Neu im Research-Blog: Rolling in the Deep (Web) - Lazarus Tsunami

Bei der Unterstützung eines Kunden konnte HiSolutions umfangreiche Teile des #Malware-Frameworks #Tsunami sicherstellen, analysieren und damit den Angriffsweg der laufenden „Contagious Interview“-Kampagne der Angreifergruppe #Lazarus rekonstruieren.

Für Betroffene enthält unser Artikel alle technischen Details inklusive YARA-Regeln und IoC zur Entdeckung einer Infektion sowie einer Abbildung der genutzten Tools und Techniken auf die #MITRE ATT&CK Matrix.

Zum Blog-Beitrag: https://research.hisolutions.com/2025/04/rolling-in-the-deepweb-lazarus-tsunami/

DATE: April 24, 2025 at 11:18AM
SOURCE: HIPAA JOURNAL

Direct article link at end of text block below.

Yale New Haven Health System Announces 5.5-Million Record Data Breach https://t.co/nEKfvOyxCn

Here are any URLs found in the article text:

https://t.co/nEKfvOyxCn

Articles can be found by scrolling down the page at https://www.hipaajournal.com/ .

-------------------------------------------------

Private, vetted email list for mental health professionals: https://www.clinicians-exchange.org

Most healthcare security and privacy posts related to IT or infosec are at @rsstosecurity

-------------------------------------------------

DATE: April 24, 2025 at 11:15AM
SOURCE: HIPAA JOURNAL

Direct article link at end of text block below.

Blue Shield of California Announces Impermissible Disclosure of PHI to Google Ads: 4.7 Million Affected https://t.co/kdgU9FMr8V #healthcare #databreach

Here are any URLs found in the article text:

https://t.co/kdgU9FMr8V

Articles can be found by scrolling down the page at https://www.hipaajournal.com/ .

-------------------------------------------------

Private, vetted email list for mental health professionals: https://www.clinicians-exchange.org

Most healthcare security and privacy posts related to IT or infosec are at @rsstosecurity

-------------------------------------------------

Bogus video call links attempt to capture Microsoft 365 tokens to access resources and abuse accounts https://therecord.media/russia-linked-phishing-microsoft365-ukraine-ngos #ukraine #cybersecurity #socialengineering

So, a client hit me with this today: "Seriously, how safe *are* our Microsoft accounts?" Good question. Right now, Russian APT groups are hitting hard with some nasty social engineering, especially going after Ukraine connections.

Here’s their playbook: They're exploiting MS OAuth 2.0. You think you're just logging in normally, right? But boom – they swipe your code and get the 2FA approved. The really scary part? They're leveraging *legitimate* Microsoft services to do it!

As a pentester, I see this kind of thing more often than I'd like. Honestly, even seasoned pros can get caught out. Your firewall isn't much help against this, and automated scans? They often don't catch it either.

So, what actually makes a difference? For starters, keep a sharp eye on any new devices registered in Entra ID. Boosting your team's awareness training is crucial too. Plus, make sure your Conditional Access Policies are properly configured and enforced.

Have you seen attacks like this in the wild? Curious to hear your experiences! Share 'em below.

AI has been a gift from Heaven for social engineers... https://www.securitymagazine.com/articles/101559-deepfake-enabled-fraud-caused-more-than-200-million-in-losses #deepfakes #socialengineering #infosec

Zoom's Remote Control Feature Under Fire: A New Wave of Crypto-Theft Attacks

A new social engineering campaign exploits Zoom's remote control feature, targeting cryptocurrency users. Dubbed 'Elusive Comet,' this hacking group mirrors tactics from the notorious Lazarus group, p...

https://news.lavx.hu/article/zoom-s-remote-control-feature-under-fire-a-new-wave-of-crypto-theft-attacks

State-sponsored hackers embrace #ClickFix #SocialEngineering tactic

https://www.bleepingcomputer.com/news/security/state-sponsored-hackers-embrace-clickfix-social-engineering-tactic/

In the news today!

A brand new episode of Redefining #Society & #Technology Podcast, on ITSPmagazine

Living Forever (Sort Of): AI Clones, Digital Ghosts, and the Problem with Perfection

Bruce Y. Lee and I met once again in our favorite make-believe bar to explore what might be one of the most unsettling — and fascinating — questions of our time: What happens when your AI clone outlives you?

In this episode, Bruce Y. Lee and I explore digital immortality, algorithmic relationships, and what makes a person… well, a person. Star Trek, deepfakes, AI therapists, and dead celebrities all make an appearance. Is it still you if your clone outlives you?

Let’s discuss!

– Star Trek ethics and uncanny valleys

– ChatGPT friendships that feel a little too real

– What it means to build a digital legacy you never signed off on

– And whether a recreated version of “you” is still… you

From #holograms to memory simulations, #socialengineering to emotional #algorithms, we’re not here to decide what’s right or wrong — just to ask: where does reality end, and where does the replica begin?

Teaser: https://youtu.be/gcj4ug4blbg

Watch the full episode: https://youtu.be/in-4Mj_9TzE

Listen to the full episode: https://redefining-society-podcast.simplecast.com/episodes/living-forever-sort-of-ai-clones-digital-ghosts-and-the-problem-with-perfection-a-carbon-a-silicon-and-a-cell-walk-into-a-bar-a-redefining-society-podcast-series-with-recurring-guest-dr-bruce-y-lee

Oh, subscribe to my newsletter as I am pretty sure this is going to turn into some amusing article real soon: https://www.linkedin.com/newsletters/7079849705156870144/?displayConfirmation=true

#podcast #DigitalIdentity #RedefiningSociety #TechAndHumanity # #Cyberpsychology #ChatGPT #Immortality #HybridAnalogDigitalSociety #Storytelling #StarTrek #BruceYLee #MarcoCiappelli #DigitalLegacy #TechCulture #EmotionalAI #PhilosophyAndTech #UncannyValley #Future #memories Sean Martin, CISSP

DATE: April 17, 2025 at 04:57PM
SOURCE: HEALTHCARE INFO SECURITY

Direct article link at end of text block below.

Lawsuit: #Hospital #Therapist Accessed Nude Breast Photos of 425 Women https://t.co/cGz8LHiz0l

Here are any URLs found in the article text:

https://t.co/cGz8LHiz0l

Articles can be found by scrolling down the page at https://www.healthcareinfosecurity.com/ under the title "Latest"

-------------------------------------------------

Private, vetted email list for mental health professionals: https://www.clinicians-exchange.org

Healthcare security & privacy posts not related to IT or infosec are at @HIPAABot . Even so, they mix in some infosec with the legal & regulatory information.

-------------------------------------------------

#security #healthcare #doctors #itsecurity #hacking #doxxing #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #datasecurity #webbeacons #cookies #HIPAA #privacy #datanalytics #healthcaresecurity #healthitsecurity #patientrecords @infosec #telehealth #netneutrality #socialengineering

A new US company, Massive Blue, is helping law enforcement agencies deploy AI-powered social media bots to interact with suspected criminals. Unfortunately this can also be used against activists… www.wired.com/story/massiv... #activism #ai #deepfakes #socialengineering

This ‘College Protester’ Isn’t...

A new US company, Massive Blue, is helping law enforcement agencies deploy AI-powered social media bots to interact with suspected criminals. Unfortunately this can also be used against activists…
https://www.wired.com/story/massive-blue-overwatch-ai-personas-police-suspects/ #activism #ai #deepfakes #socialengineering

Leak exposes #BlackBasta’s influence tactics

https://arstechnica.com/security/2025/04/leaked-messages-expose-trade-secrets-of-prolific-black-basta-ransomware-group/

DATE: April 10, 2025 at 08:51AM
SOURCE: HEALTHCARE INFO SECURITY

Direct article link at end of text block below.

Is #Oracle's potential involvement in #TikTok's divestiture a bad idea for #nationalsecurity and #dataprivacy? https://t.co/kpeu0TeFx8

Here are any URLs found in the article text:

https://t.co/kpeu0TeFx8

Articles can be found by scrolling down the page at https://www.healthcareinfosecurity.com/ under the title "Latest"

-------------------------------------------------

Private, vetted email list for mental health professionals: https://www.clinicians-exchange.org

Healthcare security & privacy posts not related to IT or infosec are at @HIPAABot . Even so, they mix in some infosec with the legal & regulatory information.

-------------------------------------------------

#security #healthcare #doctors #itsecurity #hacking #doxxing #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #datasecurity #webbeacons #cookies #HIPAA #privacy #datanalytics #healthcaresecurity #healthitsecurity #patientrecords @infosec #telehealth #netneutrality #socialengineering

Wer erinnert sich noch an Kevin Mitnick? In den 1980er und 1990er-Jahren vom #FBI gesucht und als einer der Wegbereiter des "#Socialengineering" zum Mythos geworden, wird in einer ausführlichen Reportage über den 2023 verstorbenen #Computerhacker berichtet, der in seinen späteren Jahren zum #Cybersecurity Experten avancierte:

"Am Weihnachtstag 1994 hackte sich Kevin Mitnick in das Heimnetzwerk von Tsutomu Shimomura, einem bekannten Computersicherheitsexperten."

https://gagadget.com/de/619563-die-geschichte-von-kevin-mitnick-der-beruhmteste-hacker-der-welt

Virussen en phishing

(Een late reactie op een discussie tussen @EllyvA en @ximaar eindigend met https://mastodon.nl/@EllyvA/114064535418745561).

Computervirussen, in de zin van malware (malicious software) die zichzelf verspreidt, zie ik nauwelijks nog - omdat mensen geen floppies meer gebruiken om gegevens uit te wisselen.

Cybercriminelen gebruiken nu vooral social engineering om mensen te bestelen, of om aan vertrouwelijke gegevens te komen waarmee zij vervolgens mensen overtuigen dat zij een betrouwbare partij zijn.

Als zij malware maken bestaat de kwaadaardige component uit een programma (of script in het een of andere document) dat zij bij elke verspreiding wijzigen, en eerst testen op alle gangbare virusscanners (waardoor de meeste scanners aanvankelijk kansloos zijn).

In een steeds groter deel van de gevallen maakt malware misbruik van standaard onder Windows geïnstalleerde software ("lolbins" - Living Of the Land binaries) of installeert een legitieme driver waarmee verhoogde rechten (administrator privileges) worden verkregen.

Ook zeer populair zijn RAT's, Remote Access Tools zoals Teamviewer en Anydesk (steeds vaker misbruikt ook op Android en iPhones). Mensen wordt vaak voorgelogen dat zij een virusscanner zouden moeten installeren - en dat is dus zo'n RAT, zie https://infosec.exchange/@ErikvanStraten/113987804370380156.

En inderdaad is phishing een gigantisch probleem - waar virusscanners nauwelijks of niet tegen helpen, omdat criminelen steeds nieuwe domeinnamen gebruiken (vb: https://security.nl/posting/879531) voor hun websites, en vaak captcha's inzetten waar virusscanners niet "doorheen komen".

Het komt ook voor dat automatisch door browsers verzonden gegevens, en/of IP-adressen, en/of tijdstip van de dag vaak aan specifieke criteria moeten voldoen wil de kwaadaardige versie van een website worden getoond (zie screenshot, druk Alt voor meer info).

Het beste dat je kunt doen, na het openen van een webpagina, is niet op de inhoud letten maar op de DOMEINNAAM (in de adresbalk van de browser). Voor veel te veel mensen is het echter (nagenoeg) onmogelijk om vast te stellen dat een gegeven domeinnaam *niet* van de gesuggereerde organisatie is - en hier bestaat helaas geen SIMPEL en betrouwbaar recept voor.

Messenger-Betrug nimmt rasant zu – Revolut fordert harte Maßnahmen von Social-Media-Plattformen https://www.experten.de/id/4938975/Messenger-Betrug-nimmt-rasant-zu---Revolut-fordert-harte-Massnahmen-von-Social-Media-Plattformen/ #ConsumerSecurityInsightsReport #SocialMediaPlattformen #BiometrischeSicherheit #SecondDeviceLog-in #Transaktionslimits #SocialEngineering #Betrugsprävention #Messenger-Betrug #KI-Überwachung #Datendiebstahl #RevolutSecure #Online-Betrug #Ticket-Scams #Betrugsopfer #Meta

DATE: April 09, 2025 at 03:48PM
SOURCE: HEALTHCARE INFO SECURITY

Direct article link at end of text block below.

Senate Intel Vice Chair @MarkWarner Prods #Trump Over #TikTok Plans: Says Talk of #Oracle's Involvement Worrisome Due to Recent #Data Breaches https://t.co/kpeu0TeFx8

Here are any URLs found in the article text:

https://t.co/kpeu0TeFx8

Articles can be found by scrolling down the page at https://www.healthcareinfosecurity.com/ under the title "Latest"

-------------------------------------------------

Private, vetted email list for mental health professionals: https://www.clinicians-exchange.org

Healthcare security & privacy posts not related to IT or infosec are at @HIPAABot . Even so, they mix in some infosec with the legal & regulatory information.

-------------------------------------------------

#security #healthcare #doctors #itsecurity #hacking #doxxing #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #datasecurity #webbeacons #cookies #HIPAA #privacy #datanalytics #healthcaresecurity #healthitsecurity #patientrecords @infosec #telehealth #netneutrality #socialengineering

The Renaissance of NTLM Relay Attacks: Everything You Need to Know – Source: securityboulevard.com https://ciso2ciso.com/the-renaissance-of-ntlm-relay-attacks-everything-you-need-to-know-source-securityboulevard-com/ #rssfeedpostgeneratorecho #SecurityBloggersNetwork #CyberSecurityNews #SecurityBoulevard #socialengineering #ActiveDirectory #BloodHound #ntlmrelay #research #redteam