"UK Police Lead Disruption of £1m Phishing-as-a-Service Site LabHost"

"UK Police Lead Disruption of £1m Phishing-as-a-Service Site LabHost"

UK police infiltrated and disrupted the "LabHost" Phishing-as-a-Service (PhaaS) operation that made cybercriminals more than £1 million ($1.3 million) from thousands of targets. Europol described LabHost as one of the largest PhaaS platforms, providing fraudsters the tools to conduct sophisticated phishing and smishing (SMS phishing) campaigns. According to London's Metropolitan Police, which led the law enforcement operation against the PhaaS platform, LabHost hosted up to 40,000 phishing sites by 2024, with 2,000 criminals paying a monthly subscription fee.

Submitted by Gregory Rigby on

"180k Impacted by Data Breach at Michigan Healthcare Organization"

"180k Impacted by Data Breach at Michigan Healthcare Organization"

Michigan healthcare organization Cherry Street Services (Cherry Health) has recently started notifying over 180,000 individuals that their personal information was compromised in a ransomware attack.  Cherry Health noted that the incident occurred on December 21, 2023, and disrupted certain systems, suggesting that file-encrypting ransomware might have been involved.  In a filing with the Maine Attorney General’s Office this week, Cherry Health confirmed that ransomware was involved in the attack and revealed that approximately 184,000 individuals were affected by the incident.

Submitted by Adam Ekwall on

"Pioneering an AI-driven Approach to Cybersecurity Analysis"

"Pioneering an AI-driven Approach to Cybersecurity Analysis"

A Northwestern University Computer Science team took first place in the fuzzing tool competition at the 17th International Workshop on Search-Based and Fuzz Testing (SBFT 2024). Fuzz testing, also known as fuzzing, is an automated testing method used to detect coding errors and security vulnerabilities in software, operating systems, or networks by generating a massive amount of invalid or random data inputs and monitoring for system crashes, failures, or memory leaks.

Submitted by Gregory Rigby on

"Russian APT Deploys New 'Kapeka' Backdoor in Eastern European Attacks"

"Russian APT Deploys New 'Kapeka' Backdoor in Eastern European Attacks"

Since mid-2022, a previously unknown backdoor called "Kapeka" has been used in cyberattacks targeting Eastern Europe, including Estonia and Ukraine. WithSecure attributes the malware to the Russia-linked Advanced Persistent Threat (APT) group "Sandworm," also known as APT44 or Seashell Blizzard. According to security researcher Mohammad Kazem Hassan Nejad, the malware serves as an early-stage toolkit for its operators as well as provides long-term access. Kapeka includes a dropper that launches and executes a backdoor component on the infected host.

Submitted by Gregory Rigby on

"CISA, FBI, and ODNI Release Guidance for Securing Election Infrastructure Against the Tactics of Foreign Malign Influence Operations"

"CISA, FBI, and ODNI Release Guidance for Securing Election Infrastructure Against the Tactics of Foreign Malign Influence Operations"

The US Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and the Office of the Director of National Intelligence (ODNI) have released "Securing Election Infrastructure Against the Tactics of Foreign Malign Influence Operations." The guidance document details the latest tactics used in foreign malign influence operations to shape US policies, decisions, and more. The document discusses common tactics in foreign malign influence operations, provides examples, and suggests mitigation strategies for election infrastructure stakeholders.

Submitted by Gregory Rigby on

"Cyberattack Hits New York State Government's Bill Drafting Office"

"Cyberattack Hits New York State Government's Bill Drafting Office"

The New York state Legislature's bill drafting office was hit with an apparent cyberattack early today, April 17.  According to Gov. Kathy Hochulthe scope of the attack was not immediately clear but the bill drafting system has been down since early Wednesday.  The office is responsible for printing legislation for lawmakers at the state Capitol in Albany.  The investigation into the incident is ongoing, and they are working on getting their systems back up and running. 

 

Submitted by Adam Ekwall on

"Linux Cerber Ransomware Variant Exploits Atlassian Servers"

"Linux Cerber Ransomware Variant Exploits Atlassian Servers"

According to security researchers, threat actors have been observed exploiting unpatched Atlassian servers and deploying a Linux variant of Cerber ransomware, also known as C3RB3R.  The attacks target CVE-2023-22518, a critical security vulnerability in Atlassian Confluence Data Center and Server, enabling an unauthenticated attacker to reset Confluence and create an administrator account.  Researchers noted that the vulnerability allows threat actors to gain control over systems, risking loss of confidentiality, integrity, and availability.

Submitted by Adam Ekwall on

"North Korean Group Kimsuky Exploits DMARC and Web Beacons"

"North Korean Group Kimsuky Exploits DMARC and Web Beacons"

Researchers have discovered new tactics associated with the threat actor "Kimsuky." The group, believed to be linked to North Korea's Reconnaissance General Bureau, has been conducting email phishing campaigns aimed at experts to gain insights into US and South Korean foreign policies. According to Proofpoint, Kimsuky has contacted foreign policy experts directly since 2023, soliciting their opinions on topics such as nuclear disarmament, US-South Korean policies, and sanctions.

Submitted by Gregory Rigby on

"Food and Agriculture Sector Hit with More Than 160 Ransomware Attacks Last Year"

"Food and Agriculture Sector Hit with More Than 160 Ransomware Attacks Last Year"

According to the Food and Agriculture-Information Sharing and Analysis Center's (Food and Ag-ISAC) first annual report, the US food and agriculture sector faced at least 167 ransomware attacks in 2023. The industry was the seventh most targeted sector in the country, following manufacturing, financial services, and others. So far, in the first quarter of 2024, the sector has counted 40 attacks, a slight decrease from the previous year. In 2023, several large food companies, including Dole, Sysco, and Mondelez, experienced cyber incidents.

Submitted by Gregory Rigby on
Subscribe to