KrebsOnSec – RealinfoSec.Net

U.S. Govt. Apps Bundled Russian Code With Ties to Mobile Malware Developer

29 November 2022 RiSec.Mitch

A recent scoop by Reuters revealed that mobile apps for the U.S. Army and the Centers for Disease Control and Prevention (CDC) were integrating software that sends visitor data to a Russian company called Pushwoosh, which claims to be based in the United States. But that story omitted an important historical detail about Pushwoosh: In 2013, one of its developers admitted to authoring the Pincer Trojan, malware designed to surreptitiously intercept and forward text messages from Android mobile devices.

InfoSec News KrebsOnSec

Researchers Quietly Cracked Zeppelin Ransomware Keys

23 November 2022 RiSec.Mitch

Peter is an IT manager for a technology manufacturer that got hit with a Russian ransomware strain called “Zeppelin” in May 2020. He’d been on the job less than six months, and because of the way his predecessor architected things,… Read More »

InfoSec News KrebsOnSec

Disneyland Malware Team: It’s a Puny World After All

23 November 2022 RiSec.Mitch

A financial cybercrime group calling itself the Disneyland Team has been making liberal use of visually confusing phishing domains that spoof popular bank brands using Punycode, an Internet standard that allows web browsers to render domain names with non-Latin alphabets like Cyrillic and Ukrainian.

InfoSec News KrebsOnSec

Top Zeus Botnet Suspect “Tank” Arrested in Geneva

23 November 2022 RiSec.Mitch

Vyacheslav “Tank” Penchukov, the accused 40-year-old Ukrainian leader of a prolific cybercriminal group that stole tens of millions of dollars from small to mid-sized businesses in the United States and Europe, has been arrested in Switzerland, according to multiple sources.

InfoSec News KrebsOnSec

Lawsuit Seeks Food Benefits Stolen By Skimmers

23 November 2022 RiSec.Mitch

A nonprofit organization is suing the state of Massachusetts on behalf of thousands of low-income families who were collectively robbed of more than a $1 million in food assistance benefits by card skimming devices secretly installed at cash machines and grocery store checkout lanes across the state. Federal law bars states from replacing these benefits using federal funds, and a recent rash of skimming incidents nationwide has disproportionately affected those receiving food assistance via state-issued prepaid debit cards.

InfoSec News KrebsOnSec

Patch Tuesday, November 2022 Election Edition

23 November 2022 RiSec.Mitch

Let’s face it: Having “2022 election” in the headline above is probably the only reason anyone might read this story today. Still, while most of us here in the United States are anxiously awaiting the results of how well we’ve patched our Democracy, it seems fitting that Microsoft Corp. today released gobs of security patches for its ubiquitous Windows operating systems. November’s patch batch includes fixes for a whopping six zero-day security vulnerabilities that miscreants and malware are already exploiting in the wild.