"US Sanctions Russian Accused of Laundering Ryuk Ransomware Funds"

"US Sanctions Russian Accused of Laundering Ryuk Ransomware Funds"

The US government has sanctioned a Russian national for allegedly laundering millions of dollars in victim ransom payments on behalf of people associated with the Ryuk ransomware group. According to the US Treasury's Office of Foreign Assets Control (OFAC), Ekaterina Zhdanova is accused of using virtual currency exchange transfers and fraudulent accounts to launder money for Russian ransomware gangs and others to help them avoid economic sanctions imposed on Russia's financial system following the February 2022 Ukraine invasion.

Submitted by Gregory Rigby on

"Exploited 'Looney Tunables' Linux Privileged Escalation Bug Linked To Kinsing Threat Actor"

"Exploited 'Looney Tunables' Linux Privileged Escalation Bug Linked To Kinsing Threat Actor"

Aqua Nautilus researchers reported the first instance of an exploit attack on the "Looney Tunables" Linux privileged escalation vulnerability. They say they are "100% certain" that the threat actor Kinsing was behind the attack, but they are not ready to reveal how. Kinsing poses a significant threat to cloud environments, specifically Kubernetes clusters, Docker Application Programming Interfaces (APIs), Redis servers, and Jenkins servers.

Submitted by Gregory Rigby on

"Socks5Systemz Proxy Service Infects 10,000 Systems Worldwide"

"Socks5Systemz Proxy Service Infects 10,000 Systems Worldwide"

Socks5Systemz, a proxy botnet, has infected about 10,000 systems through the PrivateLoader and Amadey malware loaders. Infected computers become traffic-forwarding proxies for malicious, illegal, or anonymous traffic. It charges subscribers between $1 and $140 per day in cryptocurrency to access this service. Socks5Systemz is described in detail in a BitSight report, which states that the proxy botnet has been active since at least 2016, but has remained relatively unknown until recently. This article continues to discuss the Socks5Systemz proxy botnet.

Submitted by Gregory Rigby on

"SecuriDropper: New Android Dropper-as-a-Service Bypasses Google's Defenses"

"SecuriDropper: New Android Dropper-as-a-Service Bypasses Google's Defenses"

SecuriDropper is a new Dropper-as-a-Service (DaaS) for Android capable of bypassing Google's new security restrictions and delivering malware. Dropper malware on Android is designed to act as a conduit for a payload to be installed on a compromised device, making it a profitable business model for threat actors who can advertise the capabilities to other cybercriminals. Furthermore, doing so allows adversaries to separate the development and execution of an attack from the malware installation.

Submitted by Gregory Rigby on

"Data Brokers Are Selling US Service Members' Secrets, Researchers Find"

"Data Brokers Are Selling US Service Members' Secrets, Researchers Find"

According to a new report from researchers at Duke University's Sanford School of Public Policy, data brokers are selling large amounts of highly sensitive data on American military service members. The study delves into the data broker industry, which collects personal information on individual consumers before selling it to marketers. The industry has grown rapidly in recent years, prompting California to enact a law that lets consumers prevent data brokers from gathering and selling their information with the click of a button.

Submitted by Gregory Rigby on

"Okta Breach Post Mortem Reveals Weaknesses Exploited by Attackers"

"Okta Breach Post Mortem Reveals Weaknesses Exploited by Attackers"

The recent Okta Support system breach occurred because of the compromise of a service account with access to view and update customer support cases. Okta Security discovered that an employee had signed in to their personal Google profile on their Okta-managed laptop's Chrome browser. According to David Bradbury, Chief Security Officer at Okta, the service account's username and password were saved into the employee's personal Google account. The compromise of the employee's personal Google account or device is what most likely exposed this credential.

Submitted by Gregory Rigby on

"UVA Engineering Researcher Has Plan to Defeat the Next Big Cyberattack"

"UVA Engineering Researcher Has Plan to Defeat the Next Big Cyberattack"

Ashish Venkat, an assistant professor of computer science and cybersecurity expert at the University of Virginia (UVA), has received a CAREER Award from the National Science Foundation (NSF) to develop a hardware and software system that enables rapid and secure mitigation of cyberattacks, including zero-day events.

Submitted by Gregory Rigby on

"Researcher Claims to Crack RSA-2048 With Quantum Computer"

"Researcher Claims to Crack RSA-2048 With Quantum Computer"

A scientist claims to have created a low-cost system for using quantum computing to crack RSA, the world's most commonly used public key algorithm. However, multiple cryptographers and security experts have expressed skepticism regarding the claim. The scientist making the claim is Ed Gerck, who, according to his LinkedIn profile, is a quantum computing developer at Planalto Research, a company he founded.

Submitted by Gregory Rigby on

"UK NCSC Issues New Guidance on Post-Quantum Cryptography Migration"

"UK NCSC Issues New Guidance on Post-Quantum Cryptography Migration"

The UK National Cyber Security Centre (NCSC) has updated its guidance to help in the migration to Post-Quantum Cryptography (PQC). The updated guidance builds on the NCSC 2020 white paper titled "Preparing for Quantum-Safe Cryptography." It includes advice on algorithm choices and protocol considerations following the availability of draft standards from the US National Institute of Standards and Technology (NIST). The "Q-Day" point, when quantum computers can break existing cryptographic algorithms such as Public-Key Cryptography (PKC), is coming.

Submitted by Gregory Rigby on

"Microsoft Launches New Initiative To Augment Security"

"Microsoft Launches New Initiative To Augment Security"

Microsoft has launched the Secure Future Initiative to improve the overall security of its products and users. According to Brad Smith, Vice Chair and President of Microsoft, the growing speed, scale, and sophistication of cyberattacks requires a new response. He emphasized that ransomware attempts have increased by 200 percent since September 2022. Nation-state actors' cyber operations have become more advanced, and the most resourced attackers are quickly innovating.

Submitted by Gregory Rigby on
Subscribe to