Lifeboat Foundation

The Federal Bureau of Investigation (FBI) and the U.S. Department of Justice announced today the seizure of three domains used by cybercriminals to sell personal info stolen in data breaches and provide DDoS attack services.

WeLeakInfo.to was selling subscriptions allowing its users to search a database containing information stolen in more than 10,000 data breaches.

The roughly 7 billion records contained various personally identifiable information (PII), including names, email addresses, usernames, phone numbers, and passwords for online accounts.

A new Windows Search zero-day vulnerability can be used to automatically open a search window containing remotely-hosted malware executables simply by launching a Word document.

The security issue can be leveraged because Windows supports a URI protocol handler called ‘search-ms’ that allows applications and HTML links to launch customized searches on a device.

While most Windows searches will look on the local device’s index, it is also possible to force Windows Search to query file shares on remote hosts and use a custom title for the search window.

Phishing campaigns attributed to an advanced threat actor called SideWinder involved a fake VPN app for Android devices published on Google Play Store along with a custom tool that filters victims for better targeting.

SideWinder is an APT group that’s been active since at least 2012, believed to be an actor of Indian origin with a relatively high level of sophistication.

Security researchers at Kaspersky attributed close to 1,000 attacks to this group in the past two years. Among its primary targets are organizations in Pakistan, China, Nepal, and Afghanistan.

WhatsApp is one of the most popular messaging platforms in the world with over 2 billion users. Thanks to its massive user base, it has also become a breeding ground for scammers and hackers involved in malicious activities. Now, according to a recent report, a WhatsApp scam that enables an attacker to take control of a user’s WhatsApp account is currently in operation. Check out the details below right now!

According to a recent report by Gizchina, citing cybersecurity firm CloudSEK, a new scam currently targeting random WhatsApp users lets an attacker completely take control of their WhatsApp account with only a phone call. Once an attacker takes hold of a WhatsApp account, they can demand money from the user’s WhatsApp contacts.

The new scam was recently discovered by Rahul Sasi, who is the founder and CEO of CloudSEK. According to him, the primary objective of the hacker is to randomly call an unsuspecting WhatsApp user and try to convince them to call a specific number. If a user, unfortunately, dials the number as instructed by the attacker, they will be logged out of their WhatsApp account and the hacker will be able to take control of it.

The Computer Security Incident Response Team in Italy issued an urgent alert yesterday to raise awareness about the high risk of cyberattacks against national bodies and organizations on Monday.

Verizon has suffered a data breach. A hacker recently accessed the company’s employee database and stole personally identifiable information about hundreds of its employees. The stolen information includes the full name, phone number, email address, and corporate ID numbers.

According to a Motherboard report, the hacker got access to the Verizon database by tricking an employee to grant them remote access to their corporate computer. They posed as internal support and convinced the victim through social engineering. Once the hacker had access to the database, they launched a script to copy the information.

“These employees are idiots,” the hacker told Motherboard in an online chat. They shared the stolen data, perhaps part of it, with the publication. The report suggests the information is accurate but unclear how up to date. The publication called some of the phone numbers and four people confirmed their full names and email addresses. They also confirmed that they work at Verizon.

WASHINGTON — The Space Systems Command on May 26 rolled out a new process to assess the cybersecurity of commercial satellite operators that do business with the Defense Department.

Under the Infrastructure Asset Pre-Approval program, or IA-Pre, commercial suppliers of satellite-based services are evaluated based on their cybersecurity practices and systems. Those suppliers that pass the government’s checklist are then placed on a pre-approved list and will not be required to complete lengthy cybersecurity questionnaires for each individual contract proposal.

“Our office will begin accepting IA-Pre applications for a limited number of assets to perform assessments,” said Jared Reece, program analyst at the Space Systems Command’s commercial services systems office.

Trend Micro says it patched a DLL hijacking flaw in Trend Micro Security used by a Chinese threat group to side-load malicious DLLs and deploy malware.

As Sentinel Labs revealed in an early-May report, the attackers exploited the fact that security products run with high privileges on Windows to plant and load their own maliciously crafted DLL into memory, allowing them to elevate privileges and execute code.

“Trend Micro is aware of some research that was published on May 2, 2022, regarding a purported Central-Asian-based threat actor dubbed ‘Moshen Dragon’ that had deployed malware clusters that attempted to hijack various popular security products, including one from Trend Micro,” the cybersecurity company said.

Threat analysts have discovered a recent malware distribution campaign using PDF attachments to smuggle malicious Word documents that infect users with malware.

The choice of PDFs is unusual, as most malicious emails today arrive with DOCX or XLS attachments laced with malware-loading macro code.

However, as people become more educated about opening malicious Microsoft Office attachments, threat actors switch to other methods to deploy malicious macros and evade detection.