Security News
- ShinyHunters claims Santander breach, selling data for 30M customerswww.bleepingcomputer.com ShinyHunters claims Santander breach, selling data for 30M customers
A threat actor known as ShinyHunters is claiming to be selling a massive trove of Santander Bank data, including information for 30 million customers, employees, and bank account data, two weeks after the bank reported a data breach.
- International Malware Takedown Seized 100+ Serverswww.techrepublic.com International Malware Takedown Seized 100+ Servers
‘Operation Endgame’ is an ongoing, law enforcement effort to disrupt botnets, malware droppers and malware-as-a-service.
- Europol identifies 8 cybercriminals tied to malware loader botnetswww.bleepingcomputer.com Europol identifies 8 cybercriminals tied to malware loader botnets
Europol and German law enforcement have revealed the identities of eight cybercriminals linked to the various malware droppers and loaders disrupted as part of the Operation Endgame law enforcement operation.
- CISA warns of actively exploited Linux privilege elevation flawwww.bleepingcomputer.com CISA warns of actively exploited Linux privilege elevation flaw
The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has added two vulnerabilities in its Known Exploited Vulnerabilities (KEV) catalog, including a Linux kernel privilege elevation flaw.
- Cyber cops plead for info on elusive Emotet mastermindwww.theregister.com Cyber cops plead for info on elusive Emotet mastermind
Follows arrests and takedowns of recent days
- US senator claims UnitedHealth's CEO, board appointed 'unqualified' CISOwww.theregister.com Senator lambasts UnitedHealth for picking 'unqualified' CISO
Similar cases have resulted in serious sanctions, and they were on a far smaller scale
- Cops Swarm Global Cybercrime Botnet Infrastructure in 2 Massive Opswww.darkreading.com Cops Swarm Global Cybercrime Botnet Infrastructure in 2 Massive Ops
Europol undertook dropper malware botnet takedown while US law enforcement dismantled a sprawling cybercrime botnet for hire.
- Chinese national cuffed on charges of running 'likely the world's largest botnet ever'www.theregister.com Trio of Chinese botnet operators sanctioned by United States
DoJ says 911 S5 crew earned $100M from 19 million PCs pwned by fake VPNs
- US govt sanctions cybercrime gang behind massive 911 S5 botnetwww.bleepingcomputer.com US govt sanctions cybercrime gang behind massive 911 S5 botnet
The U.S. Treasury Department has sanctioned a cybercrime network comprising three Chinese nationals and three Thailand-based companies linked to a massive botnet controlling a residential proxy service known as "911 S5."
- BreachForums returns just weeks after FBI-led takedownwww.theregister.com BreachForums returns just weeks after FBI-led takedown
Website whack-a-mole getting worse
- SingCERT Warns Critical Vulnerabilities Found in Multiple WordPress Pluginsthecyberexpress.com SingCERT Flags Critical WordPress Plugin Vulnerabilities
SingCERT has issued an urgent alert on multiple WordPress plugin vulnerabilities, citing risks such as arbitrary file uploads and SQL injection.
- Amazon Secures pcTattletale Spyware AWS Infrastructure After Hack Reveals 17TB of Datathecyberexpress.com Amazon Locks PcTattletale Spyware After 17TB Data Was Exposed
The pcTattletale spyware website was locked down by Amazon following a hack and defacement operation exposing over 17 TB of data.
- Russian Hackers Use Legit Remote Monitoring Software to Spy on Ukraine and Alliesthecyberexpress.com Russian Hackers Use Remote Monitoring Tool To Spy On Ukraine
Russian hackers were found using legitimate remote monitoring and management software to spy on Ukraine and its allies.
- Pakistan’s Islamabad’s Safe City Authority Online System Down After Hackthecyberexpress.com Islamabad's Safe City Authority Systems Down After Hack
Islamabad's Safe City Authority, initiated by Pakistan after backing from a Chinese government loan had been hacked, leading to its shutdown.
- Russian Cyber Army Claims Alleged Cyberattack on Bulgarian Ports Infrastructure Companythecyberexpress.com Russian Cyber Army Claims The Bulgarian Ports Infrastructure Company Cyberattack
The notorious Russian Cyber Army hacker group claims the Bulgarian Ports Infrastructure Company cyberattack, targeting critical infrastructure of the company.
- Hacker defaces spyware app’s site, dumps database and source codewww.bleepingcomputer.com Hacker defaces spyware app’s site, dumps database and source code
A hacker has defaced the website of the pcTattletale spyware application, found on the booking systems of several Wyndham hotels in the United States, and leaked over a dozen archives containing database and source code data.
- Google Patches Fourth Chrome Zero-Day in Two Weekswww.securityweek.com Google Patches Fourth Chrome Zero-Day in Two Weeks
Exploited in the wild, Chrome vulnerability CVE-2024-5274 is a high-severity flaw described as a type confusion in the V8 JavaScript and WebAssembly engine.
Exploited in the wild, Chrome vulnerability CVE-2024-5274 is a high-severity flaw described as a type confusion in the V8 JavaScript and WebAssembly engine.
- Cybercriminals Exploit Cloud Storage For SMS Phishing Scamswww.infosecurity-magazine.com Cybercriminals Exploit Cloud Storage For SMS Phishing Scams
According to Enea, these campaigns use cloud storage platforms to host malicious websites, sending links via SMS to bypass firewalls
- State hackers turn to massive ORB proxy networks to evade detectionwww.bleepingcomputer.com State hackers turn to massive ORB proxy networks to evade detection
Security researchers are warning that China-linked state-backed hackers are increasingly relying on vast proxy networks of virtual private servers and compromised connected devices for cyberespionage operations.
- Three-year-old Apache Flink flaw under active attackwww.theregister.com Three-year-old Apache Flink flaw now under active attack
We know IT admins have busy schedules but c'mon
- The End of an Era: Microsoft Phases Out VBScript for JavaScript and PowerShellthehackernews.com The End of an Era: Microsoft Phases Out VBScript for JavaScript and PowerShell
Microsoft to deprecate VBScript in favor of JavaScript and PowerShell. The tech giant plans to phase out the scripting language.
Microsoft on Wednesday outlined its plans to deprecate Visual Basic Script (VBScript) in the second half of 2024 in favor of more advanced alternatives such as JavaScript and PowerShell.
- Kyrgyzstan Unrest Escalates: Hackers Target Nation Amidst Mob Violencethecyberexpress.com Cyberattacks On Kyrgyzstan As Mob Violence Erupts
These cyberattacks on Kyrgyzstan have targeted critical governmental and private sector systems, exacerbating the already volatile situation.
Amidst the physical violence, Kyrgyzstan's digital infrastructure is under severe attack from various hacktivist groups.
- Norwegian National Cyber Security Centre Recommends Moving Away from SSLVPN and WebVPNthecyberexpress.com Norway NCSC Advises Replacement Of SSLVPN And WebVPN
The Norwegian National Cyber Security Centre (NCSC) has issued a notice recommending the replacement of SSLVPN and WebVPN solutions.
- Third Chrome Zero-Day Patched by Google Within One Weekwww.securityweek.com Third Chrome Zero-Day Patched by Google Within One Week
Google releases Chrome 125 to the stable channel with patches for nine vulnerabilities, including a zero-day.
Google releases Chrome 125 to the stable channel with patches for nine vulnerabilities, including a zero-day.
- FBI takes down BreachForums ransomware website and Telegram channelwww.theregister.com FBI takes down BreachForums website and Telegram channel
No more illicit gains, for a while at least
The FBI, in combination with police around the world, have taken control of the website and Telegram channel of ransomware brokerage site BreachForums.
- LockBitSupp Denies Identification of Group ‘Admin’, Opens Contest to Find Named Dmitry Yuryevichthecyberexpress.com LockBitSupp Denies Being Dmitry Khoroshev, Opens Contest
LockBitSupp took to his leak site to deny the FBI's identification of his real identity being Dmitry Khoroshev, while offering $1000 for contact with the individual.
- The Alleged LockBit Ransomware Mastermind Has Been Identifiedwww.wired.com The Alleged LockBit Ransomware Mastermind Has Been Identified
Law enforcement officials say they’ve identified, sanctioned, and indicted the person behind LockBitSupp, the administrator at the heart of LockBit’s $500 million hacking rampage.
- MITRE Hack: China-Linked Group Breached Systems in December 2023www.securityweek.com MITRE Hack: China-Linked Group Breached Systems in December 2023
MITRE has shared more details on the recent hack, including the new malware involved in the attack and a timeline of the attacker’s activities.
MITRE has shared more details on the recently disclosed hack, including the new malware involved in the attack, attribution information, and a timeline of the attacker’s activities.
- Nigeria & Romania Ranked Among Top Cybercrime Havenswww.darkreading.com Nigeria, Romania Ranked Among Top Cybercrime Havens
Survey ranking the top cybercrime-producing nations unsurprisingly shows Russia, Ukraine, and China in the lead, but uncovers other intel.
A survey of cybercrime experts assessing the top cybercrime-producing nations results in some expected leaders — Russia, Ukraine, and China — but also some surprises.
- Automattic buys Beeper for $125MM, launches closed-source "encrypted" messaging apptechcrunch.com WordPress.com owner Automattic acquires multiservice messaging app Beeper for $125M | TechCrunch
The deal, which was for $125 million according to sources close to the matter, is Automattic's second acquisition of a cross-platform messaging solution.
Curious how none of the coverage of this purchase mention that the app isn't open-source, which makes all of their claims of "end-to-end encryption" worthless
WordPress.com owner Automattic acquires multiservice messaging app Beeper for $125M
By Sarah Perez (@sarahpereztc) 2024-04-09
WordPress.com owner Automattic is acquiring Beeper, the company behind the iMessage-on-Android solution that was referenced by the Department of Justice in its antitrust lawsuit against Apple. The deal, which was for \$125 million according to sources close to the matter, is Automattic's second acquisition of a cross-platform messaging solution after buying Texts.com last October.
| [!Screenshot of the Beeper app](https://techcrunch.com/2024/04/09/wordpress-com-owner-automattic-acquires-multi-service-messaging-app-beeper-for-125m/) | |:--:| | Image Credits: Beepercaption |
That acquisition made Texts.com founder Kishan Bagaria Automattic's new head of Messaging, a role that will now be held by Beeper founder Eric Migicovsky, previously the founder of the Pebble smartwatch and a Y Combinator partner.
Reached for comment, Automattic said it has started the process of onboarding the Beeper team and is "excited about the progress made" so far but couldn't yet share more about its organizational updates, or what Bagaria's new title would be. However, we're told he is staying to work on Beeper as well.
| [!Screenshot of the Beeper app](https://techcrunch.com/2024/04/09/wordpress-com-owner-automattic-acquires-multi-service-messaging-app-beeper-for-125m/) | |:--:| | Image Credits: Beepercaption |
Beeper and Texts.com's teams of 25 and 15, respectively, will join together to take the best of each company's product and merge it into one platform, according to Migicovsky.
"\[Texts.com\] built an amazing app that's more desktop-centric and iOS-centric," he said. "So we'll be folding the best parts of those into our app. But going forward, the Beeper brand will apply to all of the messaging efforts at Automattic," he said, adding, "Kishan ... I've known him for years now --- there's not too many other people in the world that are doing what we do --- and it was great to be able to combine forces with them."
The deal, which closed on April 1, represents a big bet from Automattic: that the future of messaging will be open source and will work across services, instead of being tied up in proprietary platforms, like Meta's WhatsApp or Apple's iMessage. In fact, Migicovsky says, the eventual plan after shifting people to the Beeper cross-platform app for managing their messages is to move them to Beeper's own chat protocol --- an open source protocol called Matrix --- under the hood.
| [!Screenshot of the Beeper app](https://techcrunch.com/2024/04/09/wordpress-com-owner-automattic-acquires-multi-service-messaging-app-beeper-for-125m/) | |:--:| | Image Credits: Beepercaption |
Automattic had previously made a strategic investment of \$4.6 million), another company building on Matrix, and it contributes annually to Matrix.org.
Matrix, a sort of "spiritual successor" to XMPP, as Migicovsky describes it, offers an open source, end-to-end encrypted client and server communications system, where servers can federate with one another, similar to open source Twitter/X alternative Mastodon. However, instead of focusing on social networking, like Mastodon, it focuses on messaging.
Migicovsky said the acquisition came about because running Beeper costs quite a bit of money and it was either time to raise more funding or find a buyer. To date, Beeper had raised \$16 million in outside funding, including an \$8 million Series A from Initialized. Other investors include YC, Samsung Next and Liquid2 Ventures, and angels Garry Tan, Kevin Mahaffey and Niv Dror, and the group SV Angel.
"I've known Matt \[Mullenweg, Automattic founder and CEO\] for years now," Migicovsky said, adding that the WordPress.com founder had shown commitment to open source technology, like Beeper, where about half its product is already open source. "We were looking to find a partner that could financially support this. One of the reasons why there are no other people building this type of app is it costs a surprisingly large amount of money to build a damn good chat app," Migicovsky noted.
As for Beeper's products, the company has now briefed the DOJ on what happened when Apple blocked its newer app, Beeper Mini, which aimed to bring iMessage to Android. That solution is no longer being updated as a result of Apple's moves.
| [!Screenshot of the Beeper website](https://techcrunch.com/2024/04/09/wordpress-com-owner-automattic-acquires-multi-service-messaging-app-beeper-for-125m/) | |:--:| | Image Credits: Beepercaption |
Beeper on Android launches to all
The company is instead releasing an updated version of its core app, Beeper, on Android. Unlike Beeper Mini, which focuses only on iMessage, the main app connects with 14 services, including Messenger, WhatsApp, Telegram, Signal, Instagram DM, LinkedIn, Twitter/X, Discord, Google Messages and others. Android is its biggest platform by users, as 70% are on Google's smartphone OS.
In this rewritten version of Beeper, the company is starting to roll out fully end-to-end encrypted messages across Signal. That will be soon followed by WhatsApp, Messenger and Google Messages.
Because of Apple's restrictions, iMessage only works if you have an iPhone in the mix, Migicovsky says, and will not be a focus for Beeper, given the complications it saw with Apple's shutdown of Beeper Mini. However, Beeper is hopeful regulations could change things, pointing to the DOJ lawsuit and FCC investigation. In the meantime, Beeper supports RCS, which solves iMessage to Android problems like low-res images and videos, lack of typing indicators and encryption.
With the launch out of beta, the new app includes a new icon, updated design, instant chat opens and sends, the ability to add and modify chat networks directly on Android (no desktop app needed), local caching of all chats on the device and full message search.
The 10,000 Android beta testers already on Beeper will need to download the new app manually from Google Play --- it won't automatically update.
| [!Screenshot of the Beeper website](https://techcrunch.com/2024/04/09/wordpress-com-owner-automattic-acquires-multi-service-messaging-app-beeper-for-125m/) | |:--:| | Image Credits: Beepercaption |
In addition, the 466,000 or so people on Beeper's waitlist will now be able to try the product. They'll join over 115,000 users who have already downloaded the app, which is now used by tens of thousands daily. The app runs on Android, iPhone, iPad, ChromeOS, macOS, Windows and Linux.
The team expects to have feature parity across platforms in a matter of months as they overhaul the iOS and desktop apps.
In time, they plan to add other services to Beeper as well, including Google Voice, Snapchat and Microsoft Teams. Beeper also offers a widget API so developers can build on top of Beeper. Plus, since Matrix is an open standard, developers will be able to build alternative clients for Beeper, as well.
The app will generate revenue via a premium subscription, where the final price may be a couple of dollars per month, but pricing decisions haven't yet been fully nailed down. Beeper is currently free to use.
Like Automattic, Beeper's team is remotely distributed, with employees in Brazil, the U.K., Germany and the U.S. At present, Texts.com will continue to operate as the teams begin to integrate the two messaging apps.
- Germany Warns Of 17k Vulnerable Microsoft Exchange Servers Exposed Online - RedPacket Securitywww.redpacketsecurity.com Germany Warns Of 17k Vulnerable Microsoft Exchange Servers Exposed Online - RedPacket Security
The German national cybersecurity authority warned on Tuesday that it found at least 17,000 Microsoft Exchange servers in Germany exposed online and
cross-posted from: https://midwest.social/post/10338366 >> The German national cybersecurity authority warned on Tuesday that it found at least 17,000 Microsoft Exchange servers in Germany exposed online and
- WordPress Admins Urged to Remove miniOrange Plugins Due to Critical Flawthehackernews.com WordPress Admins Urged to Remove miniOrange Plugins Due to Critical Flaw
Over 10,300 sites at risk due to a vulnerability in miniOrange plugins allowing unauthenticated password changes and admin access.
- AT&T says leaked data of 70 million people is not from its systemswww.bleepingcomputer.com AT&T says leaked data of 70 million people is not from its systems
AT&T says a massive trove of data impacting 71 million people did not originate from its systems after a hacker leaked it on a cybercrime forum and claimed it was stolen in a 2021 breach of the company.
- Fujitsu: Malware on Company Computers Exposed Customer Datawww.darkreading.com Fujitsu: Malware on Company Computers Exposed Customer Data
It remains unclear how long the IT services giant's systems were infiltrated and just how the cyberattack unfolded.
- Chinese APT 'Earth Krahang' Compromises 48 Gov't Orgs on 5 Continentswww.darkreading.com Chinese APT 'Earth Krahang' Compromises 48 Gov't Orgs on 5 Continents
The group uses pretty standard open source tooling and social engineering to burrow into high-level government agencies across the globe.
- Former telecom manager admits to doing SIM swaps for $1,000www.bleepingcomputer.com Former telecom manager admits to doing SIM swaps for $1,000
A former manager at a telecommunications company in New Jersey pleaded guilty to conspiracy charges for accepting money to perform unauthorized SIM swaps that enabled an accomplice to hack customer accounts.
- StopCrypt: Most widely distributed ransomware evolves to evade detectionwww.bleepingcomputer.com StopCrypt: Most widely distributed ransomware evolves to evade detection
A new variant of StopCrypt ransomware (aka STOP) was spotted in the wild, employing a multi-stage execution process that involves shellcodes to evade security tools.
- National Security Agency | Cybersecurity Information Sheets
-
CSI: Advancing Zero Trust Maturity Throughout the Network and Environment Pillar [pdf]
-
CSI: Use Secure Cloud Identity and Access Management Practices [pdf]
-
CSI: Account for Complexities Introduced by Hybrid Cloud and Multi-Cloud Environments [pdf]
-
CSI: Implement Network Segmentation and Encryption in Cloud Environments [pdf]
-
CSI: NSA’s Top Ten Cloud Security Mitigation Strategies [pdf]
-
CSI: Mitigate Risks from Managed Service Providers in Cloud Environments [pdf]
-
CSI: Enforce Secure Automated Deployment Practices through Infrastructure as Code [pdf]
-