The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Multi-State Information Sharing and Analysis Center (MS-ISAC) have released a joint cybersecurity advisory statement regarding suspicious activity on Federal Civilian Executive Branch (FCEB) networks. The activity related to phishing attacks that used remote management and monitoring software. The remote brands deployed by the attackers were AnyDesk and ScreenConnect, and the scam involved product refunds.
A coordinated law enforcement effort—consisting of agencies from 13 countries—has seized the infrastructure and website the notorious Hive ransomware group use to conduct its operations. Key agencies and departments involved include Europol, the FBI, the DOJ, the Secret Service, the Federal Criminal Police Office (Germany), and the National High Tech Crime Unit (Netherlands), among others.
GoTo, the owner of the LastPass credentials management company, has notified users that encrypted keys and backups were stolen in the Nov. 30 attack, and a portion of customer data was also affected. The affected GoTo products include Central, Pro, join.me, Hamachi, and RemotelyAnywhere. The update comes two months after GoTo launched an investigation into the incident.
Security researchers at HUMAN have taken down a gigantic ad fraud operation, dubbed VASTFLUX, that affected 11 million devices, 1,700 applications, and 120 publishers. “VASTFLUX” is a derivation of “fast flux” (a cybercrime evasion technique) and “VAST” (a digital ad template abused in the operation). HUMAN is a private organization that aims to prevent cybercrime, focusing on bot detection.
PayPal sends security incident notifications about a credential stuffing attack that affected nearly 35,000 users. The attack occurred between Dec. 6. to Dec. 8. 2022. During the two-day window, the attackers gained access to highly sensitive information, including account holders’ full names, dates of birth, postal addresses, social security numbers, and tax identification numbers.
Trend Micro researchers have revealed how the port-forwarding feature within GitHub Codespaces is a vulnerability which cybercriminals could abuse to deliver and host malware. The researchers found that threat actors could abuse the public sharing of forward ports to create a malware server. All cybercriminals need to do to avoid detection and suspicion is use a legitimate GitHub account. As of yet, the security vulnerability hasn’t been exploited in the wild.
Meta is suing the London-based surveillance firm Voyager Labs for using surveillance software that illegally scraped data from 600,000 user profiles on its subsidiary platforms. Scraped information, including likes, comments, friends, and photos were sold to law enforcement agencies. Discover how you can protect yourself against data scraping incidents.
User passwords for the US Department of the Interior (DOI) were cracked within 90 minutes using a USD 15,000 password-cracking rig. A revised final inspection report issued by the Office of Inspector General (OIG) highlighted the many flaws in the DOI’s authentication protocols, including a lack of two-factor authentication (2FA) and extremely weak password management.
Beazley, a UK insurance company contracted with Lloyd’s of London, has launched the market’s first cybersecurity catastrophe bond for a total payout of USD 45 million (GBP 37 million), should claims exceed USD 300 million. The catastrophe bond is intended to protect insurers like Beazley from massive cyber payouts, which have increased exponentially in recent years due to the rise in cybercrime.
The Zoom video conferencing application has been modified to deliver the IcedID malware to victims, according to a report issued by Cyble Research and Intelligence Labs (CRIL). IcedID, or “BokBot,” is designed to steal user banking credentials, primarily targeting businesses. Though IcedID serves mainly as a loader for other malware strains, it’s a lethal malware capable of avoiding detection from scanners.