Today's report News 'Phobos' Ransomware Cybercriminal Extradited From South Korea According to the unsealed criminal charges, the operation is believed to have running for nearly four years. (darkreading) 'Scam yourself' attacks just increased over 600% - here's what to look for Millions of people are falling for these scams, but they're not unavoidable. Here's what you need to know. (Latest news) African Reliance on Foreign Suppliers Boosts Insecurity Concerns Recent backdoor implants and cyber-espionage attacks on their supply chains have African organizations looking to diversify beyond Chinese, American tech vendors. (darkreading) Russian Phobos ransomware operator faces cybercrime charges Russian Phobos ransomware operator Evgenii Ptitsyn, accused of managing attacks, was extradited from South Korea to the US to face cybercrime charges. Russian Phobos ransomware operator Evgenii Ptitsyn, suspected of playing a key role in the [...] (Security Affairs) The AI Fix #25: Beware of the superintelligence, and a spam-eating AI super gran In episode 25 of The AI Fix, humanity creates a satellite called Skynet and then loses it, Graham folds proteins in the comfort of his living room, a Florida man gets a robot dog, Grok rats on its own boss, and a podcast host discovers Brazil [...] (Graham Cluley) The best cheap phones in 2024: Expert tested and reviewed We've tested the best cheap phones on the market, including models from Samsung, Google, Motorola, and more, and these are most worthy of your money. (Latest news) The best vlogging cameras of 2024: Expert tested and reviewed We tested the best vlogging cameras for every TikToker, Instagrammer, and YouTuber from brands like Sony, Canon, and Insta360. (Latest news) Spotify abused to promote pirated software and game cheats Spotify playlists and podcasts are being abused to push pirated software, game cheat codes, spam links, and "warez" sites. By injecting targeted keywords and links in playlist names and podcast descriptions, threat actors may benefit from boosting [...] (BleepingComputer) Scammer Black Friday offers: Online shopping threats and dark web sales Kaspersky experts share their insights into cyberthreats that face online shoppers in 2024: phishing, banking trojans, fake shopping apps and Black Friday sales on the dark web data market. (Securelist) Malware delivered via malicious QR codes sent in the post Cybercriminals have adopted a novel trick for infecting devices with malware: sending out physical letters that contain malicious QR codes. Read more in my article on the Hot for Security blog. (Graham Cluley) Apple fixes two zero-days used in attacks on Intel-based Macs Apple released emergency security updates to fix two zero-day vulnerabilities that were exploited in attacks on Intel-based Mac systems. [...] (BleepingComputer) Apple Releases Urgent Updates to Patch Actively Exploited Zero-Day Vulnerabilities Apple has released security updates for iOS, iPadOS, macOS, visionOS, and its Safari web browser to address two zero-day flaws that have come under active exploitation in the wild. The flaws are listed below - CVE-2024-44308 - A vulnerability in [...] (The Hacker News) China-Backed Hackers Leverage SIGTRAN, GSM Protocols to Infiltrate Telecom Networks A new China-linked cyber espionage group has been attributed as behind a series of targeted cyber attacks targeting telecommunications entities in South Asia and Africa since at least 2020 with the goal of enabling intelligence [...] (The Hacker News) China-linked actor's malware DeepData exploits FortiClient VPN zero-day Chinese threat actors use custom post-exploitation toolkit 'DeepData' to exploit FortiClient VPN zero-day and steal credentials. Volexity researchers discovered a vulnerability in Fortinet's Windows VPN client that China-linked threat actor [...] (Security Affairs) CISA tags Progress Kemp LoadMaster flaw as exploited in attacks The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has added three new flaws in its Known Exploited Vulnerabilities (KEV) catalog, including a critical OS command injection impacting Progress Kemp LoadMaster. [...] (BleepingComputer) D-Link urges users to retire VPN routers impacted by unfixed RCE flaw D-Link is warning customers to replace end-of-life VPN router models after a critical unauthenticated, remote code execution vulnerability was discovered that will not be fixed on these devices. [...] (BleepingComputer) Salt Typhoon Hits T-Mobile as Part of Telecom Attack Spree The company says no sensitive data was stolen, but federal agencies claim otherwise. CISA and FBI sources said attackers accessed all records of specific customers and the private communications of targeted individuals. (darkreading) Helldown ransomware exploits Zyxel VPN flaw to breach networks The new 'Helldown' ransomware operation is believed to target vulnerabilities in Zyxel firewalls to breach corporate networks, allowing them to steal data and encrypt devices. [...] (BleepingComputer) Linux Variant of Helldown Ransomware Targets VMware ESxi Systems Since surfacing in August, the likely LockBit variant has claimed more than two dozen victims and appears poised to strike many more. (darkreading) Privileged Accounts, Hidden Threats: Why Privileged Access Security Must Be a Top Priority Privileged accounts are well-known gateways for potential security threats. However, many organizations focus solely on managing privileged access--rather than securing the accounts and users entrusted with it. This emphasis is perhaps due to the [...] (The Hacker News) RIIG Launches With Risk Intelligence Solutions RIIG is a risk intelligence and cybersecurity solutions provider offering open-source intelligence solutions designed for zero-trust environments. (darkreading) SWEEPS Educational Initiative Offers Application Security Training The secure coding curriculum was developed by University of California, Davis; University of Maryland Baltimore County; Worcester Polytechnic Institute; California Polytechnic State University-San Luis Obispo; Cosumnes River College; DARK [...] (darkreading) We Can Do Better Than Free Credit Monitoring After a Breach Individual companies and entire industries alike must take responsibility for protecting customer data -- and doing the right thing when they fail. (darkreading) Public Consultation on Specifications for EUICC Certification under the EUCC scheme ENISA has published specifications for the evaluation and certification of embedded Universal Integrated Circuit Cards (eUICCs) under the European Common Criteria-based cybersecurity certification scheme (EUCC). Recognising the potential role of [...] (Publications) Source: Ransom Watch Ransomware attacks termite: Département de La Réunion ransomhub: 3ccaresystems⋅com, interborosd⋅org, hartmannbund⋅de, smawins⋅net, tempaircompany⋅com, citywestcommercials⋅co⋅uk, chsplumbing⋅com, thinkecs⋅com, wulffco⋅com, brylesresearch⋅com, Thebike⋅com play: CMD, Dairy Farmers of Canada, Birdair, Diamond Brand Gear, Vox Printing, Henderson Stamping & Production, Hive Power Engineering, Miller & Smith, IVC Technologies monti: Southern Oregon Veterinary Specialty Center, Premier Tax Services, Oxford Auto Insurance, Anderson Miller LTD, KVF meow: San Francisco Ballet killsecurity: LiquiTech, Camim hunters: Performance Health & Fitness FOG: Valley Planing Mill (valleyplaning⋅com), Burkburnett Independent School District everest: Pacific Pulmonary Medical Group Data Leak, IndicaOnline darkvault: arabot⋅io, techguard⋅in blackbasta: Rockport Mortgage, Andy Frain Services, Wachter, CULTURE-BUILDING EXPERTS, Suit-Kote Corporation, Eaton Metal Products Company, Gleason, Flynn, Emig & McAfee, KMC Global, REMBE GmbH Safety + Control, RAUCH Streuer – Kompetenz in Entwicklung & Herstellung, Instinct Pet Food, Mithun, ISA, McLean Mortgage Corporation, Jonti-Craft Source: Hybrid Analysis Top malicious URL https://check24⋅exklusivangebot⋅com/ https://zeroupload⋅com/39a4cd174792fd1623e8152870d1692 [...] https://aoeu88⋅fj82⋅fdske⋅com/e/c/01jc8qjm [...] https://grizzled-mesquite-wolf⋅glitch⋅me/ https://grizzled-mesquite-wolf⋅glitch⋅me/#yahoo% [...] https://teletgaom⋅vip/TW/ https://publidata-io⋅jmailroute⋅net/x/d?c=437175 [...] https://www⋅anrdoezrs⋅net/links/7179331/type/dlg [...] https://teleguram⋅vip/ https://telegham⋅vip/TW/ Source: Hybrid Analysis Top malicious files 213⋅exe PalmInput_Setup⋅exe LPR_ALL_050300_2_301396⋅exe A2028041200SD⋅exe Pinball⋅exe ComodoRemoteControl⋅exe WifiInfoView⋅exe UDCC Launcher⋅exe nosstarter⋅npe ringman⋅exe Security Rabbits | Copyright © 2024 Flo BI. All rights reserved.