November 22, 2024 at 12:39PM In June 2017, A.P. Møller – Maersk suffered a severe software attack, attributed to the NotPetya malware from a Ukraine-Russia conflict, causing $10 billion in damages. CISA’s recent Secure by Demand guidance urges buyers to ensure software safety through independent validation and comprehensive analysis, beyond just questionnaires and SBOMs. ### … Read more
November 22, 2024 at 05:00AM Microsoft has taken down 240 phishing websites and disrupted the ONNX service, attributing its operation to an individual based in Egypt. This action is part of the company’s ongoing efforts to combat phishing threats. **Meeting Takeaways:** 1. **Phishing Website Seizures**: Microsoft has taken action by seizing a total of 240 … Read more
November 22, 2024 at 04:48AM Meta, Microsoft, and the U.S. Department of Justice are taking action against cybercrime. Microsoft seized 240 fraudulent websites linked to a phishing kit seller. The DoJ shut down PopeyeTools, a marketplace for stolen data, while Meta removed over two million scam accounts. Collaborations aim to combat online fraud globally. ### … Read more
November 19, 2024 at 05:37AM Spotify playlists and podcasts are misused to promote pirated software, game cheats, spam links, and “warez” sites. By embedding targeted keywords in playlist names and podcast descriptions, these individuals enhance SEO, increasing visibility for their illicit online activities in Google search results. ### Meeting Takeaways: 1. **Issue Identified**: Abuse of … Read more
November 18, 2024 at 08:14AM Scammers are exploiting the Microsoft 365 Admin Portal to send sextortion emails that bypass spam filters by using the legitimate “o365mc@microsoft.com” address. These emails claim to have compromising content and demand payment. Microsoft is investigating this abuse, but users should remain vigilant and not respond to these scams. ### Meeting … Read more
November 15, 2024 at 08:30AM The Glove Stealer malware exploits a newly revealed App-Bound encryption bypass technique to carry out attacks. This vulnerability allows the malware to evade security measures in Chrome. ### Meeting Notes Takeaways: – **Malware Identification**: The discussion focused on the Glove Stealer malware. – **Attack Method**: The malware utilizes a newly … Read more
November 15, 2024 at 06:58AM Threat actors have seized over 70,000 domains, targeting well-known brands and government entities due to inadequate domain ownership verification. This highlights vulnerabilities in domain management and the risks associated with lax security measures. The information was reported by SecurityWeek. **Meeting Takeaways:** 1. **Incident Overview:** Over 70,000 domains have been hijacked … Read more
November 14, 2024 at 12:02PM Robert Purbeck, 45, from Idaho, has received a ten-year prison sentence for hacking 19 organizations, stealing personal data from over 132,000 individuals, and extorting victims. He pleaded guilty to unauthorized access charges and must pay over $1 million in restitution after an FBI raid revealed the extensive data theft. **Meeting … Read more
November 14, 2024 at 07:39AM Robert Purbeck received a 10-year prison sentence for stealing personal information from over 132,000 individuals and committing extortion. This case highlights serious concerns regarding data security and cybercrime. ### Meeting Notes Takeaways: – **Individual Involved**: Robert Purbeck – **Offense**: Hacking, data theft, and extortion – **Sentence**: 10 years in prison … Read more
November 12, 2024 at 05:57AM A targeted campaign leveraging SEO poisoning delivers GootLoader malware to users searching for Bengal cat legality in Australia. Victims encounter compromised sites, leading to malware installations via ZIP archives. Recent tactics have shifted towards fake PDF converters instead of legal terms, broadening the potential target audience. ### Meeting Takeaways: Nov … Read more