework through a malicious fake Australian news site. The campaign, active from April to June of this year, targeted Australian government agencies, Australian media companies and manufacturers who conduct maintenance on wind turbine fleets in the South China Sea. READ MORE...
Ukraine takes down cybercrime group hitting crypto fraud victims
The National Police of Ukraine (NPU) took down a network of call centers used by a cybercrime group focused on financial scams and targeting victims of cryptocurrency scams under the guise of helping them recover their stolen funds. The fraudsters behind these illegal call centers were also allegedly involved in scamming citizens of Ukraine and European Union countries interested in cryptocurrency, securities, gold, and oil investments. READ MORE...
British Airways customers targeted in lost luggage Twitter scam
Getting back into the travel habit? Jumping on a plane soon? Experienced a bit of a luggage disaster and looking for help on social media? Watch out, because a lack of prior research could prove very costly. Word has spread of a bogus Twitter account pretending to be a customer support channel of British Airways. Now suspended, the fraud operation seems to have taken a fair bit of cash before being shut down. READ MORE...
Cybercriminals Apparently Involved in Russia-Linked Attack on Montenegro Government
Montenegro has been targeted in a disruptive cyberattack blamed on Russian hackers, and a known ransomware group may have been involved. The country's Agency for National Security announced last week that government servers had been targeted in an ongoing attack that was described as massive and coordinated. The attack targeted government systems and other critical infrastructure, and managed to cause some disruptions. READ MORE...
Hackers hide malware in James Webb telescope images
Threat analysts have spotted a new malware campaign dubbed 'GO#WEBBFUSCATOR' that relies on phishing emails, malicious documents, and space images from the James Webb telescope to spread malware. The malware is written in Golang, a programming language that is gaining popularity among cybercriminals because it is cross-platform (Windows, Linux, Mac) and offers increased resistance to reverse engineering and analysis. READ MORE...
Krebs on Security: How 1-Time Passcodes Became a Corporate Liability
Phishers are enjoying remarkable success using text messages to steal remote access credentials and one-time passcodes from employees at some of the world's largest technology companies and customer support firms. A recent spate of SMS phishing attacks from one cybercriminal group has spawned a flurry of breach disclosures from affected companies, which are all struggling to combat the same lingering security threat: The ability of scammers to interact directly with employees through their mobile devices. READ MORE...
Chromium browsers can write to the system clipboard without your permission
If you are a user of Google Chrome or any other Chromium-based web browser, then websites may push anything they want to the operating system's clipboard without your permission or any user interaction. This means that by simply visiting a website, the data on your clipboard may be overwritten without your consent or knowledge. In layman's terms, the clipboard is where the data lives while you copy and paste, or cut and paste for that matter. READ MORE...
- ...in 1897, Thomas Edison patents the Kinetoscope, an early movie viewing device that was the first to use a perforated film strip.
- ...in 1920, the first news radio program is broadcast in Detroit, MI by amateur-licensed station 8MK, known today as WWJ 950.
- ...in 1990, Seattle Mariners Ken Griffey and Ken Griffey Jr. become first father and son to play on same team simultaneously in professional baseball.
- ...in 2006, Norwegian police recover Edvard Munch's famous painting "The Scream", which had been stolen two years prior.