"Interpol:  Operation HAECHI-V led to more than 5,000 suspects arrested."

Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents.  Accessed on 02 December 2024, 1441 UTC.

Content and Source:  Email subscription via https://feedly.com.   https://feedly.com/i/subscription/feed%2Fhttp%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2Ffeed

Please check link or scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net).

Security Affairs

69K followers23 articles per week#security#tech

25

Today

Interpol: Operation HAECHI-V led to more than 5,500 suspects arrested

5 TTPs

•

by Pierluigi Paganini / 3h

•

Interpol seizes 400M$ in scams

International law enforcement operation Operation HAECHI-V led to more than 5,500 suspects arrested and seized over $400 million. A global operation code-named Operation HAECHI V, involving 40 countries, resulted in 5,500+ arrests and seized $400M in assets. Operation HAECHI V (July-Nov 2024) targeted cyber frauds like phishing, romance scams, sextortion, investment fraud, online gambling, BEC, a

Yesterday

How threat actors can use generative artificial intelligence?

by Pierluigi Paganini / 13h

Generative Artificial Intelligence (GAI) is rapidly revolutionizing various industries, including cybersecurity, allowing the creation of realistic and personalized content. The capabilities that make Generative Artificial Intelligence a powerful tool for progress also make it a significant threat in the cyber domain. The use of GAI by malicious actors is becoming increasingly common, enabling th

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 22

by Pierluigi Paganini / 19h

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. A Case-Control Study to Measure Behavioral Risks of Malware Encounters in Organizations PyPI Python Library “aiocpa” Found Exfiltrating Crypto Keys via Telegram Bot Bootkitty: Analyzing the first UEFI bootkit for Linux Hudson Rock Announces First Comprehensive Inf

Security Affairs newsletter Round 500 by Pierluigi Paganini – INTERNATIONAL EDITION

by Pierluigi Paganini / 1d

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. 15 SpyLoan Android apps found on Google Play had over 8 million installs Notorious ransomware programmer Mikhail Pavlovich Matveev arrested in Russia Phis

Nov 30, 2024

Hackers stole millions of dollars from Uganda Central Bank

Hackers steal UGX 60 billion

•

by Pierluigi Paganini / 1d

Financially-motivated threat actors hacked Uganda ‘s central bank system, government officials confirmed this week. Ugandan officials confirmed on Thursday that the national central bank suffered a security breach by financially-motivated threat actors. The police’s Criminal Investigations Department and the Auditor General are investigating the incident. A senior government official at the finan

15 SpyLoan Android apps found on Google Play had over 8 million installs

SpyLoan apps target vulnerable users

•

by Pierluigi Paganini / 1d

McAfee researchers discovered 15 SpyLoan Android apps on Google Play with a combined total of over 8 million installs. 15 SpyLoan apps with a combined total of 8M+ installs were found on Google Play, targeting users in South America, Southeast Asia, and Africa. SpyLoan apps exploit social engineering to gain sensitive user data and excessive permissions, leading to extortion, harassment, and fina

Nov 29, 2024

Notorious ransomware programmer Mikhail Pavlovich Matveev arrested in Russia

Russia arrests ransomware affiliate Wazawaka

•

by Pierluigi Paganini / 2d

Russian authorities arrested ransomware affiliate Mikhail Matveev, aka Wazawaka, for developing malware and ties to hacking groups. Russian authorities arrested a ransomware affiliate, Mikhail Pavlovich Matveev (also known as Wazawaka, Uhodiransomwar, m1x, and Boriselcin), and charged him for developing malware and his role in several hacking groups. The man was arrested in Kaliningrad, Russia, l

Phishing-as-a-Service Rockstar 2FA continues to be prevalent

9 TTPs

•

by Pierluigi Paganini / 2d

•

Rockstar 2FA phishing email techniques

Phishing tool Rockstar 2FA targets Microsoft 365 credentials, it uses adversary-in-the-middle (AitM) attacks to bypass multi-factor authentication. Trustwave researchers are monitoring malicious activity associated with Phishing-as-a-Service (PaaS) platforms, their latest report focuses on a toolkit called Rockstar 2FA. Rockstar 2FA targets Microsoft 365 accounts and bypasses multi-factor authent

Nov 28, 2024

Zello urges users to reset passwords following a cyber attack

Zello urges password resets after breach

•

by Pierluigi Paganini / 3d

Zello urges customers with accounts created before November 2 to reset passwords following a potential security breach. Zello is warning customers who have an account created before November 2 to reset their passwords, a circumstance that suggests that the incident took place on November 2. Zello is a tech software company in Austin, Texas, U.S., known for the Zello app, which emulates push-to-ta

A cyberattack impacted operations at UK Wirral University Teaching Hospital

WUTH cyberattack disrupts hospital services

•

by Pierluigi Paganini / 3d

UK’s Wirral University Teaching Hospital suffered a cyberattack that caused delays in appointments and procedures. Wirral University Teaching Hospital NHS Foundation Trust (WUTH) is an NHS Foundation Trust. It provides healthcare for people of the Wirral Peninsula and the surrounding areas of North West England and North Wales. The trust is responsible for Arrowe Park Hospital, Clatterbridge Hosp

T-Mobile detected network intrusion attempts and blocked them

T-Mobile suffers major cyber attack

•

by Pierluigi Paganini / 3d

T-Mobile reported recent infiltration attempts but pointed out that threat actors had no access to its systems and no sensitive data was compromised. T-Mobile detected recent infiltration attempts but confirmed no unauthorized system access occurred, and no sensitive data was compromised. The carrier is investigating reports that are linking it to “ Salt Typhoon ” cyberattacks tied to Chinese sta

Nov 27, 2024

ProjectSend critical flaw actively exploited in the wild, experts warn

4 TTPs

•

by Pierluigi Paganini / 4d

•

CVE-2024-11680

Researchers warn that a critical security flaw in ProjectSend open-source file-sharing application may be under active exploitation. VulnCheck researchers warn that ProjectSend vulnerability CVE-2024-11680 (CVSS score: 9.8) appears to have been exploited by attackers in the wild. The vulnerability is an improper authentication issue that impacts ProjectSend versions before r1720. Remote, unauthen

Bootkitty is the first UEFI Bootkit designed for Linux systems

5 TTPs

•

by Pierluigi Paganini / 4d

•

Bootkitty first UEFI bootkit for Linux

ESET discovered the first Unified Extensible Firmware Interface (UEFI) bootkit specifically designed for Linux systems, named Bootkitty. Cybersecurity researchers from ESET discovered the first UEFI bootkit designed to target Linux systems, called by its authors Bootkitty. The bootkit allows attackers to disable the kernel’s signature verification feature and to preload two as yet unknown ELF bin

VMware fixed five vulnerabilities in Aria Operations product

2 TTPs

•

by Pierluigi Paganini / 4d

Virtualization giant VMware addressed multiple vulnerabilities in its Aria Operations product that can led to privilege escalation and XSS attacks. VMware released security updates to address five vulnerabilities in its Aria Operations product. Aria Operations (formerly known as VMware vRealize Operations) is a comprehensive cloud management and operations platform developed by VMware. It is desi

Operation Serengeti: INTERPOL arrested 1,006 suspects in 19 African countries

Interpol arrests 1006 cybercriminals in Africa

•

by Pierluigi Paganini / 5d

and dismantled 134,089 malicious networks. A joint law enforcement operation by INTERPOL and AFRIPOL across 19 African countries, dubbed Operation Serengeti, led to the arrest of 1,006 suspects. The authorities dismantled 134,089 malicious infrastructures and networks. “Operation Serengeti (2 September – 31 October) targeted criminals behind ransomware, business email compromise (BEC), digital e

Nov 26, 2024

How DSPM Helps Businesses Meet Compliance Requirements

by Pierluigi Paganini / 5d

Data Security Posture Management (DSPM) helps monitor, secure, and ensure compliance for sensitive data, reducing risks across diverse environments. Complying with cybersecurity regulations can be a source of great pain for organizations, especially those that handle and store particularly valuable and vulnerable information. Organizations in sectors like healthcare, finance, legal, and governmen

Russian group RomCom exploited Firefox and Tor Browser zero-days to target attacks Europe and North America

IoC > 3 domains

•

by Pierluigi Paganini / 5d

•

7 TTPs

•

CVE-2024-9680

The Russian RomCom group exploited Firefox and Tor Browser zero-day vulnerabilities in attacks on users in Europe and North America. Russian-based cybercrime group RomCom (aka UAT-5647 , Storm-0978 , Tropical Scorpius , UAC-0180, UNC2596 ) exploited two Firefox and Tor Browser zero-day vulnerabilities in recent attacks on users across Europe and North America. The first zero-day exploited by the

Software firm Blue Yonder providing services to US and UK stores, including Starbucks, hit by ransomware attack

Blue Yonder hit by ransomware attack

•

by Pierluigi Paganini / 5d

Blue Yonder, a supply chain software provider, suffered a ransomware attack, impacting operations for clients like Starbucks and grocery stores. A ransomware attack on Blue Yonder disrupted operations for several customers, including Starbucks and U.K. grocery chain Sainsbury . “A ransomware attack has disrupted a third-party software system that Starbucks uses to track and manage its baristas’ s

The source code of Banshee Stealer leaked online

13 TTPs

•

by Pierluigi Paganini / 6d

Banshee Stealer, a MacOS Malware-as-a-Service, shut down after its source code leaked online. The code is now available on GitHub. In August 2024, Russian hackers promoted BANSHEE Stealer, a macOS malware targeting x86_64 and ARM64, capable of stealing browser data, crypto wallets, and more. BANSHEE Stealer supports basic evasion techniques, relies on the sysctl API to detect debugging and checks

Nov 25, 2024

U.S. CISA adds Array Networks AG and vxAG ArrayOS flaw to its Known Exploited Vulnerabilities catalog

by Pierluigi Paganini / 6d

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Array Networks AG and vxAG ArrayOS flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the Array Networks AG and vxAG ArrayOS flaw CVE-2023-28461 (CVSS score: 9.8) to its Known Exploited Vulnerabilities (KEV) catalog . Array Networks’ AG Series and vxAG (versio

Thai police arrested Chinese hackers involved in SMS blaster attacks

by Pierluigi Paganini / 6d

Thai authorities arrested fraud gangs in Bangkok for SMS blaster attacks, they used fake cell towers to send thousands of malicious SMS messages to nearby phones. Thai authorities arrested members of two Chinese cybercrime organizations, one of these groups carried out SMS blaster attacks. The crooks were driving through Bangkok’s streets while sending hundreds of thousands of malicious SMS text

Zyxel firewalls targeted in recent ransomware attacks

4 TTPs

•

by Pierluigi Paganini / 6d

Zyxel warns that a ransomware group has been observed exploiting a recently patched command injection issue in its firewalls. Zyxel warns that a ransomware gang has been observed exploiting a recently patched command injection vulnerability, tracked as CVE-2024-42057, in its firewalls for initial compromise. Remote, unauthenticated attackers could exploit the flaw to execute OS commands on vulner

Malware campaign abused flawed Avast Anti-Rootkit driver

6 TTPs

•

by Pierluigi Paganini / 7d

•

Malware exploits security software vulnerabilities

Threat actors exploit an outdated Avast Anti-Rootkit driver to evade detection, disable security tools, and compromise the target systems. Trellix researchers uncovered a malware campaign that abused a vulnerable Avast Anti-Rootkit driver (aswArPot.sys) to gain deeper access to the target system, disable security solutions, and gain system control. This alarming tactic corrupts trusted kernel-mod

Russia-linked APT TAG-110 uses targets Europe and Asia

15 TTPs

•

by Pierluigi Paganini / 7d

•

Russia-aligned TAG-110 targets Asia Europe

Russia-linked threat actors TAG-110 employed custom malware HATVIBE and CHERRYSPY to target organizations in Asia and Europe. Insikt Group researchers uncovered an ongoing cyber-espionage campaign by Russia-