December 11, 2024 at 07:41AM The newly identified ransomware group Termite appears responsible for exploiting a vulnerability in Cleo’s file transfer software. This issue allows unauthorized file access and potential remote code execution, affecting around 1,700 servers, primarily in the US retail sector. Cleo plans to release a fix for the vulnerability soon. ### Meeting … Read more
December 9, 2024 at 08:07AM Blue Yonder experienced a ransomware attack last month, allegedly compromising 680 GB of data, including email addresses and documents. The Termite ransomware group claimed responsibility, impacting significant clients like Starbucks and major UK grocery chains. Blue Yonder is investigating and collaborating with cybersecurity experts to address the breach. ### Meeting … Read more
December 5, 2024 at 04:08PM The Android RAT “DroidBot” features keylogging and data monitoring, targeting banks and organizations. Active since mid-2024, it’s linked to 17 affiliate groups and 77 attacks in Europe, with plans to expand into Latin America. Researchers warn its evolution into malware-as-a-service poses greater cybersecurity threats. ### Meeting Notes Takeaways: 1. **Emergence … Read more
December 5, 2024 at 03:48AM The Russian cyber-espionage group Turla is hijacking the infrastructure of Pakistani threat actor Storm-0156 to conduct covert attacks on compromised networks, particularly targeting Afghan and Indian government entities. This tactic, observed since late 2022, allows Turla to stealthily deploy malware while complicating attribution efforts. **Meeting Takeaways** 1. **Turla’s Activities:** – … Read more
December 4, 2024 at 12:11PM The Russian cyber-espionage group Turla is infiltrating the infrastructure of the Pakistani threat actor Storm-0156, using its compromised networks for covert attacks since late 2022. This strategy allows Turla to stealthily gather intelligence while complicating attribution efforts, leveraging previously breached targets, including Afghan governmental entities. **Meeting Notes Takeaways:** 1. **Turla’s … Read more
November 25, 2024 at 08:01AM Microsoft reports that North Korean fake IT workers have infiltrated global markets, particularly in the US, UK, and Australia, generating revenue for the regime while potentially stealing data. Numerous fake profiles exist online, and various North Korean threat actors engage in phishing and cryptocurrency theft, targeting sensitive sectors like aerospace … Read more
November 21, 2024 at 01:39PM The BianLian ransomware group has transitioned to primarily data theft extortion techniques, as noted in a U.S. and Australian advisory. Since January 2024, they focus exclusively on this method, employing new tactics like exploiting Windows vulnerabilities and using RDP for access. Recent attacks include breaches of notable organizations. ### Meeting … Read more
November 21, 2024 at 10:51AM The U.S. has seized the cybercrime website ‘PopeyeTools’ and charged three administrators for selling stolen data. Authorities confiscated multiple domains and $283,000 in cryptocurrency. PopeyeTools trafficked financial information, offering services for cybercrime. Each administrator faces up to 10 years in prison if convicted, though no arrests have been made. ### … Read more
November 18, 2024 at 05:48PM Chinese hackers “BrazenBamboo” exploit a zero-day vulnerability in Fortinet’s FortiClient VPN using a tool called ‘DeepData’ to extract user credentials. Discovered by Volexity in July 2024, the flaw has not been patched, risking corporate networks. VPN access should be restricted until Fortinet releases a fix. ### Meeting Takeaways 1. **Zero-Day … Read more
November 14, 2024 at 07:39AM Robert Purbeck received a 10-year prison sentence for stealing personal information from over 132,000 individuals and committing extortion. This case highlights serious concerns regarding data security and cybercrime. ### Meeting Notes Takeaways: – **Individual Involved**: Robert Purbeck – **Offense**: Hacking, data theft, and extortion – **Sentence**: 10 years in prison … Read more