Information Technology Security

By Sophie Webster, Tech Times A Canadian who previously worked as an IT expert for the Canadian government has pleaded guilty to being a high-level hacker. He also admitted to being a member of a Russian cyber-crime group. 

By Bill Toulas,  Bleeping Computer The Ukrainian cyberpolice force arrested nine members of a criminal group that operated over 400 phishing websites crafted to appear like legitimate EU portals offering financial assistance to Ukrainians. The threat actors used forms on the site to steal visitors' payment card data and online banking account credentials and perform fraudulent, unauthorized transactions like moving funds to accounts under their control. According to the police's estimates, the total damage caused by this cybercrime operation is 100 million hryvnias, or approximately $3,360,000, stolen from roughly 5,000 victimized citizens. Citizens who have entered personal details on any of the following domains should consider themselves compromised and report it to the cyberpolice and their bank to receive further instructions. The announcement does not mention how users ended up on the phishing sites, but it could be via spam email, SEO poisoning, direct messages, or scam

In the meantime, at least five major VPN players have decided to remove their physical VPN servers from the country. By Michael Kan, PC Magazine India’s new policy that requires VPN services to log and potentially turn over data on their customers was supposed to go into effect on Monday, but the country has decided to push back the date by three months.  The policy is now set to go into effect on Sept. 25. The Indian government settled on the new date, citing requests from companies asking for an extension.  “Further, additional time has been sought for implementation of mechanism for validation of subscribers/customers by Data Centres, Virtual Private Server (VPS) providers, Cloud Service providers and Virtual Private Network Service (VPN Service) providers,” Indian authorities announced on Tuesday.  India introduced the policy back in May with the goal of helping the country fight cybercrime. Soon, all internet and cloud service providers will need to maintain logs of their systems,

By Bill Toulas,  Bleeping Computer LockBit ransomware affiliates are using an interesting trick to get people into infecting their devices by disguising their malware as copyright claims. The recipients of these emails are warned about a copyright violation, allegedly having used media files without the creator's license. These emails demand that the recipient remove the infringing content from their websites, or they will face legal action. The emails, spotted by analysts at AhnLab, Korea, do not determine which files were unfairly used in the body and instead tell the recipient to download and open the attached file to see the infringement content. The attachment is a password-protected ZIP archive containing a compressed file, which in turn has an executable disguised as a PDF document, but in reality, is an NSIS installer. The reason for this wrapping and password protection is to evade detection from email security tools. If the victim opens the supposed "PDF" to lea

By Sean Lyngaas, CNN An "intense, ongoing" cyberattack has hit the websites of government agencies and private firms in Lithuania, the Baltic country's defense ministry said Monday. A Russian-speaking hacking group, known as Killnet , claimed responsibility for at least some of the hacks, saying they were in retaliation for Lithuania blocking the shipment of some goods to the Russian enclave of Kaliningrad, which is wedged between Lithuania and Poland. Monday's cyberattacks were aimed in part at Lithuania's Secure Data Transfer Network, a communications network for government officials that is built to withstand war and other crises, according to the defense ministry. "Part of the Secure National Data Transfer Network users have been unable to access services, work is in progress to restore it to normal," Lithuania's National Cyber Security Centre (NKSC) said in a statement issued by the defense ministry. "It is highly probable that such, or eve

By Lawrence Abrams,  Bleeping Computer A clever, new phishing technique uses Microsoft Edge WebView2 applications to steal victim's authentication cookies, allowing threat actors to bypass multi-factor authentication when logging into stolen accounts. With the large number of data breaches, remote access trojan attacks, and phishing campaigns, stolen login credentials have become abundant. However, the increasing adoption of multi-factor authentication (MFA) has made it difficult to use these stolen credentials unless the threat actor also has access to the target's one-time MFA passcodes or security keys. This has led to threat actors and researchers coming up with new ways of bypassing MFA, including zero-day website vulnerabilities, reverse proxies, and clever techniques, such as the Browser in the Browser attack and utilizing VNC to display remote browsers locally. This week, cybersecurity researcher mr.d0x has created a new phishing method that uses Microsoft Edge WebView2

By Dalvin Brown, Wall Street Journal Just as you set up a living will or a power of attorney, it’s a good idea to set up your online accounts so that someone else can access them after you’ve passed on. It’s no fun to think about a day when we’re no longer here, but facing reality can save work and heartache for relatives and heirs. If you haven’t set up digital-legacy contacts or other means to share accounts after your death, your heirs typically have to go through a lengthy process to gain access to your data. In some cases, such as with some password managers, there may be no way for heirs to gain access unless you take steps in advance. Read on

By Bill Toulas,  Bleeping Computer Two Chinese hacking groups conducting cyber espionage and stealing intellectual property from Japanese and western companies are deploying ransomware as a decoy to cover up their malicious activities. Threat analysts from Secureworks say that the use of ransomware in espionage operations is done to obscure their tracks, make attribution harder, and create a powerful distraction for defenders. Finally, the exfiltration of the sensitive information is masked as financially-motivated attacks, which isn't the case with Chinese government-sponsored threat groups.

By Sam Shead, CNBC Armed with little more than a computer, hackers are increasingly setting their sights on some of the biggest things that humans can build. Vast container ships and chunky freight planes — essential in today’s global economy — can now be brought to a halt by a new generation of code warriors. “The reality is that an aeroplane or vessel, like any digital system, can be hacked,” David Emm, a principal security researcher at cyber firm Kaspersky, told CNBC. Indeed, this was proven by the U.S. government during a “pen-test” exercise on a Boeing aircraft in 2019.

By Bill Toulas,  Bleeping Computer The National Cyber Security Center (NKSC) of Lithuania has issued a public warning about a steep increase in distributed denial of service (DDoS) attacks directed against public authorities in the country. DDoS is a special type of cyberattack that causes internet servers to be overwhelmed by a large number of requests and garbage traffic, rendering the hosted sites and services inaccessible for legitimate visitors and users. According to NKSC, due to these cyberattacks, Lithuania's transportation agencies, financial institutions, and other large entities have experienced temporary service disruptions. “The NCSC urges all managers of critical information infrastructure and state information resources to take additional security measures and to follow the NCSC recommendations for protection against service disruption attacks,” advises the public notice. The agency provided a link to a PDF containing extensive guidance on defending against all types

By CBS A Japanese city has been left with more than a headache after admitting a contractor lost a USB containing personal data on all 460,000 residents during a night out. The western city of Amagasaki said Thursday that a private contractor, whose name has not been disclosed, was carrying the memory stick when he went to have drinks after work. But the individual, who was working on a municipal pandemic relief program, lost the bag containing the USB on Tuesday evening.  "We deeply regret that we have profoundly harmed the public's trust in the administration of the city," an Amagasaki official told a press conference. The information was copied onto the USB to facilitate its transfer to a call center in nearby Osaka. It included the names, genders, addresses, birthdays and other personal information of all the city's residents, as well as tax data and bank account information on some locals, the city said. But there may be a silver lining, as the city says the data

By Bill Toulas,  Bleeping Computer A lesser-known ransomware strain called AstraLocker has recently released its second major version, and according to threat analysts, its operators engage in rapid attacks that drop its payload directly from email attachments. This approach is quite unusual as all the intermediate steps that typically characterize email attacks are there to help evade detection and minimize the chances of raising red flags on email security products. According to ReversingLabs, which has been following AstraLocker operations, the adversaries don’t seem to care about reconnaissance, evaluation of valuable files, and lateral network movement. Instead, they are performing "smash-n-grab" attacks to his immediately hit with maximum force aiming for a quick payout.

By Bill Toulas,  Bleeping Computer The Ukrainian Computer Emergency Response Team (CERT) is warning that Russian hacking groups are exploiting the Follina code execution vulnerability in new phishing campaigns to install the CredoMap malware and Cobalt Strike beacons. The APT28 hacking group is believed to be sending emails containing a malicious document name "Nuclear Terrorism A Very Real Threat.rtf.". The threat actors selected the topic of this email to entice recipients to open it, exploiting the fear that's spread among Ukrainians about a potential nuclear attack. Threat actors also used a similar tactic in May 2022, when CERT-UA identified the dissemination of malicious documents warning about a chemical attack. The RTF document used in the APT28 campaign attempts to exploit CVE-2022-30190, aka "Follina," to download and launch the CredoMap malware (docx.exe) on a target's device. This vulnerability is a flaw in the Microsoft Diagnostic Tool, exploite

By  Krebs On Security Authorities in the United States, Germany, the Netherlands and the U.K. last week said they dismantled the “RSOCKS” botnet, a collection of millions of hacked devices that were sold as “proxies” to cybercriminals looking for ways to route their malicious traffic through someone else’s computer. While the coordinated action did not name the Russian hackers allegedly behind RSOCKS, KrebsOnSecurity has identified its owner as a 35-year-old Russian man living abroad who also runs the world’s top Russian spamming forum. According to a statement by the U.S. Department of Justice, RSOCKS offered clients access to IP addresses assigned to devices that had been hacked: “A cybercriminal who wanted to utilize the RSOCKS platform could use a web browser to navigate to a web-based ‘storefront’ (i.e., a public web site that allows users to purchase access to the botnet), which allowed the customer to pay to rent access to a pool of proxies for a specified daily, weekly, or mont

When a ransomware attacker isn’t up to snuff, the damage might be limited. By Tim Culpan,  Bloomberg For more than two decades, ransomware attacks have been the bane of corporate IT managers and their CEOs, and a source of much research for cybersecurity professionals. An underground market for hacking and encryption tools has helped such incursions proliferate, but thankfully a recent case shows what we can learn when attackers don’t know what they’re doing.  Unlike other cyber nuisances, such as viruses, which replicate and cause mayhem, or denial of service attacks, which bring networks to a grinding halt, ransomware is almost impossible to unwind once it’s been deployed successfully. That’s because they use encryption to lock up the files, with a secret decryption key being the only route out.  Rather than try to undo this encryption, most victims just write off the files and restore their systems using backups. This can take days or weeks, assuming the target has good data practic

By Bill Toulas,  Bleeping Computer Flagstar Bank is notifying 1.5 million customers of a data breach where hackers accessed personal data during a December cyberattack. Flagstar is a Michigan-based financial services provider and one of the largest banks in the United States, having total assets of over $30 billion. According to data breach notifications sent to exposed customers, Flagstar experienced a security incident in December 2021 when intruders breached the bank’s corporate network.  After an investigation, the bank discovered on June 2nd that the threat actors accessed sensitive customer details, including full names and social security numbers. “Upon learning of the incident, we promptly activated our incident response plan, engaged external cybersecurity professionals experienced in handling these types of incidents, and reported the matter to federal law enforcement,” explains the notice. “We have no evidence that any of the information has been misused. Nevertheless, out o

Report: The attack targeted municipal alert systems but did not breach essential IDF infrastructure. By  JNS A suspected Iranian cyber attack likely set off rocket-warning sirens in the cities of Jerusalem and Eilat on Sunday, Israeli media reported. Israeli cyber-security authorities said the attack targeted municipal alert systems but did not breach essential IDF infrastructure, according to Ynet. Authorities “instructed local councils to take precautionary steps to secure their alert systems, since they were activated by municipal alert systems and not by the IDF’s Home Front Command,” the report issued on Monday said. The report cited Yoram Cohen, head of the Israel Internet Association, as saying that the hack “did not appear to harm any vital infrastructure,” but that it had once again exposed vulnerabilities in civilian systems. “There is a gap between Israel’s excellent cyber defenses on critical infrastructure compared to non-critical civilian systems,” said Cohen. “This was n

By Loukia Papadopoulos,  Interesting Engineering What is on the horizon in Russia's war plans? According to Neal Higgins, deputy national cyber director for national cybersecurity, there could be more cyber warfare. The cybersecurity professional spoke to DefenseNews on June 14 at an event hosted by Defense One and had some pretty revealing comments.

By Sergiu Gatlan,  Bleeping Computer This month's Windows Server updates are causing a wide range of issues, including VPN and RDP connectivity problems on servers with Routing and Remote Access Service (RRAS) enabled. RRAS is a Windows service that offers additional TCP connectivity and routing features, including remote access or site-to-site connectivity with the help of virtual private network (VPN) or dial-up connections. Last week, Microsoft released the Windows Server 2019 2012 R2 KB5014746, the Windows Server 2019 KB5014692, the Windows Server 20H2 KB5014699, and the Windows Server 2022 KB5014678 updates as part of the June 2022 Patch Tuesday. However, after deploying these recent updates, Windows admins have reported experiencing multiple issues that could only be resolved after completely uninstalling the updates. One of the more severe problems is the servers freezing for several minutes after a client connects to the RRAS server with SSTP.

By Scott Ikeda,  CPO Magazine A new advanced persistent threat (APT) group linked to China has been discovered by SentinelLabs, but only after conducting cyber espionage campaigns under the radar since 2013. The Chinese hackers have been given the name “Aoqin Dragon,” appear to specialize in targeting the Asia Pacific region and likes to lure victims with malicious documents that appear to be salacious ads for pornography sites.

By Bill Toulas,  Bleeping Computer A new phishing campaign has been targeting U.S. organizations in the military, security software, manufacturing supply chain, healthcare and pharmaceutical sectors to steal Microsoft Office 365 and Outlook credentials. The operation is ongoing and the threat actor behind it uses fake voicemail notifications to lure victims into opening a malicious HTML attachment. Campaign overview According to researchers at cloud security company ZScaler, the recently discovered campaign shares tactics, techniques, and procedures (TTPs) with another operation analyzed in mid-2020. The threat actors leverage email services in Japan to route their messages and spoof the sender's address, making it look like the emails come from an address belonging to the targeted organization. The email has an HTML attachment that uses a music note character in the naming to make it appear as if the file is a sound clip. In reality, the file contains obfuscated JavaScript code th

By Jak Connor,  Tweaktown Apple has been accused of "intentionally crippling" web apps, so users are forced into downloading native search apps such as Safari. The accusations come from Telegram founder Pavel Durov, who explained in a post that web apps on iPhone are forced to use WebKit to develop web-based apps, and within this WebKit are a slew of problems that Apple has reportedly ignored for approximately 15 years. Apple guidelines dictate that all apps listed on the App Store are prevented from unrestricted public channels, hence developers turning to web-based applications as a workaround. The Telegram founder says Apple forces developers to use WebKit for all browsers on iOS, which means users can't simply download Firefox or Chrome to get around the issues. Additionally, since no improvements are being issued for the WebKit so developers can improve the performance/experience of web-based apps, it seems that Apple is attempting to steer users to Safari where it c

By Bill Toulas,  Bleeping Computer A recently launched carding site called 'BidenCash' is trying to get notoriety by leaking credit card details along with information about their owners. The platform was set up at the end of April but kept its offerings to lower level because its infrastructure was not ready to accommodate large-scale operations. On Thursday, June 16, BidenCash admins decided to give away a CSV file containing names, addresses, telephone numbers, emails, and credit card numbers for free to promote their platform. BidenCash admin promoting the new store on a darknet forum Credit: KELA In total, the file has close to eight million lines but not all have credit card details. According to Italian cybersecurity company D3Lab, there are about 6,600 credit cards in the database. Furthermore, there are about 1,300 credit cards that are new and valid, most of them being from VISA and belonging to U.S.-based individuals. However, the set includes over three million uniq

By Sergiu Gatlan,  Bleeping Computer An ongoing outage affects multiple Microsoft 365 services, with customers worldwide reporting delays, sign-in failures, and issues accessing their accounts. Starting with Monday, June 20, at 11:00 PM UTC, users have been experiencing and reporting being asked to re-login, emails stuck in queues and not getting delivered, while others say they were unable to access their Exchange Online mailboxes via any connection method they tried.  The affected services include the Exchange Online hosted email platform for businesses and the Microsoft Teams communication platform, as well as SharePoint Online, the Graph API, and Universal Print. "Users may encounter delays and experience failures when accessing some M365 services," Microsoft explained in a service alert sent to Microsoft 365 customers. "Users may also experience failures when using search functions within the impacted services." Microsoft says it is currently redirecting Micros

Israeli cybersecurity company CheckPoint revealed that Iranian hackers broke into email accounts of senior Israeli officials to gather critical intel. By  United With Israel As tensions mount between Iran and Israel, Israeli cyber security company CheckPoint revealed that Iranian hackers broke into the email accounts of senior Israeli officials to gather critical intel. Some of the high-profile targets included former Foreign Minister Tzipi Livni, a reserve general who dealt with sensitive and complex matters, the former US ambassador to Israel, and the head of a large security research institute in Israel. Gil Messing, CEO of CheckPoint, discusses what the hackers managed to achieve and what all Israelis should do to protect themselves.

By Sergiu Gatlan,  Bleeping Computer Cloudflare says a massive outage that affected more than a dozen of its data centers and hundreds of major online platforms and services today was caused by a change that should have increased network resilience. "Today, June 21, 2022, Cloudflare suffered an outage that affected traffic in 19 of our data centers," Cloudflare said after investigating the incident. "Unfortunately, these 19 locations handle a significant proportion of our global traffic. This outage was caused by a change that was part of a long-running project to increase resilience in our busiest locations." According to user reports, the full list of affected websites and services includes, but it's not limited to, Amazon, Twitch, Amazon Web Services, Steam, Coinbase, Telegram, Discord, DoorDash, Gitlab, and more.

By Sergiu Gatlan,  Bleeping Computer Citrix warned customers to deploy security updates that address a critical Citrix Application Delivery Management (ADM) vulnerability that can let attackers reset admin passwords. Citrix ADM is a web-based solution that provides admins with a centralized cloud-based console for managing on-premises or cloud Citrix deployments, including Citrix Application Delivery Controller (ADC), Citrix Gateway, and Citrix Secure Web Gateway. The bug (tracked as CVE-2022-27511 and reported by Florian Hauser of Code White) is caused by an Improper Access Control weakness. It affects all supported versions of Citrix ADM server and Citrix ADM agent (i.e., Citrix ADM 13.0 before 13.0-85.19 and Citrix ADM 13.1 before 13.1-21.53). Successful exploitation of this security flaw can allow unauthenticated threat actors to corrupt unpatched systems remotely, leading to admin password reset. "The impact of this can include the reset of the administrator password at the n

By  Krebs On Security Check out this handmade sign posted to the front door of a shuttered Jimmy John’s sandwich chain shop in Missouri last week. See if you can tell from the store owner’s message what happened. If you guessed that someone in the Jimmy John’s store might have fallen victim to a Business Email Compromise (BEC) or “CEO fraud” scheme — wherein the scammers impersonate company executives to steal money — you’d be in good company. In fact, that was my initial assumption when a reader in Missouri shared this photo after being turned away from his favorite local sub shop. But a conversation with the store’s owner Steve Saladin brought home the truth that some of the best solutions to fighting fraud are even more low-tech than BEC scams. Visit any random fast-casual dining establishment and there’s a good chance you’ll see a sign somewhere from the management telling customers their next meal is free if they don’t receive a receipt with their food. While it may not be obvious

Ransomware attacks have traditionally targeted data across endpoints or network drives. Until now, IT and security teams felt that cloud drives would be more resilient to ransomware attacks. After all, the now-familiar “AutoSave” feature along with versioning and the good old recycle bin for files should have been sufficient as backups. However, that may not be the case for much longer.  Proofpoint has discovered a potentially dangerous piece of functionality in Office 365 or Microsoft 365 that allows ransomware to encrypt files stored on SharePoint and OneDrive in a way that makes them unrecoverable without dedicated backups or a decryption key from the attacker.   Our research focused on two of the most popular enterprise cloud apps - SharePoint Online and OneDrive within the Microsoft 365 and Office 365 suites and shows that ransomware actors can now target organizations’ data in the cloud and launch attacks on cloud infrastructure.    Read on!

By Vilius Petkauskas,  Cybernews Russian adversaries increasingly focus on targeting the cloud environment, Crowdstrike’s Global Threat Report on Cloud Security revealed. Fancy Bear, a Russian adversary associated with Russia’s Main Intelligence Directorate (GRU), used to rely on malware-based spear-phishing attacks, the report claims. However, with their tactics exposed by the US Department of Justice (DoJ), hackers have refocused their attention on cloud service providers. Since Fancy Bear’s primary source of intelligence comes from various credential harvesting practices that allow penetrating target organizations and individuals, it’s no surprise that the main targets are cloud-based email providers. According to the report, Fancy Bear focused their attention on service providers such as Microsoft 365, Google’s GSuite, as well as webmail providers that individuals usually use. Meanwhile, Cozy Bear, Russia’s state-sponsored hacker group controlled by the Federal Security service (FS

By Sergiu Gatlan,  Bleeping Computer Mozilla says that all Firefox users will now be protected by default against cross-site tracking while browsing the Internet. This is because, starting today, Mozilla is rolling out and enabling its Total Cookie Protection set of privacy improvements for all Firefox users worldwide. Total Cookie Protection forces all websites to keep their cookies in separate "jars," thus blocking attempts to track you across the web and building browsing profiles. First introduced with the release of Firefox 86 in February 2021, this privacy feature was only active until now in private browsing or when users would manually enable ETP Strict Mode in the web browser's settings. "Total Cookie Protection offers strong protections against tracking without affecting your browsing experience," said Mozilla today. "Total Cookie Protection is Firefox's strongest privacy protection to date, confining cookies to the site where they were create

Russia’s invasion of Ukraine shows the importance of supporting countries vulnerable to nation-state cyberattacks, officials say By Catherine Stupp, Wall Street Journal The U.S. and the European Union plan to introduce joint funding of secure digital infrastructure in developing countries, according to officials involved in the talks. The effort marks the first time the EU and U.S. will work together to fund and help protect other countries’ critical infrastructure against cyberattacks. By working together on cybersecurity, the EU and U.S. aim to help countries that otherwise might be eager to accept funding from China, an EU official said. Initial projects, likely in Africa or Latin America, could be under way by the end of the year, officials said. Russia’s invasion of Ukraine has underscored the importance of supporting telecommunications networks and other hardware in countries vulnerable to nation-state cyberattacks, they said. The EU official said that Chinese technology can come

By Sergiu Gatlan,  Bleeping Computer Internet infrastructure firm Cloudflare said today that it mitigated a 26 million request per second distributed denial-of-service (DDoS) attack, the largest HTTPS DDoS attack detected to date. The record-breaking attack occurred last week and targeted one of Cloudflare's customers using the Free plan. The threat actor behind it likely used hijacked servers and virtual machines seeing that the attack originated from Cloud Service Providers instead of weaker Internet of Things (IoT) devices from compromised Residential Internet Service Providers. According to Cloudflare, the attacker also used a rather small yet very powerful botnet of 5,067 devices, each capable of generating roughly 5,200 rps when peaking. "To contrast the size of this botnet, we've been tracking another much larger but less powerful botnet of over 730,000 devices," revealed Cloudflare Product Manager Omer Yoachimik. "The latter, larger botnet wasn't able

By Adam Zewe, Massachusetts Institute of Technology,  TechXplore Researchers are pushing to outpace hackers and develop stronger protections that keep data safe from malicious agents who would steal information by eavesdropping on smart devices. Much of the work done to prevent these "side-channel attacks" has focused on the vulnerability of digital processors. For instance, hackers can measure the electric current drawn by a smartwatch's processor and use it to reconstruct secret data being processed, such as a password. Recently, MIT researchers published a paper in the IEEE Journal of Solid-State Circuits, which demonstrated that analog-to-digital converters in smart devices, which encode real-world signals from sensors into digital values that can be processed computationally, are susceptible to power side-channel attacks. A hacker could measure the power supply current of the analog-to-digital converter and use machine learning to accurately reconstruct output data.

By Ionut Ilascu,  Bleeping Computer For a second time in less than a year, the Travis CI platform for software development and testing has exposed user data containing authentication tokens that could give access to developers’ accounts on GitHub , Amazon Web Services , and Docker Hub. Researchers at Aqua Security discovered that “tens of thousands of user tokens” are exposed through the Travis CI API that offer access to more than 770 million logs with various types of credentials belonging to free tier users.

By  Krebs On Security Cybercrime groups that specialize in stealing corporate data and demanding a ransom not to publish it have tried countless approaches to shaming their victims into paying. The latest innovation in ratcheting up the heat comes from the ALPHV/BlackCat ransomware group, which has traditionally published any stolen victim data on the Dark Web. Today, however, the group began publishing individual victim websites on the public Internet, with the leaked data made available in an easily searchable form. ALPHV recently announced on its victim shaming and extortion website that it had hacked a luxury spa and resort in the western United States. Sometime in the last 24 hours, ALPHV published a website with the same victim’s name in the domain, and their logo on the homepage. The website claims to list the personal information of 1,500 resort employees, and more than 2,500 residents at the facility. At the top of the page are two “Check Yourself” buttons, one for employees,

By Bill Toulas,  Bleeping Computer Ukraine's Computer Emergency Response Team (CERT) is warning that the Russian hacking group Sandworm may be exploiting Follina, a remote code execution vulnerability in Microsoft Windows Support Diagnostic Tool (MSDT) currently tracked as CVE-2022-30190. The security issue can be triggered by either opening or selecting a specially crafted document and threat actors have been exploiting it in attacks since at least April 2022. It is worth noting that Ukraine's agency assesses with medium confidence that behind the malicious activity is the Sandworm hacker group.

by Anna Zhadan,  Cyber News The technology giant terminated hundreds of YouTube and Ads accounts for their involvement in coordinated influence operations designed to support Russia’s invasion of Ukraine, criticize Costa Rican politicians, and upload spam content. Google’s Threat Analysis Group (TAG) updated a bulletin for the second quarter of 2022 detailing all coordinated influence operation campaigns terminated on Google’s platforms over that period. This comes as a part of the platform's initiative to prevent the spread of misinformation and disinformation. As such, TAG terminated 138 YouTube channels and two Ads accounts for a campaign linked to a Russian consulting firm. The campaign praised Russia’s aggression in Ukraine and expressed critical views of Ukraine and the NATO alliance, disseminating content in Russian. Similarly, 44 YouTube channels and nine Ads accounts were removed for another campaign linked to the Internet Research Agency (IRA.) The channels were supporti

The Thane city police commissionerates website was allegedly hacked on Tuesday, with a message appearing on it apparently directed towards the Indian government and demanding an apology to Muslims all over the world. A senior police official here confirmed that the website has been hacked. We have contacted the agencies concerned for necessary action. The Thane city police commissionerate's website was allegedly hacked on Tuesday, with a message appearing on it apparently directed towards the Indian government and demanding an apology to ''Muslims all over the world''. A senior police official here confirmed that the website has been hacked. ''We have contacted the agencies concerned for necessary action. Thane cyber crime team is working on it,'' he said. On opening the website, the message on the screen stated: "Hacked by one hat cyber team" It further said, ''Hello Indian Government, Hello everyone. Again and again you make troub

By Sergiu Gatlan,  Bleeping Computer Microsoft says BlackCat ransomware affiliates are now attacking Microsoft Exchange servers using exploits targeting unpatched vulnerabilities. In at least one incident that Microsoft's security experts observed, the attackers slowly moved through the victim's network, stealing credentials and exfiltrating information to be used for double extortion. Two weeks after the initial compromise using an unpatched Exchange server as an entry vector, the threat actor deployed BlackCat ransomware payloads across the network via PsExec. "While the common entry vectors for these threat actors include remote desktop applications and compromised credentials, we also saw a threat actor leverage Exchange server vulnerabilities to gain target network access," the Microsoft 365 Defender Threat Intelligence Team said. Although it didn't mention the Exchange vulnerability used for initial access, Microsoft links to a security advisory from March 2

By Vilius Petkauskas, Cybernews Darmstadt-based Entega and Meinz-based Mainzer Stadtwerke were attacked over the weekend. Both companies' websites were still down at the time of publishing this article. According to a tweet by Entega, the company was hit by an attack that mainly affected the firm's website and staff email accounts. Entega claims that critical infrastructure was not affected, and no customer data was leaked. Local media reported that Mainzer Stadtwerke also said that critical infrastructure suffered no damage, and no supply failures are expected. Both of the energy providers use the same IT solutions provider, Count+Care. The company's website was also inaccessible at the time of publishing. Several German wind farms were hit by cyberattacks in recent months. An attack forced Deutsche Windtechnik, a German wind turbine maintenance and repair company, to turn off its IT systems. Another German wind turbine operator, Nordex, was hit by a cyberattack on the las

A pair of ransomware attacks crippled parts of the country—and rewrote the rules of cybercrime. For the last two months, Costa Rica has been under siege. Two major ransomware attacks have crippled many of the country’s essential services, plunging the government into chaos as it scrambles to respond. Officials say that international trade ground to a halt as the ransomware took hold and more than 30,000 medical appointments have been rescheduled, while tax payments have also been disrupted. Millions have been lost due to the attacks, and staff at affected organizations have turned to pen and paper to get things done.

By  Krebs On Security A 33-year-old Illinois man was sentenced to two years in prison today following his conviction last year for operating services that allowed paying customers to launch powerful distributed denial-of-service (DDoS) attacks against hundreds of thousands of Internet users and websites. Matthew Gatrel of St. Charles, Ill. was found guilty for violations of the Computer Fraud and Abuse Act (CFAA) related to his operation of downthem[.]org and ampnode[.]com, two DDoS-for-hire services that had thousands of customers who paid to launch more than 200,000 attacks. Despite admitting to FBI agents that he ran these so-called “booter” services (and turning over plenty of incriminating evidence in the process), Gatrel opted to take his case to trial, defended the entire time by public defenders. Gatrel’s co-defendant and partner in the business, Juan “Severon” Martinez of Pasadena, Calif., pleaded guilty just before the trial. After a nine-day trial in the Central District of

By Nathan Wasson, Hot Hardware Much of the discussion surrounding cyberwarfare has centered around Russia and Ukraine, in recent months. While it may have been pushed into the background, however, China’s aggressive cyber activity continues apace, whether it rises to the level of warfare or not. Only a month ago, we covered news that Chinese state-sponsored hackers had been deploying malware to steal US intellectual property in an operation that went undetected for years. Just a month before that, we wrote about a Chinese state-sponsored hacking group that had been using VLC Media Player to deploy malware in targeted attacks on foreign governments and NGOs. Both of these Chinese-backed cyber operations were discovered by private cybersecurity researchers, but US federal agencies have been monitoring Chinese cyber activity as well. This week, the National Security Agency (NSA), Cybersecurity & Infrastructure Security Agency (CISA), and Federal Bureau of Investigation (FBI) published

By Sophie Webster, Tech Times In 2002, telecommunication companies like MCI and AT&T offered free calls to the hearing impaired via internet web pages. The deaf customers will type their messages into dialog boxes similar to online chat rooms. A relay operator will then read the text, place the call, and they will verbalize the text. The entire system, called IP Relay, is created to assist deaf customers and help them communicate and make important phone calls. Unfortunately, scammers found a way to abuse that system and use it to cheat American business owners.

By Adam Hunt, Tweak Town A paper on the Bluetooth signal tracking titled "Evaluating Physical-Layer BLE Location Tracking Attacks on Mobile Devices" was recently presented at the IEEE Security & Privacy conference in Oakland, California, on May 24th, 2022. Researchers from the University of California San Diego have found Bluetooth Low Energy (BLE) signals are constantly emitted by mobile devices, generating a unique fingerprint that attackers can use to track an individual's movements. This covers smartphones, smartwatches, and fitness trackers, all of which transmit roughly 500 "Bluetooth beacons" per minute. The unique fingerprint results from minute manufacturing imperfections in device hardware, which uniquely distorts the Bluetooth signal, allowing attackers to bypass anti-tracking techniques like constantly changing network addresses. Across their experiments, they found that 40%-47% of devices were uniquely identifiable and could track a volunteer as

By Andy Meek, BGR US law enforcement officials have shut down a series of websites making $19 million in revenue by selling stolen data. The black market data the websites trafficked in included crucial personal information like stolen Social Security numbers and birthdates. So it’s definitely a big win that this operation was dismantled. The US Justice Department announced the shutdown of the “SSNDOB Marketplace” websites on June 7. Among other things, the announcement included this shocking detail: The websites were selling around 24 million stolen Social Security numbers. For context, that number exceeds the population of the state of Florida.

By  Krebs On Security At the outset of their federal criminal trial for hijacking vast swaths of Internet addresses for use in large-scale email spam campaigns, three current or former executives at online advertising firm Adconion Direct (now Amobee) have pleaded guilty to lesser misdemeanor charges of fraud and misrepresentation via email. In October 2018, prosecutors in the Southern District of California named four Adconion employees — Jacob Bychak , Mark Manoogian , Petr Pacas , and Mohammed Abdul Qayyum —  in a ten-count indictment (PDF) on felony charges of conspiracy, wire fraud, and electronic mail fraud. The government alleged that between December 2010 and September 2014, the defendants engaged in a conspiracy to identify or pay to identify blocks of Internet Protocol (IP) addresses that were registered to others but which were otherwise inactive. Prosecutors said the men also sent forged letters to an Internet hosting firm claiming they had been authorized by the registra