Security Leftovers and Windows TCO
-
Security Week ☛ North Korean Fake IT Workers Pose as Blockchain Developers on Microsoft's proprietary prison GitHub
North Korean fake IT workers are creating personas on Microsoft's proprietary prison GitHub to land blockchain developer jobs at US and Japanese firms.
-
Security Week ☛ China Hackers Behind US Treasury Breach Caught Targeting IT Supply Chain
Silk Typhoon APT caught using IT supply chain entry points to conduct reconnaissance, siphon data, and move laterally on victim networks.
-
Security Week ☛ Two Venezuelans Arrested in US for ATM Jackpotting
Several Venezuelans have been arrested and charged in the US in recent months for their role in ATM jackpotting schemes.
-
SANS ☛ DShield Traffic Analysis using ELK, (Thu, Mar 6th)
Using the Kibana interface, sometimes it can be difficult to find traffic of interest since there can be so much of it. The 3 logs used for traffic analysis are cowrie, webhoneypot and the firewall logs. Other options to add to the honeypot are packet capture, netflow and Zeek.
-
Security Week ☛ Iranian Hackers Target UAE Firms With Polyglot Files
An Iranian threat actor was seen targeting UAE organizations with polyglot files to deliver a new backdoor named Sosano.
-
Security Week ☛ US Indicts China’s iSoon ‘Hackers-for-Hire’ Operatives
i-Soon employees charged with conducting extensive hacking campaigns on behalf of Beijing’s security services.
-
TechRadar ☛ Mass federal layoffs will have “devastating impact on cybersecurity, former NSA cybersecurity director warns
The House Select Committee on the Chinese Communist Party has been told by the former National Security Agency (NSA) director of cybersecurity how culling workers from federal departments will have a “devastating impact” on national security and cybersecurity.
Over 100,000 federal workers have been laid off or have taken early retirement as part of the new administration’s plans to drastically downsize the federal government workforce. This includes more than 130 positions cut from the Department of Homeland Security’s Cybersecurity and Infrastructure Agency (CISA).
-
Windows TCO / Windows Bot Nets
-
The Record ☛ CISA, FBI warn of BianLian mail scam targeting executives with $500k ransom note | The Record from Recorded Future News
A spokesperson for the company told Recorded Future News that Arctic Wolf is aware of at least 20 organizations or executives who have received these letters.
All of the letters reviewed by Arctic Wolf had nearly identical language and demanded ransoms between $150,000 and $500,000. All of the healthcare organizations targeted got $350,000 ransom demands.
-
The Record ☛ Thousands of public school workers impacted by cyberattack on retirement plan administrator
Dozens of public schools across the country reported data breaches to regulators in Maine, Massachusetts, Vermont and several other states this week, warning that sensitive data was stolen through Carruth Compliance Consulting — a company that provides third-party administrative services to public school districts and non-profit organizations for their 403(b) and 457(b) retirement savings plans.
Most of the data breach notices are identical, and a Recorded Future News analysis of Maine’s breach site found 11 public schools and colleges impacted across Pennsylvania, Oregon, California, Illinois and New York. In total, more than 40,000 teachers and school employees were impacted. Dozens of other schools reported breaches to other state regulators, indicating the number of people impacted is likely much higher.
-
The Register UK ☛ Toronto Zoo says 23 years of visitor data stolen
First and last names were stolen, as were home addresses, phone numbers, and email addresses "in some records." For those who made credit card transactions between January 2022 and April 2023, card details such as the last four digits of the number and expiration dates were also lifted.
-