"New Windows 10 22H2 beta fixes many leaks and crashes."

Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents.  Accessed on 24 August 2024, 0328 UTC.

Contents and Source:  Email subscription via https://feedly.com.   https://feedly.com/i/collection/content/user/f401222a-bca6-4c45-9cc1-183f239e8d86/category/7737d3c9-5fe2-4b34-8708-85e57085f895

Please check the link or scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net).

Security News Bundle

63

Most popular

New Windows 10 22H2 beta fixes memory leaks and crashes

100+BleepingComputer / 10h

Microsoft has released a new Windows 10 22H2 beta (KB5041582) with memory leak and crash fixes for Insiders in the Beta and Release Preview channels. [...]

New Qilin Ransomware Attack Uses VPN Credentials, Steals Chrome Data

15 TTPs

•

62The Hacker News / 16h

•

Qilin ransomware steals Chrome credentials

The threat actors behind a recently observed Qilin ransomware attack have stolen credentials stored in Google Chrome browsers on a small set of compromised endpoints. The use of credential harvesting in connection with a ransomware infection marks an unusual twist, and one that could have cascading consequences, cybersecurity firm Sophos said in a Thursday report. The attack, detected in July

Patch Now: Second SolarWinds Critical Bug in Web Help Desk

4 TTPs

•

Dark Reading / 8h

The disclosure of CVE-2024-28987 means that, in two weeks, there have been two critical bugs and corresponding patches for SolarWinds' less-often-discussed IT help desk software.

Today

Scammers are increasingly using messaging and social media apps to attack

Scam cases surge in Singapore

•

ZDNet | Security / 2h

Meta platforms, alongside Telegram, are among the growing number of sites used as a form of contact in 45% of scams.

Qilin ransomware steals credentials stored in Google Chrome

18 TTPs

•

Security Affairs / 5h

•

Qilin ransomware steals Chrome credentials

Sophos researchers investigated a Qilin ransomware breach attack that led to the theft of credentials stored in Google Chrome browsers. Sophos researchers investigated a Qilin ransomware attack where operators stole credentials stored in Google Chrome browsers of a limited number of compromised endpoints. The experts pointed out that the credential harvesting activity is usually not associated wi

Meta deep-sixes WhatsApp accounts tied to Iranian hacking group

5 TTPs

•

CyberScoop / 5h

•

Meta disrupts Iranian hackers targeting officials

Meta security teams blocked “a small cluster” of WhatsApp accounts associated with APT42, an Iranian government-backed group accused by U.S. officials of hacking into the Trump campaign’s email accounts , the company said Friday. According to a blog post from Meta , the Iranian-linked accounts were “likely” for social engineering purposes, with the actors posing as tech support for companies like

Constantly Evolving MoonPeak RAT Linked to North Korean Spying

5 TTPs

•

Dark Reading / 6h

•

MoonPeak RAT linked to North Korea

The malware is a customized variant of the powerful open source XenoRAT information stealing malware often deployed by Kimsuky and other DPRK APTs.

Kentucky man gets 81 months in prison for cyber fraud to fake his own death

Man fakes death to evade child support

•

CyberScoop / 6h

Deadbeat parents across America are responsible for more than $113 billion in unpaid child support payments, according to the Department of Health and Human Services. Few of those offenders likely spent as much effort to get out their obligations as Kentucky resident Jesse Kipf. According to the Department of Justice and court documents, Kipf starting in January 2023 began using stolen online cre

Pluralsight Releases Courses to Help Cyber Pros Defend Against Volt Typhoon Hacker Group

2 TTPs

•

Dark Reading / 7h

[no content]

Former Verizon employee pleads guilty to conspiring to aid Chinese spy agency

CyberScoop / 7h

A former Verizon employee pleaded guilty Friday to conspiring to serve as an agent of the People’s Republic of China, namely by using his job to send information about Chinese enemies to a spy agency there, as well as details related to cyber incidents. Ping Li faces up to five years in prison for his contacts with the Ministry of State Security. He provided information on Chinese dissidents, pro

American Radio Relay League confirms $1 million ransom payment

63BleepingComputer / 7h

The American Radio Relay League (ARRL) paid a $1 million ransom for a decryptor that helped restore systems encrypted in a May ransomware attack [...]

NIST Hands Off Post-Quantum Cryptography Work to Cyber Teams

NIST releases quantum-proof encryption standards

•

Dark Reading / 7h

The release of new NIST quantum-proof cryptography standards signals it's time for cybersecurity teams to get serious about preparing for the rise of quantum threats.

Liverpool Fans Take English Premier League Title for Ticket Scams

Football ticket scams on rise

•

Dark Reading / 8h

Ticket scams are costing football fans close to £200 a season, on average, according to a report.

From Cybercrime to Terrorism, FBI Director Says America Faces Many Elevated Threats ‘All at Once’

FBI warns of multiple elevated threats

•

SecurityWeek / 8h

Wray declined to talk about any specific investigation or threat but said investigations into cyberattacks, including against election infrastructure, candidates or campaigns, require help from the private sector. The post appeared first on SecurityWeek .

Google Keep now builds lists for you, thanks to AI - but there's a catch

Google Keep introduces AI list feature

•

ZDNet | Security / 9h

Google's note-taking app doesn't just keep lists. Now, it can help you create them - for everything from packing to cooking. I tried it out. Here's how it went.

My 5 favorite AI chatbot apps for Android - see what you can do with them

ZDNet | Security / 9h

Beyond the official ChatGPT app for Android, there are several helpful and interesting alternatives. These are the five chatbot apps I reach for most often. Try one, or try them all.

Microsoft shares temp fix for Linux boot issues on dual-boot systems

Microsoft update disrupts dual-boot Linux

•

79BleepingComputer / 9h

Microsoft shared a workaround for Linux boot issues triggered by August security updates on dual-boot systems with Secure Boot enabled [...]

Phishing attacks target mobile users via progressive web applications (PWA)

New phishing attack targets mobile users

•

Security Affairs / 9h

Cybercriminals use progressive web applications (PWA) to impersonate banking apps and steal credentials from mobile users. ESET researchers detailed a phishing campaign against mobile users that uses Progressive Web Applications (PWAs). The threat actors used fake apps almost indistinguishable from real banking apps on both iOS and Android. The technique was first disclosed in Poland in July 2023

I've tested hundreds of laptops. The Asus Zenbook S 16 has one of the most unique designs I've seen

ZDNet | Security / 9h

Asus' new Zenbook S 16 is a striking laptop constructed from a unique material, but its brilliant OLED display steals the show.

Feds arrest Latvian man accused of extorting Karakurt victims

CyberScoop / 9h

Federal prosecutors this week charged a Latvian national who was living in Russia for his alleged role in extorting companies targeted by the Karakurt ransomware operation. Deniss Zolotarjovs, 33, was arrested in the country of Georgia in December and extradited to the U.S. in August, the U.S. Attorney’s Office in the Southern District of Ohio said in a statement Tuesday . Zolotarjovs is facing c

Microsoft says its killing Windows Control Panel - here's why I'm not holding my breath

Microsoft to phase out Control Panel

•

21ZDNet | Security / 10h

Finally, the 40-year-old tool will be deprecated in favor of the Settings app? Raise your hand if you still use Control Panel.

Member of cybercrime group Karakurt charged in the US

13 TTPs

•

Security Affairs / 10h

•

Russian Karakurt member charged in US

The Russian national Deniss Zolotarjovs has been charged in a U.S. court for his role in the Karakurt cybercrime gang. Deniss Zolotarjovs (33), a Russian cybercriminal, has been charged in a U.S. court for his role in the Russian Karakurt cybercrime gang. The man has been charged with money laundering, wire fraud, and extortion. The man was arrested in Georgia in December 2023 and recently extrad

ChatGPT is (obviously) the most popular AI app - but the runners up may surprise you

Top AI apps gaining consumer traction

•

ZDNet | Security / 10h

ChatGPT still leads the way in generative AI apps, but the runners-up give some interesting insight into which tools are most popular - and how people are using them.

Hackers now use AppDomain Injection to drop CobaltStrike beacons

45BleepingComputer / 10h

A wave of attacks that started in July 2024 rely on a less common technique called AppDomain Manager Injection, which can weaponize any Microsoft .NET application on Windows. [...]

New PEAKLIGHT Dropper Deployed in Attacks Targeting Windows with Malicious Movie Downloads

12 TTPs

•

43The Hacker News / 11h

•

PEAKLIGHT malware uses pirated movies

Cybersecurity researchers have uncovered a never-before-seen dropper that serves as a conduit to launch next-stage malware with the ultimate goal of infecting Windows systems with information stealers and loaders. "This memory-only dropper decrypts and executes a PowerShell-based downloader," Google-owned Mandiant said. "This PowerShell-based downloader is being tracked as PEAKLIGHT." Some of

How Immigration Can Solve America’s Cybersecurity Shortage

IT Security Guru / 11h

The U.S. is facing a critical shortage of cybersecurity professionals, a challenge that is not only growing but also poses a significant threat to national security. CyberSeek, a joint initiative of NIST’s NICE program, CompTIA, and Lightcast, reports in its dashboard over 469,930 job openings in cybersecurity. (CyberSeek, 2024) Despite the escalating cyber threats, the talent pool to combat thes

US oil giant Halliburton confirms cyberattack behind systems shutdown

Halliburton suffers cyberattack disruption

•

48BleepingComputer / 11h

​Halliburton, one of the world's largest providers of services to the energy industry, has confirmed a cyberattack that forced it to shut down some of its systems earlier this week. [...]

Want a programming job? Make sure you learn these three languages

ZDNet | Security / 12h

The 2024 IEEE Spectrum Top Programming Languages report is out. We've seen some movement at the top of the jobs list that you should know about. A few fell off the list, too.

Halliburton confirms cyber incident in SEC filing

Halliburton suffers cyberattack disruption

•

CyberScoop / 12h

U.S. energy services titan Halliburton proactively took certain systems offline “to help protect them” after a cyberattack this week, the company said Friday in a filing with federal regulators. The company learned Wednesday that “an unauthorized third party gained access to certain parts of its systems” and that it was working with external advisers to assess and remediate the situation, the com

Google Patches Ninth Chrome Zero Day Of 2024

CVE-2024-7964 & 16 others

•

Packet Storm Security / 12h

[no content]

Defenders Get A MoonPeak At North Korea's Malware Backbone

Command and Control (Enterprise TA0011)

•

Packet Storm Security / 12h

•

MoonPeak RAT linked to North Korea

[no content]

SolarWinds Leaks Credentials In Hotfix

SolarWinds vulnerability exploited in attacks

•

Packet Storm Security / 12h

[no content]

How To Manipulate The Execution Flow Of TOCTOU Attacks

Packet Storm Security / 12h

[no content]

US sues Georgia Tech over alleged cybersecurity failings as a Pentagon contractor

Georgia Tech sued for cybersecurity failures

•

The Register – Security / 12h

Rap sheet spells out major no-nos after disgruntled staff blow whistle The US is suing one of its leading research universities over a litany of alleged failures to meet cybersecurity standards set by the Department of Defense (DoD) for contract awardees.…

5 free AI tools for school that students, teachers, and parents can use, too

ZDNet | Security / 13h

These AI tools can summarize PDFs, tutor you, help with essay writing and math problems, and much more.

C-Suite Involvement in Cybersecurity Is Little More Than Lip Service

Dark Reading / 13h

Collaboration with security teams, making cybersecurity a core principle of business strategy, and investing in defenses better position organizations to thwart threats and ensure business continuity.

Russian laundering millions for Lazarus hackers arrested in Argentina

30BleepingComputer / 13h

The federal police in Argentina (PFA) have arrested a 29-year-old Russian national in Buenos Aires, who is facing money laundering charges related to cryptocurrency proceeds of the notorious North Korean hackers' Lazarus Group.' [...]

Greasy Opal's CAPTCHA solver still serving cybercrime after 16 years

Defense Evasion (Enterprise TA0005)

•

32BleepingComputer / 13h

A developer that researchers now track as Greasy Opal, operating as a seemingly legitimate business, has been fueling the cybercrime-as-a-service industry with a tool that bypasses account security solutions and allows bot-led CAPTCHA solving at scale. [...]

In Other News: FAA Improving Cyber Rules, Android Malware Enables ATM Withdrawals, Data Theft via Slack AI

SecurityWeek / 13h

Noteworthy stories that might have slipped under the radar: FAA improving cyber rules for airplanes, NGate Android malware used to steal cash from ATMs, abusing Slack AI to steal data. The post appeared first on SecurityWeek .

How I used ChatGPT to scan 170k lines of code in seconds and save me hours of detective work

ZDNet | Security / 13h

Writing this article about the problem I solved took me a few hours. The actual AI analysis process, from start to finish, took me less than 10 minutes. That's some serious productivity right there.

Linus Torvalds talks AI, Rust adoption, and why the Linux kernel is 'the only thing that matters'

33ZDNet | Security / 14h

In a wide-ranging conversation with Verizon open-source officer Dirk Hohndel, 'plodding engineer' Linus Torvalds discussed where Linux is today and where it may go tomorrow.

Webinar: Experience the Power of a Must-Have All-in-One Cybersecurity Platform

43The Hacker News / 15h

Let's be honest. The world of cybersecurity feels like a constant war zone. You're bombarded by threats, scrambling to keep up with patches, and drowning in an endless flood of alerts. It's exhausting, isn’t it? But what if there was a better way? Imagine having every essential cybersecurity tool at your fingertips, all within a single, intuitive platform, backed by expert support 24/7. This is

The best cloud hosting services for 2024: Expert tested

ZDNet | Security / 15h

We tested the best cloud hosting services available to help you choose the right option for your business.

Hacker Tried to Dodge Child Support by Breaking Into Registry to Fake His Death, Prosecutors Say

Man fakes death to evade child support

•

SecurityWeek / 15h

Kentucky man attempted to fake his death to avoid paying child support obligations by hacking into state registries and falsifying official records. The post appeared first on SecurityWeek .

US, Allies Release Guidance on Event Logging and Threat Detection

NSA releases event logging guide

•

SecurityWeek / 15h

Government agencies in the US and allied countries have released guidance on how organizations can define a baseline for event logging best practices. The post appeared first on SecurityWeek .

Degraded Performance Issue Sparks Concern Among CrowdStrike Customers

SecurityWeek / 15h

CrowdStrike has addressed a cloud service issue causing degraded performance and boot times for some of its customers. The post appeared first on SecurityWeek .

Focus on What Matters Most: Exposure Management and Your Attack Surface

28The Hacker News / 16h

Read the full article for key points from Intruder’s VP of Product, Andy Hornegold’s recent talk on exposure management. If you’d like to hear Andy’s insights first-hand, watch Intruder’s on-demand webinar. To learn more about reducing your attack surface, reach out to their team today. Attack surface management vs exposure management Attack surface management (ASM) is the ongoing

The best Lenovo laptops of 2024: Expert tested and reviewed

ZDNet | Security / 16h

Lenovo is an industry leader in laptop innovation, but the sheer number of models can be hard to navigate. Here are the best Lenovo laptops we've tested.

AI hype, in dollars and sense

Generative AI hype is waning

•

ZDNet | Security / 16h

Hype in all forms took the Innovation Index this week, along with a few security developments.