Cops in Ukraine Carry Out Raids, Arrest Suspect Connected to One of 'World's Largest Phishing Services'

Cyberpunk 2077 maker CD Projekt Red hit with ransomware attacks and vows not to pay, popular Barcode Scanner app turns into malware, Iran's APT-50 is surveilling 1,200 dissidents with spyware, more

Check out our special report from today on the disturbing hacker intrusion of a water treatment plant and the subsequent foiled poisoning of a small Florida town’s water supply. And please think of subscribing to gain access to our archives and premium-only content - monthly costs are only $5 per month, and with enough subscribers, we can deliver even more and better content.

Working with the FBI and authorities in Australia, police in Ukraine arrested one person and carried out raids last week in connection with the author of a U-Admin, a software package used to administer what’s being called “one of the world’s largest phishing services.”

The main arrested is from the Ternopil region and purportedly developed a phishing package and special administrative panel for the product responsible for 50% of phishing attacks in Australia. (Brian Krebs / Krebs on Security)

Related: ZDNet, The Hacker News

CD Projekt Red, the maker of the popular video game Cyberpunk 2077, has been hit with a ransomware attack and says it will refuse to negotiate with the hackers.

The hackers claim to have copied code from Cyberpunk 2077, Gwent, and Witcher 3, including an unreleased version of the latter. “We have also dumped all of your documents relating to accounting, administration legal, HR, investor relations, and more!” the hacker’s ransomware note added. (Joe Tidy / BBC News)

Related: VentureBeatGuru3D.comEngadget, Bleeping Computer, The Verge, ZDNet

Researchers at Malwarebytes say the Barcode Scanner app, made by LavaBird LTD, that appeared in the Google Play store for years and had been downloaded more than ten million times, became malware that served up ad pages without direct action by device owners.

The app was more than adware, however, with code added to layer on heavy obfuscation. (Joe Warminsky / Cyberscoop)

Related: Reddit - Top NewsThe Register, Malwarebytes, Dark ReadingDark ReadingAndroid PoliceBlogs | ZscalerBlogs | ZscalerGizmodoBleeping ComputerHotHardware.comHackReadArs Technica, Android Central

Follow Us on Twitter

Researchers at Check Point say that Iranian hacking group Domestic Kitten or APT-50 is running two online surveillance operations targeting 1,200 dissidents in Iran and twelve other countries.

The group uses novel techniques to install spyware on the targets’ phones, with 600 of the targeted individuals actively infected with the malware. (Gordon Corera / BBC News)

Related: Check Point ResearchZDNetSecurity AffairsIran InternationalSecurity AffairsExploit OneSecurityWeekArab NewsSlashdot, The Hacker News, Cyberscoop, Checkpoint

A new phishing campaign includes the novel obfuscation technique of using Morse code to hide malicious URLs in an email attachment.

A phishing email sent as part of this campaign includes JavaScript that maps letters and numbers to Morse code.  (Lawrence Abrams / Bleeping Computer)

Related: TechradarIT ProSecurity AffairsReddit

WordPress security company Wordfence said a patch was issued for a cross-site request forgery flaw in the NextGen Gallery WordPress plugin.

The plugin, which is installed on 800,000 WordPress websites, allows sites to upload photos in batch quantities, import metadata, and edit image thumbnails. (Lindsey O’Donnell / Threatpost)

Related: Bleeping ComputerBlog – Wordfence

Researchers at ESET report that there has been 768% growth in Remote Desktop Protocol (RDP) attacks over the course of 2020, given the rise of RDP use in work from home arrangements.

Sometimes the RDP has been misconfigured, which makes the attackers’ jobs easier. (Danny Palmer / ZDNet)

Related:, We Live Security

Get 50% off for 1 year

Personal information from patients and employees of Leon Medical Centers, which runs eight facilities in Florida, and Nocona General Hospital, which has three facilities in Texas, were exposed after hackers reportedly published tens of thousands of records online.

The compromised information includes patients’ names, addresses and birthdays, medical diagnoses and letters to insurers, and background checks on hospital staff. (Kevin Collier / NBC News)

Related: CISO MAGCybereason BlogteissInfosecurity MagazineSC Magazine

Microsoft will add a new security alert to Microsoft Defender's dashboard for Office 365 to alert companies when nation-state actors have targeted their employees.

The feature was added to the Microsoft 365 roadmap website. (Catalin Cimpanu / ZDNet)

Related: TechTarget, Slashdot

Google has launched the Open Source Vulnerabilities (OSV) website that provides access to a vulnerability database on open-source projects and help maintainers and consumers of open source projects.

The OSV aims to address issues around the triage of newly discovered bugs via automation. (Liam Tung / ZDNet)

Related: SecurityWeekHelp Net Security

Photo by Eugene Chystiakov on Unsplash