-- Leo's gemini proxy
-- Connecting to gemini.tuxmachines.org:1965...
-- Connected
-- Sending request
-- Meta line: 20 text/gemini;lang=en-GB
Tux Machines
Posted by Roy Schestowitz on Apr 04, 2023
> Security updates have been issued by Debian (duktape, firmware-nonfree, intel-microcode, svgpp, and systemd), Fedora (amanda, dino, flatpak, golang, libldb, netconsd, samba, tigervnc, and vim), Red Hat (nodejs:14), Slackware (ruby and seamonkey), SUSE (drbd, flatpak, glibc, grub2, ImageMagick, kernel, runc, thunderbird, and xwayland), and Ubuntu (amanda).
> Security updates have been issued by Fedora (openbgpd and seamonkey), Red Hat (httpd:2.4, kernel, kernel-rt, and pesign), SUSE (compat-openssl098, dpdk, drbd, ImageMagick, nextcloud, openssl, openssl-1_1, openssl-3, openssl1, oracleasm, pgadmin4, terraform-provider-helm, and yaml-cpp), and Ubuntu (haproxy, ldb, samba, and vim).
> The Ukrainian hacking collective, Cyber Resistance announced yesterday that it successfully hacked into the AliExpress account of pro-Russian mil blogger Mikhail Luchin.
> The blogger, who runs the “Misha From Donbas” Telegram channel, apparently had a significant amount of funds he had raised to purchase drones for Russian troops.
> Now, what exactly did the Ukrainian hackers do to sabotage Russian military efforts?
> They bought a lot of sex toys with the funds. Around $25,000 dollars worth of them.
> TAFE South Australia has revealed a data breach that was discovered when SA Police seized “devices containing electronic scanned copies of TAFE SA student identification forms”.
> TAFE SA said the identification forms included credentials such as driver's licences and passports for enrolments prior to 2021 across all campuses.
> The d0nut ransomware team seems to be ramping up their activity and leaks. Last week, they contacted DataBreaches about Montgomery General Hospital in West Virginia. Today, they reached out to this site about UnitedLex, a firm that describes itself as helping legal teams modernize “with a consultative framework that brings together legal subject matter expertise, data science, and technology to solve operational challenges across multiple legal disciplines.”
> Several domain names tied to Genesis Market, a bustling cybercrime store that sold access to passwords and other data stolen from millions of computers infected with malicious software, were seized by the Federal Bureau of Investigation (FBI) today. Sources tell KrebsOnsecurity the domain seizures coincided with “dozens” of arrests in the United States and abroad targeting those who allegedly operated the service, as well as suppliers who continuously fed Genesis Market with freshly-stolen data.
> [...]
> But sources close to the investigation tell KrebsOnSecurity that law enforcement agencies in the United States, Canada and across Europe are currently serving arrest warrants on dozens of individuals thought to support Genesis, either by maintaining the site or selling the service bot logs from infected systems.
> The seizure notice includes the seals of law enforcement entities from several countries, including Australia, Canada, Denmark, Germany, the Netherlands, Spain, Sweden and the United Kingdom.
> When Genesis customers purchase a bot, they’re purchasing the ability to have all of the victim’s authentication cookies loaded into their browser, so that online accounts belonging to that victim can be accessed without the need of a password, and in some cases without multi-factor authentication.
> “You can buy a bot with a real fingerprint, access to e-mail, social networks, bank accounts, payment systems!,” a cybercrime forum ad for Genesis enthused. “You also get all previous digital life (history) of the bot – most services won’t even ask for login and password and identify you as their returning customer. Purchasing a bot kit with the fingerprint, cookies and accesses, you become the unique user of all his or her services and other web-sites. The other use of our kit of real fingerprints is to cover-up the traces of your real internet activity.”
> A new ransomware gang named 'Money Message' has appeared, targeting victims worldwide and demanding million-dollar ransoms not to leak data and release a decryptor.
> The new ransomware was first reported by a victim on the BleepingComputer forums on March 28, 2023, with Zscaler's ThreatLabz soon after sharing information on Twitter.
> Currently, the threat actor lists two victims on its extortion site, one of which is an Asian airline with annual revenue close to $1 billion. Additionally, the threat actors claim to have stolen files from the company and include a screenshot of the accessed file system as proof of the breach.
> While responding to a ransomware case against a US-based company, the CPIRT recently came across a unique ransomware strain deployed using a signed component of a commercial security product. Unlike other ransomware cases, the threat actor did not hide behind any alias and appears to have no affiliation to any of the known ransomware groups. Those two facts, rarities in the ransomware ecosystem, piqued CPR interest and prompted us to thoroughly analyze the newly discovered malware.
> Throughout its analysis, the new ransomware exhibited unique features. A behavioral analysis of the new ransomware suggests it is partly autonomous, spreading itself automatically when executed on a Domain Controller (DC), while it clears the event logs of the affected machines. In addition, it’s extremely flexible, operating not only based on a built-in configuration but also on numerous optional arguments which allow it to change its behavior according to the operator’s needs. While it seems to have taken inspiration from some of the most infamous ransomware families, it also contains unique functionalities, rarely seen among ransomware, such as the use of direct syscalls.
> One of Israel's largest cyber-security companies, Check Point, was taken down by a group of hackers calling themselves "Anonymous Sudan" on Tuesday afternoon.
> However, after a short while, the website seemed to return to operating as normal.
> Earlier in the day, the websites of multiple major universities in Israel were also attacked by the same group, and were down for several hours.
> The last 20 years have seen the cyberthreat landscape transform markedly: From an era of cyberattacks with damaging payloads, the cybercrime space has evolved to one where malicious actors have organized themselves into groups, mainly driven by financial gain.
> Consequently, organizations now contend with a new breed of cybercriminals fiercely competing among themselves to claim a bigger stake in a highly lucrative market. Given present circumstances, malicious actors have organized themselves in ways that show a remarkable resemblance to legitimate corporations. Our research findings show that as revenues and membership of cybercriminal groups expand, their organizational structure becomes more complex because new tiers in the hierarchy inevitably arise in the process.
> Data storage giant Western Digital has confirmed that hackers exfiltrated data from its systems during a "network security incident" last week.
> The California-based company said in a statement on Monday that an unauthorized third party gained access to "a number" of its internal systems on March 26. Western Digital hasn’t confirmed the nature of the incident or revealed how it was compromised, but its statement suggests the incident may be linked to ransomware.
> “Based on the investigation to date, the company believes the unauthorized party obtained certain data from its systems and is working to understand the nature and scope of that data,” Western Digital said.
-- Response ended
-- Page fetched on Sat Jun 1 07:46:28 2024