cRyPtHoN™ INFOSEC (EN)

European raids shut down call centers used to ‘shock and cheat’ victims Law enforcement agencies from Germany, Albania, Bosnia-Herzegovina, Kosovo and Lebanon shut down 12 locations responsible for thousands of daily scam calls, authorities reported this week. During searches of the suspects’ residential and business premises earlier in mid-April, police arrested 21 individuals and seized their data carriers, documents, cash and assets totaling €1 million ($1.08 million), according to a statement by Europol. A criminal network was responsible for defrauding thousands of victims through fake police calls, investment fraud or romance scams, Europol said. Scam callers posed as victims’ close relatives, bank employees, customer service agents or police officers. https://therecord.media/germany-europol-scam-call-centers-shut-down 📡@cRyPtHoN_INFOSEC_IT 📡@cRyPtHoN_INFOSEC_FR 📡@cRyPtHoN_INFOSEC_EN 📡@cRyPtHoN_INFOSEC_DE 📡@BlackBox_Archiv

NATO and EU condemn Russia's cyberattacks against Germany, Czechia ​NATO and the European Union, with international partners, formally condemned a long-term cyber espionage campaign against European countries conducted by the Russian threat group APT28. Germany said on Friday that the Russian threat group was behind an attack against the Executive Committee of the Social Democratic Party, compromising many email accounts. The threat actors used the CVE-2023-23397 Microsoft Outlook vulnerability in zero-day attacks that started in April 2022 to target European government, military, energy, and transportation organizations in countries that are NATO members, Ukrainian government agencies, as well as NATO fast reaction corps. https://www.bleepingcomputer.com/news/security/nato-and-eu-condemn-russias-cyberattacks-against-germany-czechia/ 📡@cRyPtHoN_INFOSEC_IT 📡@cRyPtHoN_INFOSEC_FR 📡@cRyPtHoN_INFOSEC_EN 📡@cRyPtHoN_INFOSEC_DE 📡@BlackBox_Archiv

Indonesia is a Spyware Haven, Amnesty International Finds Indonesia has become a hub for spyware and surveillance tools that threaten citizens’ rights and privacy, Amnesty International has found. Building on existing research into the sale of surveillance technologies to Indonesia, the NGO has conducted a months-long investigation in collaboration with several media outlets in Switzerland, Greece, Israel and Indonesia. https://www.infosecurity-magazine.com/news/indonesia-spyware-haven-amnesty/ https://securitylab.amnesty.org/latest/2024/05/a-web-of-surveillance/ 📡@cRyPtHoN_INFOSEC_IT 📡@cRyPtHoN_INFOSEC_FR 📡@cRyPtHoN_INFOSEC_EN 📡@cRyPtHoN_INFOSEC_DE 📡@BlackBox_Archiv

Worried about celebrity endorsement scams? Here’s how you can protect against them. Have you ever scrolled through your social media feed and found an ad or video promoting various celebrity-endorsed products? Beware! It might be fraudsters out to get your money and information. In a recent consumer alert, the FTC warned people about celebrity endorsement scams conducted online via social media platforms. https://www.bitdefender.com/blog/hotforsecurity/celebrity-endorsement-scams/ 📡@cRyPtHoN_INFOSEC_IT 📡@cRyPtHoN_INFOSEC_FR 📡@cRyPtHoN_INFOSEC_EN 📡@cRyPtHoN_INFOSEC_DE 📡@BlackBox_Archiv

Security News This Week: A New Surveillance Tool Invades Border Towns Plus: An assassination plot, an AI security bill, a Project Nimbus revelation, and more of the week’s top security news. This week, WIRED reported that a group of prolific scammers known as the Yahoo Boys are openly operating on major platforms like Facebook, WhatsApp, TikTok, and Telegram. Evading content moderation systems, the group organizes and engages in criminal activities that range from scams to sextortion schemes. https://www.wired.com/story/border-surveillance-india-assassination-project-nimbus-security-roundup/ 📡@cRyPtHoN_INFOSEC_IT 📡@cRyPtHoN_INFOSEC_FR 📡@cRyPtHoN_INFOSEC_EN 📡@cRyPtHoN_INFOSEC_DE 📡@BlackBox_Archiv

UnitedHealth data breach should be a wake-up call for the UK and NHS Ransomware gangs are cashing in, but we keep entrusting sensitive data to irresponsible companies The ransomware attack that has engulfed U.S. health insurance giant UnitedHealth Group and its tech subsidiary Change Healthcare is a data privacy nightmare for millions of U.S. patients, with CEO Andrew Witty confirming this week that it may impact as much as one-third of the country. https://techcrunch.com/2024/05/03/unitedhealth-data-privacy-drama-should-be-a-wakeup-call-for-the-uk-and-nhs/ 📡@cRyPtHoN_INFOSEC_IT 📡@cRyPtHoN_INFOSEC_FR 📡@cRyPtHoN_INFOSEC_EN 📡@cRyPtHoN_INFOSEC_DE 📡@BlackBox_Archiv

North Korean Hackers Spoofing Journalist Emails to Spy on Policy Experts North Korean threat actors are exploiting weak email policies to spoof legitimate domains during espionage phishing campaigns, a new US government advisory has warned. The FBI, the US Department of State and the National Security Agency (NSA) said North Korea-linked Kimsuky group is exploiting poorly configured DNS Domain-based Message Authentication, Reporting and Conformance (DMARC) protocols to pose as legitimate journalists, academics or other experts in East Asian affairs with credible links to North Korean policy circles. https://www.infosecurity-magazine.com/news/north-korean-spoofing-journalist/ 📡@cRyPtHoN_INFOSEC_IT 📡@cRyPtHoN_INFOSEC_FR 📡@cRyPtHoN_INFOSEC_EN 📡@cRyPtHoN_INFOSEC_DE 📡@BlackBox_Archiv

DNS traffic can leak outside the VPN tunnel on Android We were recently made aware of multiple potential DNS leaks on Android. They stem from bugs in Android itself, and only affect certain apps. On Monday 22 of April we became aware of a user report on Reddit of a DNS leak. The report detailed how the user managed to leak DNS queries when disabling and enabling VPN while having “Block connections without VPN” on. We immediately started an internal investigation that could confirm the issue. The investigation also led to more findings of scenarios that can cause DNS leaks on Android. https://mullvad.net/en/blog/dns-traffic-can-leak-outside-the-vpn-tunnel-on-android 📡@cRyPtHoN_INFOSEC_IT 📡@cRyPtHoN_INFOSEC_FR 📡@cRyPtHoN_INFOSEC_EN 📡@cRyPtHoN_INFOSEC_DE 📡@BlackBox_Archiv

Mozilla blames recaptcha issue in Firefox on Google Mozilla confirmed a recaptcha issue in the organization's Firefox web browser yesterday evening. Affected Firefox users see a spinning animation when they try to solve the captcha, which means that they are unable to do so. The result is that they cannot access the website or service. A workaround is available. The issue affects all major versions of Firefox for Windows that are supported by Mozilla as well as older versions. This includes Firefox 125, the current stable version of Firefox, the development versions 126 and 127, and also Firefox ESR 115. https://www.ghacks.net/2024/05/03/mozilla-blames-recaptcha-issue-in-firefox-on-google/ 📡@cRyPtHoN_INFOSEC_IT 📡@cRyPtHoN_INFOSEC_FR 📡@cRyPtHoN_INFOSEC_EN 📡@cRyPtHoN_INFOSEC_DE 📡@BlackBox_Archiv

AMSI Write Raid 0day Vulnerability In this blog post, we’ll introduce a new 0day technique designed to bypass AMSI without the VirtualProtect API and without changing memory protection. We’ll introduce this vulnerability, discovered by OffSec Technical Trainer Victor “Vixx” Khoury, and discuss how he discovered the flaw, the process he used to exploit it and build proof of concept code to bypass AMSI in PowerShell 5.1 and PowerShell 7.4. https://www.offsec.com/offsec/amsi-write-raid-0day-vulnerability/ 📡@cRyPtHoN_INFOSEC_IT 📡@cRyPtHoN_INFOSEC_FR 📡@cRyPtHoN_INFOSEC_EN 📡@cRyPtHoN_INFOSEC_DE 📡@BlackBox_Archiv