David
Microsoft’s GitHub: A Growing Platform for Delivering Malicious Payloads – January 12th
A Recorded Future report discloses that Microsoft-owned GitHub is a growing and lucrative platform for threat actors to effectively deliver malicious payloads by blending the payloads with legitimate traffic. The open-source data repository platform's legitimacy is now being leveraged cleverly by threat actors who are "living-off-trusted-sites". However, the limitations in the site's file size and storage stopped large-scale payloads used for data exfiltration from being delivered.
Ukrainian Hacking Group Dismantles Russian Telco – January 11th
A source informed Reuters that the Ukrainian spy agency-backed "Blackjack" hacking group successfully deleted 20TB of data from M9 Telecom, massively disrupting their operations. Seemingly coming as a retaliation attack to the "largest telco cyber attack in history" on Ukrainian telco, Kyivstar, the attack on M9 Telecom shut down internet use for thousands in Moscow.
SEC X Account Hacked to Push Bitcoin ETFs – January 10th
The Securities and Exchange Commission (SEC) confirmed through a spokesperson and social media announcements that the agency's X (formerly Twitter) account was compromised to promote Bitcoin ETFs. Bitcoin's value spiked to nearly $48k as a result of the false Tweet, despite being taken down just 30 minutes after being published.
Turkish Cyber Espionage Group Targeting Dutch Orgs – January 9th
Hunt & Hackett uncovered information on “Sea Turtle”, a Turkish-affiliated cyber espionage group that shifted focus to target Netherlands-based organizations. "Sea Turtle" was found to launch politically motivated evasive info-stealing campaigns targeting Dutch government, telco, media, and NGO organizations.
Cyberattack Shuts Down loanDepot IT Systems – January 8th
In response to complaints regarding its payment portal, loanDepot informed its customers that they fell victim to a cyberattack that shut down its IT systems, disrupting its business operations. Currently in coordination with law enforcement and forensics experts to further investigate the attack. The attack on loanDepot marks the second major cyberattack on a US mortgage loan provider in the past few months, after the cyberattack on Mr. Cooper.
Google to Test Third-Party Cookies Restrictions by End of 2024 – January 5th
As part of Google's "Privacy Sandbox" initiative, Google Chrome plans to test removing third-party cookies for 1% of its users by the end of 2024. Going against the pleas of Google-focused advertisers, Google's move to remove these third-party cookies used to track user data to build targeted advertiser profiles aims to enhance the web browser's data privacy.
CISA Warns Google Chrome Users of Open Source Vulnerabilities – January 4th
In an announcement addressed to US Federal Agencies, the Cybersecurity and Infrastructure Security Agency (CISA) warned Google Chrome users of a vulnerability (CVE-2023-7101) impacting the web browser's open-source Perl library. The Google vulnerability affects an open-source project, Google Chromium WebRTC, which as a result allows threat actors to cause browser crashes and launch other actions.
$80M in Crypto Stolen from Orbit Chain Cyberattack – January 3rd
Orbit Chain revealed to its users that as a result of a cyber attack, $84.5M worth of Ethereum and DAI (cryptocurrencies) were illicitly transferred to seven wallet addresses on the 1st of January. Orbit Chain is now coordinating with the Korean National Police Agency and the Korea Internet & Security Agency (KISA) to find the threat actors behind the cyber attacks, and to further protect its customers' crypto wallets.
Researchers Uncover a Tesla Autopilot Exploit – January 2nd
Researchers from the Technische Universität Berlin managed to hack into Tesla's autopilot system, granting them access to internal hardware and hidden capabilities. The university's researchers using inexpensive tools amounting to $600 hacked into Tesla's ARM64-based circuit board of the car's autopilot system. The researchers' hack on Tesla allowed them access to arbitrary code, user data, cryptographic keys, system parts, a deleted GPS coordinates video, and the hidden "Elon-mode" allowing the cars to have a fully hands-free self-driving feature.
Cyberattack Halts Albanian Parliament Data System – December 29th
Albania's Parliament announced it was hit by a cyberattack targeting its data system, resulting in halting the Parliament's services. The Albanian Parliament assured that although disrupted, the data was not encrypted by the threat actors and that their services would go back online soon.
H2 2023 Dominated by AI Malicious Activity and Android Spyware Threats – December 28th
According to an ESET report, the threat landscape of the second half of 2023 was dominated by AI-generated malicious activity and newly emerged Android spyware. Coming from ESET's "Threat Report: H2 2023," based on the firm's recorded incidents, the report also states that a new economy has arisen from OpenAI API keys, especially for cybercriminals.
62% of Top Ransomware Groups Activated Remote Attacks in 2023 – December 27th
According to Sophos' latest report, 62% of the most active ransomware groups in the world deliberately enable remote encryption for their attacks. Sophos' report entitled "CryptoGuard: An Asymmetric Approach to the Ransomware Battle," gathered the data based on Sophos' detected and halted ransomware attacks in 2023. The report further stated that remote encryption is used as a tactic for effective, widespread ransomware attacks within organizations, aiming to steal as much sensitive information as possible.
‘GTA V’ Source Code Leaked on Telegram Channel – December 26th
Links to Rockstar Games’ 'GTA V' source code were posted on a Telegram group, later posted on Discord servers and a dark web site. The Rockstar Games leak ensued a year after threat actor group, Lapsus$ claimed a cyberattack on the gaming giant. Lapsus$ hacker, Arion Kurtaj is the suspected source of the video game's code distribution.
November’s Ransomware Leak Victims Reach Record High – December 25th
A record-high 484 ransomware victims were posted on publicly available sites in November 2023, according to a Corvus Insurance report. The spike in ransomware victims' information being leaked reflects a 39.08% increase compared to October 2023 and a staggering 110.43% increase compared to November 2022.
US White House Issues Executive Order to Improve Nation’s Cybersecurity – December 22nd
On December 21st, the U.S. White House issued Executive Order (EO) 14028, "Executive Order on Improving the Nation's Cybersecurity," which emphasized modernizing cybersecurity infrastructure by coding in more secure ways. A more detailed excerpt from the Executive Order stated; "Software engineers, developers, and coders must build secure code and security controls into the code they create. They need to make security by design and security by default software-design requirements."