-QiAnXin claims to find new North American APT
-SEC and SolarWinds seek settlement
-C&M hack linked to malicious insider who sold his credentials
-Luis Vuitton discloses breach
-Ingram Micro deals with ransomware attack
-Idealab breach
-Indiana University hack
-Win 11 finally overtakes Win 10
-Taiwan warns against Chinese mobile apps
-Australia introduces age verification for search engines
-EU to send cyber reserve to Moldova
Newsletter: news.risky.biz/risky-bulletin-…
Podcast: risky.biz/RBNEWS447/
Chinese researchers claim to find new North American APT
In other news: SEC and SolarWinds seek settlement; C&M hack linked to malicious insider; Luis Vuitton discloses breach.Catalin Cimpanu (Risky.Biz)
reshared this
A hacker has stolen customer data from the South Korean branch of luxury fashion house Louis Vuitton.
Hackers also breached the South Korean units of Christian Dior and Tiffany's in May.
Is this the DPRK looking for wealthy South Koreans?
reshared this
The US Securities and Exchange Commission and software maker SolarWinds are seeking a settlement to end an ongoing investigation over SolarWinds' 2020 supply chain hack
reshared this
The EU is working to send a "cyber reserve" to help Moldova ahead of its parliamentary elections in September
politico.eu/article/eu-moldova…
EU comes to Moldova’s defense against Russian hacking
Europe is working to send a “cyber reserve” to help Chișinău ahead of elections in September.Antoaneta Roussi (POLITICO)
reshared this
HPE settled an antitrust lawsuit with the DOJ and will close its acquisition of Juniper Networks announced last year
reshared this
Australia will introduce mandatory age verification checks for search engine users by the end of the year
reshared this
New Hpingbot botnet spotted
-written in Go
-used for DDoS attacks
-abuses hping3 tool to launch the attacks
-unique codebase, not Mirai or Gafgyt clone
nsfocusglobal.com/hpingbot-a-n…
Hpingbot: A New Botnet Family Based on Pastebin Payload Delivery Chain and Hping3 DDoS Module - NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks.
Overview In June 2025, NSFOCUS Fuying Lab Global Threat Hunting System detected that a new botnet family developed based on Go language was spreading on a large scale, and continued to iterate versions and develop rapidly.NSFOCUS (NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks.)
reshared this
-Hunters International ransomware shuts down and releases decryption keys
-FBI investigates ransomware negotiator
-Spain arrests government hackers
-Hackers steal $185mil from Brazilian banks
-Qantas Airlines hacked
-Data from Catwatchful spyware app leaks
-Ransomware hits child charity org
-CoD WW2 has an RCE
-Let's Encrypt issues certs for IP addresses
-Google loses California Android data transfer lawsuits
Podcast: risky.biz/RBNEWS446/
Newsletter: news.risky.biz/risky-bulletin-…
Hunters International ransomware shuts down and releases decryption keys
In other news: FBI investigates ransomware negotiator; Spain arrests government hackers; hackers steal $185 million from Brazilian financial institutions.Catalin Cimpanu (Risky.Biz)
reshared this
-Russia will build a database of telephone scammers
-CBP is looking for phone data analysis gear
-Spain detains investment scam group
-Russian man sentenced to 16y in prison for DDoS attacks
-DDoSer extradited to the Netherlands
-FBI warns of ramp-and-dump scams
-Cyber scam compounds spread to other continents
-Vercel's v0 AI tool abused for phishing
-ELUSIVE COMET linked to Aureon Capital
-Malicious OpenVSX extension had 200,000 downloads
-Two new pro-Kremlin hacktivist groups
-Keymous+ behind 700 DDoS attacks this year
-Qwizzserial Android malware targets Uzbekistan
-Salt Typhoon largely contained, per FBI
-Iranian APTs provides tools to hacktivists
-Profile on Iran's secretive Intelligence Group 13
-Gamaredon basically stops targeting everything for Ukraine
-Cisco removes hardcoded SSH root creds
-Anthropic RCE vulnerability
-Videos from BSides Athens, ContinuumCon, CERIAS
DomainTools looks at Iran's Intelligence Group 13, "one of the most operationally aggressive and ideologically fortified units within the Islamic Revolutionary Guard Corps (IRGC) cyber arsenal"
dti.domaintools.com/irans-inte…
Iran's Intelligence Group 13 - DomainTools Investigations | DTI
Intelligence Group 13, embedded within the Shahid Kaveh Cyber Group, represents one of the most operationally aggressive and ideologically fortified units within the Islamic Revolutionary Guard Corps (IRGC) cyber arsenal.DomainTools Investigations | DTI
reshared this
On July 30, Huawei will open-source Cangjie, a new programming language based on and designed to rival Java and Swift, and allow Chinese developers to create mobile apps for its HarmonyOS
scmp.com/tech/big-tech/article…
Huawei to open-source self-developed programming language Cangjie to rival Java and Swift
The language supports general programming for apps on HarmonyOS Next, Huawei’s self-developed platform.Ann Cao (South China Morning Post)
reshared this
Security researchers have discovered a new Android malware named Qwizzserial that was specifically built to collect a list of financial apps and intercept SMS messages.
The malware infected 100k users, with most in Uzbekistan, where SMS is still the main 2FA method
reshared this
The FBI claims to have "largely contained" Salt Typhoon and that the agency is now focused on supporting victims and evicting the hackers.
An "imposing costs" phase is in the works.
cyberscoop.com/top-fbi-cyber-o…
Top FBI cyber official: Salt Typhoon ‘largely contained’ in telecom networks
Brett Leatherman told CyberScoop in an interview that while the group still poses a threat, the bureau is focused on resilience and victim support, and going on offense could be in the future.Tim Starks (CyberScoop)
reshared this
The Clothoff AI nudify app left a database exposed online that leaked the identities of its four founders, men from Russia and Ukraine, and a man and woman from Belarus
spiegel.de/international/zeitg…
Using AI to Humiliate Women: The Men Behind Deepfake Pornography
AI-generated naked images of real women is the business model behind Clothoff, a dubious "nudify" app that has millions of visitors. Now, a whistleblower has provided details of just how cynical the site's operators are.Max Hoppenstedt (DER SPIEGEL)
reshared this
Okta says threat actors are using Vercel's v0 AI tool to build phishing sites
reshared this
Per a new Interpol report, cyber scam compounds expanded to West Africa, the Middle East, and LATAM
reshared this
@jwarminsky Some of these press releases go out with the date at which they were drafted.
My website scanner also didn't have this on July 1, my last scan
Hunters International ransomware shuts down operation and releases free decryption keys
Via 3xp0rt: x.com/3xp0rtblog/status/194069…
reshared this
@christopherkunz Yeah, I know... I just find the pivot confusing and diametric from their regular "business".
Why grow a conscience all of a sudden? 😀
But I guess it's all good news though, perhaps some affected organizations will now have an opportunity to restore (possibly) some data...
Yeah, you think? It's just a trick and they will still stick around?
I always thought it was a matter of time before one or more groups would divest their ransomware business and focus on data leak instead.
I remember seeing that Russian Market experimented with "Fullz" for a short while. Selling access to complete identities.
I believe that wasn't the last time we would see this sort of "business" service. I'm expecting ransomware groups to better leverage the stolen data they have managed to acquire.
Leaks is not as threatening anymore. But digging into financial statements and related details is. Digging into juicy personal details or customer related ... is.
Specializing in parsing, indexing and categorizing stolen data ... it's something I still believe we'll see. Hunters International were "decent" in this regard and made the stolen data a little bit easier to explore, but... perhaps the "World Leaks" is their entry and first step towards this new sort of business venture.
@christopherkunz @nopatience Yes, most want that image.
You want to be known as the gang who gives discounts, deletes data, and delivers working decrypters.
You 100% don't want to be the group that demands high ransoms, sells data behind your back, and has faulty decrypters meaning you paid for nothing.
I don't think this pivot is a particularly smart business move, but on the other hand, I'm not a ransomware dude.
📉 Business model pivot in underground economy
📉 Business model pivot in underground economy The ransomware group "Hunters" has just announced that they are stepping away from the classical ransomware business model of encrypting data and then charging a "decryption fee".Christopher Kunz (www.linkedin.com)
@christopherkunz @nopatience it's just a basic "ransomware rebrand"
They're still doing encryption
From a May Lexfo report: blog.lexfo.fr/world-leaks-an-e…
World Leaks: An Extortion Platform
blog.lexfo.frThis article provides an analysis of World Leaks, a new extortion platform that emerged in early 2025, detailing its origins, operational challenges, and collaborations with other threat actors.
Spanish police arrested two individuals in the Canary Islands who hacked government networks and sold the data online.
Officials say the suspects sold the personal data and credentials of government officials, politicians, and journalists.
policia.es/_es/comunicacion_pr…
Detalle nota de prensa. Policía Nacional España.
WEB OFICIAL DE LA DIRECCIÓN GENERAL DE LA POLICÍA -ESPAÑA- SPAIN-policia.es
reshared this
A hacktivist group named Keymous+ has launched over 700 DDoS attacks this year against random targets across the world.
Security firm Radware says the hacktivist activity appears to be a marketing persona for a DDoS-for-hire service named EliteStress.
reshared this
Koi Security found 40+ malicious Firefox extensions on the official add-on store that mimicked crypto wallets and stole login creds
Do you remember when all Firefox add-ons were scanned before even touching the add-on store?
Pepperidge Farm remembers!
blog.koi.security/foxywallet-4…
FoxyWallet: 40+ Malicious Firefox Extensions Exposed
A large-scale malicious campaign has been uncovered involving dozens of fake Firefox extensions designed to steal cryptocurrency wallet credentials. These extensions impersonate legitimate wallet…Yuval Ronen (Koi Security)
reshared this
SecureAnnex found a malicious extension on the OpenVSX marketplace for VSCode extensions that was mostly malicious but nobody bothered to check its source.... and 200,000 installed it!
We love web devs!
reshared this
Talks from the Purdue CERIAS 2025 Cybersecurity Symposium, which took place at the start of April, are available on YouTube
reshared this
The FBI is investigating a former ransomware negotiator on suspicion of having taken cuts from ransom payments
Report claims the employee worked for Chicago-based security firm DigitalMint
reshared this
jbz reshared this.
-US sanctions another Russian bulletproof hoster
-ICC discloses security breach
-US dismantles 29 DPRK laptop farms
-Chinese student gets jailed in UK for SMS blasting in London
-Hackers threaten to sell stolen Trump emails
-Apple adds PQC support
-Ubuntu disables GPU Spectre protections
-Cloudflare blocks AI crawlers
-AT&T adds Wireless Account Lock
-MSFT adds spam-bomb protection
-Windows loses 400 million users
Podcast: risky.biz/RBNEWS445/
Newsletter: news.risky.biz/risky-bulletin-…
US sanctions another Russian bulletproof hosting provider
In other news: The ICC discloses security breach; US dismantles 29 DPRK laptop farms; Chinese student gets jailed in the UK for SMS blasting in London.Catalin Cimpanu (Risky.Biz)
reshared this
-Tinder makes facial scans mandatory in California
-White House builds national citizens database
-US officials need better mobile security guidance
-California bill rolls back privacy protections
-Europol dismantles crypto investment ring
-Pakistani freelancers behind cracking website
-Malware reports on Supper backdoor, StealC, Devman ransomware
Aeza Group sanctioned in the US: home.treasury.gov/news/press-r…
It's the third Russian bulletproof hosting provider to get sanctioned this year
Treasury Sanctions Global Bulletproof Hosting Service Enabling Cybercriminals and Technology Theft
WASHINGTON — Today, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) is designating Aeza Group, a bulletproof hosting (BPH) services provider, for its role in supporting cybercriminal activity targeting victims in the Uni…U.S. Department of the Treasury
reshared this
RCE Security has found major vulnerabilities in the Wind FTP server.
Attackers can bypass authentication on the server's web interface just by appending a NULL byte to the username followed by any random string.
reshared this
"The operators behind the UNC5174 and Houken intrusion sets are likely primarily looking for valuable initial accesses to sell to a state-linked actor seeking insightful intelligence."
reshared this
Security firm Praetorian has open-sourced GitPhish, a tool to automate device code phishing attacks against GitHub users
praetorian.com/blog/gitphish-a…
github.com/praetorian-inc/GitP…
GitPhish: Automating Enterprise GitHub Device Code Phishing | Praetorian
Introducing GitPhish: An open-source tool for automating GitHub Device Code phishing attacks with dynamic code generation and professional landing pages for red teams.Harry Hayward (Praetorian)
reshared this
"Years ago, individuals from India started using others to pose for them during interviews with American companies. [...] the Indians joked that Americans and Europeans couldn't tell one Indian from another, and even if they could, they were too unsure and too embarrassed to ask the question."
linkedin.com/posts/roman-y-san…
Sign Up | LinkedIn
500 million+ members | Manage your professional identity. Build and engage with your professional network. Access knowledge, insights and opportunities.www.linkedin.com
reshared this
Apple is adding post-quantum cryptography support to its operating systems this fall
Will support ML-KEM for TLS connections
Microsoft is also adding the same to Windows 11 (announced in May)
support.apple.com/en-gb/122756
Prepare your network for quantum-secure encryption in TLS – Apple Support (UK)
Find out about quantum-secure encryption in TLS and how to check if your organisation's web servers are ready.Apple Support
reshared this
/sarcasm
So, NSA figured out how to crack this one already?😉
Also - I am paranoid, but that doesn't mean, they are not after me!😆
Qurium linked a Russian web hosting and proxy provider named Biterika to DDoS attacks against two Russian independent media outlets.
The attacks came after the two published a joint investigation on a sprawling network that sold sex with minors to Russian oligarchs.
qurium.org/press-releases/prox…
Proxy provider Biterika connected to state sanctioned research center linked to attack against investigative media
On June 19, Russian independent media outlets IStories and Verstka published a joint investigation detailing how a sprawling network for selling sex with minors was built in Russia and how some of its high-profile clients — such as Russian oligarch a…www.qurium.org
reshared this
A group of Pakistani freelance web developers are behind a network of websites advertising cracked software.
Security firm Intrinsec says the group has built hundreds of websites over the past four years, most likely for a third-party.
reshared this
Catalin Cimpanu reshared this.
The International Criminal Court says it detected and contained a sophisticated cyberattack
reshared this
Il blog #ilfediversofaschifo è tornato on line, ma mi sono posto una domanda: la tua istanza è silenziata dal mio provider?
[AGGIORNAMENTO: sembra che ci sia un problema con TUTTE le istanze Friendica; nessun problema con la maggior parte delle istanze italiane e internazionali. Ho ricevuto un post da @pirati e non mi è andato in spam]
Rieccomi qui, dopo essere stato temporaneamente sospeso probabilmente a causa di un post in cui ricorrevano diverse buzzword che in questo periodo è meglio usare con parsimonia.
Ho notato infatti che il post di @gubi quello di @enzoesco e quello di @blogverso erano finiti nello spam (capito @informapirata?).
Non mi è successo con i post di mastodon.uno, infosec.exchange e mastodon.social
A questo punto chiedo se c’è qualcuno che vuole provare a rispondere a questo post, tanto per provare!Qualcuno può rispondere a questo post?
#GubitosaPiuBelloDiCaparezza
like this
reshared this
Come avere successo su Mastodon e guadagnare soldi con Mastodon: questi sono i 20 consigli segreti di “FediversoFaSchifo”
In tanti mi hanno chiesto insistentemente consigli su come avere un account di successo e siccome sono l’unico in grado di rispondere a questa domanda, ho deciso di scrivere un post che anche l’utente medio di Mastodon è in grado di capire.
Mi hanno chiesto anche si spiegare come avere successo con un account Misskey, ma purtroppo non sono esperto di fumetti pedopornografici giapponesi, quindi no, non saprei esservi d’aiuto. Se usate Friendica invece ho il consiglio giusto: passate a Mastodon.
Ecco invece i 20 consigli segreti e sperimentati che devi seguire per avere successo su Mastodon con il tuo account Mastodon
Come avere successo su Mastodon:
- curare la descrizione del profilo: anche se tutti sanno che non esistono donne su Mastodon, presentati possibilmente come una donna giovane e con la passione per qualche sport. Aggiungi un gatto o un cane nella foto, ma niente figli. Ricorda a tutti della tua neurodivergenza: sarà un’ottimo argomento di conversazione: fatto questo, scrivi un post lecchino e pieno di piaggeria e lodi verso gli amministratori così loro te lo ricondivideranno e ti risponderanno e questo crea engagement
- scrivere un post vittimista contro GAFAM e Twitter/Facebook a favore di Mastodon. Se raggiunge almeno 10 condivisioni, fissalo in cima alla tua timeline
- se hai fatto una donazione, scrivilo, fornisci motivazioni ideologiche e ringrazia gli amministratori: loro ricondivideranno il tuo profilo e tu avrai visibilità; meglio ancora se aggiungi che hai fatto una donazione malgrado i tuoi problemi economici (lacrimuccia)
- non parlare mai della morte dei tuoi cari/amici/animali, ma limiti a parlare della loro malattia; come sanno bene i venditori di rimedi miracolosi, la malattia crea coinvolgimento, la morte no.
- parlare malissimo della destra, perché sta sul cazzo a tutti in maniera indistinta, ma ATTENZIONE: non parlare mai bene della sinistra, perché anche la sinistra sta sul cazzo a tutti, ma a ognuno in modo diverso (semicit)
- scopiazza le notizie dall’estero e traducile come viene: @informapirata non ha mai fatto nient’altro e lui ha 7000 follower, mentre io ce ne ho 355 e ne ho guadagnato 200 quando ho tradotto un post dall’inglese
- se hai deciso di essere una donna, prendi posizioni antifemministe: i maschietti adorano le donne maschiliste
- parlare male di mastodon uno per raccogliere le reazioni dei disagiati, ma ATTENZIONE: fallo solo se non sei iscritto a mastodon uno, altrimenti sarai bannato senza alcuna pietà
- se sei stato bannato senza pietà da mastodon uno, non preoccuparti: iscriviti su sociale network, menziona @gubi e lamentati del fatto che sei stato bannato. Aggiungi dettagli raccapriccianti anche se inventati (esempio: “ho parlato contro la strage di Gaza e mi hanno bannato per antisemitismo”; “ho problemi economici e mi hanno bannato perché non ho fatto donazioni”; “ho detto che non mi piacciono i nudi e mi hanno inviato un cazzo in PVT, ed era pure piccolo”, etc), tanto l’amministratore di sociale network li prenderà comunque per buoni e ricondividerà i tuoi messaggi
- se sei stato bannato da Mastodon uno e ora sei in un’istanza sfigata come bida, puntarella, devianze e poliversity, partecipa attivamente alle discussioni su #chiesebrutte, cose di #taglioecucito, #cucinaveg e musica rinascimentale suonata con strumenti improbabili e temperamenti molesti per l’orecchio umano. E ricordati di parlare male di mastodon uno perché tanto queste sono le uniche cose che ti daranno gratificazione
- se ti trovi su livellosegreto, usa almeno degli avvisi di contenuto intriganti: tanto devi mettere il content warning ogni volta che non parli di videogiochi
- pubblicare meme che sembrano da nerd, possibilmente riciclati da Reddit
- mostrare ogni tanto qualche foto del culo o della scollatura: Mastodon è sessualmente represso e per i suoi utenti ogni centimetro di pelle è un raggio di sole e una scarica di noradrenalina
- non seguire i VIP perché non sono simpatici: @quinta quasi sicuramente ti odia perché sei un comunista di merda, @marcocappato non ti darà neanche un passaggio, @giuliocavalli non ti si inculerà neanche con un wurstel, @phastidio è stronzo qui come su twitter e @smaurizi è sempre di cattivo umore: e no, neanche @sio su Mastodon è veramente simpatico e se gli scrivi non ti si caga di pezza. Ok @ildisinformatico è un’eccezione, ma solo perché non è italiano
- seguire solo persone attive nelle ultime 24 ore; e se non vi seguono a loro volta mandatele affanculo perché vuol dire che non vi si cagheranno mai
- rispondere solo alle persone che di solito rispondono; e se non vi rispondono mandatele affanculo perché vuol dire che non vi si cagheranno mai
- menzionare solo le persone che di solito rispondono; e se non vi rispondono mandatele affanculo perché vuol dire che non vi si cagheranno mai
- seguire tutti i consigli precedenti per creare altri due o tre account per istanza, così create rumore e almeno vi rispondete da soli
- litigare e bullizzare male qualche account debole e con pochi follower. Se non ne trovate, createvene uno
- quando avrete più di 200 follower, non ricondividete più nessuno: più sono sfigati gli account intorno a voi, più voi sembrate importanti
Come guadagnare soldi con Mastodon:
- chiudi il tuo account e vai a lavorar, terùn!
reshared this
Come proteggersi durante le proteste. I dimostranti affrontano gas lacrimogeni, granate stordenti, coronavirus e sorveglianza
Come evitare che le cosiddette armi non letali provochino danni temporanei o permanenti? Come proteggere la propria identità dagli strumenti di identificazione biometrica?
Nota dell'editore (11/06/25): Ripubblichiamo questo articolo del 2020 alla luce delle recenti proteste contro i raid sull'immigrazione a Los Angeles.
Grazie a @Mike Taylor 🦕 che ha condiviso l'articolo
like this
reshared this
Etica Digitale (Feddit) reshared this.
Etica Digitale (Feddit) reshared this.
Catalin Cimpanu
in reply to Catalin Cimpanu • • •-Lynx RaaS rebrands as Sinobi
-New Hpingbot botnet
-New RondoDox botnet
-IconAds fraud operation disrupted
-JDWP ports abused for cryptomining
-SHELLTER team threatens customers after its pen-test framework was used in malware attacks
-Massive AI disinfo hits Germany
-APT36 targets BOSS Linux
-DjVuLibre fixes Linux attack
-New sudo vulns
-Instagram uses one-day certs
-Lenovo AppLocker bypass