Welcome to the 11 new members from the last 30 days! This newsletter now has 1,602 subscribers.

Partners and Affiliates

🔐 NordVPN Christmas Campaign (Dec 10 - Jan 8) - Save up to 74% + 3 Extra Months!

GET THE DEAL

Breaches & Security Incidents

8 US telcos compromised, FBI advises Americans to use encrypted communications

🇬🇧 BT Group shut down some servers in its Conferencing division after a ransomware breach by the Black Basta gang. They claim that while no live services were affected, the hackers stole 500GB of data, including sensitive information. BT is investigating the incident and working with law enforcement.

🇬🇧 🏥 Ransomware hackers have targeted NHS hospitals in the UK, compromising sensitive patient data and disrupting services. The Inc Ransom group claims to have stolen records from Alder Hey Children’s Hospital, affecting data from multiple hospitals. Another hospital, Wirral University Teaching Hospital, has also declared a major incident due to a separate cyberattack, causing ongoing service disruptions.

🇺🇸 🇷🇺 Stoli Group's U.S. companies have filed for bankruptcy after a ransomware attack in August disrupted their IT systems. The attack forced manual operations and affected financial reporting, leading to claims of default on a $78 million debt. Additionally, Russian authorities seized the company's distilleries, further complicating their situation.

🇮🇹 🔓 Bologna FC has confirmed a ransomware attack by the RansomHub group, which leaked stolen data online. The club warns that possessing or sharing this data is a serious crime. The leaked information includes personal data of players, financial records, and confidential contracts.

🔊 Interested in Reaching a Cybersecurity Audience?

Amplify your brand’s presence by sponsoring the InfoSec MASHUP newsletter!

Reach dedicated readers in the cybersecurity field with each issue! Contact us to explore sponsorship opportunities.

Cybercrime, Cyber Espionage, APT’s

🇬🇧 🇷🇺 The UK’s National Crime Agency disrupted two Russian money laundering networks linked to ransomware gangs through an operation called "Operation Destabilise". This investigation resulted in the arrest of 84 suspects involved in laundering millions in cryptocurrency for criminal activities. The operation revealed connections between Russian cyber criminals and drug gangs, helping to expose previously hidden money laundering networks.

🇪🇺 Europol has shut down Manson Market, a major online fraud marketplace, and seized over 50 servers linked to the operation. Two suspects were arrested, and over 200 terabytes of evidence were collected. The marketplace facilitated the sale of stolen data, helping criminals conduct targeted fraud.

🇷🇺 A Russian cyber-espionage group called Turla has been caught using the infrastructure of a Pakistani hacking group for spying activities. This marks the fourth time since 2019 that Turla has infiltrated another group's operations to gather intelligence. Both Microsoft and Lumen are working to track and stop Turla's activities, which target government and military networks in countries like India and Afghanistan.

🇨🇳 👀 A joint advisory from Australia, Canada, New Zealand, and the U.S. warns of cyber espionage by Chinese-affiliated hackers targeting telecommunications networks. The group, known as Salt Typhoon, has been active since at least 2020 and remains inside U.S. networks, despite investigations. Agencies recommend security measures to protect against these intrusions and mitigate risks.

🇩🇪 Germany has shut down the largest online cybercrime marketplace called "Crimenetwork" and arrested its 29-year-old administrator, known as "Techmin." The site facilitated the sale of drugs, stolen data, and illegal services, with over 100,000 users and 100 registered sellers at the time of its closure. Law enforcement has also secured user data, which may lead to more arrests in the future.

🇫🇷 🇳🇱 Authorities have shut down MATRIX, an encrypted messaging service used by criminals, through a joint operation involving Dutch and French law enforcement. Over three months, they intercepted more than 2.3 million messages linked to serious crimes like drug trafficking and money laundering. This operation highlights the importance of international cooperation in tackling organized crime.

🇹🇭 🇷🇺 Kimsuky, the North Korean hacker group, is using Russian email addresses to conduct phishing attacks aimed at stealing credentials. They send emails that appear to be from trusted sources, like financial institutions and cloud services, to trick users into clicking malicious links. These tactics have evolved over time, showcasing Kimsuky's skill in social engineering and evading security measures.

U.S. Offered $10M for Hacker Just Arrested by Russia

🇷🇺 ⚖️ Russian authorities have charged hacker Mikhail Matveev, also known as Wazawaka, for creating malware that extorts businesses. Matveev, linked to several ransomware groups, could face up to four years in prison or a fine if convicted. This case is notable as Russia has historically been reluctant to prosecute cybercriminals within its borders.

🌍 ⚖️ INTERPOL's recent global crackdown led to the arrest of over 5,500 individuals involved in cybercrime and the seizure of more than $400 million in assets — Authorities from 40 countries participated in this operation, which targeted scams like voice phishing and cryptocurrency fraud. The operation highlights the importance of international cooperation in combating cybercrime.

Government, Politics, and Privacy

🇷🇴 🗳️ Romania's election system faced over 85,000 cyberattacks, with some credentials for election websites leaked on a Russian hacker forum. The attacks, believed to be from a state actor, aimed to compromise election infrastructure and alter public information. Additionally, an influence campaign involved TikTok influencers promoting a presidential candidate, raising concerns about foreign interference in Romania's elections.

👀 📲 A new $1 phone scanner by iVerify found seven infections of the Pegasus spyware in a recent analysis of 2,500 devices — The spyware, typically associated with targeted attacks on journalists and activists, was also found in business leaders and government officials. This suggests that the malware is being used more broadly than previously thought.

New Android spyware found on phone seized by Russian FSB

🇷🇺 👀 The FSB secretly installed spyware on the phone of a Russian programmer accused of supporting Ukraine after his detention. The spyware can track location, record calls, and access messages from encrypted apps.

🇺🇸 The FTC has banned data brokers Mobilewalla and Gravy Analytics from selling sensitive location data about Americans. This data included information on visits to places like churches and healthcare facilities. The companies must erase all collected location data and cannot use it in any future products or services.

🇵🇱 👀 Poland's former spy chief, Piotr Pogonowski, was arrested for failing to testify in an investigation into the misuse of Pegasus spyware by the previous government. The current government is looking into allegations that the previous administration abused this technology against critics. A 2023 Senate report found the use of Pegasus in Poland to be unlawful.

Partners and Affiliates

🌐 Stay connected and secure on the go with Airalo's global eSIMs — Use the code NEWTOAIRALO15 if you’re new to Airalo to get an additional 15% discount.

Malware & Threats

🦠 💸 Cybercriminals are using fake video conferencing apps, called "Meeten," to target Web3 professionals and steal their cryptocurrency. The malware can infect both Windows and Mac computers, collecting sensitive information like banking details and browser credentials. Victims are often tricked into downloading the malware through social engineering tactics and phishing schemes.

🦠 🇪🇺 A new Android malware called 'DroidBot' targets over 77 banking and cryptocurrency apps in several European countries. It operates as a malware-as-a-service, allowing cybercriminals to customize their attacks for $3,000 a month. Users are advised to only download apps from Google Play and be cautious with app permissions to avoid infection.

🦠 Researchers have found a backdoor in the popular Solana @web3.js npm library that allows attackers to steal users' private keys, leading to potential cryptocurrency theft. The malicious versions, 1.95.6 and 1.95.7, have been removed from the npm registry, and users are urged to update to the latest version. This incident highlights ongoing risks in the open-source ecosystem, where compromised packages can threaten developers and organizations alike.

🦠 📲 A new report revealed that 15 malicious SpyLoan apps were found on Google Play, accumulating over 8 million downloads, mainly targeting users in South America, Southeast Asia, and Africa. These apps pose as financial tools but trick users into sharing sensitive information and then harass them for high-interest payments. Despite their removal, the persistence of such threats highlights ongoing security challenges in app stores.

AI, Crypto, Tech & Tools

🤖 🧠 New attacks against large language models (LLMs), called "Flowbreaking," can lead them to provide harmful information, including self-harm instructions. Two examples of these attacks, "Second Thoughts" and "Stop and Roll," exploit weaknesses in the system’s architecture and guardrails. This highlights the need for better understanding and improvement of LLM safety measures in real-world applications.

🔓 A recent report reveals that 70% of open-source components are poorly maintained or no longer updated, posing significant security risks — Many contributions come from anonymous sources, making it hard to assess their reliability and safety. As vital industries increasingly rely on open-source software, organizations must enhance their security measures to protect against vulnerabilities and geopolitical threats.

🏴‍☠️ A hacking group called Massgrave claims to have found a major way to bypass Microsoft's software licensing for Windows and Office — This new method allows permanent activation of many versions, from Windows Vista to Windows 11, and will be released in the coming months. The hackers state that their solution is effective and does not require complicated installations.

Vulnerabilities, Research, and Threat Intelligence

• CISA Warns of Active Exploitation of Flaws in Zyxel, ProjectSend, and CyberPanel

• Cisco Warns of Exploitation of Decade-Old ASA WebVPN Vulnerability

• Japan warns of IO-Data zero-day router flaws exploited in attacks

• New Windows zero-day exposes NTLM credentials, gets unofficial patch

🎣 Why Phishers Love New TLDs Like .shop, .top and .xyz — Phishing attacks surged by nearly 40% in the past year, especially using new cheap domain endings like .shop and .xyz, which attract scammers due to minimal registration requirements. New generic top-level domains (gTLDs) account for only 11% of new domains but represent 37% of reported cybercrime domains. Additionally, phishers are increasingly using subdomains from services like blogspot.com, making it harder to combat these attacks.

🩹 Veeam has fixed two serious vulnerabilities in the Veeam Service Provider Console that could allow remote attackers to execute code or leak sensitive information. Users are urged to upgrade to the latest version (v8.1.0.21999) to protect their systems, as there are no other mitigation options available. The vulnerabilities affect versions 7 and 8, and were discovered during internal testing, with no known exploitation in the wild.

ICS, OT & IoT