"Ransomware Actor Uses TeamViewer to Gain Initial Access to Networks"

"Ransomware Actor Uses TeamViewer to Gain Initial Access to Networks"

Attackers have used TeamViewer quite frequently to gain initial access to target systems. Organizations use TeamViewer to provide remote support, collaboration, and access to endpoint devices. Huntress researchers recently observed two attempted ransomware deployment incidents that involved TeamViewer. The attacks targeted two different endpoint devices belonging to Huntress customers. Both incidents involved failed attempts to install what appeared to be ransomware created using a leaked LockBit 3.0 builder.

Submitted by Gregory Rigby on

"Malicious Web Redirect Scripts Stealth up to Hide on Hacked Sites"

"Malicious Web Redirect Scripts Stealth up to Hide on Hacked Sites"

Security researchers analyzed over 10,000 scripts used by the Parrot Traffic Direction System (TDS) and discovered an evolution involving optimizations that make malicious code more stealthy against security mechanisms. The cybersecurity company Avast discovered Parrot TDS in April 2022. The TLD is believed to have been active since 2019 as part of a campaign that targets vulnerable WordPress and Joomla sites with JavaScript code capable of redirecting users to a malicious location.

Submitted by Gregory Rigby on

"MavenGate Attack Could Let Hackers Hijack Java and Android via Abandoned Libraries"

"MavenGate Attack Could Let Hackers Hijack Java and Android via Abandoned Libraries"

According to researchers at the mobile security company Oversecured, several public and popular libraries that have been abandoned but are still used in Java and Android applications are vulnerable to a new software supply chain attack method called MavenGate. Access to projects can be hijacked through domain name purchases, and because most default build configurations are vulnerable, determining whether an attack is taking place would be difficult, if not impossible.

Submitted by Gregory Rigby on

"Trezor Support Site Breach Exposes Personal Data of 66,000 Customers"

"Trezor Support Site Breach Exposes Personal Data of 66,000 Customers"

Trezor recently issued a security alert after identifying a data breach on January 17 due to unauthorized access to their third-party support ticketing portal.  The popular hardware cryptocurrency wallet vendor stated that the investigation into the incident is ongoing, but it found no evidence so far that users' digital assets were compromised in the incident.  The company stressed that none of its user's funds had been compromised through the incident.

Submitted by Adam Ekwall on

"Russian Spies Brute Force Senior Microsoft Staff Accounts"

"Russian Spies Brute Force Senior Microsoft Staff Accounts"

Russian state hackers recently managed to compromise the email accounts of some of Microsoft’s senior leadership team members using basic brute-force techniques.  Microsoft revealed on Friday that the “Midnight Blizzard” group (aka Nobelium, APT29, Cozy Bear) was detected on its systems on January 12.  The fact that brute-force tactics worked indicates that the compromised email accounts were not protected with multi-factor authentication (MFA).  Password spray attacks involve threat actors trying commonly used and easy-to-guess passwords to unlock multiple accounts at once.

Submitted by Adam Ekwall on

"Owner of Cybercrime Website BreachForums Sentenced to Supervised Release"

"Owner of Cybercrime Website BreachForums Sentenced to Supervised Release"

Conor Brian Fitzpatrick, the owner of the infamous cybercrime website BreachForums, was recently sentenced to time served and 20 years of supervised release.  Conor Brian Fitzpatrick of Peekskill, New York, known online as "Pompompurin," was arrested in March 2023.  In April, he pleaded guilty to conspiracy to commit device fraud, access device fraud, and possession of child pornography.  Launched in 2022 and also known as Breached, BreachForums had become a top hacker marketplace when it was taken down in March 2023.

Submitted by Adam Ekwall on

"LoanDepot Breach: 16.6 Million People Impacted"

"LoanDepot Breach: 16.6 Million People Impacted"

Lending giant LoanDepot recently announced that roughly 16.6 million individuals were impacted by a ransomware attack disclosed earlier this month.  In a Form 8-K filing with the Securities and Exchange Commission (SEC) on January 4th, the company said it “has determined that the unauthorized third party activity included access to certain company systems and the encryption of data.”  Affected individuals will be notified soon and offered free credit monitoring and identity protection services.  

 

Submitted by Adam Ekwall on

"Encryption Boost for Cross-Border E-commerce - 'Privacy Information Encryption for Cross-Border E-commerce Users Based on Social Network Analysis'"

"Encryption Boost for Cross-Border E-commerce - 'Privacy Information Encryption for Cross-Border E-commerce Users Based on Social Network Analysis'"

A team of researchers in China has introduced a novel approach to improving privacy for cross-border e-commerce users. The presented encryption algorithm is based on social network analysis, which could help users maintain security when transferring sensitive information during international transactions. The team has implemented a multifaceted strategy, initially using a logical inference mapping method for blockchain to encode public and private keys with asymmetric encryption.

Submitted by Gregory Rigby on

"US Charges Russian Involved in 2013 Hacking of Neiman Marcus, Michaels"

"US Charges Russian Involved in 2013 Hacking of Neiman Marcus, Michaels"

The US Justice Department recently announced separate charges against two Russian nationals accused of being involved in cybercriminal activities, including a man allegedly involved in the 2013 hacking of retailers Michaels and Neiman Marcus.  According to the DoJ, one indicted individual is Aleksey Timofeyevich Stroganov, also known as Aleksei Stroganov, Flint, Flint24, Gursky Oleg, and Oleg Gurskiy.  He and his accomplices allegedly hacked into the computers of companies and individuals in an effort to steal personal information, including credit and debit card data.

Submitted by Adam Ekwall on
Subscribe to