Security News

Network-attached storage appliance maker QNAP on Wednesday said it's working on updating its QTS and QuTS operating systems after Netatalk last month released patches to contain seven security flaws in its software. Netatalk is an open-source implementation of the Apple Filing Protocol, allowing Unix-like operating systems to serve as file servers for Apple macOS computers.

Calling TA410 an umbrella group comprised of three teams dubbed FlowingFrog, LookingFrog and JollyFrog, Slovak cybersecurity firm ESET assessed that "These subgroups operate somewhat independently, but that they may share intelligence requirements, an access team that runs their spear-phishing campaigns, and also the team that deploys network infrastructure." TA410 - said to share behavioral and tooling overlaps with APT10 - has a history of targeting U.S-based organizations in the utilities sector as well as diplomatic entities in the Middle East and Africa.

Cybellum had the pleasure of interviewing David Colombo, the cyber boy wonder of Germany, and founder of Colombo Technologies for our podcast, Left to Our Own Devices. So how did David Colombo, at the tender age of 19, hack into ultra-high tech Tesla cars?

"Given recent intelligence indicating that the Russian government is exploring options for potential cyberattacks against U.S. critical infrastructure, CISA along with our interagency and international partners are putting out this advisory to highlight the demonstrated threat and capability of Russian state-sponsored and Russian aligned cybercrime groups," added CISA Director Jen Easterly. The Five Eyes cybersecurity agencies recommends measures critical infrastructure orgs should take to harden their defenses and protect their information technology and operational technology networks against Russian state-sponsored and criminal cyber threats, including ransomware, destructive malware, DDoS attacks, and cyber espionage.

The Computer Emergency Response Team of Ukraine has warned of a new wave of social engineering campaigns delivering IcedID malware and leveraging Zimbra exploits with the goal of stealing sensitive information. Attributing the IcedID phishing attacks to a threat cluster named UAC-0041, the agency said the infection sequence begins with an email containing a Microsoft Excel document that, when opened, prompts the users to enable macros, leading to the deployment of IcedID. The information-stealing malware, also known as BokBot, has followed a similar trajectory to that of TrickBot, Emotet, and ZLoader, evolving from its earlier roots as a banking trojan to a full-fledged crimeware service that facilities the retrieval of next-stage implants such as ransomware.

The Department of Justice unveiled Tuesday that it has seized three domains to affectively shut down the RaidForums website, a major English-language online marketplace for cybercriminals to buy and sell databases stolen from organizations in ransomware and other cyber-attacks. The seizure of RaidForum's domains means that members can no longer use the site to traffic stolen data, according to the feds.

The RaidForums hacker forum, used mainly for trading and selling stolen databases, has been shut down and its domain seized by U.S. law enforcement during Operation TOURNIQUET, an action coordinated by Europol that involved law enforcement agencies in several countries. According to the DoJ, the marketplace offered for sale more than 10 billion unique records from hundreds of stolen databases that impacted people residing in the U.S. In a separate announcement today, Europol says that RaidForums had more than 500,000 users and "Was considered one of the world's biggest hacking forums".

FIN7 hacking group returns with new methods and members, what should you look out for? A report from Mandiant details the resurfacing of the FIN7 hacking group and the collective's use of new hacking tools along with an expanding roster of attackers.

"Denys Iarmak, a Ukrainian member and a"pen tester for the FIN7 financially-motivated hacking group, was sentenced on Thursday to 5 years in prison for breaching victims' networks and stealing credit card information for roughly two years, between November 2016 and November 2018. Iarmak is the third FIN7 member sentenced in the US after Fedir Hladyr received ten years in prison on April 16, 2021, and Andrii Kolpakov got seven years on June 24, 2021, following their 2018 arrest.

A previously undocumented "Sophisticated" information-stealing malware named BlackGuard is being advertised for sale on Russian underground forums for a monthly subscription of $200. "BlackGuard has the capability to steal all types of information related to Crypto wallets, VPN, Messengers, FTP credentials, saved browser credentials, and email clients," Zscaler ThreatLabz researchers Mitesh Wani and Kaivalya Khursale said in a report published last week. Also sold for a lifetime price of $700, BlackGuard is designed as a.NET-based malware that's actively under development, boasting of a number of anti-analysis, anti-debugging, and anti-evasion features that allows it to kill processes related to antivirus engines and bypass string-based detection.