On Thursday, April 18, 2024, the UK’s Metropolitan Police Service, along with fellow UK and international law enforcement, as well as several trusted private industry partners, conducted an operation that succeeded in taking down the Phishing-as-a-Service (PhaaS) provider LabHost. This move was also timed to coincide with a number of key arrests related to this operation. In this entry, we will briefly explain what LabHost was, how it affected its victims, and the impact of this law enforcement operation — including the assistance provided by Trend Micro.
Beginning in March of 2024, Zscaler ThreatLabz observed a threat actor weaponizing a cluster of domains masquerading as legitimate IP scanner software sites to distribute a previously unseen backdoor. The threat actor registered multiple look-alike domains using a typosquatting technique and leveraged GoogleAds to push these domains to the top of search engine results targeting specific search keywords, thereby luring victims to visit these sites.
The newly discovered backdoor uses several techniques such as multiple stages of DLL sideloading, abusing the DNS protocol for communicating with the command-and-control (C2) server, and evading memory forensics security solutions. We named this backdoor “MadMxShell” for its use of DNS MX queries for C2 communication and its very short interval between C2 requests.
Salad, a company that pays gamers in Fortnite skins and Roblox gift cards to rent their idle GPUs remotely to generative AI companies, is using those idle computers to create AI-generated porn. Though 404 Media hasn’t seen evidence that any of the images produced by Salad and its network of idle gaming PCs produced nonconsensual AI-generated sexual images, it’s technically possible, and Salad has had a generative AI client that previously produced that type of content.
Aerospace and defense company Northrop Grumman is working with SpaceX, the space venture of billionaire entrepreneur Elon Musk, on a classified spy satellite project already capturing high-resolution imagery of the Earth, according to people familiar with the program.
The Hospital Simone Veil in Cannes (CHC-SV) has announced that it was targeted by a cyberattack on Tuesday morning, severely impacting its operations and forcing staff to go back to pen and paper.
#CHC-SV #Computer #Cyberattack #France #Healthcare #Hospital #InfoSec #Security
Welcome to April 2024, again. We’re back, again.
Over the weekend, we were all greeted by now-familiar news—a nation-state was exploiting a “sophisticated” vulnerability for full compromise in yet another enterprise-grade SSLVPN device.
We’ve seen all the commentary around the certification process of these devices for certain .GOVs - we’re not here to comment on that, but sounds humorous.
09.04.2024 - Le service financier d’une entreprise reçoit de son patron une demande de paiement soi-disant urgente. Le CEO explique que si le responsable financier n’effectue pas le paiement dans les plus brefs délais, cela aura de graves conséquences pour l’entreprise, car une commande importante sera perdue. Ensuite, le chef n’est étrangement plus joignable pour répondre à d’autres questions. Tel est le scénario typique d’une fraude au CEO. La plupart du temps, ces attaques ne sont pas très sophistiquées et sont faciles à détecter. L’intelligence artificielle et le deep fake ne s’arrêtent toutefois pas à cette méthode d’escroquerie plutôt simple, comme le montre un exemple récent signalé à l’OFCS.
Every version of the PuTTY tools from 0.68 to 0.80 inclusive has a critical vulnerability in the code that generates signatures from ECDSA private keys which use the NIST P521 curve. (PuTTY, or Pageant, generates a signature from a key when using it to authenticate you to an SSH server.)