Operation Endgame takes down 2000 malware domains and 100 servers. NIST NVD backlog to be cleared by end of September. Destroying 600,000 routers in 72 hours.  

News

Hi folks,

I hope you're all doing well, and are having a productive Friday. I have some more studying to do today, which I actually look forward to (as opposed to my college days ^^). And then off to a rather quiet weekend. I hope the same for you!

Cheers,

Dieter Van der Stock

Operation Endgame: Police seize over 100 malware loader servers, arrest four cybercriminals

An international operation codenamed 'Operation Endgame' has seized over 100 servers and 2000 domains, used by multiple major malware loader operations like IcedID, Pikabot, Trickbot and others. They arrested four people and identified eight more, whom are now added to Europol's 'Most Wanted' list.

bleepingcomputer.com

NIST expects to clear backlog in vulnerabilities database by end of fiscal year

If you remember, the NIST NVD database is where most of the information on CVE's come from. NIST has been struggling to keep up, with new analysis work seemingly coming to a stop.

They're now hiring an external company to help them clear the backlog. The article says that it's not known which company, but it was shared in a later article that the company in question is Analygence, a cybersecurity contractor out of Maryland with a history of providing security services to the US government.

They aim to have the backlog cleared by end of fiscal year 2024, which is September 30th. That sounds very ambitious to me, I doubt it'll be easy work. Best of luck to them for sure.

therecord.media

Mystery malware destroys 600,000 routers from a single ISP during 72-hour span

Interesting read on a destructive attack that occurred last year that bricked no less than 600,000 routers, all of a single ISP, without any known motive. It always gets a bit scary when software hacks brick hardware.

arstechnica.com

Chinese national arrested for operating proxy service linked to billions in cybercrime

He installed malware on millions of devices, causing them to operate as a 'residential proxy service' with over 19 million IP adresses. He provided access to this service, dubbed "CloudRouter", to any number of criminal enterprises, netting him around $99 million in four years. He was arrested in Singapore, with work being done to extradite him to the US where he faces a maximum sentence of 65 years in prison.

cyberscoop.com

UnitedHealth leaders 'should be held responsible' for installing inexperienced CISO, senator says

“Due to his apparent lack of prior experience in cybersecurity, it would be unfair to scapegoat Mr. Martin for UHG’s cybersecurity lapses. Instead, UHG’s CEO and the company’s board of directors should be held responsible for elevating someone without the necessary experience to such an important role in the company, as well as for the company’s failure to adopt basic cyber defenses,” the senator wrote. That's ... refreshing.

therecord.media

How the DOJ is using a Civil War-era law to enforce corporate cybersecurity

They are using a law that was used to punish third parties that sold them sick horses, spoiled foods and other misrepresented goods during the Civil War, to now get them to be transparent about the level of cybersecurity in their products. There are many cases running, with several settlements already taking place. Sounds like a great way to steer the ship towards better cybersecurity, kudos for the legislative creativity.

therecord.media

Wargames director Jackie Schneider on why cyber is one of 'the most interesting scholarly puzzles'

Interesting interview on how cyber warfare compares to traditional warfare in wargames and tabletop excercises, and possibly in the real world.

therecord.media

1Password for developers: secrets, SSH keys, and more

I think most developers don't realise how valuable 1Password can be. It doesn't just hold passwords, it also hold your SSH keys, signs your Git commits, injects token and other secrets in CLI scripts when you want, and much more. (Sponsored)

1password.com

Quick links

  • Cybercriminals pose as "helpful" Stack Overflow users to push malware: link.
  • Phones of journalists and activists in Europe targeted with Pegasus: link.
  • House Republican sounds the alarm on threats to food and agriculture sector: link.
  • Negotiations over new NATO cyber center still ongoing weeks from planned launch: link.
  • Researchers crack 11-year-old password, recover $3 million in bitcoin: link.

Breaches and leaks

  • Data of 560 million Ticketmaster customers for sale after alleged breach: link.
  • Cencora data breach exposes US patient info from 11 drug companies: link.
  • Sav-Rx discloses data breach impacting 2.8 million Americans: link.
  • Christie’s confirms breach after RansomHub threatens to leak data: link.
  • First American December data breach impacts 44,000 people: link.
  • BBC suffers data breach impacting current, former employees: link.
  • Cooler Master confirms customer info stolen in data breach: link.
  • Everbridge warns of corporate systems breach exposing business data: link.
  • Ransomware attack on Seattle Public Library knocks out online systems: link.
  • Major Russian delivery company down for three days due to cyberattack: link.

Issues and fixes

  • Okta warns of credential stuffing attacks targeting its CORS feature: link.
  • Check Point releases emergency fix for VPN zero-day exploited in attacks: link.
  • Google fixes eighth actively exploited Chrome zero-day this year: link.
  • TP-Link fixes critical RCE bug in popular C5400X gaming router: link.
  • Exploit released for maximum severity Fortinet RCE bug, patch now: link.

No spam, ever. We'll never share your email address and you can opt out at any time.