Cops in Ukraine Carry Out Raids, Arrest Suspect Connected to One of 'World's Largest Phishing Services'
Cyberpunk 2077 maker CD Projekt Red hit with ransomware attacks and vows not to pay, popular Barcode Scanner app turns into malware, Iran's APT-50 is surveilling 1,200 dissidents with spyware, more
Check out our special report from today on the disturbing hacker intrusion of a water treatment plant and the subsequent foiled poisoning of a small Florida town’s water supply. And please think of subscribing to gain access to our archives and premium-only content - monthly costs are only $5 per month, and with enough subscribers, we can deliver even more and better content.
Working with the FBI and authorities in Australia, police in Ukraine arrested one person and carried out raids last week in connection with the author of a U-Admin, a software package used to administer what’s being called “one of the world’s largest phishing services.”
The main arrested is from the Ternopil region and purportedly developed a phishing package and special administrative panel for the product responsible for 50% of phishing attacks in Australia. (Brian Krebs / Krebs on Security)
CD Projekt Red, the maker of the popular video game Cyberpunk 2077, has been hit with a ransomware attack and says it will refuse to negotiate with the hackers.
The hackers claim to have copied code from Cyberpunk 2077, Gwent, and Witcher 3, including an unreleased version of the latter. “We have also dumped all of your documents relating to accounting, administration legal, HR, investor relations, and more!” the hacker’s ransomware note added. (Joe Tidy / BBC News)
Researchers at Malwarebytes say the Barcode Scanner app, made by LavaBird LTD, that appeared in the Google Play store for years and had been downloaded more than ten million times, became malware that served up ad pages without direct action by device owners.
The app was more than adware, however, with code added to layer on heavy obfuscation. (Joe Warminsky / Cyberscoop)
Related: Reddit - cybersecurity, SlashGear, ibtimes.sg: Top News, The Register, Malwarebytes, Dark Reading, Dark Reading, Android Police, Blogs | Zscaler, Blogs | Zscaler, Gizmodo, Bleeping Computer, HotHardware.com, HackRead, Ars Technica, Android Central
Researchers at Check Point say that Iranian hacking group Domestic Kitten or APT-50 is running two online surveillance operations targeting 1,200 dissidents in Iran and twelve other countries.
The group uses novel techniques to install spyware on the targets’ phones, with 600 of the targeted individuals actively infected with the malware. (Gordon Corera / BBC News)
A new phishing campaign includes the novel obfuscation technique of using Morse code to hide malicious URLs in an email attachment.
WordPress security company Wordfence said a patch was issued for a cross-site request forgery flaw in the NextGen Gallery WordPress plugin.
The plugin, which is installed on 800,000 WordPress websites, allows sites to upload photos in batch quantities, import metadata, and edit image thumbnails. (Lindsey O’Donnell / Threatpost)
Researchers at ESET report that there has been 768% growth in Remote Desktop Protocol (RDP) attacks over the course of 2020, given the rise of RDP use in work from home arrangements.
Sometimes the RDP has been misconfigured, which makes the attackers’ jobs easier. (Danny Palmer / ZDNet)
Personal information from patients and employees of Leon Medical Centers, which runs eight facilities in Florida, and Nocona General Hospital, which has three facilities in Texas, were exposed after hackers reportedly published tens of thousands of records online.
The compromised information includes patients’ names, addresses and birthdays, medical diagnoses and letters to insurers, and background checks on hospital staff. (Kevin Collier / NBC News)
Microsoft will add a new security alert to Microsoft Defender's dashboard for Office 365 to alert companies when nation-state actors have targeted their employees.
The feature was added to the Microsoft 365 roadmap website. (Catalin Cimpanu / ZDNet)
Google has launched the Open Source Vulnerabilities (OSV) website that provides access to a vulnerability database on open-source projects and help maintainers and consumers of open source projects.
The OSV aims to address issues around the triage of newly discovered bugs via automation. (Liam Tung / ZDNet)