Security Ticks @SecTicks

👮🚨#FBI Busts #Rydox Marketplace with 7,600 PII Sales, #Cryptocurrency Worth $225K Seized securityticks.com/fbi-busts-rydo… Rydox marketplace, notorious for selling stolen data and cybercrime tools, has been shut down by the FBI. Over 7,600 sales of PII, generating $230,000 since 2016, led to the arrest of three Kosovo nationals. Ardit Kutleshi, Jetmir Kutleshi, and Shpend Sokoli face charges including identity theft and money laundering. The FBI seized $225K in cryptocurrency and servers in Malaysia. In related news, a Nigerian national was extradited for a BEC scheme, and Spain disrupted a vishing ring defrauding bank customers. Russia's FSB also detained a group linked to a massive fraud operation. #Cybercrime #FBI #JusticeDepartment #RydoxShutdown #CyberSecurity #News via The Hacker News

🚨 Critical Flaw Alert in Hunk Companion Plugin for #WordPress! 🚨 securityticks.com/wordpress-hunk… A vulnerability (CVE-2024-11972) allows attackers to install & activate other vulnerable plugins without authentication, leading to potential RCE, SQL Injection, and more. Over 10,000 sites are at risk! Update to version 1.9.0 immediately to patch this security hole. The exploit involves installing the now-closed WP Query Console, which has its own unpatched RCE vulnerability (CVE-2024-50498). #WordPressSecurity #HunkCompanion #PluginVulnerability #ThreatIntel #News via The Hacker News

🚨REPORT: #Microsoft MFA AuthQuake Flaw Enabled Unlimited Brute-Force Attempts Without Alerts securityticks.com/microsoft-mfa-… Researchers uncovered a critical vulnerability in Microsoft's MFA, dubbed "AuthQuake," allowing attackers to bypass security in just an hour without any user alerts. The flaw let attackers guess a 6-digit code with a 50% success rate after 70 minutes due to lax rate limits and extended code validity. Microsoft fixed this by introducing stricter rate limits, effective for half a day post multiple failed attempts. Key Takeaways: - Up to 10 failed attempts were initially allowed per session. - No alerts for repeated failed logins, leaving users in the dark. - Microsoft responded with fixes, emphasizing the need for proper MFA configuration. Stay vigilant and ensure your MFA settings are robust! #Cybersecurity #MicrosoftMFA #AuthQuake #ThreatIntel #News via The Hacker News

⚡ UPDATE Indicatori de compromitere (IOCs) pentru incidentul de securitate cibernetică de la Grupul Electrica: dnsc.ro/citeste/alerta…

ℹ️Open source maintainers are drowning in junk bug reports written by #AI securityticks.com/ai_slop_bug_re… AI-generated bug reports are flooding open source projects with low-quality, spammy submissions, overwhelming maintainers like Seth Larson (Python Software Foundation) and Daniel Stenberg (curl). These reports, often hallucinated by LLMs, require time to debunk and can burn out volunteers. Platforms are urged to implement anti-automation measures, while reporters should involve humans in the process to ensure report quality. #OpenSource #Security #AI #News via The Register

✅The issue causing the #Microsoft365 Outage is now reportedly fixed. ✅ #Microsoft365Outage

Microsoft 365 Status @MSFT365Status

2 years ago

We’ve confirmed after a period of monitoring that the issue is now resolved. For more information, please refer to OO953223 in the admin center.

1 10 74 42K 1

🚨 If you are unable to access your #Microsoft365 apps, the situation is known and being investigated 🚨

Microsoft 365 Status @MSFT365Status

2 years ago

We’re investigating an issue where some users may be unable to access Microsoft 365 apps for the web. We're reviewing service monitoring telemetry to isolate the root cause and develop a remediation plan. For more information, please refer to OO953223 in the admin center.

33 108 269 125K 30

🚨REPORT: From Vulnerabilities to Breaches - The Shiny Nemesis Cyber Operation securityticks.com/shiny-nemesis-… Researchers @noamrotem and @ranlocar uncovered a massive cyber operation by groups "Nemesis" and "ShinyHunters", exploiting vulnerabilities in public sites to steal sensitive data, as reported for @vpnmentor 🔍 Details: - Scanned millions of sites, targeting misconfigured servers. - Exposed customer data, infrastructure credentials, and source code. - Used sophisticated tools for discovery and exploitation. - Data stored in an unsecured AWS S3 bucket. 🔐 Mitigation: - AWS notified to alert customers. - Emphasis on customer-side configuration errors. 🛡️Protect Yourself: - Avoid hard-coded credentials. - Use AWS Secrets Manager. - Regularly scan and update security measures. #CyberSecurity #DataBreach #Nemesis #ShinyHunters

⚖️🧑‍⚖️UPDATE: #Microsoft learned about new antitrust investigation from the news securityticks.com/microsoft_ftc_… Microsoft found itself under fresh antitrust scrutiny from the FTC, but learned about the probe through news leaks rather than official notice, leading to accusations of confidentiality breaches by the FTC. The investigation reportedly focuses on Microsoft's practices in cloud, AI, and cybersecurity, amid complaints about pricing advantages for Azure, security vulnerabilities, and potentially monopolistic AI partnerships. Microsoft's legal team has demanded an investigation into these leaks, targeting FTC Chair Lina Khan, whose tenure might end with the incoming Trump administration. This could alter the course of current FTC actions, although Microsoft might still face tough times if Trump's appointees maintain a hard stance against Big Tech. #Antitrust #TechLawasuits #IT #Industry #News via The Register

⚖️🧑‍⚖️REPORT: £1B lawsuit targets #Microsoft for allegedly overcharging #Windows customers on other clouds securityticks.com/lawsuit_micros… Microsoft is under fire in the UK for allegedly overcharging for Windows Server on rival clouds, facing a £1 billion lawsuit. Meanwhile, in Europe, 27 cloud providers settled a complaint against Microsoft over licensing, but #AWS and others were left out. #Google Cloud has also filed a complaint with the EU, highlighting how Microsoft's tactics lock customers into Azure, potentially costing European businesses €1 billion yearly. #CloudComputing #Antitrust #TechLawsuits #News via The Register

🚨 REPORT: The UK's National Crime Agency (#NCA) led an international operation, "Operation Destabilise," disrupting #Russian money laundering networks linked to global crime. securityticks.com/nca-busts-russ… BREAKDOWN: - Arrests & Seizures: 84 arrests made, over £20M ($25.4M) in cash and crypto seized. - Networks Involved: Smart and TGR, based in Moscow's Federation Tower, facilitated laundering for drug cartels, cybercriminals, and Russian elites evading sanctions. - U.S. Actions: OFAC sanctioned 5 individuals and 4 entities tied to TGR, highlighting their role in using stablecoins to bypass sanctions. - Espionage & Crime: Smart network used for Russian spy funding; networks linked to the Kinahan crime syndicate and ransomware operations. - Operational Impact: The UK was a key hub, witnessing direct handovers of cash for crypto, aiding crime reinvestment. - Leadership: Ekaterina Zhdanova (Smart) and George Rossi (TGR) were central figures, with Zhdanova sanctioned for laundering ransomware payments. This operation significantly impacted the networks, showing the interconnected nature of international crime and the use of digital currencies in illicit finance. #OperationDestabilise #CrimeDisruption #MoneyLaundering #Cryptocurrency #News via The Hacker News

🚨📡REPORT: Joint Advisory Warns of PRC-Backed Cyber Espionage Targeting Telecom Networks securityticks.com/joint-advisory… A coalition of countries including the U.S., Australia, Canada, and New Zealand warned of a sophisticated cyber espionage campaign by #China-linked hackers, known as Salt Typhoon, targeting telecom providers. The hackers have infiltrated U.S. networks for over six months, using known vulnerabilities. T-Mobile detected and thwarted an attempt linked to this campaign, with no customer data compromised, but the threat persists. Cybersecurity agencies recommend stringent network security measures to combat these intrusions. #CyberSecurity #TelecomHacks #ThreatIntel #News via The Hacker News

🚨REPORT: #Cisco Warns of Exploitation of Decade-Old ASA WebVPN Vulnerability securityticks.com/cisco-warns-of… Cisco warns of active exploitation of a 10-year-old flaw (CVE-2014-2120, CVSS score: 4.3) in its ASA devices. Hackers use it for XSS attacks on ASA’s WebVPN login page. The vulnerability is now linked to the AndroxGh0st malware and Mozi botnet. CISA has added it to its KEV list, urging updates by Dec 3, 2024. #CyberSecurity #CiscoASA #ThreatIntel #News via The Hacker News

REPORT: Data breach costs: Geico and Travelers fined a combined $11.3M by New York State securityticks.com/101215-costs-o… 🚨 New York Fines Geico & Travelers $11.3M Over Data Breaches 🚨 @GEICO : Fined $9.75M for exposing 116,000 New Yorkers' data. @Travelers : Fined $1.55M, affecting 4,000 residents. 🛡️ Both companies had inadequate cybersecurity, leading to theft of personal info used for fraudulent unemployment claims during the pandemic. 💼 They've agreed to bolster security measures: - Implement comprehensive security programs - Conduct risk assessments & penetration tests - Enhance threat detection & access controls 🔐Experts stress the need for stronger cybersecurity investments to prevent future breaches. #CyberSecurity #DataPrivacy #InsuranceIndustry #News via Security Magazine

🚨REPORT: Bitdefender Team Discovers Threats To Microsoft Teams And Quick Assist securityticks.com/bitdefender-te… According to @safetydet, @Bitdefender`s MDR team uncovered three new social engineering threats targeting Microsoft Teams and Quick Assist: - Scammers Pose as IT Staff: Hackers impersonate tech support, convincing users to grant remote access. - Spam Overload: Victims are flooded with spam to make the scam seem more legitimate, followed by guidance to click malicious links disguised as official downloads. - Backdoor Creation: Malware like Trojan.Agent.GMUC and Java.Trojan.Agent.SH are used to establish system access for future attacks, similar to tactics used by groups like Black Basta. 🛡️ Stay Safe: - Remember, real support teams don't initiate contact. - Use Multi-Factor Authentication (MFA). - Verify identities before granting access or clicking links. #Cybersecurity #MicrosoftTeams #QuickAssist #Bitdefender #MDR #ThreatIntel

🥷REPORT: Wanted Russian Cybercriminal Linked to #Hive and #LockBit Ransomware Has Been Arrested in #Russia securityticks.com/wanted-russian… Russian cybercriminal Mikhail Matveev, known for ties to LockBit and Hive ransomware, has been arrested in Russia. Charged with creating ransomware under Article 273 of Russia's Criminal Code, Matveev was previously indicted in the U.S. for attacks on thousands of victims worldwide. He's known online as Wazawaka and others, and had a $10M bounty for his capture. #Cybercrime #Ransomware #CyberSecurity #News via The Hacker News

ℹ️🌐REPORT: Submarine cable resilience board announced on same day maybe-cut-by-China Baltic cable repaired securityticks.com/cable_advisory… The ITU and ICPC launched a 40-member advisory board on Nov 29 to boost submarine cable resilience, coinciding with the repair of a cable possibly cut by a Chinese ship. The board aims to promote best practices for cable maintenance and protection. Despite the timing, the focus remains on accidental damage, not sabotage, though the incident has underscored the need for enhanced security and international cooperation. #SubmarineCables #ITU #ICPC #Internet #News via The Register

ℹ️REPORT: Claims of ‘open’ AIs are often open lies, research argues securityticks.com/open_ai_resear… New research suggests claims about AI openness might be misleading. Rather than promoting competition, it could be consolidating power in big tech's hands. The study critiques how open AI is often just 'openwashing' and calls for antitrust and privacy measures to truly democratize AI. #AI #TechPolicy #News via The Register

🩹REPORT: @OperaBrowsers Fixes Big Security Hole That Could Have Exposed Your Information securityticks.com/opera-browser-… The flaw in the Opera web browser could have enabled a malicious extension to gain unauthorized, full access to private APIs via The Hacker News #CyberSecurity

🥷🌐REPORT: #Ransomware hits web hosting servers via vulnerable #CyberPanel instances securityticks.com/vulnerable-cyb… 22k vulnerable instances of CyberPanel (open-source control panel for managing web hosting server) were hit and files encrypted #CyberSecurity #News via Help Net Security