Security News > 2023 > April

After stealing the data, he decided to blackmail the clinic for €450,000; when that didn't work he stooped yet lower and tried blackmailing the patients for €200 each, with a warning that the "Fee" would increase to €500 after 24 hours. Patients who didn't pay up after a further 48 hours, the blackmailer said, would be doxxed, a jargon term meaning to have your personal data exposed publicly on purpose.

Two execs and a multinational payment processing company must pay $650k to the US government, says the FTC, which accuses them of knowingly processing credit card payments for Microsoft-themed support scammers. The Justice Department and the Feds claim [PDF] Nexway, along with a web of related companies based in France, Switzerland, Germany, and the US, violated the FTC Act and the Telemarketing Sales Rule by processing payments for India-based Tech Live Connect and "Other foreign clients" that commit telemarketing fraud via tech support scams all over the world, although the agency and the department are regulating the United States side of things.

The Australian Competition & Consumer Commission says Australians lost a record $3.1 billion to scams in 2022, an 80% increase over the total losses recorded in 2021. Most of the losses concern investment scams, which accounted for $1.5 billion, followed by remote access scams that resulted in losses of $229 million, and payment redirection scams that cost victims another $224 million.

A security researcher has released, yet another sandbox escape proof of concept exploit that makes it possible to execute unsafe code on a host running the VM2 sandbox. VM2 is a specialized JavaScript sandbox used by a broad range of software tools for running and testing untrusted code in an isolated environment, preventing the code from accessing the host's system resources or external data.

Experts say the attacks demonstrate the risk that fairly unsophisticated attacks pose even to well-defended enterprises and that other countries should take notice and prepare. Starting before the annual OpIsrael hacktivist assault on Israeli enterprises from April 6 to 9, Israel experienced recent attacks by Russian entities like Killnet and Anonymous Sudan, a cybersecurity bugbear for Israel this year.

Active Directory is at the center of many attacks as it is still the predominant source of identity and access management in the enterprise. Hackers commonly target Active Directory with various attack techniques spanning many attack vectors.

Cybersecurity researchers have detailed the inner workings of a highly evasive loader named "In2al5d p3in4er" that's used to deliver the Aurora information stealer malware. "The in2al5d p3in4er loader is compiled with Embarcadero RAD Studio and targets endpoint workstations using advanced anti-VM technique," cybersecurity firm Morphisec said in a report shared with The Hacker News.

Several police forces in Britain are being put on the naughty step by the UK's data watchdog for using a calling app that recorded hundreds of thousands of phone conversations and illegally retained that data. The Information Commissioner's Office said today it was made aware in June 2020 that Surrey Police and Sussex Police were given access to the Another Call Recorder app that recorded all incoming and outgoing conversations.

A new Android malware strain named Goldoson has been detected in the official Google Play Store spanning more than 60 legitimate apps that collectively have over 100 million downloads. An additional eight million installations have been tracked through ONE store, a leading third-party app storefront in South Korea.

In this article, we will cover the transformation in the field of DFIR in the last couple years, focusing on the digital forensics' aspect and how XDR fits into the picture. Transferring Time: the time it takes to deliver the evidence from the compromised machines to the DFIR team labs.