Newsletters

Russian authorities have allegedly arrested a member of the Trickbot cybercrime gang in Moscow this week.

According to a report from Russian news channel Baza, authorities have detained a 37-year-old man named Fedor Andreev on the morning of July 15 in a house in South Moscow.

Andreev was allegedly detained based on an Interpol red notice issued by Germany in May.

Western cyber security agencies are co-authoring reports with an increasing number of overseas agencies into Chinese cyber activity. And China doesn't seem to like it. 

The Australian Signals Directorate last week issued an advisory co-authored with German, Korean and Japanese intelligence, cyber security and law enforcement agencies, as well as the standard Five Eyes agencies that regularly contribute to advisories.

The advisory documented two successful compromises of Australian organisations and resulting investigations by the Australian Cyber Security Centre (ACSC). 

A Russian cybercrime group named Konfety has orchestrated a massive ad fraud operation that found and utilized a novel way to disguise its malicious apps and ad traffic.

The group's operations were discovered by researchers from HUMAN Security, a company specialized in detecting bot attacks and advertising fraud.

HUMAN says the Konfety group operates out of Russia and poses as an ad network company behind an advertising SDK named CaramelAds.

At least four cryptocurrency platforms hosting their domains on Squarespace have been hit by DNS hijacks over the past week.

The Celer Network, Compound Finance, Pendle Finance, and Unstoppable Domains reported losing control over their official websites on Thursday and Friday last week.

The hijackers pointed the domains to malicious servers hosting wallet-draining phishing kits.

Apple has sent this week a new batch of notifications about possible infections with mercenary spyware to iPhone users across 98 countries.

This was the company's second wave of notifications it sent this year after a first round back in April.

The new "mercenary spyware" notifications are Apple's older "state-sponsored attacks" alerts the company was sending in previous years.

The US Department of Justice has taken down a Twitter botnet operated by Russian news organization RT that was used to spread Kremlin propaganda on a large scale across Europe and the US.

According to court documents, the botnet consisted of at least 968 accounts and was operated by an editor-in-chief from RT's Moscow headquarters.

The botnet was established in early 2022, shortly after Russia's invasion of Ukraine, and its main role was to spread disinformation and favorable Russian narratives about the war.

For the past two weeks, a ransomware attack has been wreaking havoc among healthcare services and putting lives at risk across South Africa.

The incident took place on June 22 and hit the National Health Laboratory Service (NHLS), a South African government organization that does lab work for the country's hospitals.

The attack and subsequent IT outage crippled 265 NHLS laboratories and their ability to process blood work. According to a report from the Cape Independent, the labs are behind on over 6.3 million blood tests. The lack of proper blood work is delaying accurate diagnostics and has postponed operations, putting countless patient lives at risk.

A whitepaper published last year by academics from the University of Minnesota's medical school has looked at the aftermath of ransomware attacks on US hospitals and found evidence to suggest that mortality rates typically increase by around 20%.

The study looked at hospital admissions before, during, and after a ransomware attack, at the hospital's profits, and reported patient deaths.

Researchers said the most affected category were patients who were already hospitalized at the time of the ransomware attack, compared to patients who were admitted after, where hospital staff could adjust procedures to take into account for unavailable IT systems.

KT, formerly Korea Telecom, has been accused of deliberately infecting 600,000 of its own customers with malware to reduce peer-to-peer file sharing traffic. This is a bizarre hack and a great case study of how government regulation has distorted the South Korean internet.  

South Korean media outlet JTBC reported last month that KT had infected customers who were using Korean cloud data storage services known as 'webhards' (web hard drives). The malware disabled the webhard software, resulted in files disappearing and sometimes caused computers to crash.  

JTBC news says the  team involved "consisted of a 'malware development' section, a 'distribution and operation' section, and a 'wiretapping' section that looked at data sent and received by KT users in real time". Thirteen KT employees and contractors have been referred by the police for prosecution. 

There's an unauthenticated remote code execution vulnerability in OpenSSH. We're all gonna d... Nah, I'm kidding! It's actually not as bad as that combination of words makes it seem.

The vulnerability was discovered and disclosed on Monday by security firm Qualys. It is tracked as CVE-2024-6387 and is also known under the name of regreSSHion.

It impacts all OpenSSH versions released since October 2020.