The Underground ransomware gang announced a massive operation recently.

#Hackers #Cybersecurity #CoSoSec

The hackers listed 11 victims on their leak website, along with a short summary of each. The amount of data leaked varies between 35 GB and 1,6 TB.

https://twitter.com/FalconFeedsio/status/1785863314721079794

Why Shouldn't You Upload Files So Readily On Your Browser?

#CoSoSec

Recent findings by cybersecurity researchers have surfaced a new ransomware threat that exploits web browsers, potentially putting users' files at risk

https://www.cysecurity.news/2024/04/why-shouldnt-you-upload-files-so.html

lmao #CoSoSec

the UK has made it illegal for bad passwords to be used as defaults

"admin & "12345" new laws in the UK aim to make it tougher for cyber attacks to succeed and increase consumer confidence in the security of the products they use and buy

Under the new regime, manufacturers will be banned from having weak, easily guessable default passwords like ‘admin’ or ‘12345’ and if there is a common password the user will be promoted to change it on start-up.

https://www.gov.uk/government/news/new-laws-to-protect-consumers-from-cyber-criminals-come-into-force-in-the-uk

$105k/yr to run Security Copilot(that's a real price)

#CoSoSec humor

Musk's aerospace manufacturing and space transport services firm, SpaceX, is believed to have experienced a cybersecurity incident involving a data breach with Hunters International, an infamous hacker group that allegedly released samples of the SpaceX data breach.

#CoSoSec #SpaceX

SpaceX Data Breach: Hunters International Publishes Alleged Stolen Data

https://www.cysecurity.news/2024/04/spacex-data-breach-hunters.html

Japanese police create fake support scam payment cards to warn victims

#CoSoSec

By placing the dummy cards in the electronic money sections of 34 local convenience stores, the Echizen Police have been testing a new method to fight tech support scams.

https://www.bleepingcomputer.com/news/security/japanese-police-create-fake-support-scam-payment-cards-to-warn-victims/

Their purpose is to warn elder victims seeking payment cards at the instructions of fraudsters.

The cards are labeled "Virus Trojan Horse Removal Payment Card" and "Unpaid Bill Late Fee Payment Card,"

"Kremlin-backed hackers have been exploiting a critical Microsoft vulnerability for four years,"

#CoSoSec

"When Microsoft patched the vulnerability in October 2022 — at least two years after it came under attack by the Russian hackers — the company made no mention that it was under active exploitation."

https://it.slashdot.org/story/24/04/27/0420253/a-windows-vulnerability-reported-by-the-nsa-was-exploited-to-install-russian-malware

https://counter.social/@ecksmc/112320991958886507

#CoSoSec

A novel attack on Android TVs, where people might sign into their Google account in an Airbnb or an office. Usually they're locked down, but by downloading other software an attacker can access the entire contents of the Google account, email, drive, more

https://www.404media.co/android-tvs-can-expose-user-email-inboxes/

Gee, you mean a £300- TV from China shouldn’t be trusted with your Google account?

Security researchers have discovered a new Android banking trojan they named Brokewell that can capture every event on the device

#CoSoSec #Android

The malware is delivered through a fake Google Chrome update that is shown while using the web browser

Researchers at fraud risk company ThreatFabric found Brokewell after investigating a fake Chrome update page that dropped a payload, a common method for tricking unsuspecting users into installing malware.

https://www.threatfabric.com/blogs/brokewell-do-not-go-broke-by-new-banking-malware

Russian Cyberspies Deliver ‘GooseEgg’ Malware to Government Organizations

#CoSoSec

Russia-linked APT28 deploys the GooseEgg post-exploitation tool against numerous US and European organizations.

https://www.securityweek.com/russian-cyberspies-deliver-gooseegg-malware-to-government-organizations/

#CoSoSec

New citizen lab report finds vulnerabilities in the security of cloud-based pinyin keyboard apps from vendors Baidu, Honor, iFlytek, OPPO, Samsung, Tencent, Vivo, and Xiaomi that could be exploited to reveal what a user types (keystrokes).

Having your keystrokes intercepted is a huge privacy and security risk.

Read full report

https://citizenlab.ca/2024/04/vulnerabilities-across-keyboard-apps-reveal-keystrokes-to-network-eavesdroppers/

A new info-stealing malware linked to Redline poses as a game cheat called 'Cheat Lab,' promising downloaders a free copy if they convince their friends to install it too.

#CoSoSec #Gamers #CoSoGaming

The malicious Redline payloads impersonate demos of cheating tools called "Cheat Lab" and "Cheater Pro" through URLs linked to Microsoft's 'vcpkg' GitHub repository.

https://www.bleepingcomputer.com/news/security/fake-cheat-lures-gamers-into-spreading-infostealer-malware/

McAfee threat researchers report

https://www.mcafee.com/blogs/other-blogs/mcafee-labs/redline-stealer-a-novel-approach/

#CoSoSec

Dozens arrested and thousands of victims contacted after scam site taken offline

As many as 70,000 UK victims were tricked by LabHost's scams

LabHost's scams, which obtained 480,000 card numbers and 64,000 PINs globally.

Set up in 2021 by a criminal network, LabHost enabled users to set up phishing websites designed to trick victims into revealing personal information such as email addresses, passwords, and bank details.

https://www.met.police.uk/advice/advice-and-information/wsi/watch-schemes-initiatives/operation-stargrew/labhost-disruption/

#CoSoSec humor 😆

a spy site is scraping Discord, archiving users’ messages/activity across servers including what voice channels they join, and then selling access to that data for as little as $5.

#Discord #CoSoSec

The site is called Spy Pet. "Have you ever wondered where your friend hangs out on Discord? [...] Look no further!" its site reads. It says it's scraping more than 14,000 Discord servers, more than 4 billion messages

https://www.404media.co/a-spy-site-is-scraping-discord-and-selling-users-messages/

Muted the audio? That's an advert. Paused a video? That's an advert

#CoSoTV #CoSoSec

Roku TVs of the future may throw up targeted ads on the screen whenever you pause a video.

https://theregister.com/2024/04/17/roku_tv_ad_patent/

Cybersecurity researchers have discovered a new campaign that's exploiting a recently disclosed security flaw in Fortinet FortiClient EMS devices to deliver ScreenConnect and Metasploit Powerfun payloads.

#CoSoSec

Cybersecurity firm Forescout is tracking the campaign under the codename Connect:fun owing to the use of ScreenConnect and Powerfun for post-exploitation.

https://www.forescout.com/blog/connectfun-new-exploit-campaign-in-the-wild-targets-media-company/

#CoSoSec #CyberCrime

with the emergence of an audacious group of young criminal hackers from the U.S., U.K. and Canada the FBI calls Scattered Spider. More troubling, they have teamed up with Russia's most notorious ransomware gang.

https://www.cbsnews.com/news/cybersecurity-investigators-worry-ransomware-attacks-may-worsen-as-young-hackers-in-us-work-with-russians-60-minutes-transcript/

Scattered spider

https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-320a

#CoSoSec

According to a recent discovery by Varonis Threat Labs, two new techniques have emerged that pose a significant threat to data security within SharePoint, a widely used platform for file management. These techniques enable users to evade detection and retreat files without triggering alarm bells in audit logs.

report:

https://www.varonis.com/blog/sidestepping-detection-while-exfiltrating-sharepoint-data

Sysdig Threat Research Team has uncovered a Romanian cybercriminal group it believes has been operational for at least ten years. The researchers have named the group RubyCarp.

#CoSoSec

This raises two immediate questions: why do they believe the group is Romanian, and how can a criminal group be undiscovered for ten years?