iSpoof domains seized UK's largest bank call scam disrupted

mastermind named

British citizen and resident of east London, Teejai Fletcher, is suspected to be the mastermind of this scam campaign

#CoSoSec

https://www.hackread.com/police-seize-ispoof-domain-bank-call-scam/

A threat actor associated with cyberespionage operations since at least 2017 has been luring victims with fake VPN software for Android that is a trojanized version of legitimate software SoftVPN and OpenVPN.

Researchers say that the campaign was "highly targeted" and aimed at stealing contact and call data, device location, as well as messages from multiple apps.

#CoSoSec

It is worth noting that none of the trojanized VPN versions were available through Google Play

https://www.bleepingcomputer.com/news/security/hackers-modify-popular-openvpn-android-app-to-include-spyware/

The new 'AXLocker' ransomware family is not only encrypting victims' files and demanding a ransom payment but also stealing the Discord accounts of infected users.

#CoSoSec

https://www.bleepingcomputer.com/news/security/new-ransomware-encrypts-files-then-steals-your-discord-account/

The MacKeeper app could be the vehicle for nearly 50% of all Mac malware

#CoSoSec

https://www.tomsguide.com/news/new-report-says-nearly-half-of-macos-malware-comes-from-single-app-delete-it-now

Phishing emails distributing the QBot malware are using a DLL hijacking flaw in the Windows 10 Control Panel to infect computers, likely as an attempt to evade detection by security software.

DLL hijacking is a common attack method that takes advantage of how Dynamic Link Libraries (DLLs) are loaded in Windows.

#CoSoSec

https://www.bleepingcomputer.com/news/security/qbot-phishing-abuses-windows-control-panel-exe-to-infect-devices/amp/

Bejesus

The story of how I could steal credentials on Infosec Mastodon with a HTML injection vulnerability, without needing to bypass CSP.

Stealing passwords from infosec Mastodon - without bypassing CSP

#CoSoSec

https://portswigger.net/research/stealing-passwords-from-infosec-mastodon-without-bypassing-csp

HaveIBeenPwned serves as a platform for those who can search for their email address to find whether it was accessed by hackers via a data breach. But what if the platform itself gets infiltrated and leaks the whole of its database to cyber crooks?

Well, unconfirmed reports state that the entire database owned by the Microsoft Regional Director Troy Hunt was hacked by cyber criminals through an unknown vulnerability.

#CoSoSec

https://www.cybersecurity-insiders.com/cyber-attack-on-haveibeenpwned-leaks-email-data-to-hackers/

A series of attacks targeting transportation and logistics organizations in Ukraine and Poland with Prestige ransomware since October have been linked to an elite Russian military cyberespionage group.

Researchers with Microsoft Security Threat Intelligence (MSTIC) pinned the ransomware attacks on the Russian Sandworm threat group

#CoSoSec

https://www.bleepingcomputer.com/news/security/russian-military-hackers-linked-to-ransomware-attacks-in-ukraine/

Can negotiating your firm’s ransomware payment actually be fun?

Well, if it’s a game rather than the real thing then yes!

The inventive bods at the Financial Times have created an imaginative ransomware negotiation simulator

https://ig.ft.com/ransomware-game/

which lets you imagine you’re in the hot seat at a hacked company, trying to stop cybercriminals from releasing sensitive data they have stolen from your systems

More here:

https://grahamcluley.com/how-to-have-fun-negotiating-with-a-ransomware-gang/

#CoSoSec

Interesting

This image shows its own MD5 checksum — and it's kind of a big deal

generating a file containing its own checksum as part of its content is a task quite daunting, if not seemingly impossible due to a paradox involved in the process

#CoSoSec

https://www.bleepingcomputer.com/news/security/this-image-shows-its-own-md5-checksum-and-its-kind-of-a-big-deal/

A leet image with a 1337 hash

(Preview of the image that displays its own MD5 hash within pixels - David Buchanan)

A disgruntled developer seems to be responsible for the leak of the builder for the latest encryptor of the LockBit ransomware gang

The latest version of the encryptor, version 3.0, was released by the gang in June. According to the gang, LockBit 3.0 has important novelties such as a bug bounty program, Zcash payment, and new extortion tactics. The gang has been active since at least 2019 and today it is one of the most active ransomware gangs

#CoSoSec

https://securityaffairs.co/wordpress/136056/data-breach/lockbit-3-0-builder-leak.html

GitHub is warning of an ongoing phishing campaign that started on September 16 and is targeting its users with emails that impersonate the CircleCI continuous integration and delivery platform.

The bogus messages inform recipients that the user terms and privacy policy have changed

#CoSoSec

https://www.bleepingcomputer.com/news/security/hackers-stealing-github-accounts-using-fake-circleci-notifications/

Alert: 15-year-old Python tarfile flaw lurks in 'over 350,000' code projects
Oh cool, a 5,500-day security hole

At least 350,000 open source projects are believed to be potentially vulnerable to exploitation via a Python module flaw that has remained unfixed for 15 years.

#CoSoSec

https://www.theregister.com/2022/09/22/python_vulnerability_tarfile/

SIM swap scam, port-out scam, SIM jacking, SIM hijacking, SIM Intercept attack, etc

Articles like this, along with CoSoNauts advice, have been posted many times over the years at #CoSoSec since it showed in my feedReader I'll share

How to Protect Yourself from a Sim Swap Attack?

https://appuals.com/protect-yourself-from-sim-swap-attack/

Some extended spellchecking features added into Google Chrome and Microsoft Edge web browsers have been found to be leaking sensitive information back to their parent companies.

Both browsers have basic, built-in spellchecking features enabled by default

#CoSoSec

https://www.techradar.com/news/your-browser-spellchecker-could-be-leaking-your-passwords

Revolut has suffered a cyberattack that gave an unauthorized third party access to personal information of tens of thousands of clients

According to the breach disclosure to the State Data Protection Inspectorate in Lithuania, where Revolut has a banking license, 50,150 customers have been impacted.

#CoSoSec

https://www.bleepingcomputer.com/news/security/revolut-hack-exposes-data-of-50-000-users-fuels-new-phishing-wave

Mullvad creates a hardware company

We are now announcing the creation of our new sister company called Tillitis AB. Today the company announces its upcoming product, the Tillitis Key

https://www.tillitis.se/

The Tillitis Key can be used for purposes such as logging in to computers and websites or to make digital signatures

#CoSoTech #CoSoSec

https://mullvad.net/en/blog/2022/9/19/mullvad-creates-a-hardware-company/

Attackers are capitalising on the power of the Facebook brand by sending emails that appear to be from Facebook Ads Manager

The plan is to trick victims into providing their credentials and credit card information on a Facebook lead generation form

The "appeal form" link takes visitors to a credential-harvesting site that collects passwords and credit card information using a real Facebook lead-generation form

#CoSoSec

https://www.cysecurity.news/2022/09/attackers-abuse-facebook-ad-manager-in.html

A new malware bundle uses victims' YouTube channels to upload malicious video tutorials advertising fake cheats and cracks for popular video games to spread the malicious package further

#CoSoSec

https://www.bleepingcomputer.com/news/security/new-malware-bundle-self-spreads-through-youtube-gaming-videos/

Threat actors may abuse Notepad++ plugins

#CoSoSec

https://www.infosecurity-magazine.com/news/notepad-plugins-attackers/