CyberSecurity news
FlagThis - #businesses
|
@www.justice.gov
//
U.S. and Dutch law enforcement agencies have jointly dismantled a network of 39 domains and associated servers used in Business Email Compromise (BEC) fraud operations. The operation, codenamed "Operation Heart Blocker," took place on January 29th and targeted the infrastructure of a group known as "The Manipulaters," which also went by the name Saim Raza. This group operated online marketplaces originating from Pakistan, selling phishing toolkits, scam pages, email extractors, and fraud-enabling tools. The services marketed were utilized by transnational organized crime groups in the US who used these tools to target various victims with BEC schemes. These attacks tricked victim companies into making fraudulent payments which are estimated to have caused over $3 million in losses.
The seized domains and servers contained millions of records, including at least 100,000 pertaining to Dutch citizens. "The Manipulaters" marketed their services under various brands, including Heartsender, Fudpage, and Fudtools which specialized in spam and malware dissemination. The U.S. Department of Justice stated that Saim Raza-run websites not only sold the tools, but they also provided training to end users through instructional videos on how to execute schemes using the malicious programs, making them accessible to those without the technical expertise. The service was estimated to have thousands of customers. The tools were used to acquire victim user credentials which were then utilized to further the fraudulent schemes. Users can check to see if they were impacted by credential theft via a Dutch Police website.
Share:
References :
Classification:
@www.csoonline.com
//
Ransomware gangs are accelerating their operations, significantly reducing the time between initial system compromise and encryption deployment. Recent cybersecurity analyses reveal the average time-to-ransom (TTR) now stands at a mere 17 hours. This marks a dramatic shift from previous tactics where attackers would remain hidden within networks for extended periods to maximize reconnaissance and control. Some groups, like Akira, Play, and Dharma/Crysis, have even achieved TTRs as low as 4-6 hours, demonstrating remarkable efficiency and adaptability.
This rapid pace presents considerable challenges for organizations attempting to defend against these attacks. The shrinking window for detection and response necessitates proactive threat detection and rapid incident response capabilities. The trend also highlights the increasing sophistication of ransomware groups, which are employing advanced tools and techniques to quickly achieve their objectives, often exploiting vulnerabilities in remote monitoring and management tools or using initial access brokers to infiltrate networks, escalate privileges, and deploy ransomware payloads.
Share:
References :
Classification:
Ashish Khaitan@The Cyber Express
//
CISA has updated its Known Exploited Vulnerabilities (KEV) Catalog to include critical vulnerabilities affecting VMware ESXi, Workstation, Fusion, and Linux kernel. These flaws are actively being exploited, posing a significant risk, particularly for federal government organizations. Rapid patching is essential to mitigate the active cyber threats associated with these vulnerabilities.
The identified VMware vulnerabilities, CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226, allow for remote code execution (RCE) and privilege escalation. Specifically, CVE-2025-22224 is a Time-of-Check Time-of-Use (TOCTOU) vulnerability with a CVSSv3 score of 9.3, classified as Critical. The affected systems include various versions of VMware ESXi, Workstation, Fusion, Cloud Foundation, and Telco Cloud Platform, with updated versions available to address the flaws.
Share:
References :
Classification:
|