End-of-Day report
Timeframe: Donnerstag 06-03-2025 18:00 - Freitag 07-03-2025 18:00
Handler: Alexander Riepl
Co-Handler: n/a
News
Cybercrime crew stole $635,000 in Taylor Swift concert tickets
New York prosecutors say that two people working at a third-party contractor for the StubHub online ticket marketplace made $635,000 after almost 1,000 concert tickets and reselling them online.
https://www.bleepingcomputer.com/news/security/cybercrime-crew-stole-635-000-in-taylor-swift-concert-tickets/
Microsoft says malvertising campaign impacted 1 million PCs
-Microsoft has taken down an undisclosed number of GitHub repositories used in a massive malvertising campaign that impacted almost one million devices worldwide.
https://www.bleepingcomputer.com/news/security/microsoft-says-malvertising-campaign-impacted-1-million-pcs/
Cyberangriff analysiert: Hacker verschlüsseln Unternehmensdaten über eine Webcam
Ein EDR-Tool hat Verschlüsselungsversuche der Ransomwaregruppe Akira erfolgreich vereitelt. Doch dann fanden die Angreifer ein Schlupfloch.
https://www.golem.de/news/cyberangriff-analysiert-hacker-verschluesseln-unternehmensdaten-ueber-eine-webcam-2503-194073.html
A Deep Dive into Strela Stealer and how it Targets European Countries
Infostealers have dominated the malware landscape due to the ease of threat operations maintenance, and a wide group of potential victims. In this blog, we take a closer look at a unique infostealer designed to precisely target a narrow data set on systems located in chosen geographic locations.
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/a-deep-dive-into-strela-stealer-and-how-it-targets-european-countries/
Russian State Actors: Development in Group Attributions
This is the final installment of Trustwave SpiderLabs Russia-Ukraine digital battlefield series, which has spanned topics including the differences between Russia and Ukraine cyber actors, how government entities, defense organizations, and human targets were caught in the cyber crossfire, and how both countries targeted the telecommunications, critical ..
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/russian-state-actors-development-in-group-attributions/
A Brand New Botnet Is Delivering Record-Size DDoS Attacks
Eleven11bot infects webcams and video recorders, with a large concentration in the US.
https://www.wired.com/story/eleven11bot-botnet-record-size-ddos-attacks/
Akira-Ransomware schlüpft über Webcam an IT-Schutzlösung vorbei
Eigentlich ist das Firmennetz über eine Schutzsoftware geschützt, die auch anschlägt. Trotzdem konnte ein Trojaner über einen Umweg PCs infizieren.
https://www.heise.de/news/Akira-Ransomware-schluepft-ueber-Webcam-an-IT-Schutzloesung-vorbei-10307987.html
Who is the DOGE and X Technician Branden Spikes?
At 49, Branden Spikes isnt just one of the oldest technologists who has been involved in Elon Musks Department of Government Efficiency (DOGE). As the current director of information technology at X/Twitter and an early hire at PayPal, Zip2, Tesla and SpaceX, Spikes is also among Musks most loyal employees. Heres a closer look at this trusted Musk lieutenant, whose Russian ex-wife was once married to Elons cousin.
https://krebsonsecurity.com/2025/03/who-is-the-doge-and-x-technician-branden-spikes/
Multiple Vulnerabilities Discovered in a SCADA System
We identified multiple vulnerabilities in ICONICS Suite, SCADA software used in numerous OT applications. This article offers a technical analysis of our findings.
https://unit42.paloaltonetworks.com/vulnerabilities-in-iconics-software-suite/
Russian crypto exchange Garantex-s website taken down in apparent law enforcement operation
Russian cryptocurrency exchange Garantex was taken down in an apparent seizure by U.S. and European law enforcement Thursday, shortly after the company said $28 million had been frozen by another cryptocurrency firm.
https://therecord.media/garantex-crypto-exchange-taken-down-law-enforcement-operation
CISA, FBI warn of BianLian mail scam targeting executives with $500k ransom note
In an alert on Thursday, the FBI said scammers are mailing letters to corporate executives claiming that they stole sensitive data and will publish it unless a demand is paid in Bitcoin.
https://therecord.media/cisa-fbi-warn-bianlian-mail-scam-extortion
Canadian intelligence agency warns of threat AI poses to upcoming elections
Influence and espionage campaigns, boosted by AI, are likely to be aimed at Canadas upcoming elections, says a new report from the CSE, the countrys signals and cyber intelligence agency.
https://therecord.media/canada-cyber-agency-elections-warning-ai-
NixSpam RBL ab 7.3.2025 abgeschaltet - gibt Ärger - aber nun gelöst
Kurze Information für Blog-Leser die bei der Mail-Filterung auf "NixSpam RBL" gesetzt haben. Der vom heise-Verlag betriebene Dienst ist seit dem heutigen 7. März 2025 abgeschaltet, was einigen Leuten Probleme bereiten ..
https://www.borncity.com/blog/2025/03/07/nixspam-rbl-ab-7-3-2025-abgeschaltet/
New edu platform and Sanitization and Validation and Escaping, Oh My! article
With the beta launch of my companys educational platform (hackArcana), I finally have a place to write more about the fundamentals of security and post more educational content. The first piece Ive written for our new platform touches on the confusion around the terms "validation," "sanitization," "encoding," "escaping," ..
https://gynvael.coldwind.pl/?id=800
Microsoft Dismantles Malvertising Scam Using GitHub, Discord, Dropbox
Microsoft Threat Intelligence exposes a malvertising campaign exploiting GitHub, Discord, and Dropbox. Discover the multi-stage attack chain, ..
https://hackread.com/microsoft-dismantle-malvertising-github-discord-dropbox/