Hydra Market leader sentenced to life
Russia continues its crackdown on cybercriminals. On Monday, authorities sentenced Hydra Market leader Stanislav Moiseyev to life in prison for running the world’s largest dark web platform for drugs and money laundering. Fifteen accomplices received sentences ranging from 8 to 23 years, along with fines totaling 16 million rubles. Hydra Market, which served 17 million customers and processed $1.35 billion in transactions, was dismantled in 2022 by German and U.S. authorities. This marks the second maj or action in less than a week, as Russian law enforcement also arrested ransomware gang leader Wazawaka on Friday for his role in several hacking groups—a rare move for a country that typically tolerates cybercriminals as long as they don’t target Russian organizations
Former Polish spy chief arrested in Pegasus spyware probe
Piotr Pogonowski, the former head of Poland’s internal security service, was arrested and brought before parliament to testify about the misuse of Pegasus spyware by the previous government. The spyware, which was used to target hundreds of opposition figures between 2017 and 2022, is under investigation by Polish authorities, with nearly 600 individuals confirmed as victims. Despite multiple summons, Pogonowski had refused to testify, prompting his arrest as part of an ongoing probe into the illegal surveillance activities.
SpyLoan malware targets millions
Over a dozen malicious Android apps, collectively downloaded over 8 million times, have been discovered to contain SpyLoan malware, targeting users in multiple countries with predatory loan schemes. These apps trick users into granting excessive permissions and providing sensitive information, which, you guessed it, leads to financial loss and extortion. Despite efforts to capture the operators, SpyLoan continues to exploit users through a modular approach, with a shared framework used to target different regions.
Millions recovered and hundreds of thousands arrested in global bust
A global law enforcement effort under Operation HAECHI V has led to over 5,500 arrests and the seizure of $400 million tied to financial crimes. Authorities from 40 countries took part in this five month operation, dismantling major schemes like a $1.1 billion voice phishing operation targeting nearly 2,000 victims. INTERPOL also issued warnings about a new cryptocurrency scam exploiting Tether (USDT) investments via phishing links.
Huge thanks to our sponsor, Vanta
With Vanta Questionnaire Automation, security & compliance teams can complete security reviews up to 5 times faster, giving you time back to focus on running your security & compliance programs.
Over 8,000 global companies like ZoomInfo, SmartRecruiters and Noibu use Vanta to save time on security reviews.
Visit vanta.com to learn more about Questionnaire Automation.
Bootkitty bootkit exploits LogoFAIL flaw
Researchers have uncovered a Linux UEFI bootkit called ‘Bootkitty’ that exploits the LogoFAIL vulnerability (CVE-2023-40238), allowing attackers to bypass Secure Boot protections. Bootkitty, while still in development, targets specific Ubuntu versions and vulnerable firmware in devices from brands like Lenovo, Acer, HP, and Fujitsu. Despite warnings about LogoFAIL over a year ago, researchers warn many devices remain unpatched and vulnerable to one or more variants of the LogoFAIL vulnerabilities.
Critical vulnerability found in Zabbix Monitoring System
Zabbix has issued a warning for a critical SQL injection vulnerability (CVE-2024-42327, CVSS 9.9) that could allow attackers with API access to execute arbitrary SQL queries, potentially compromising systems or data. The flaw, affecting Zabbix versions 6.0.0 to 6.0.31, 6.4.0 to 6.4.16, and 7.0.0, could enable privilege escalation and full control of vulnerable servers, with over 83,000 internet-exposed systems at risk. Upgraded versions do include a patch for the SQL injection vulnerability as well as additional security flaws that include authentication bypass and a DoS vulnerability.
(Security Week), (The Register)
U.S. called in for backup after Costa Rica ransomware attack
Costa Rica’s state-owned energy company, known as RECOPE, was hit by a ransomware attack last week, forcing it to shift to manual operations and call in U.S. cybersecurity experts for assistance. The attack disrupted digital payment systems, but RECOPE assured the public that fuel supplies were unaffected, despite increased sales driven by concerns over shortages. The company is still working to restore systems.
Intel CEO retires
Intel CEO Pat Gelsinger retired on Monday, December 1 and stepped down from the company’s board, with interim co-CEOs David Zinsner and Michelle Johnston Holthaus stepping in. Gelsinger’s tenure, marked by efforts to reposition Intel as a chip manufacturing leader, faced significant challenges, including revenue losses and setbacks in key initiatives like the 18A manufacturing process and failed acquisitions. Despite his ambitious strategies, Intel’s struggles continued, culminating in a $16.6 billion quarterly loss and a major restructuring plan.