Security News

The US government offered a reward up to $5 million for information that helps disrupt North Korea's cryptocurrency theft, cyber-espionage, and other illicit state-backed activities. The cash will be awarded "For information that leads to the disruption of financial mechanisms of persons engaged in certain activities that support North Korea, including money laundering, exportation of luxury goods to North Korea, specified cyber-activity and actions that support WMD proliferation," according to the Feds.

Threat actors have built and are ready to deploy tools that can take over a number of widely used industrial control system devices, which spells trouble for critical infrastructure providers-particularly those in the energy sector, federal agencies have warned. In a joint advisory, the Department of Energy, the Cybersecurity and Infrastructure Security Agency, the National Security Agency and the FBI caution that "Certain advanced persistent threat actors" have already demonstrated the capability "To gain full system access to multiple industrial control system/supervisory control and data acquisition devices," according to the alert.

The Department of Justice unveiled Tuesday that it has seized three domains to affectively shut down the RaidForums website, a major English-language online marketplace for cybercriminals to buy and sell databases stolen from organizations in ransomware and other cyber-attacks. The seizure of RaidForum's domains means that members can no longer use the site to traffic stolen data, according to the feds.

The US Justice Department today revealed details of a court-authorized take-down of command-and-control systems the Sandworm cyber-crime ring used to direct network devices infected by its Cyclops Blink malware. The move follows a joint security alert in February from US and UK law enforcement that warned of WatchGuard firewalls and ASUS routers being compromised to run Cyclops Blink.

First, German federal police in coordination with US law enforcement seized Hydra servers and cryptocurrency wallets containing $25 million in Bitcoin, thus shutting down the online souk. Later on Tuesday, the US Justice Department announced criminal charges against one of the alleged Hydra operators and system administrators, 30-year-old Dmitry Olegovich Pavlov of Russia.

Pindrop released the findings of a survey that explores how 2000+ US-based consumers feel about the future of voice enabled technology and how it will impact their everyday lives. The report uncovered that consumers are so fed up with passwords and KBAs to access accounts or verify identity that many would be less annoyed by having their flight delayed or having to shovel snow.

Besides the difficulty of tracking down all instances of the ubiquitous Apache logging library, the job of patching the flaws has been further complicated for many agencies by end-of-life and end-of-support systems connected to the network. Due to network-connected EoL and EoS systems: an issue that's further complicated by pandemic-wrought supply chain delays and remote-work issues.

Australia's Federal Police force has revealed more about how it distributed a backdoored chat app to criminals. The app, named An0m, was revealed in June 2021 when Australia's Feds, the FBI and European authorities revealed they'd combined to convince crims the software allowed secure communications.

The US Federal Bureau of Investigation says 49 organisations, including some in government, were hit by Cuba ransomware as of early November this year. The ransomware gang's loader of choice, Hancitor, was the culprit, distributed via phishing emails, or via exploit of Microsoft Exchange vulnerabilities, compromised credentials, or Remote Desktop Protocol tools.

The US Attorney's Office of Arizona on Wednesday announced the indictment of two men on charges that they defrauded musicians and associated companies by claiming more than $20m in royalty payments for songs played on YouTube. "In short, Batista and Teran, as individuals and through various entities that they operate and control, fraudulently claimed to have the legal rights to monetize a music library of more than 50,000 songs," the indictment [PDF] alleges.