This Week’s Top 5 Cybersecurity News Stories May 2024 | 01

Cybersecurity threats are evolving constantly as threat actors look to gain access to your data and money. To help you stay secure, we have searched the internet for the top five cybersecurity news stories of the week that we think you should be aware of.  No story is too big or small, as we look at threats from espionage to security flaws in every day devices:

1. Ukrainian REvil Hacker Sentenced to 13 Years and Ordered to Pay $16 Million

Yaroslav Vasinskyi, a 24-year-old Ukrainian national and member of the REvil ransomware group, has been sentenced to over 13 years in prison and fined $16 million by the U.S. for his involvement in over 2,500 ransomware attacks. These attacks extorted over $700 million in cryptocurrency. Vasinskyi, arrested in Poland in October 2021 and extradited to the U.S. in March 2022, pleaded guilty to an 11-count indictment that included conspiracy to commit fraud and money laundering. The sentencing reflects ongoing U.S. efforts to combat international ransomware activities. Additionally, significant ransom payments were forfeited through civil cases in 2023, enhancing the legal response to cybercrime.

For further details, you can view the full article here.

2. New Cuttlefish Malware Hijacks Router Connections, Sniffs for Cloud Credentials

The new “Cuttlefish” malware targets small office/home office (SOHO) routers, monitoring traffic and gathering authentication data from HTTP requests. It employs DNS and HTTP hijacking to intercept network communications within internal networks. Identified by Black Lotus Labs, Cuttlefish’s functionality includes traffic sniffing for cloud service credentials and route manipulation. Active since July 2023, it predominantly affected Turkish telecom networks. The malware can also act as a proxy, facilitating unauthorized access to cloud resources using stolen credentials.

For more detailed insights, you can read the full article here.

3. Bitcoin Forensic Analysis Uncovers Money Laundering Clusters and Criminal Proceeds

The “Elliptic2” dataset, used for forensic analysis of the Bitcoin blockchain, has revealed significant findings concerning illicit activities and money laundering. Developed by Elliptic and researchers from the MIT-IBM Watson AI Lab, the dataset uncovers patterns of money laundering by analyzing subgraphs representing illicit transactions. This advanced analysis has enabled the identification of criminal proceeds, tracing them to entities like cryptocurrency mixers and darknet markets. The research showcases the potential of machine learning in improving the accuracy and efficiency of financial crime investigations in the cryptocurrency space.

For further details, you can read the full article here.

4. Telegram Web App Vulnerability Let Attackers Hijack Sessions

A recent discovery of a Cross-Site Scripting (XSS) vulnerability in Telegram’s WebK application versions below 2.0.0 has highlighted significant security concerns. This flaw allows attackers to hijack user sessions by embedding malicious JavaScript in web apps that appear to be hosted on Telegram’s domain. Telegram has responded by upgrading their system to patch this vulnerability and introduced measures to isolate the new window from the original application, ensuring that session IDs cannot be hijacked. Users are urged to update to the latest version to safeguard their accounts.

For more detailed information, you can view the full article here.

5. Operation PANDORA Shutdown 12 Fake Call Centers that Steal Over €10M

Operation PANDORA, a coordinated law enforcement effort led by Europol, has dismantled a network of 12 fraudulent call centers, which collectively defrauded victims of over €10 million through sophisticated phone scams. These call centers operated across multiple countries, presenting themselves as legitimate businesses while engaging in various deceitful practices to extract funds from individuals and businesses. The operation involved significant planning and utilized advanced technology and intelligence-sharing to locate and raid these centers, leading to numerous arrests and the seizure of crucial evidence. This crackdown not only disrupts these criminal activities but also aims to raise awareness about the prevalence and sophistication of telecommunication fraud.

For further details, you can read the full article here.

Here at DIESEC, we have experts on hand waiting to help you with all of your cybersecurity needs, from ensuring your system is safe and secure to teaching your employees how not to fall victim to social engineering ploys.

For more information please contact us now!