Top News

• Hackers stole millions of dollars worth of crypto assets from Poly Network platform

"Poly Network platform suspended its services during the weekend due to a cyber attack that resulted in the theft of millions of dollars in crypto assets.
Threat actors have stolen millions of dollars worth of crypto assets from the Poly Network platform during the weekend.
The platform suspended its services due to the cyber attack to investigate the security breach and assess the extent of the incident."

Link

TLP¹ : Green

• Microsoft denies data breach, theft of 30 million customer accounts

"Microsoft has denied the claims of the so-called hacktivists “Anonymous Sudan” that they breached the company's servers and stole credentials for 30 million customer accounts.
Anonymous Sudan is known for debilitating distributed denial-of-service (DDoS) attacks against Western entities in recent months. The group has confirmed their affiliation with pro-Russian hacktivists like Killnet.
Last month, Microsoft admitted that Anonymous Sudan was responsible for service disruptions and outages at the beginning of June that impacting several of its services, including Azure, Outlook, and OneDrive.
Yesterday, the hacktivists alleged that they had “successfully hacked Microsoft” and “accessed a large database containing more than 30 million Microsoft accounts, emails, and passwords.”"

Link

TLP¹ : Green

Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism

• “Rage Against the Machine” joins the fight against face recognition

"Over 100 artists and venues are joining forces to advocate for the banning of facial recognition technology at live events.
The boycott, spearheaded by the digital rights advocacy group Fight for the Future, is a resolute call to ban the use of face-scanning technology at live events.
The activists express deep concerns regarding the infringement of privacy and the potential for increased discrimination of marginalized groups associated with face recognition technology. According to them, the risks of the technology outweigh its benefits.
Over 100 artists, including renowned figures like Tom Morello and Zack de la Rocha from Rage Against the Machine, Boots Riley, and Speedy Ortiz, have announced they’ll join the boycott of concert venues employing facial recognition technology."

Link

TLP¹ : Green

• Hackers target European government entities in SmugX campaign

"A phishing campaign that security researchers named SmugX and attributed to a Chinese threat actor has been targeting embassies and foreign affairs ministries in the UK, France, Sweden, Ukraine, Czech, Hungary, and Slovakia, since December 2022.
Researchers at cybersecurity company Check Point analyzed the attacks and observed overlaps with activity previously attributed to advanced persistent threat (APT) groups tracked as Mustang Panda and RedDelta.
Looking at the lure documents, the researchers noticed that they are typically themed around European domestic and foreign policies."

Link

TLP¹ : Green

• Ukrainian banks hit by pro-Russian NoName hackers

"The Russian-linked hacktivist group NoName has been relentlessly targeting the Ukrainian financial sector in its latest campaign against the war-torn nation.
“We will start today's journey with an attack on the financial sector of Ukraine,” the gang posted on their encrypted Telegram channel June 27th.
Since the threat actors edict four days ago, nearly a dozen major Ukrainian banks have been hit daily by the gang’s signature DDoS attack method."

Link

TLP¹ : Green

Breaches: Data Breaches and Hacks

• Russian satellite telecom confirms hacker attack

"Dozor-Teleport, a Russian satellite communications provider used by the country’s Ministry of Defense and security services, confirmed that hackers breached its systems.
“Dozor-Teleport confirms a cyberattack on the company’s systems. According to preliminary data, the infrastructure on the side of the cloud provider was compromised,” head of the company Alexander Anosov said.
According to local media reports, Dozor is part of Amtel Group, partly owned by Rosatom, Russia’s state nuclear energy corporation. All Amtel companies use the cloud provider Selectel, which was breached by hackers targeting Dozor."

Link

TLP¹ : Green

Incident Response: Infrastructure, Training, SIEM and Incident Handling

• The Impacts of Data Loss on Your Organization

"What are the causes of Data Loss and which are their impact on your organization?
In today’s digital age, data has become the lifeblood of organizations, driving critical decision-making, improving operational efficiency, and allowing for smoother innovation. Simply put, businesses heavily rely on data. In an era where data has become the cornerstone of business operations, the loss of vital information can result in severe setbacks and irreparable damage. Whether it’s due to accidental deletion, hardware failure, cyber-attacks, or natural disasters, the loss of valuable data can have devastating impacts on an organization. In a survey, it was found that 26% of businesses suffered some form of data loss in 2022, bringing to light worrisome statistics and further stressing the need for organizations to simply be more proactive in protecting their data."

Link

TLP¹ : Green

• Maxim Beloenko, Qrator Labs: “One notable trend observed in the cybersecurity industry is the increasing complexity of attacks”

"Protecting data and communications from cybercriminals is paramount to maintaining a successful public or private enterprise.
As emerging technologies take the geo-political world by storm, private, corporate, and commercial organizations must enhance their cybersecurity measures. Even the top-tier VPN and antivirus software may not be enough. Technical solutions and response times should be quick and immediate when identifying and addressing any potential vulnerabilities.
For more details on the impact of cyberattacks and the importance of cybersecurity, we interviewed Maxim Beloenko, Vice President of Global Sales at Qrator Labs – a security software company and leader in DDoS attack mitigation and innovating network filtering solutions."

Link

TLP¹ : Green

Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography

• New Python tool checks NPM packages for manifest confusion issues

"A security researcher and system administrator has developed a tool that can help users check for manifest mismatches in packages from the NPM JavaScript software registry.
Last week, a former engineering manager at GitHub and NPM, Darcy Clarke, warned about "manifest confusion" problems that could introduce the risk of malware hiding in dependencies or executing scripts during installation.
"Manifest confusion" refers to a security issue in the NPM (Node Package Manager), a package manager for the JavaScript programming language and the default one for the Node.js environment.
The problem is with the inconsistent information between a package's manifest data as displayed in the NPM registry and the data present in the 'package.json' file of the published package."

Link

TLP¹ : Green

• DDoSia Attack Tool Evolves with Encryption, Targeting Multiple Sectors

"The threat actors behind the DDoSia attack tool have come up with a new version that incorporates a new mechanism to retrieve the list of targets to be bombarded with junk HTTP requests in an attempt to bring them down.
The updated variant, written in Golang, "implements an additional security mechanism to conceal the list of targets, which is transmitted from the [command-and-control] to the users," cybersecurity company Sekoia said in a technical write-up.
DDoSia is attributed to a pro-Russian hacker group called NoName(057)16. Launched in 2022 and a successor of the Bobik botnet, the attack tool is designed for staging distributed denial-of-service (DDoS) attacks against targets primarily located in Europe as well as Australia, Canada, and Japan."

Link

TLP¹ : Green

• Who’s Behind the DomainNetworks Snail Mail Scam?

"If you’ve ever owned a domain name, the chances are good that at some point you’ve received a snail mail letter which appears to be a bill for a domain or website-related services. In reality, these misleading missives try to trick people into paying for useless services they never ordered, don’t need, and probably will never receive. Here’s a look at the most recent incarnation of this scam — DomainNetworks — and some clues about who may be behind it.
The DomainNetworks mailer may reference a domain that is or was at one point registered to your name and address. Although the letter includes the words “marketing services” in the upper right corner, the rest of the missive is deceptively designed to look like a bill for services already rendered."

Link

TLP¹ : Green

• Microsoft Edge upgrades built-in Cloudflare VPN with 5GB of data

"Microsoft's Edge browser has recently enhanced its 'Edge Secure Network' feature, which now offers 5GB of data, significantly increasing from the previously offered 1GB.
The Edge Secure Network uses Cloudflare's routing to encrypt your internet connection and secure your data against online threats, such as hacking attempts.
To use the Edge Secure Network, users must sign in with their Microsoft account, a requirement to monitor the monthly Secure Network data usage. This tracking is crucial to provide the free 5GB service and to determine when the data limit has been exhausted.
Importantly, Microsoft ensures the user's Microsoft account identity is not shared with the service provider (Cloudflare) during a Secure Network connection."

Link

TLP¹ : Green

• Mexico-Based Hacker Targets Global Banks with Android Malware

"An e-crime actor of Mexican provenance has been linked to an Android mobile malware campaign targeting financial institutions globally, but with a specific focus on Spanish and Chilean banks, from June 2021 to April 2023.
The activity is being attributed to an actor codenamed Neo_Net, according to security researcher Pol Thill. The findings were published by SentinelOne following a Malware Research Challenge in collaboration with vx-underground.
"Despite using relatively unsophisticated tools, Neo_Net has achieved a high success rate by tailoring their infrastructure to specific targets, resulting in the theft of over 350,000 EUR from victims' bank accounts and compromising Personally Identifiable Information (PII) of thousands of victims," Thill said."

Link

TLP¹ : Green

¹Traffic Light Protocol (TLP) [1] for information sharing:

• Red:Not for disclosure, restricted to participants only.
• Amber: Limited disclosure, restricted to participants organizations.
• Green: Limited disclosure, restricted to the community.

[1]https://www.first.org/tlp