December 6, 2023 at 10:48AM LogoFAIL is an attack exploiting UEFI image parsing to breach devices through harmful logo images, threatening both consumer and enterprise equipment. Meeting Takeaways: 1. **Issue Identified**: The meeting discussed a significant security vulnerability known as LogoFAIL. 2. **Attack Vector**: LogoFAIL exploits a UEFI (Unified Extensible Firmware Interface) image parser. 3. … Read more
December 5, 2023 at 03:12AM Microsoft identified activity by Russian-supported threat group Forest Blizzard (also known as APT28 and other names) exploiting a severe Outlook security flaw, CVE-2023-23397, to access email accounts on Exchange servers. The group targeted various sectors and used the bug to maintain unauthorized mailbox access. Microsoft patched the bug in March … Read more
November 29, 2023 at 02:32PM Amir Hossein Golshan, 25, received an eight-year prison sentence and was fined $1.2 million for conducting various online scams, including SIM swapping and cryptocurrency theft. He admitted to hijacking a model’s Instagram and defrauding hundreds, causing $740,000 in losses. Golshan also stole $319,000 in NFTs and $70,000 in cryptocurrencies. Meeting … Read more
November 20, 2023 at 02:17PM A former COO of a cybersecurity company pleaded guilty to hacking two hospitals to benefit his business. He disrupted phone and printer services and stole personal information from over 200 patients. He promoted the hack on Twitter and solicited clients afterward. Prosecutors recommend 57 months of probation due to the … Read more
November 16, 2023 at 09:00AM A hacking group known as DarkCasino, initially discovered in 2021, has now been categorized as an advanced persistent threat (APT). They have exploited a recently disclosed security flaw in WinRAR software as a zero-day. DarkCasino’s attacks are frequent and they demonstrate a strong desire to steal online property. Multiple threat … Read more
November 14, 2023 at 10:23AM “AlphaLock” is a Russian hacking group that operates as a “pentesting training organization,” training hackers and monetizing their services through an affiliate program. They offer a course called Bazooka Code Pentest Training, which costs $185 and provides knowledge and tools for work. They also plan to launch the ALPentest Hacking … Read more
November 3, 2023 at 04:13PM A Dutch cybersecurity professional, Pepijn Van der Stap, has been sentenced to four years in prison for hacking and blackmailing multiple companies both in the Netherlands and worldwide. He hacked into victims’ computers, engaged in extortion, and laundered at least 2.5 million euros in cryptocurrency. Van der Stap, along with … Read more
October 30, 2023 at 07:04PM Jordan Persad, a 20-year-old from Florida, has been sentenced to 30 months in prison for his involvement in a SIM-swapping ring that stole almost $1 million in cryptocurrency. Persad and his co-conspirators used SIM swapping to gain access to victims’ online accounts and cryptocurrency wallets. He pleaded guilty to conspiracy … Read more
October 26, 2023 at 01:57PM The Nigerian Police arrested six suspects involved in cybercrime, including scams such as business email compromise, romance scams, and investment schemes. They dismantled a cybercrime mentoring hub in Abuja and seized digital devices. The suspects confessed to participating in cybercrime activities like hacking, identity theft, and forgery. The authorities urge … Read more
October 26, 2023 at 12:05PM Nigerian police have arrested six men connected to a cybercrime recruitment and mentoring hub. The suspects, aged 19 to 27, have confessed to various cybercrimes such as identity theft, hacking, and trading of hacked Facebook accounts, among others. Intelligence reports suggest their involvement in more high-level cybercrimes. The investigation is … Read more