Gamers targeted by self-spreading stealer on YouTube
On Thursday, researchers from Kaspersky published details of a new campaign leveraging RedLine malware to target YouTube users. RedLine is known to steal usernames, passwords, cookies, as well as bank card, browser and crypto wallet details. In the latest campaign, RedLine self-propagates to infected YouTube channels by posting videos advertising cheats and hacks for popular games like APB Reloaded, FIFA 22, Final Fantasy XIV, and Lego Star Wars. The malware is openly available on hacker forums for just a few hundred dollars.
(Infosecurity Magazine and Securelist)
Biden order further scrutinizes foreign tech supply chains
On Thursday President Biden signed an order that will sharpen the Committee on Foreign Investment’s priorities and highlight the type of transactions that may warrant enhanced screening. The order hones in on the security of supply chains, and particularly, instances where investments give foreign entities control of critical manufacturing capabilities, mineral resources, technologies or Americans’ sensitive data. In addition to the latest measure, the Biden administration is looking to close off other channels that would give China access to American capital and know-how that might further Beijing’s ambitions to dominate cutting-edge technologies.
(WSJ)
Phishing attacks being launched in the name of Queen Elizabeth II
It appears that cyber criminals are stooping to yet new lows, this time capitalizing on last week’s passing of Queen Elizabeth II. According to research conducted by Proofpoint, hackers are now sending phishing emails with subject line “In Memory of Her Majesty Queen Elizabeth II” and are trying to trap innocent victims with credential stealing malware. A link in the email directs victims to a “login page” where they can earn free entry to Her Majesty’s funeral and also get a chance to meet members of the royal family and potentially win a piece of the queen’s inheritance totalling $885 million.
Akamai records yet another new record-breaking DDoS attack
On Monday, a new distributed denial-of-service (DDoS) attack broke the previous record set in July. According to Akamai, the latest attack originated from the same threat actor, indicating that operators are ramping up their swarm. Monday’s victim was also the same as in July, an unnamed customer in Eastern Europe. The victim’s network was bombarded with unprecedented levels of garbage traffic peaking at 704.8 Mpps, roughly 7% higher than the prior attack. The good news is that, after the July attack, the company added protections to all 12 of their data centers, resulting in mitigating 99.8% of malicious traffic this time around.
Thanks to today’s episode sponsor, Edgescan
Cybercrime forum admins steal from site users
Threat intelligence firm Digital Shadows was tipped-off to a thread containing direct messages between the moderator and administrator of a cybercrime forum called Altenen. Altenen processes payments via an escrow system which is managed by the site admins. A customer who purchased a laptop through the site messaged the moderator asking to confirm receipt of their payment. Instead, they were sent a demand for an additional ‘escrow fee’ of $120 which the user haggled down to $80. When the purchase fell through, the user asked the moderator to return the fee but was met with radio silence. The incident was exposed as a scam along with several other similar incidents, proving there’s no honor among thieves.
Hackers trojanize PuTTY SSH client to backdoor media companies
Research firm Mandiant has spotted North Korean hackers targeting media companies using trojanized versions of PuTTY and KiTTY SSH utilities to deploy backdoors as part of a fake Amazon job assessment. Mandiant identified the threat actor as ‘UNC4034’ who appears to be furthering the ‘Operation Dream Job’ campaign, which has been active since June 2020. The attack starts with a phishing email with a lucrative job offer at Amazon and directs victims to WhatsApp, where they share an ISO file, ultimately leading to deployment of the payload.
$2.5 million grant funds intelligence & national security career center
The Office of the Director of National Intelligence (ODNI) has awarded a $2.5 million grant to Saint Louis University (SLU) to create a new center dedicated to preparing students for careers in the 18 US intelligence agencies. SLU was officially designated a US Intelligence Community Center for Academic Excellence (IC CAE) on Wednesday. Along with SLU, ODNI announced the University of Kansas and the University of New Hampshire as the newest members of the program, which aims to prepare and hire the next generation of diverse and qualified intelligence professionals.
Ethereum activates ‘The Merge’ as it shifts to proof of stake
On Thursday at 6:44 AM UTC, Ethereum officially activated a feature called The Merge. The Merge switches away from mining, which uses computing power to produce blocks, to a proof of stake beacon model. The shift will reduce Ethereum’s energy consumption by more than 99% bringing them into compliance with Environmental, Social, and Governance (ESG) regulations. The move should dissuade businesses from participating in novel sectors such as DeFi and NFTs. The new approaches should allow for execution of much cheaper and faster transactions, while still receiving the benefit of Ethereum’s security.