Security

UK disrupts Russian money laundering networks used by ransomware

by

December 4, 2024 at 03:25PM The UK’s National Crime Agency disrupted two Russian money laundering networks, arresting 84 suspects in “Operation Destabilise.” These networks, linked to ransomware gangs, laundered millions for cybercriminals. The operation unveiled connections among Russian elites, cybercriminals, and UK drug gangs, highlighting significant international collaboration in tackling such financial crimes. ### Meeting … Read more

Pegasus Spyware Infections Proliferate Across iOS, Android Devices

by

December 4, 2024 at 03:09PM Researchers from iVerify revealed seven new Pegasus spyware infections affecting journalists and officials on iPhone and Android devices, spanning attacks from 2021 to 2023. This underscores the underestimated prevalence of mobile spyware, as traditional security measures frequently fail to detect such threats. Regular device updates and user education are vital … Read more

BT unit took servers offline after Black Basta ransomware breach

by

December 4, 2024 at 01:40PM BT Group has confirmed the shutdown of several servers within its BT Conferencing division due to a ransomware breach by Black Basta. This incident highlights the ongoing cybersecurity challenges faced by multinational companies in protecting their infrastructure. **Meeting Takeaways: BT Group Ransomware Incident** 1. **Company Affected:** BT Group, formerly known … Read more

Veeam Warns of Critical Vulnerability in Service Provider Console

by

December 4, 2024 at 01:38PM Veeam released patches for two vulnerabilities in its Service Provider Console, including a critical remote code execution flaw (CVE-2024-42448) with a CVSS score of 9.9. Service providers are urged to update to version 8.1.0.21999. The second flaw (CVE-2024-42449) allows potential data leaks and file deletion. ### Meeting Takeaways 1. **Vulnerabilities … Read more

New DroidBot Android banking malware spreads across Europe

by

December 4, 2024 at 01:33PM A new Android banking malware, ‘DroidBot,’ targets over 77 cryptocurrency and banking apps in Europe. Active since June 2024, it operates as a malware-as-a-service platform, facilitating attacks for affiliates. Key features include keylogging and SMS interception. Users are urged to download apps from Google Play and review permissions carefully. ### … Read more

Russia-Linked Turla Exploits Pakistani Hackers’ Servers to Target Afghan and Indian Entities

by

December 4, 2024 at 12:54PM The Russia-linked APT group Turla has infiltrated the command-and-control servers of the Pakistan-based Storm-0156 hacking group since December 2022. Turla utilizes this access to deploy custom malware against Afghan government networks, demonstrating a tactic of leveraging others’ infrastructure for intelligence gathering, complicating attribution and enhancing their operational reach. ### Meeting … Read more

Solana Web3.js library backdoored to steal secret, private keys

by

December 4, 2024 at 12:33PM The Solana JavaScript SDK was compromised in a supply chain attack, enabling the theft of cryptocurrency private keys through malicious code in versions 1.95.6 and 1.95.7 of the library. Developers are urged to update to version 1.95.8 and rotate keys to safeguard their assets. Stolen assets are valued at approximately … Read more

Russian hackers hijack Pakistani hackers’ servers for their own attacks

by

December 4, 2024 at 12:11PM The Russian cyber-espionage group Turla is infiltrating the infrastructure of the Pakistani threat actor Storm-0156, using its compromised networks for covert attacks since late 2022. This strategy allows Turla to stealthily gather intelligence while complicating attribution efforts, leveraging previously breached targets, including Afghan governmental entities. **Meeting Notes Takeaways:** 1. **Turla’s … Read more

Spy v Spy: Russian APT Turla Caught Stealing from Pakistani APT

by

December 4, 2024 at 12:02PM Russian hackers, known as Turla, spent two years infiltrating Pakistani cyberspies, gaining access to sensitive South Asian government networks. By commandeering Pakistani command servers, Turla deployed its own malware and extracted valuable data. This operation showcases their strategy of exploiting other threat actors’ infrastructures for espionage without revealing their own … Read more

Largest German Crime Marketplace Taken Down, Administrator Arrested

by

December 4, 2024 at 11:47AM German authorities announced the takedown of Crimenetwork, the largest German-speaking illegal online marketplace, which traded illicit goods and cryptocurrencies. An alleged administrator was arrested, and significant assets were seized. This coincided with Europol’s shutdown of Matrix, an encrypted messaging service used by criminals. ### Meeting Takeaways: 1. **Takedown of Crimenetwork**: … Read more