An international coalition of police agencies has taken a major whack at criminals accused of running a host of online scams, including phishing, the stealing of account credentials and other sensitive data, and the spreading of ransomware, Interpol said recently.

The operation, which ran from the beginning of April through the end of August, resulted in the arrest of 41 people and the takedown of 1,037 servers and other infrastructure running on 22,000 IP addresses. Synergia II, as the operation was named, was the work of multiple law enforcement agencies across the world, as well as three cybersecurity organizations.

A global response

“The global nature of cybercrime requires a global response which is evident by the support member countries provided to Operation Synergia II,” Neal Jetton, director of the Cybercrime Directorate at Interpol, said. “Together, we’ve not only dismantled malicious infrastructure but also prevented hundreds of thousands of potential victims from falling prey to cybercrime. Interpol is proud to bring together a diverse team of member countries to fight this ever-evolving threat and make our world a safer place.”

Read full article

Comments

Canadian authorities have arrested a man on suspicion he breached hundreds of accounts belonging to users of cloud-storage provider Snowflake and used that access to steal personal data belonging to millions of people, authorities said Tuesday.

“Following a request by the United States, Alexander Moucka (aka Connor Moucka) was arrested on a provisional arrest warrant on Wednesday, October 30, 2024,” an official with the Canada Department of Justice wrote in an email Tuesday. “He appeared in court later that afternoon, and his case was adjourned to Tuesday, November 5, 2024. As extradition requests are considered confidential state-to-state communications, we cannot comment further on this case.”

Word of the arrest first came from Bloomberg News and was later confirmed by 404 Media.

Read full article

Comments

Researchers have found new versions of a sophisticated Android financial-fraud Trojan that’s notable for its ability to intercept calls a victim tries to place to customer-support personnel of their banks.

FakeCall first came to public attention in 2022, when researchers from security firm Kaspersky reported that the malicious app wasn’t your average banking Trojan. Besides containing the usual capabilities for stealing account credentials, FakeCall could reroute voice calls to numbers controlled by the attackers.

A strategic evolution

The malware, available on websites masquerading as Google Play, could also simulate incoming calls from bank employees. The intention of the novel feature was to provide reassurances to victims that nothing was amiss and to more effectively trick them into divulging account credentials by having the social-engineering come from a live human.

Read full article

Comments

There’s little doubt that some of the most important pillars of modern cryptography will tumble spectacularly once quantum computing, now in its infancy, matures sufficiently. Some experts say that could be in the next couple decades. Others say it could take longer. No one knows.

The uncertainty leaves a giant vacuum that can be filled with alarmist pronouncements that the world is close to seeing the downfall of cryptography as we know it. The false pronouncements can take on a life of their own as they’re repeated by marketers looking to peddle post-quantum cryptography snake oil and journalists tricked into thinking the findings are real. And a new episode of exaggerated research has been playing out for the past few weeks.

All aboard the PQC hype train

The last time the PQC—short for post-quantum cryptography—hype train gained this much traction was in early 2023, when scientists presented findings that claimed, at long last, to put the quantum-enabled cracking of the widely used RSA encryption scheme within reach. The claims were repeated over and over, just as claims about research released in September have for the past three weeks.

Read full article

Comments

Google researchers said they uncovered a Kremlin-backed operation targeting recruits for the Ukrainian military with information-stealing malware for Windows and Android devices.

The malware, spread primarily through posts on Telegram, came from a persona on that platform known as "Civil Defense." Posts on the ​​@civildefense_com_ua telegram channel and the accompanying civildefense[.]com.ua website claimed to provide potential conscripts with free software for finding user-sourced locations of Ukrainian military recruiters. In fact, the software, available for both Windows and Android, installed infostealers. Google tracks the Kremlin-aligned threat group as UNC5812.

Dual espionage and influence campaign

"The ultimate aim of the campaign is to have victims navigate to the UNC5812-controlled 'Civil Defense' website, which advertises several different software programs for different operating systems," Google researchers wrote. "When installed, these programs result in the download of various commodity malware families."

Read full article

Comments

You likely have never heard of Babel Street or Location X, but chances are good that they know a lot about you and anyone else you know who keeps a phone nearby around the clock.

Reston, Virginia-located Babel Street is the little-known firm behind Location X, a service with the capability to track the locations of hundreds of millions of phone users over sustained periods of time. Ostensibly, Babel Street limits the use of the service to personnel and contractors of US government law enforcement agencies, including state entities. Despite the restriction, an individual working on behalf of a company that helps people remove their personal information from consumer data broker databases recently was able to obtain a two-week free trial by (truthfully) telling Babel Street he was considering performing contracting work for a government agency in the future.

Tracking locations at scale

KrebsOnSecurity, one of five news outlets that obtained access to the data produced during the trial, said that one capability of Location X is the ability to draw a line between two states or other locations—or a shape around a building, street block, or entire city—and see a historical record of Internet-connected devices that traversed those boundaries.

Read full article

Comments

Fortinet, a maker of network security software, has kept a critical vulnerability under wraps for more than a week amid reports that attackers are using it to execute malicious code on servers used by sensitive customer organizations.

Fortinet representatives didn’t respond to emailed questions and have yet to release any sort of public advisory detailing the vulnerability or the specific software that’s affected. The lack of transparency is consistent with previous zero-days that have been exploited against Fortinet customers. With no authoritative source for information, customers, reporters, and others have few other avenues for information other than social media posts where the attacks are being discussed.

RCE stands for remote code execution

According to one Reddit post, the vulnerability affects FortiManager, a software tool for managing all traffic and devices on an organization’s network. Specific versions vulnerable, the post said, include FortiManager versions:

Read full article

Comments