Chinese Cops Caught Using Android Spyware to Track Mobile Devices

December 12, 2024 at 04:35PM EagleMeSpy, a surveillance tool developed by a Chinese company for law enforcement, has been scraping sensitive data from Android devices since 2017. It requires physical access to install and is not available in app stores. Researchers indicate potential iOS versions exist, and the spyware is continuously developed to avoid detection. … Read more

IoT Cloud Cracked by ‘Open Sesame’ Over-the-Air Attack

December 12, 2024 at 04:13PM Ruijie Networks has patched 10 vulnerabilities in its Reyee cloud management platform, potentially allowing control of thousands of devices. Researchers from Claroty, who developed the “Open Sesame” attack, highlighted weaknesses in device authentication. This could enable attackers to impersonate the cloud platform and exploit connected devices, raising IoT security concerns. … Read more

New IOCONTROL malware used in critical infrastructure attacks

December 12, 2024 at 03:48PM Iranian threat actors are deploying a new malware, IOCONTROL, to attack IoT devices and critical infrastructure systems in Israel and the U.S. It targets various devices, including routers and fuel management systems, potentially causing disruptions. Linked to the CyberAv3ngers group, it is difficult to detect with current antivirus tools. ### … Read more

US offers $5 million for info on North Korean IT worker farms

December 12, 2024 at 03:26PM The U.S. State Department is offering up to $5 million for information on North Korean front companies involved in illegal remote IT work, generating millions to support nuclear programs. Fourteen “IT warriors” were indicted for identity theft and fraud, highlighting ongoing risks of North Korean infiltration in U.S. businesses. **Meeting … Read more

Europol Cracks Down on Holiday DDoS Attacks

December 12, 2024 at 03:06PM Law enforcement worldwide has seized 27 popular platforms used for DDoS attacks in an ongoing operation called PowerOFF, coordinated by Europol across 15 countries. It targeted cybercriminals, arresting three administrators and identifying over 300 others. Authorities aim to disrupt the cybercrime ecosystem, especially during heightened holiday attack periods. ### Meeting … Read more

Fake IT Workers Funneled Millions to North Korea, DOJ Says

December 12, 2024 at 02:42PM The U.S. Justice Department indicted 14 North Korean nationals for a scheme posing as remote IT workers to commit sanctions violations, fraud, and identity theft, allegedly earning $88 million over six years. They used stolen identities and advanced tactics to access U.S. companies, highlighting the threat of North Korean cyberattacks. … Read more

Phishing: The Silent Precursor to Data Breaches

December 12, 2024 at 02:20PM Phishing is a leading cyber threat that often initiates data breaches, as seen in the 2021 Colonial Pipeline attack. This social engineering tactic manipulates victims into revealing sensitive information through various methods, including email and SMS. Mitigating risks requires user education, technical controls, and robust incident response strategies. ### Meeting … Read more

Efforts to Secure US Telcos Beset by Salt Typhoon Might Fall Flat

December 12, 2024 at 02:07PM In response to a major telecommunications breach attributed to China, Senator Ron Wyden proposed the “Secure American Communications Act” to enhance cybersecurity standards for U.S. telcos. Critics argue existing regulations are under-enforced, highlighting resource challenges rather than a lack of rules as the primary issue in cybersecurity vulnerabilities. **Meeting Takeaways: … Read more

Cleo patches critical zero-day exploited in data theft attacks

December 12, 2024 at 12:09PM Cleo has released urgent security patches for a zero-day vulnerability in its LexiCom, VLTransfer, and Harmony software, actively exploited in data theft attacks linked to the Termite ransomware gang. Customers are advised to upgrade to version 5.8.0.24 to enhance security and mitigate risks from these breaches. ### Meeting Takeaways 1. … Read more

Spain busts voice phishing ring for defrauding 10,000 bank customers

December 12, 2024 at 11:46AM Spanish and Peruvian police arrested 83 individuals involved in a major voice phishing scam, seizing cash and tech during 29 raids. The scammers impersonated banks, defrauding over 10,000 victims of €3 million by using spoofed calls to extract sensitive information. Authorities advise against sharing personal bank details without verification. ### … Read more