Microsoft shuts down 3,000 email accounts created by North Korean IT workers

/in

Microsoft said it has spent years monitoring North Korea’s campaign to get its citizens hired in IT roles at U.S. companies and recently saw changes in how the campaign operates.

The Record from Recorded Future News – ​Read More

Interpol identifies West Africa as potential new hotspot for cybercrime compounds

/in

Interpol said it analyzed five years of data about the illicit industry, which relies on human trafficking to staff up centers with people who are forced to conduct investment fraud, romance scams and other schemes.

The Record from Recorded Future News – ​Read More

Ransomware gang Hunters International says it’s shutting down

/in

The cybercriminal group, which said it’s releasing its decryption tools to victims, may be transitioning to new infrastructure under a different name.

Security News | TechCrunch – ​Read More

Dark Web Vendors Shift to Third Parties, Supply Chains

/in

As attacks on software supply chains and third parties increase, more data on critical software and infrastructure services is being advertised and sold on the Dark Web.

darkreading – ​Read More

Russia jails man for 16 years over pro-Ukraine cyberattacks on critical infrastructure

/in

Russian authorities said the man used malware to attack Russian information systems in 2022, blocking access to websites of several local companies and damaging critical infrastructure.

The Record from Recorded Future News – ​Read More

Hunters International ransomware group claims to be shutting down

/in

“After careful consideration and in light of recent developments, we have decided to close the Hunters International project,” the prolific cybercrime gang wrote on its darknet site.

The Record from Recorded Future News – ​Read More

Attackers Impersonate Top Brands in Callback Phishing

/in

Microsoft, PayPal, Docusign, and others are among the trusted brands threat actors use in socially engineered scams that try to get victims to call adversary-controlled phone numbers.

darkreading – ​Read More

IDE Extensions Pose Hidden Risks to Software Supply Chain

/in

Malicious extensions can be engineered to bypass verification checks for popular integrated development environments, according to research from OX Security.

darkreading – ​Read More

Undetectable Android Spyware Backfires, Leaks 62,000 User Logins

/in

A vulnerability in the Catwatchful spyware allowed a security researcher to retrieve the usernames and passwords of over 62,000 accounts.

The post Undetectable Android Spyware Backfires, Leaks 62,000 User Logins appeared first on SecurityWeek.

SecurityWeek – ​Read More

Cisco Warns of Hardcoded Credentials in Enterprise Software

/in

Hardcoded SSH credentials in Cisco Unified CM and Unified CM SME could allow attackers to execute commands as root.

The post Cisco Warns of Hardcoded Credentials in Enterprise Software appeared first on SecurityWeek.

SecurityWeek – ​Read More