Windows TCO Leftovers
-
Troy Hunt ☛ Troy Hunt: Operation Endgame
Today we loaded 16.5M email addresses and 13.5M unique passwords provided by law enforcement agencies into Have I Been Pwned (HIBP) following botnet takedowns in a campaign they've coined Operation Endgame. That link provides an excellent overview so start there then come back to this blog post which adds some insight into the data and explains how HIBP fits into the picture.
-
Ars Technica ☛ Crooks plant backdoor in software used by courtrooms around the world | Ars Technica
The installer file was titled JAVS Viewer Setup 8.3.7.250-1.exe. When executed, it copied the binary file fffmpeg.exe to the file path C:\Program Files (x86)\JAVS\Viewer 8\. To bypass security warnings, the installer was digitally signed, but with a signature issued to an entity called “Vanguard Tech Limited” rather than to “Justice AV Solutions Inc.,” the signing entity used to authenticate legitimate JAVS software.
fffmpeg.exe, in turn, used Windows Sockets and WinHTTP to establish communications with a command-and-control server. Once successfully connected, fffmpeg.exe sent the server passwords harvested from browsers and data about the compromised host, including hostname, operating system details, processor architecture, program working directory, and the user name.
-
Cyble Inc ☛ SpiderX: New Ransomware Spins Web Of Encryption
One of the standout features of SpiderX is its use of the ChaCha20-256 encryption algorithm. Known for its speed, this algorithm allows SpiderX to encrypt files much faster than the commonly used AES-256, thereby reducing the time it takes for the ransomware to render a victim’s files inaccessible.
-
The Register UK ☛ Trio of Chinese botnet operators sanctioned by United States
US authorities have arrested the alleged administrator of what FBI director Christopher Wray has described as "likely the world's largest botnet ever," comprising 19 million compromised Windows machines used by its operators to reap millions of dollars over the last decade.
-
Tripwire ☛ "Largest Botnet Ever" Disrupted. 911 S5's Alleged Mastermind Arrested
Methods used to recruit PCs into the botnet included the distribution of free, illegitimate VPN software such as MaskVPN, DewVPN, PaladinVPN, ProxyGate, ShieldVPN, and ShineVPN. Once users downloaded these VPN applications, they unknowingly connected to the 911 S5 infrastructure, and became part of the botnet.
In addition, the 911 S5 botnet grew through bundling its code with other software (using the disguise of fake security updates for apps like Adobe Flash Player) and via peer-to-peer file-sharing networks by posing as "cracked" or pirated software applications.
-
Security Week ☛ Massive 911 S5 Botnet Dismantled, Chinese Mastermind Arrested
The Treasury Department earlier this week announced sanctions against three Chinese nationals accused of being involved in the creation and operation of the 911 S5 botnet.
The sanctions targeted Yunhe Wang, Jingping Liu, and Yanni Zheng, as well as three Thailand-based companies that are allegedly owned or controlled by Wang.
-
Cyble Inc ☛ LockBit Ransomware Group Alleges Heras Cyberattack
The LockBit ransomware group has targeted Heras UK, a prominent European provider of end-to-end perimeter protection solutions. The threat actor claimed the Heras cyberattack and shared a website status displaying the downtime alongside a countdown, ticking away the time until the data breach is potentially exploited. Heras, operating across 24 countries with a workforce of over 1100 skilled professionals, reportedly faces a data breach.
-
Krebs On Security ☛ ‘Operation Endgame’ Hits Malware Delivery Platforms
Law enforcement agencies in the United States and Europe today announced Operation Endgame, a coordinated action against some of the most popular cybercrime platforms for delivering ransomware and data-stealing malware. Dubbed “the largest ever operation against botnets,” the international effort is being billed as the opening salvo in an ongoing campaign targeting advanced malware “droppers” or “loaders” like IcedID, Smokeloader and Trickbot.
-
Cyble Inc ☛ Operation Endgame: Largest Crackdown On Ransomware-Delivering Botnets
International operation shuttered ransomware operations and dropper malware including IcedID, SystemBC, Pikabot, Smokeloader, Bumblebee and TrickBot leading to four arrests and takedown of over 100 servers worldwide
-
The Record ☛ EU Parliament member suspected of being paid to promote Russian propaganda
Police in Belgium and France searched the properties and office of an employee of the European Parliament suspected of receiving money from Russia to promote its propaganda via a controversial news website.
According to a report by the Dutch public broadcaster NOS, the employee under investigation is Guillaume Pradoura, who works for lawmaker Marcel de Graaff of the far-right Dutch party Forum for Democracy.
-
Cyble Inc ☛ Services Return After SPL Cyberattack: E-books Remain Offline
However, access to e-books remains disrupted. Patrons can choose to delay the delivery of their Libby holds, which offers a workaround to maintain access to held items when the service resumes fully.
The Seattle Public Library (SPL) faced a ransomware attack that crippled its computer systems this week.
On May 28, libraries across South Seattle were noticeably quiet, with signs informing patrons that all computer services were down. This included not only the physical computer terminals and printing services but also the in-building Wi-Fi, crucial for many library users.