"US Seizes 32 Pro-Russian Propaganda Domains in Major Disinformation Crackdown"

"US Seizes 32 Pro-Russian Propaganda Domains in Major Disinformation Crackdown"

The US Department of Justice (DoJ) has announced the seizure of 32 Internet domains used in a pro-Russian propaganda operation named "Doppelganger." Doppelganger used various methods to drive viewership to the cybersquatted media domains, including the deployment of "influencers," paid social media ads, the creation of social media profiles posing as US or other non-Russian citizens, and posting comments on social media platforms with links to the domains in order to redirect viewers. This article continues to discuss the seizure of pro-Russian propaganda domains by the US.

Submitted by Gregory Rigby on

"Two Nigerians Sentenced to Prison in US for BEC Fraud"

"Two Nigerians Sentenced to Prison in US for BEC Fraud"

Two Nigerian nationals were recently sentenced to prison in the US for operating a business email compromise (BEC) scheme.  According to the Department of Justice (DoJ), one of the individuals, Ebuka Raphael Umeti, 35, was sentenced on August 27 to 10 years in prison.  His co-defendant, Franklin Ifeanyichukwu Okwonna, 34, was sentenced on September 3 to five years and three months in prison.  Each defendant was ordered to pay roughly $5 million in restitution.

Submitted by Adam Ekwall on

"DrayTek Vulnerabilities Added to CISA KEV Catalog Exploited in Global Campaign"

"DrayTek Vulnerabilities Added to CISA KEV Catalog Exploited in Global Campaign"

Multiple threat groups have targeted organizations worldwide through the exploitation of two old vulnerabilities in a DrayTek product. Tenable researchers discovered two flaws in DrayTek VigorConnect, a management software for DrayTek network equipment, in 2021, which the US Cybersecurity and Infrastructure Security Agency (CISA) has now added to its Known Exploited Vulnerabilities (KEV) catalog. The exploited flaws are path traversal issues that enable an unauthenticated attacker to download arbitrary files with root privileges from the underlying operating system.

Submitted by Gregory Rigby on

"OnlyFans Hackers Targeted With Infostealer Malware"

"OnlyFans Hackers Targeted With Infostealer Malware"

Security researchers discovered a new distribution mechanism for the "Lumma Stealer" infostealer malware. The mechanism is a "checker" tool used by hackers to validate stolen credentials. According to Veriti, the checker software was distributed by a user named "Bilalkhanicom" on a popular hacking forum, targeting other cybercriminals. Verity says the checker tool promoted by Bilalkhanicom promised to let fellow cybercriminals validate OnlyFans logins, check account balances, verify if payment methods were attached, and determine if accounts had creator privileges.

Submitted by Gregory Rigby on

"Microchip Technology Confirms Personal Information Stolen in Ransomware Attack"

"Microchip Technology Confirms Personal Information Stolen in Ransomware Attack"

Semiconductor supplier Microchip Technology recently confirmed that personal information and other types of data were stolen from its systems during a recent ransomware attack.  The company disclosed the incident on August 20.  Roughly a week later, the Play ransomware gang claimed responsibility for the assault, adding Microchip to its Tor-based website.  The cybercriminals said they were able to siphon personal information, employee IDs, and various business and financial documents.

Submitted by Adam Ekwall on

"Cisco Patches Critical Vulnerabilities in Smart Licensing Utility"

"Cisco Patches Critical Vulnerabilities in Smart Licensing Utility"

Cisco recently announced patches for multiple vulnerabilities, including two critical-severity flaws in Smart Licensing Utility and a medium-severity Identity Services Engine flaw for which proof-of-concept (PoC) code exists.  According to Cisco, the Smart Licensing Utility bugs, tracked as CVE-2024-20439 and CVE-2024-20440 (CVSS score of 9.8), could allow remote, unauthenticated attackers to access sensitive information or log in as administrators.

Submitted by Adam Ekwall on

"Researchers Find Over 22,000 Removed PyPI Packages at Risk of Revival Hijack"

"Researchers Find Over 22,000 Removed PyPI Packages at Risk of Revival Hijack"

A new supply chain attack technique named "Revival Hijack" by the software supply chain security company JFrog has been used in the wild to infiltrate downstream organizations. The method could be used to hijack 22,000 existing Python Package Index (PyPI) packages, potentially resulting in "hundreds of thousands" of malicious downloads. It involves hijacking PyPI software packages by manipulating the option to re-register them once the original owner has removed them from the repository. This article continues to discuss the new Revival Hijack supply chain attack technique.

Submitted by Gregory Rigby on

"Hackers Inject Malicious JS in Cisco Store to Steal Credit Cards, Credentials"

"Hackers Inject Malicious JS in Cisco Store to Steal Credit Cards, Credentials"

Cisco's site for selling company-themed merchandise has temporarily been taken down due to hackers compromising it with JavaScript code that steals sensitive customer details entered at checkout. The researchers who discovered it say that it appears to be a "CosmicSting" attack in which threat actors inject HTML or JavaScript code in CMS blocks rendered in the checkout flow. This article continues to discuss the compromise of Cisco's store site by hackers through the injection of malicious JavaScript code.

Submitted by Gregory Rigby on

"Ransomware Attacks Escalate as Critical Sectors Struggle to Keep Up"

"Ransomware Attacks Escalate as Critical Sectors Struggle to Keep Up"

The frequency, severity, and costs of ransomware attacks continue to grow. Recent reports show rising attacks on healthcare, manufacturing, and other critical sectors. Organizations are often hit multiple times, and ransom payments rarely stop further disruption. Semperis' "2024 Ransomware Risk Report" found that 74 percent of victims were attacked multiple times in a year. This article continues to discuss key findings and observations regarding ransomware attacks.

Submitted by Gregory Rigby on

SecureWorld Denver

"For more than 22 years, SecureWorld has been tackling global cybersecurity issues and sharing critical knowledge and tools needed to protect against ever-evolving threats. Through our network of industry experts, thought leaders, practitioners, and solution providers, we collaborate to produce leading-edge, relevant content."

Subscribe to