#China-based #SMS #Phishing Triad Pivots to Banks

https://krebsonsecurity.com/2025/04/china-based-sms-phishing-triad-pivots-to-banks/

Attacco hacker a Busitalia: compromessi i dati dei passeggeri

Link all'articolo : https://www.redhotcyber.com/post/attacco-hacker-a-busitalia-compromessi-i-dati-dei-passeggeri/

Follow Cliffguard CyberSecurity for the latest updates on hacking techniques, cyber threats, tech news, and more.

Check out our official site: www.cliffguard.com/
Follow us on Instagram: @cliffguard_cybersecurity
Explore in-depth blogs & insights: cliffguard.com/blogs

Looking for something else entirely I notice there is a #wankstortion campaign in progress (~600 hosts) targeting (of course) the imaginary friends aka spamtraps, again.

Is that even worth reporting on in more detail these days?

(data accumulating in https://nxdomain.no/~peter/wankstortion/ as usual, previous reported in https://nxdomain.no/~peter/despicable_no_good_blackmail.html, MO repeating)

Android a Rischio: Scoperti due bug zeroday utilizzati attivamente in attività di spionaggio

Link all'articolo : https://www.redhotcyber.com/post/android-a-rischio-scoperti-due-bug-zeroday-utilizzati-attivamente-in-attivita-di-spionaggio/

Riflessioni sul Patch Management. Dopo solo 4 ore dalla pubblicazione dell’exploit, lo sfruttamento

Link all'articolo : https://www.redhotcyber.com/post/riflessioni-sul-patch-management-dopo-solo-4-ore-dalla-pubblicazione-dellexploit-lo-sfruttamento/

Casa 2.0: Quando il Digitale Minaccia il Tuo Rifugio e la Tua Anima

Link all'articolo : https://www.redhotcyber.com/post/casa-2-0-quando-il-digitale-minaccia-il-tuo-rifugio-e-la-tua-anima/

La Rinascita di Crack.io: Combattere il cybercrime è come estirpare erbacce: se lasci le radici, ricresceranno

Link all'articolo : https://www.redhotcyber.com/post/la-rinascita-di-crack-io-combattere-il-cybercrime-e-come-estirpare-erbacce-se-lasci-le-radici-ricresceranno/

heise+ | Identitätsmanagement: Mehr Sicherheit für Non-Human Identities

Nicht-menschliche Identitäten für automatisierte Prozesse und Systeminteraktionen sind attraktive Ziele für Cyberkriminelle. Die Top 10 der Risiken.

https://www.heise.de/hintergrund/Identitaetsmanagement-Mehr-Sicherheit-fuer-Non-Human-Identities-10345929.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon

Police detains #Smokeloader #malware customers, seizes servers

https://www.bleepingcomputer.com/news/security/police-detains-smokeloader-malware-customers-seizes-servers/

Newly Registered Domains Distributing SpyNote Malware

Deceptive websites hosted on newly registered domains are being used to deliver AndroidOS SpyNote malware, mimicking the Google Chrome install page on the Google Play Store. The campaign utilizes a mix of English and Chinese-language delivery sites, with Chinese-language comments in the code. The malware is distributed through a two-stage installation process, using an APK dropper to deploy the core SpyNote RAT. SpyNote is a potent Android remote access trojan capable of extensive surveillance, data exfiltration, and remote control. It aggressively requests numerous intrusive permissions, allowing for theft of sensitive data and significant remote access capabilities. The malware's keylogging functionality and ability to manipulate calls, activate cameras and microphones, and remotely wipe data make it a formidable tool for espionage and cybercrime.

Pulse ID: 67f80a4aa4c9d5d796071af6
Pulse Link: https://otx.alienvault.com/pulse/67f80a4aa4c9d5d796071af6
Pulse Author: AlienVault
Created: 2025-04-10 18:13:30

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

Europol sheds light on the weaknesses of biometric identification

According to Europol, biometric recognition systems offer "a high level of security" in principle. But it is important to recognize the many ways of attack.

https://www.heise.de/en/news/Europol-sheds-light-on-the-weaknesses-of-biometric-identification-10348161.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon

Europol beleuchtet Schwachstellen biometrischer Identifizierung

Biometrische Erkennungssysteme bieten laut Europol prinzipiell zwar "ein hohes Maß an Sicherheit". Doch es sei wichtig, die vielen Angriffspunkte zu erkennen.

https://www.heise.de/news/Europol-beleuchtet-Schwachstellen-biometrischer-Identifizierung-10348132.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon

Leak exposes #BlackBasta’s influence tactics

https://arstechnica.com/security/2025/04/leaked-messages-expose-trade-secrets-of-prolific-black-basta-ransomware-group/

Spam activity for the December 2024 - February 2025 reporting period is now posted at the Cybercrime Information Center. This was a record-setting reporting period.

Retailers will envy the holiday season that spammers enjoyed.

Noteworthy findings

TLDs:

.BOND had less than 1M domains but over 700K spam domains. Compare to .COM which had 157M domains and just under 1M spam domains. hashtag

#ouch

Domain Registrars:

Dynadot and Key Systems had more spam domains under management than GoDaddy.

Hosting Networks (ASNs)

Amazon had a 900% increase in spam content or spambots reported.

https://www.cybercrimeinfocenter.org/spam-activity-numbers-december-february-2025

Kellogg’s: il gruppo ransomware CL0P buca i server del fornitore Cleo e ruba dati sensibili

Link all'articolo : https://www.redhotcyber.com/post/kelloggs-il-gruppo-ransomware-cl0p-buca-i-server-del-fornitore-cleo-e-ruba-dati-sensibili/

Scams Taking Their Toll?

We've previously posted about toll-themed domains being used in mass smishing campaigns targeting drivers in the US, but they're not the only ones being taken for a ride. While recently investigating a huge cluster of scam domains sharing many similar traits, we've noticed toll scams targeting drivers far and wide, including in Australia, Hong Kong, New Zealand, Portugal, Saudi Arabia, Singapore, Taiwan and the United Arab Emirates.

Think you're safe because you didn't click submit? Think again! These crafty wheeler-dealers are using the JavaScript Socket.io library for real-time communications, meaning text is sent to the scammers as you type!

Examining these back-and-forth communications suggests that your data is being sent to a chat room, and the server response includes 'online-count-user,' showing you're not the only one interacting with the scam at that moment.

Regional examples:
- AU - inforequestl[.]icu
- HK - hketcupdate[.]top
- NZ - niztagoovt[.]com
- PT - visitorsa-pt[.]click
- SA - absher[.]qpon
- SG - lta-gov-sg[.]top
- TW - fetollc[.]top
- AE - dubaipoieh[.]com

#dns #threatintel #threatintelligence #cybercrime #cybersecurity #infosec #infoblox #infobloxthreatintel #scam #phishing

HTTP 500 su Exchange Admin Center: blackout mondiale, amministratori bloccati!

Link all'articolo : https://www.redhotcyber.com/post/http-500-su-exchange-admin-center-blackout-mondiale-amministratori-bloccati/

Dazi americani: Perché le Guerre Commerciali Sono un Grosso Problema (Anche) per la Cybersecurity

Link all'articolo : https://www.redhotcyber.com/post/dazi-americani-perche-le-guerre-commerciali-sono-un-grosso-problema-anche-per-la-cybersecurity/

Il Mito della Biometria Sicura! La Verità Shock sui Nuovi Attacchi Digitali

Link all'articolo : https://www.redhotcyber.com/post/il-mito-della-biometria-sicura-la-verita-shock-sui-nuovi-attacchi-digitali/