U.S. Indicts 2 Top Russian Hackers, Sanctions Cryptex
The United States today unveiled sanctions and indictments against the alleged proprietor of Joker's Stash, a now-defunct cybercrime store that peddled tens of millions of payment cards stolen in some of the largest data breaches of the past decade. The government also indicted and sanctioned a top Russian cybercriminal known as Taleon, whose cryptocurrency exchange Cryptex has evolved into one of Russia's most active money laundering networks. READ MORE...
RansomHub genius tries to put the squeeze on Delaware Libraries
Despite being top of the ransomware tree at the moment, RansomHub - specifically, one of its affiliates - clearly isn't that bright as they are reportedly trying to extort Delaware Libraries for around $1 million. Public libraries are a core facility of any town or city and the pillars of society, supporting the community through various means, yet they're notoriously underfunded, raising the question of why they'd be targeted. READ MORE...
CISA: Hackers target industrial systems using "unsophisticated methods"
?CISA warned today of threat actors trying to breach critical infrastructure networks by targeting Internet-exposed industrial devices using "unsophisticated" methods like brute force attacks and default credentials. According to the cybersecurity agency, these ongoing attacks targeting critical infrastructure OT and ICS devices are also impacting water and wastewater systems. READ MORE...
Remote Code Execution, DoS Vulnerabilities Patched in OpenPLC
Cisco's Talos threat intelligence and research unit has disclosed the details of several recently patched OpenPLC vulnerabilities that can be exploited for DoS attacks and remote code execution. OpenPLC is a fully open source programmable logic controller (PLC) that is designed to provide a low-cost industrial automation solution. It's also advertised as ideal for conducting research. READ MORE...
GenAI Writes Malicious Code to Spread AsyncRAT
Threat actors have used generative artificial intelligence (GenAI) to write malicious code in the wild to spread an open source remote access Trojan (RAT). It's one of the first observed examples of attackers weaponizing the chatbot technology for this purpose. Researchers from HP Wolf Security have found evidence of the campaign, in which the attackers used GenAI to help them write VBScript and JavaScript code that was then used to distribute the AsyncRAT. READ MORE...
Victims lose $70k to one single wallet-draining app on Google's Play Store
The latest in a long line of cryptocurrency wallet-draining attacks has stolen $70,000 from people who downloaded a dodgy app in a single campaign researchers describe as a world-first. A fraudulent app targeted web3 users on Google's Play Store, piggybacking on the name and reputation of the legitimate WalletConnect protocol, which is used for connecting decentralized applications and wallets. It also doesn't have an official app on the Play Store. READ MORE...
NIST Drops Password Complexity, Mandatory Reset Rules
The National Institute of Standards and Technology (NIST) is no longer recommending using a mixture of character types in passwords or regularly changing passwords. NIST's second public draft version of its password guidelines (SP 800-63-4) outlines technical requirements as well as recommended best practices for password management and authentication. READ MORE...
- ...in 1774, legendary conservationist and missionary John Chapman, aka "Johnny Appleseed", was born in Leominster, MA.
- ...in 1960, the first-ever televised presidential debate takes place between candidates Richard M. Nixon and John F. Kennedy.
- ...in 1966, the first Chevrolet Camaro appeared.
- ...in 1969, the last studio album by the Beatles, "Abbey Road", is released.
