Ukrainian national Vyacheslav Igorevich Penchukov, one of the heads of the notorious JabberZeus cybercrime gang, has recently pleaded guilty to charges related to his leadership roles in the Zeus and IcedID malware groups.  Penchukov (also known as "tank" and "father") was arrested in Switzerland in October 2022 while traveling to meet his wife in Geneva and extradited to the United States in 2023.

The US government recently neutralized another small office/home office (SOHO) router botnet used by Russian cyberspies in malware campaigns.  According to a notice from the Department of Justice (DoJ), a court-authorized operation disrupted a network of hundreds of Ubiquiti Edge OS routers under the control of the notorious APT28 group.

According to security researchers at LMG Security, three vulnerabilities in the CU Solutions Group (CUSG) content management system (CMS) could have been exploited by hackers in attacks aimed at credit unions.  CUSG provides technology and services tailored to credit unions, including a CMS solution that automates content management and usage traffic without technical expertise.

The Empowering Secure Elections research lab has an exciting new partnership with the Anne Arundel County (Maryland) Board of Elections!  We are sending a voter satisfaction survey to registered voters in the county.  Our goal is to understand what voters need so that we can provide resources to increase turnout.

More details are in the press release below.

https://www.towson.edu/news/2024/voting-survey-anne-arundel-county.html

OpenAI has terminated accounts associated with state-sponsored threat groups from Iran, North Korea, China, and Russia exploiting ChatGPT, its Artificial Intelligence (AI)-driven chatbot. In response to information from Microsoft's Threat Intelligence team, OpenAI decided to take down accounts linked to the hacking groups that were misusing its Large Language Model (LLM) services for malicious purposes. The threat actors used ChatGPT to improve their strategic and operational capabilities, such as reconnaissance, social engineering, evasion tactics, and information gathering.

According to HP Wolf Security, DarkGate cybercriminals are using legal advertising tools to hide their malicious campaigns and track victims' responses to malware links. HP Wolf Security's latest insights delve into DarkGate, a cybercriminal group that uses legal advertising tools to supplement their spam-based malware campaigns. The DarkGate gang, which has been operating as a malware provider since 2018, shifted tactics last year to use legitimate advertising networks as a way to track victims and avoid detection.

Researchers at Aqua have discovered that threat actors can use the well-known utility called command-not-found to recommend their own rogue packages and compromise systems running the Ubuntu operating system. Although the command-not-found tool is convenient for suggesting installations for uninstalled commands, attackers can manipulate it through the snap repository, resulting in deceptive recommendations of malicious packages. The utility is installed by default on Ubuntu systems and suggests packages to install in interactive bash sessions when trying to execute unavailable commands.

A team of researchers from Emporia State University and the University of Allahabad developed a novel blockchain system for medical device monitoring dubbed HNMBlock. According to the team, HNMBlock is a server-based blockchain network that brings Internet of Things (IoT) devices used in the medical field together with secure data storage and retrieval. The HNMBlock model can be expanded to include token-based patient participation incentives, encrypted file security, and real-time device monitoring. This article continues to discuss the purpose and research behind the HNMBlock model.

Turla, a Russia-sponsored Advanced Persistent Threat (APT) group, is now targeting Polish Non-Governmental Organizations (NGOs) in a cyber espionage campaign involving a newly developed backdoor with modular capabilities. According to information shared by Cisco Talos on Turla, the backdoor used in the attacks, dubbed TinyTurla-NG, functions similarly to the APT's known custom malware called TinyTurla.