Australia bans Kaspersky over security concerns
Australia has joined the growing list of countries to ban Kaspersky products from government systems. Citing national security risks and concerns over potential Russian government influence, Australian agencies must remove the software by April 1, though limited exemptions may apply for national security or law enforcement functions. In a statement to multiple outlets, Kaspersky criticized t he decision, arguing it lacked technical justification and was driven by geopolitical tensions. This move follows similar bans by the U.S., U.K., and Canada within the last year.
(Security Week) , (The Hacker News), (Bleeping Computer), (The Record)
Government screens hijacked with AI video of President Trump and Musk
The Department of Housing and Urban Development (HUD) employees arriving at headquarters on Monday were met with AI-generated footage of Donald Trump sucking Elon Musk’s toes, looping on building screens for about five minutes. Staff struggled to shut it off, ultimately resorting to unplugging the TVs, while a HUD spokesperson called it a “waste of taxpayer dollars.” It’s unclear who was behind the stunt, but it comes amid growing resistance from federal workers to Musk’s Department of Government Efficiency (DOGE).
EU sanctions North Korean official linked to Lazarus Group
The North Korean Lazarus Group is making headlines for the second day in a row as the EU sanctions Lee Chang Ho, a top North Korean intelligence official, for deploying cyber units and personnel to support Russia’s war in Ukraine. The sanctions also target Russian individuals and media outlets accused of spreading pro-Kremlin propaganda and conducting influence operations against Ukraine. This move follows previous EU actions against Russian state media and cyber groups, including hacktivists who targeted Western infrastructure. , researchers linked Lazarus to the $1.5 billion Bybit crypto heist we reported on yesterday.
OpenAI shuts down accounts linked to China, North Korea, and Iran
OpenAI is nothing but transparent in their latest threat report detailing how the company is stopping threat actors from taking advantage of the system. In a report released on Friday, the company details how Chinese threat actors abused ChatGPT to debug and promote AI-powered surveillance tools used to monitor social media for political dissent. The company also linked ChatGPT activity to a potential Chinese disinformation campaign and shut down accounts suspected of supporting North Korea’s fake IT worker scheme. This follows previous actions against Iranian hackers using the AI service to research industrial control system attacks.
Thanks to today’s episode sponsor, Conveyor
It’s not just answering questions.
It’s all of the manual back and forth that becomes a slog like communicating between teams, tracking people down to get their review, updating sources and updating systems.
Between all of this, you’re also expected to field security documentation requests from customers.
Well, Conveyor just launched an AI agent, Sue, to do all of these things and more for you.
Learn about Sue at www.conveyor.com.
Info-stealing malware surges
Hackers are ramping up the use of information stealers like Lumma and ACR Stealer, often disguising them within cracked software and leveraging services like Telegram and Google Forms to mask their command-and-control infrastructure. Meanwhile, attackers are exploiting a Microsoft Management Console (MMC) vulnerability (CVE-2024-43572) to deliver the Rhadamanthys stealer and using chat support platforms like Zendesk to distribute Zhong Stealer. Researchers warn that stolen corporate credentials, often sold for as little as $10 per device, provide attackers with an easy foothold into sensitive environments, fueling further exploitation.
Password-spraying botnet targets Microsoft 365
A botnet of over 130,000 compromised devices is conducting large-scale password-spraying attacks against Microsoft 365 accounts, exploiting outdated Basic Authentication to bypass MFA protections. SecurityScorecard warns that these non-interactive sign-ins, often overlooked in monitoring, allow attackers to quietly verify credentials stolen by infostealer malware. While it has not been confirmed who is behind the attack, the botnet appears linked to Chinese-affiliated actors and operates through U.S. and Hong Kong-based infrastructure.
The inner workings of the Black Basta ransomware gang
Leaked chat logs from the Black Basta ransomware group, which were exposed this month, offer valuable insights into the group’s internal operations, tactics, and tools. The messages reveal internal conflicts, including the departure of key members to other groups, such as the Cactus gang, and highlight their use of VPN exploits, social engineering, and weak credentials to infiltrate targets. Black Basta has been linked to over $107 million in ransom payments and has impacted at least 500 organizations across critical sectors like healthcare, manufacturing, and finance. The leaked information is being used to prioritize detection and hunting efforts while also revealing how a ransomware group’s organizational hierarchy functions and the roles its members serve.
(CyberScoop), (Security Affairs)
Google welcomes QR codes, says goodbye to SMS
Google is planning to phase out SMS codes for Gmail authentication, replacing them with QR codes to mitigate security risks such as phishing and SIM-swapping attacks. The reason behind the phase-out? A Google spokesperson says SMS codes are often at the heart of many criminal operations, including one called traffic pumping, which Google has seen surge over the last few years. The transition to QR codes won’t happen all at once, with Google stating they will reimagine how they verify phone numbers over the next few months.