Die Cyber-#Forensikerinnen Melanie Kubli und Tabea Nordieker bei der Arbeit: Der Schweizer Tagesanzeiger hat einen detaillierten und spannenden Bericht über die Arbeit der beiden IT-Spezialistinnen bei einem #Ransomware-Vorfall veröffentlicht - und wie sie mit #Cybercrime-Gruppierungen wie zB #Akira erfolgreich verhandeln - lesenswert und vielen Dank für das Engagement in der #Cybersicherheit!

https://www.tagesanzeiger.ch/digitale-forensikerinnen-sie-verhandeln-mit-hackern-444497033587 #cybersecurity

Malicious actors have taken notice of news about the US Social Security System. We've seen multiple spam campaigns that attempt to phish users or lure them to download malware.

Emails with subjects like "Social Security Administrator.", "Social Security Statement", and "ensure the accuracy of your earnings record" contain malicious links and attachments.

One example contained a disguised URL that redirected to user2ilogon[.]es in order to download the trojan file named SsaViewer1.7.exe.

Actors using social security lures are connected to malicious campaigns targeting major brands through their DNS records.

Block these:

user2ilogon[.]es
viewer-ssa-gov[.]es
wellsffrago[.]com
nf-prime[.]com
deilvery-us[.]com
wllesfrarqo-home[.]com
nahud[.]com.

#dns #lookalikes #lookalikeDomain #threatintel #cybercrime #threatintelligence #cybersecurity #infoblox #infobloxthreatintel #infosec #pdns #malware #scam #ssa

Last week, while reviewing detected lookalike domains, one in particular stood out: cdsi--simi[.]com. A quick search pointed him to a legitimate U.S. military contractor, CDSI, which specializes in electronic warfare and telemetry systems. It's legitimate domain cdsi-simi[.]com features a single hyphen, whereas the lookalike domain uses two hyphens.

Passive DNS revealed a goldmine: a cloud system in Las Vegas hosting Russian domains and other impersonations of major companies.

Here are a few samples of the domains:

- reag-br[.]com Lookalike for Reag Capital Holdings, Brazil.
- creo--ia[.]com Lookalike for an industrial fabrication firm in WA State.
- admiralsmetal[.]com Lookalike for US based metals provider.
- ustructuressinc[.]com Lookalike Colorado based Heavy Civil Contractor.
- elisontechnologies[.]com Typosquat for Ellison Technologies machine fabrication.

#dns #lookalikes #lookalikeDomain #threatintel #cybercrime #threatintelligence #cybersecurity #infoblox #infobloxthreatintel #infosec #pdns #phishing #malware #scam #dod

China-linked FamousSparrow APT group resurfaces with enhanced capabilities https://www.helpnetsecurity.com/2025/03/26/famoussparrow-cyberespionage-attacks-united-states/ #cybersecurity #cybercrime #Don'tmiss #research #China #News #ESET #APT #USA

Exclusive: #DOGE staffer, '#BigBalls', provided tech support to #cybercrime ring, records show

The best-known member of Elon #Musk's U.S. DOGE Service team of technologists once provided support to a cybercrime gang that bragged about trafficking in stolen data & #cyberstalking an #FBI agent, according to digital records reviewed by Reuters.

#USpol #InfoSec #NationalSecurity #Trump
https://www.reuters.com/world/us/doge-staffer-big-balls-provided-tech-support-cybercrime-ring-records-show-2025-03-26/

My day started with welcoming agmKHzyPT1wK_sLBlBs0KzXZt_18274@skapet.bsdly.net to the imaginary friends population at https://nxdomain.no/~peter/traplist.shtml, this one generated by whatever runs the service check@taknc.com, hosted in AS134963 (Alibaba) address space.

How is your day going?

Buchkritik: Dark Wire von Joseph Cox

Das FBI hat ein Start-up geführt, um die Unterwelt zu verwanzen. Dark Wire ist die Geschichte einer der größten verdeckten Ermittlungen der vergangenen Jahre.

https://www.heise.de/tests/Buchkritik-Dark-Wire-von-Joseph-Cox-10304658.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon

Pacific Rim was the largest, most complex #cybercrime investigation of my career. I'm very proud of the work - and of the outcomes from that work: Indictments of the perpetrators; A call-to-action to an entire industry; Collaboration among competitors to counter a common foe.

#Lawfare published a blog today analyzing the consequences and repercussions of what we did to counter a nation-state threat actor. It's a good read!

https://www.lawfaremedia.org/article/the--pacific-rim--campaign--corporate-norm-entrepreneurship-and-active-cyber-defense

More than 400 Social Security numbers, other private information revealed in #JFK files. The data belongs to ex-congressional staffers and others connected to decades-old investigations. “It’s absolutely outrageous. It’s sloppy, unprofessional,” said one man whose information was included. Tell me again they will not use the #SocialSecurity Database #maga stole however the want. #cybersecurity #cybercrime #FOIA #privacy #doxing https://www.msn.com/en-us/politics/government/more-than-400-social-security-numbers-other-private-information-revealed-in-jfk-files/ar-AA1BgW14

How #hackers capture your #solarpanels and cause #grid havoc. The global push towards smart #energy production adds new vulnerabilities to national power #grids. DW spoke to hackers who've exposed security gaps in rooftop installations and solar power plants around the world. https://www.dw.com/en/how-hackers-capture-your-solar-panels-and-cause-grid-havoc/a-71593448 #climatecrisis #solar #energy #cybersecurity #cybercrime

Last week, we discussed the riskiest TLDs of March. Our reputation algorithm is generic, meaning it can be applied to virtually *any* type of data (read more here: https://blogs.infoblox.com/threat-intelligence/reliable-reputation-scoring/). This time, we'll take a look at the riskiest mail servers we've identified this month. Top of the list? all-harmless[.]domains -- the irony isn't lost on anyone.

These mail servers attract phishing actors like honey does flies -- serving such lovely domains as bbva-web-soporte[.]com and kutxabank-movil-app[.]com. Additionally, we've identified one FunNull / Polyfill domain (69558[.]vip) using both baidu[.]com and shifen[.]com mail servers.

Notre Dame uni students say cyber attack playing havoc with studies
By Emma Wynne and Phoebe Pin

A cyber attack on Perth's Notre Dame University IT systems nine weeks ago is still playing havoc on campus with students reporting uncertainty with graduations, finding classes, and submitting assignments.

https://www.abc.net.au/news/2025-03-20/notre-dame-uni-students-says-cyber-attack-playing-havoc/105075278

#cybercrime #deepfakes #ArtificialIntelligence

https://www.zdnet.com/article/how-ai-agents-help-hackers-steal-your-confidential-data-and-what-to-do-about-it/

#cybercrime #ArtificialIntelligence #TechLaw

https://www.europol.europa.eu/media-press/newsroom/news/dna-of-organised-crime-changing-and-so-threat-to-europe

Threat actors often have their favorite TLDs. This month we've found the following TLDs to have the highest risk. The top 5 retain their spot from last month, with the TLD .bond topping the chart with a risk score of 10. This is rare and only happens when the percentage of risky domains is at least 4.5 standard deviations above the mean. Congratulations, I guess?

An explanation and minimum-working-example of our reputation algorithm can be found here: https://blogs.infoblox.com/threat-intelligence/reliable-reputation-scoring/

 𝑪𝑨𝑳𝑳 𝑭𝑶𝑹 𝑺𝑷𝑶𝑵𝑺𝑶𝑹: Ultima settimane per Aderire!

Venerdì si conclude il program sponsor, sponsorizza la IV edizione della Red Hot Cyber Conference 2025

https://www.redhotcyber.com/red-hot-cyber-conference/rhc-conference-2025/

Informazioni sponsor@redhotcyber.com

@psuPete Recommends – Weekly highlights on cyber security issues, 3/8/25 https://www.bespacific.com/pete-recommends-weekly-highlights-on-cyber-security-issues-march-8-2025/
Four highlights from this week: 89% of enterprise #AI usage is invisible to the organization; The Digital Packrat Manifesto; #Cellebrite Is Using AI to Summarize #Chat Logs and #Audio from Seized #MobilePhones; and #Flock Threatens #OpenSource Developer #Mapping Its #Surveillance Cameras. #privacy #cybercrime