#CyberThreats

China-Backed Hackers Leverage SIGTRAN, GSM Protocols to Infiltrate Telecom Networks

by

November 20, 2024 at 02:27AM A new China-linked cyber espionage group named Liminal Panda targets telecommunications entities in South Asia and Africa, employing advanced tools for unauthorized access and data extraction. CrowdStrike highlights prior misattribution and notes that these activities exploit trust relationships among telecom providers, underscoring vulnerabilities in critical infrastructure to state-sponsored attacks. ### … Read more

America’s drinking water systems have a hard-to-swallow cybersecurity problem

by

November 19, 2024 at 03:02PM A recent EPA study found that nearly one-third of U.S. drinking water systems have cybersecurity vulnerabilities, affecting approximately 82.7 million people. The agency lacks a tracking system for potential attacks, relies on DHS for incident reporting, and faces ongoing challenges in enhancing cybersecurity amidst aging infrastructure. ### Meeting Takeaways: 1. … Read more

Russian Ransomware Gangs on the Hunt for Pen Testers

by

November 19, 2024 at 01:57PM Ransomware gangs like Apos, Lynx, and Rabbit Hole are recruiting pen testers to enhance their operations, reflecting the professionalization of Russian cybercrime. A Cato Networks report highlights the growing threat of ransomware, unauthorized AI, and underutilization of Transport Layer Security (TLS) in cybersecurity practices. ### Meeting Takeaways 1. **Ransomware Gangs … Read more

Botnet fueling residential proxies disrupted in cybercrime crackdown

by

November 19, 2024 at 10:40AM The Ngioweb botnet, essential for the NSOCKS proxy service with 35,000 bots, is facing disruption as security firms block traffic to and from its two networks. **Meeting Notes Takeaways:** 1. **Ngioweb Botnet Overview**: The Ngioweb botnet comprises approximately 35,000 bots that are primarily utilized in the NSOCKS proxy service, which … Read more

Ngioweb Botnet Fuels NSOCKS Residential Proxy Network Exploiting IoT Devices

by

November 19, 2024 at 09:42AM The Ngioweb malware powers the NSOCKS residential proxy service, with 80% of its bots originating from the Ngioweb botnet. This operation, involving over 20,000 IoT devices, allows users to proxy malicious traffic globally, facilitating attacks while obscuring identities. The underground proxy market is expected to grow significantly. ### Meeting Takeaways: … Read more

Hackers Hijack Unsecured Jupyter Notebooks to Stream Illegal Sports Broadcasts

by

November 19, 2024 at 09:42AM Malicious actors are exploiting misconfigured JupyterLab and Jupyter Notebooks to facilitate sports piracy by hijacking unauthenticated notebooks. They use FFmpeg to capture and illegally stream live sports events. The campaign poses serious risks, including data theft and operational disruption, according to a report by Aqua’s threat intelligence director. **Meeting Takeaways … Read more

New ‘Helldown’ Ransomware Variant Expands Attacks to VMware and Linux Systems

by

November 19, 2024 at 05:45AM Cybersecurity researchers have identified a new Linux variant of the Helldown ransomware, derived from LockBit 3.0. This group targets virtualized infrastructures, exploiting Zyxel security flaws. Helldown employs double extortion tactics, attacking various sectors. Additionally, a new ransomware, Interlock, has emerged, targeting similar sectors with advanced operations. ### Meeting Takeaways on … Read more

Ransomware Attack on Oklahoma Medical Center Impacts 133,000

by

November 18, 2024 at 08:49AM Great Plains Regional Medical Center in Oklahoma is notifying over 133,000 individuals of a ransomware attack that compromised personal information, including Social Security numbers and health data. The attack was discovered on September 8, and the hospital is offering free credit monitoring for affected patients while restoration efforts have been … Read more

T-Mobile Also Targeted in Chinese Telecom Hacking Campaign

by

November 18, 2024 at 04:32AM T-Mobile has been a target of the Chinese group Salt Typhoon in a significant espionage campaign aimed at U.S. telecom companies. This incident highlights ongoing cybersecurity threats in the telecommunications sector. **Meeting Takeaways:** 1. **Targeted Company:** T-Mobile. 2. **Threat Actor:** Chinese group named Salt Typhoon. 3. **Nature of Incident:** Major … Read more

Inside Water Barghest’s Rapid Exploit-to-Market Strategy for IoT Devices

by

November 18, 2024 at 04:27AM Water Barghest, estimated to control over 20,000 IoT devices by October 2024, exploits vulnerabilities to monetize them as proxies on a marketplace. Utilizing automated scripts and the Ngioweb malware, the process from infection to marketplace availability can be completed in under 10 minutes, highlighting its operational efficiency. **Meeting Notes Takeaways: … Read more