December 6, 2024 at 06:31AM A 19-year-old California resident, Remington Ogletree, has been charged for his involvement in Scattered Spider cyberattacks, allegedly causing over $4 million in losses. He used social engineering to access networks, steal data, and launch phishing campaigns. Investigators linked him to multiple cybercrimes through various accounts and his own admissions. ### … Read more
December 6, 2024 at 04:18AM The 2024 IBM Cost of the Data Breach Report reveals that 40% of data breaches from March 2023 to February 2024 involved data stored in multiple environments, including the cloud. SANS offers best practices to help safeguard your cloud infrastructure effectively. **Meeting Takeaways:** 1. **SANS Best Practice Guidance:** – Participants … Read more
December 6, 2024 at 03:48AM The More_eggs malware has expanded with new families: RevC2, an information-stealing backdoor, and Venom Loader, a customized malware loader. Both are deployed via VenomLNK. Their campaigns, observed from August to October 2024, demonstrate ongoing innovation in the malware-as-a-service sector despite previous arrests of key operators. ### Meeting Takeaways – December … Read more
December 6, 2024 at 02:48AM Gamaredon, a Russian-affiliated cyber threat group, is using Cloudflare Tunnels to hide its GammaDrop malware in a spear-phishing campaign targeting Ukrainian entities since early 2024. The group employs various techniques, including HTML smuggling and DNS fast-fluxing, to evade detection and maintain access to compromised systems. ### Meeting Takeaways – December … Read more
December 6, 2024 at 01:07AM A zero-day file read vulnerability in Mitel MiCollab can be exploited with a previously patched bug, allowing unauthorized access to sensitive files. Despite reporting the issue to Mitel over 100 days ago, it remains unpatched. The vulnerability is particularly concerning given the platform’s widespread use. **Meeting Takeaways:** 1. **Vulnerability Overview**: … Read more
December 6, 2024 at 12:55AM SailPoint warned of a critical vulnerability (CVE-2024-10905) in its IdentityIQ IAM platform that allows unauthorized access to files due to improper access control. Affected versions have a CVSS score of 10/10. E-fixes are available, and users are urged to update promptly to prevent potential data compromise. **Meeting Takeaways: SailPoint IdentityIQ … Read more
December 5, 2024 at 10:42PM A Nebraska man pleaded guilty to running a significant cryptojacking operation, which involves illicitly using computer resources for cryptocurrency mining. His arrest and charges occurred in April, culminating in this recent plea. **Meeting Takeaways:** 1. A Nebraska man has pleaded guilty. 2. The case involves a large-scale cryptojacking operation. 3. … Read more
December 5, 2024 at 08:13PM Microsoft’s threat intelligence team reports that the China-linked group Storm-0227 is targeting critical infrastructure and US government agencies, leveraging public security vulnerabilities and spear-phishing tactics. Active since January, they steal credentials and sensitive data, indicating significant and ongoing espionage efforts focused on US defense, telecommunications, and legal sectors. ### Meeting … Read more
December 5, 2024 at 07:09PM Charles O. Parks III pleaded guilty to running a large-scale cryptojacking operation that defrauded cloud service providers out of $3.5 million to mine nearly $970,000 in cryptocurrency. He used various aliases, abused services, laundered profits, and faces up to 20 years in prison upon sentencing. **Meeting Takeaways: Charles O. Parks … Read more
December 5, 2024 at 07:01PM A declassified Romanian Intelligence report reveals over 85,000 cyberattacks targeting the country’s election infrastructure, with leaked credentials for election websites surfacing on a Russian hacker forum. Concurrently, an influence campaign utilized TikTok influencers to promote pro-Russian presidential candidate Calin Georgescu. Romania’s election system remains vulnerable to attacks. ### Meeting Notes … Read more