Cybersecurity
Novel attack on Windows spotted in phishing campaign run from and targeting China
Resources hosted at Tencent Cloud involved in Cobalt Strike campaign Chinese web champ Tencent's cloud is being used by unknown attackers as part of a phishing campaign that aims to achieve persistent network access at Chinese entities.…
Check your IP cameras: There’s a new Mirai botnet on the rise
Also, US offering $2.5M for Belarusian hacker, Backpage kingpins jailed, additional MOVEit victims, and more in brief A series of IP cameras still used all over the world, despite being well past their end of life, have been exploited to create a new Mirai botnet. …
RansomHub hits 210 victims in just 6 months
The ransomware gang recruits high-profile affiliates from LockBit and ALPHV As RansomHub continues to scoop up top talent from the fallen LockBit and ALPHV operations while accruing a smorgasbord of victims, security and law enforcement agencies in the US feel it's time to issue an official warning about…
Green Berets storm building after hacking its Wi-Fi
Relax, it's just a drill. This time at least. US Army Special Forces, aka the Green Berets, have been demonstrating their hacking chops in the recent Swift Response 24 military exercises in May, the military has now confirmed.…
Tired of airport security queues? SQL inject yourself into the cockpit, claim researchers
Infosec hounds say they spotted vulnerability during routine travel in the US Updated Cybersecurity researchers say they've found a vulnerability that allowed them to skip US airport security checks and even fly in the cockpit on some scheduled flights.…
Iran hunts down double agents with fake recruiting sites, Mandiant reckons
Farsi-language posts target possibly-pro-Israel individuals Government-backed Iranian actors allegedly set up dozens of fake recruiting websites and social media accounts to hunt down double agents and dissidents suspected of collaborating with the nation’s enemies, including Israel.…
US indicts duo over alleged Swatting spree that targeted elected officials
Apparently made over 100 fake crime reports and bomb threats The US government has indicted two men for allegedly reporting almost 120 fake emergencies or crimes in the hope of provoking action by armed law enforcement agencies.…
What a coincidence. Spyware makers, Russia’s Cozy Bear seem to share same exploits
Google researchers note similarities, can't find smoking-gun link Google's Threat Analysis Group (TAG) has spotted an interesting pattern: A Kremlin-linked cyber-espionage crew and commercial spyware makers exploiting specific security vulnerabilities in pretty much the same way.…
Feds claim sinister sysadmin locked up thousands of Windows workstations, demanded ransom
Sordid search history 'evidence' in case that could see him spend 35 years for extortion and wire fraud A former infrastructure engineer who allegedly locked IT department colleagues out of their employer's systems, then threatened to shut down servers unless paid a ransom, has been arrested and charged…
Rock Chrome hard enough and get paid half a million
Google revises Chrome Vulnerability Rewards Program with higher payouts for bug hunters Google's Chrome Vulnerability Rewards Program (VRP) is now significantly more rewarding – with a top payout that's at least twice as substantial.…