"Cheap Ransomware for Sale on Dark Web Marketplaces Is Changing the Way Hackers Operate"

"Cheap Ransomware for Sale on Dark Web Marketplaces Is Changing the Way Hackers Operate"

Sophos X-Ops has found 19 "cheap, independently produced, and crudely constructed" junk gun ransomware variants on the dark web. These junk gun variants aim to disrupt the affiliate-based Ransomware-as-a-Service (RaaS) model that has dominated the ransomware market. Instead of selling or buying ransomware to or as an affiliate, attackers develop and sell simple variants for a one-time fee. Other threat actors can use such variants to attack small and medium-sized businesses (SMBs) as well as individuals.

Submitted by Gregory Rigby on

ACM CHI Conference on Human Factors in Computing Systems

"The conference embraces the theme of Surfing the World – reflecting the focus on pushing forth the wave of cutting-edge technology and riding the tide of new developments in human-computer interaction. The conference serves as a platform for researchers, practitioners, and industry leaders to share their latest work and ideas and to foster collaboration and innovation in the field.

"SoumniBot Malware Exploits Android Bugs to Evade Detection"

"SoumniBot Malware Exploits Android Bugs to Evade Detection"

A new Android banking malware called "SoumniBot" uses a less common obfuscation technique, exploiting flaws in the Android manifest extraction and parsing procedure. The method allows SoumniBot to bypass standard Android security measures and steal information. Researchers discovered and analyzed the malware, providing technical details on how it uses the Android routine to parse and extract APK manifests. This article continues to discuss findings regarding the SoumniBot malware.

Submitted by Gregory Rigby on

"Active Kubernetes RCE Attack Relies on Known OpenMetadata Vulns"

"Active Kubernetes RCE Attack Relies on Known OpenMetadata Vulns"

According to Microsoft Threat Intelligence research, known vulnerabilities in OpenMetadata's open source metadata repository have been actively exploited since early April, allowing threat actors to launch Remote Code Execution (RCE) cyberattacks on unpatched Kubernetes clusters. OpenMetadata is an open source platform that serves as both a management tool and a central repository for metadata. Researchers published information in mid-March on five new vulnerabilities that impacted versions before v1.3.1.

Submitted by Gregory Rigby on

"Moldovan Charged For Operating Botnet Used to Push Ransomware"

"Moldovan Charged For Operating Botnet Used to Push Ransomware"

The Department of Justice (DoJ) recently charged Moldovan national Alexander Lefterov, the owner and operator of a large-scale botnet that infected thousands of computers across the United States.  Also known as Alipako, Uptime, and Alipatime, the 37-year-old man from Chisinau was indicted in December 2021 for aggravated identity theft, computer fraud, and conspiracy to commit wire fraud.  The DoJ noted that Lefterov and his henchmen used malware to steal credentials from the infected devices.

Submitted by Adam Ekwall on

"United Nations Agency Investigating Ransomware Attack Involving Data Theft"

"United Nations Agency Investigating Ransomware Attack Involving Data Theft"

The United Nations Development Programme (UNDP) has announced that it is investigating a cyberattack in which information was compromised. The organization stated that the attack targeted local Information Technology (IT) infrastructure in UN City, a complex in Copenhagen that houses nearly a dozen UN agencies. On March 27, the UNDP learned that a data-extortion actor had stolen data, including human resources and procurement information.

Submitted by Gregory Rigby on

"UK Police Lead Disruption of £1m Phishing-as-a-Service Site LabHost"

"UK Police Lead Disruption of £1m Phishing-as-a-Service Site LabHost"

UK police infiltrated and disrupted the "LabHost" Phishing-as-a-Service (PhaaS) operation that made cybercriminals more than £1 million ($1.3 million) from thousands of targets. Europol described LabHost as one of the largest PhaaS platforms, providing fraudsters the tools to conduct sophisticated phishing and smishing (SMS phishing) campaigns. According to London's Metropolitan Police, which led the law enforcement operation against the PhaaS platform, LabHost hosted up to 40,000 phishing sites by 2024, with 2,000 criminals paying a monthly subscription fee.

Submitted by Gregory Rigby on

"180k Impacted by Data Breach at Michigan Healthcare Organization"

"180k Impacted by Data Breach at Michigan Healthcare Organization"

Michigan healthcare organization Cherry Street Services (Cherry Health) has recently started notifying over 180,000 individuals that their personal information was compromised in a ransomware attack.  Cherry Health noted that the incident occurred on December 21, 2023, and disrupted certain systems, suggesting that file-encrypting ransomware might have been involved.  In a filing with the Maine Attorney General’s Office this week, Cherry Health confirmed that ransomware was involved in the attack and revealed that approximately 184,000 individuals were affected by the incident.

Submitted by Adam Ekwall on

"Pioneering an AI-driven Approach to Cybersecurity Analysis"

"Pioneering an AI-driven Approach to Cybersecurity Analysis"

A Northwestern University Computer Science team took first place in the fuzzing tool competition at the 17th International Workshop on Search-Based and Fuzz Testing (SBFT 2024). Fuzz testing, also known as fuzzing, is an automated testing method used to detect coding errors and security vulnerabilities in software, operating systems, or networks by generating a massive amount of invalid or random data inputs and monitoring for system crashes, failures, or memory leaks.

Submitted by Gregory Rigby on
Subscribe to