Lifeboat Foundation

Google’s Threat Analysis Group (TAG) has blocked dozens of malicious domains and websites used by hack-for-hire groups in attacks targeting high-risk targets worldwide.

Unlike commercial surveillance vendors whose tools are deployed in attacks by clients, hack-for-hire operators are directly involved in attacks and are usually employed by a firm offering such services. In some cases, they can also be “freelance” threat actors.

They’re hired for their hacking skills by clients who lack them or who want to conceal their identity if the attacks are detected and investigated.

Microsoft is warning that toll fraud malware is one of the most prevalent threats on Android and that it is evolving with features that allow automatic subscription to premium services.

Toll fraud is a subset of billing fraud, where the threat actor tricks victims into calling or sending an SMS to a premium number.

The difference is that toll fraud does not work over WiFi and forces the devices to connect to the mobile operator’s network.

CISA has re-added a security bug affecting Windows devices to its list of bugs exploited in the wild after removing it in May due to Active Directory (AD) certificate authentication issues caused by Microsoft’s May 2022 updates.

The flaw is an actively exploited Windows LSA (Local Security Authority) spoofing vulnerability tracked as CVE-2022–26925 and confirmed to be a new PetitPotam Windows NTLM Relay attack vector.

Unauthenticated attackers can exploit this bug to force domain controllers to authenticate them remotely via the Windows NT LAN Manager (NTLM) security protocol and, likely, take over the entire Windows domain.

Google’s Threat Analysis Group (TAG) blocks as many as 36 malicious domains operated by hack-for-hire groups from India, Russia and UAE.

Shadow IT refers to the practice of users deploying unauthorized technology resources in order to circumvent their IT department.

A former Canadian government employee pleaded guilty in the U.S. to charges related to his involvement with the NetWalker ransomware syndicate.

Researchers are warning about a new YouTube hijacking malware, dubbed YTStealer, believed to be sold as a service on the dark web.

U.S. cybersecurity agency CISA has added the PwnKit Linux vulnerability to its catalog of known exploited vulnerabilities.

The breach occurred as part of the state Department of Justice’s launch of its “2022 Firearms Dashboard Portal,” officials said.

The names, addresses and license types of all concealed carry permit holders in California were exposed after the state Department of Justice suffered a data breach, authorities said Tuesday.

The Fresno County Sheriff’s Office on Tuesday learned of the breach from the California State Sherriff’s Association, according to a statement.

Continue reading “California DOJ data breach exposes personal information of all concealed carry permit holders across state” »

A new phishing attack is using Facebook Messenger chatbots to impersonate the company’s support team and steal credentials used to manage Facebook pages.

Chatbots are programs that impersonate live support people and are commonly used to provide answers to simple questions or triage customer support cases before they are handed off to a live employee.

In a new campaign discovered by TrustWave, threat actors use chatbots to steal credentials for managers of Facebook pages, commonly used by companies to provide support or promote their services.