CyberSecurity news
FlagThis - #Sanctions
|
rulesbot@community.emergingthreats.net
//
Emerging Threats has released a significant ruleset update, v10950, aimed at bolstering network security and threat detection. The update includes 73 new open rules and 136 new pro rules, totaling 209 enhancements to the existing security framework. These rules are designed to address a wide spectrum of threats, ranging from general malware to web application-specific vulnerabilities and hunting activities, enabling organizations to strengthen their defenses against an evolving threat landscape. The release date for this update is June 13, 2025.
Among the key targets of this update is the Predator spyware, which remains a persistent threat despite US sanctions. The ruleset includes specific signatures to detect DNS queries associated with Predator spyware domains, such as gilfonts .com, zipzone .io, and numerous others. This highlights the ongoing efforts to identify and neutralize the infrastructure used by Intellexa, the maker of Predator, even as they attempt to evade detection through new servers and domains. This focus underscores the importance of continuous monitoring and adaptation in the face of sophisticated surveillance tools. In addition to addressing the Predator spyware, the ruleset update also tackles a critical vulnerability in Fortinet Admin APIs, specifically a Stack-based Buffer Overflow in the AuthHash Cookie, identified as CVE-2025-32756. This rule aims to protect against potential exploits targeting this weakness in Fortinet systems. Furthermore, the update incorporates rules for hunting SQL Database Version Discovery, enhancing the ability to proactively identify and address potential vulnerabilities within network environments. This comprehensive approach ensures a multi-layered defense against various attack vectors.
Share:
References :
Classification:
Cynthia B@Metacurity
//
The U.S. Treasury Department has sanctioned Funnull Technology Inc., a Philippines-based company, for providing infrastructure that facilitated "pig butchering" scams, a type of cryptocurrency investment fraud that has cost Americans over $200 million. The Treasury’s Office of Foreign Assets Control (OFAC) took action on May 29, 2025, targeting Funnull and its administrator, Liu Lizhi. The FBI has also issued an advisory warning against Funnull, highlighting its role as a major distributor of online scams. Funnull is accused of enabling cybercriminals by purchasing IP addresses in bulk from major cloud service providers and then selling them to operators of fraudulent investment platforms.
The sanctions follow an FBI investigation that linked Funnull to the majority of virtual currency investment scam websites reported to them. The agency stated that Funnull directly facilitated pig butchering and other schemes that resulted in more than $200 million in financial losses for U.S. victims, with average individual losses exceeding $150,000. These scams typically involve perpetrators posing as romantic partners or friends online to gain victims’ trust, then convincing them to invest in virtual currency on platforms that ultimately prove to be fraudulent. Scammers often demand additional "taxes" on purported crypto earnings before allowing victims to withdraw their funds, which never happens. Security firm Silent Push had previously identified Funnull as a criminal content delivery network (CDN) routing traffic through U.S.-based cloud providers before redirecting users to malicious websites. Their October 2024 research exposed a sprawling cluster of domains, dubbed "Triad Nexus," routed through Funnull's CDNs, revealing how cybercriminals leverage credible cloud providers for malicious activities through what they termed "infrastructure laundering." The FBI observed patterns of IP address activity on Funnull infrastructure between October 2023 and April 2025, including the simultaneous migration of hundreds of domains to other IP addresses, further complicating efforts to track and combat the scams.
Share:
References :
Classification:
|