Skip to content
Get weekly news collection
Metafinanz Security News Collections

Latest Security News Collection

Security news collection - current edition

01

Salt Typhoon Continues Hacking Telecoms by Exploiting Cisco Routers

#SaltTyphoon #TelecomHacking #CiscoRouters #RecordedFuture #RedMike #NetworkSecurity #TechNews #CyberThreats #USSanctions #cybercrime #cybersecurity

Despite high-profile exposure and US sanctions, the Chinese hacker group Salt Typhoon has not slowed its operations, continuing to breach telecom networks worldwide, including two more in the US. Researchers at cybersecurity firm Recorded Future revealed that Salt Typhoon has breached five telecoms and internet service providers globally, as well as over a dozen universities from Utah to Vietnam, between December and January. The group exploits vulnerabilities in Cisco’s IOS software, gaining full control of routers and switches. This aggressive campaign highlights the persistent threat posed by Salt Typhoon, also known as RedMike, as they turn telecommunications networks into “Swiss cheese.”

→ Read more on wired.com

02

Estonians Admit to $577M HashFlare Crypto Scam

#CryptoScam #HashFlare #PonziScheme #Cryptocurrency #Fraud #USDoJ #Estonia #InvestorAlert #CyberCrime #TechNews #cybercrime #cybersecurity

Two Estonian nationals, Sergei Potapenko and Ivan Turõgin, have pleaded guilty to running a $577 million cryptocurrency Ponzi scheme through HashFlare, defrauding hundreds of thousands of investors globally. The US Department of Justice (DoJ) confirmed that the duo, arrested in November 2022 and extradited to the US in May 2024, misled investors about the capabilities of their cryptocurrency mining service. They operated a complex Ponzi scheme from 2015 to 2019, promising high returns with minimal effort. Potapenko and Turõgin now face up to 20 years in prison and must forfeit $400 million in assets. This case highlights the significant risks associated with cryptocurrency investments and the importance of due diligence.

→ Read more on hackread.com

03

Massive IoT Data Breach Exposes 2.7 Billion Records

#IoTDataBreach #DataLeak #MarsHydro #LGLEDSolutions #WiFiSecurity #API #TechNews #DataProtection #CyberThreats #cybercrime #cybersecurity

A massive IoT data breach has exposed 2.7 billion records, compromising sensitive information such as Wi-Fi network names, passwords, IP addresses, and device IDs. The unprotected database, linked to Mars Hydro and LG-LED Solutions, was reported by cybersecurity researcher Jeremiah Fowler. The database contained 1.17 terabytes of data, including error logs with device operating system details, API tokens, and app versions. This data likely belonged to users of Mars Hydro’s Mars Pro app. Although Mars Hydro quickly restricted access, questions remain about the duration of the exposure and potential unauthorized access. The exposed data presents significant risks, including unauthorized network access and potential “nearest neighbor” exploits, where cybercriminals hijack nearby Wi-Fi networks. In November 2024, Russian military hackers used a similar attack to breach an organization in Washington, D.C.

→ Read more on infosecurity-magazine.com

04

Ransomware Gangs Evolve Tactics to Evade Enterprise Defences

#Ransomware #ThreatDetection #Huntress #Infostealer #Malware #EnterpriseSecurity #TTR #TechNews #CyberThreats #cybercrime #cybersecurity

Ransomware gangs are adapting to improved threat detection and law enforcement actions by employing advanced tactics and techniques initially tested on large organisations. Huntress research reveals that the sophistication gap between attacks on large enterprises and smaller businesses has nearly disappeared. In 2024, infostealer malware was observed in nearly 24% of attacks, while malicious scripts used to automate attacks and evade detection featured in 22% of incidents. The competitive nature of the ransomware ecosystem drives the increased use of sophisticated evasion techniques. Speed is also a key attribute, with the average time-to-ransom (TTR) being nearly 17 hours, and some gangs, like Play, Akira, and Dharma/Crysis, achieving an average TTR of approximately 6 hours.

→ Read more on cybersecuritydive.com

05

Hackers Infect Websites of Major Lithuanian Food Company Vičiūnai Group

#DataBreach #VičiūnaiGroup #Malware #Ransomware #FoodIndustry #Lithuania #CyberThreats #TechNews #OnlineSafety #CyberCrime #cybersecurity

Websites belonging to UAB Vičiūnų grupė, one of Lithuania’s largest food producers, have been compromised with a malicious loader capable of infecting user devices. Discovered by cyber threat hunter Darius Povilaitis, the breach poses significant risks as the malicious code can deliver additional payloads like trojans, infostealers, or ransomware. Povilaitis advised blocking the affected websites immediately due to the potential danger. The exact method of the cyberattack and the responsible parties remain unclear. UAB Vičiūnų grupė, which owns brands like VIČI and Esva, operates in 15 countries and employs over 4,400 people. The company has previously been linked to exporting sanctioned components to Russia.

→ Read more on cybernews.com

06

197% Surge in Email-Based Attacks

#EmailAttacks #Phishing #Acronis #TRU #MSP #RDP #Malware #TechNews #CyberThreats #cybercrime #cybersecurity

The global cyber threat landscape is worsening, with companies facing a rapid increase in attacks. According to the latest Cyberthreats Report by the Acronis Threat Research Unit (TRU), the number of registered attacks per company has risen by 21%. Alarmingly, email-based attacks have surged by 197% compared to the previous year. Cybercriminals are increasingly using phishing and other email-based attack methods. Nearly one-third of received emails (31.4%) were spam, and 1.4% contained dangerous content like malware or phishing links. Phishing accounted for 74% of all documented attacks in the second half of 2024, followed by social engineering techniques at 22%. Managed Service Providers (MSPs) are frequently targeted, with phishing responsible for 33% of the 185 security incidents documented between January and December 2024. Additionally, vulnerabilities in Remote Desktop Protocols (RDP) and other remote access tools were exploited in 22% of attacks.

→ Read more on it-daily.net

07

Medibank Confirms Wider Cyberattack Impact After Celebrity Threats

#CyberAttack #Medibank #DataBreach #Ransomware #CustomerData #HealthInsurance #TechNews #DataProtection #Australia #cybercrime #cybersecurity

Australian private insurer Medibank has confirmed that a recent cyberattack has affected more customers than initially thought. The announcement follows threats from hackers to target celebrities. The cyberattack, identified on October 12, was initially contained before ransomware could be deployed. However, the attackers claimed to have stolen approximately 200 gigabytes of data, including customer information from Medibank’s ahm and international student systems. The company has received files containing personal and health claims data, but the full extent of the stolen data is still being assessed. Medibank continues to notify impacted customers, though the total number of affected individuals remains undetermined. The health insurer has over 3.9 million customers.

→ Read more on securityweek.com

08

Man Pleads Guilty to SIM-Swapping SEC’s X Account

#SIMSwapping #SEC #Cryptocurrency #Bitcoin #JusticeDepartment #Hacker #TwoFactorAuthentication #TechNews #DataBreach #cybercrime

Eric Council Jr, a 25-year-old from Alabama, has pleaded guilty to SIM-swapping the Securities and Exchange Commission’s (SEC) X account in January last year. The Justice Department revealed that Council was part of a group attempting to manipulate cryptocurrency prices. Following the false confirmation of Bitcoin Exchange Traded Funds (ETFs) approval from the SEC’s account, Bitcoin’s price surged by over $1,000, only to drop by more than $2,000 after the SEC clarified the statement was false. Council’s role involved SIM-swapping into the account, for which he was allegedly paid in Bitcoin. SIM-swapping, a method used by attackers to gain access to accounts protected by SMS-based two-factor authentication, has been linked to other significant attacks, including the ransomware hit on MGM Resorts.

→ Read more on theregister.com

09

Pro-Russian DDoS Attack Disrupts Bavarian Government Websites

#CyberAttack #BavarianGovernment #ProRussianHacktivism #DDoS #CyberSecurity #DigitalAffairs #NoDataCompromised #MunichSecurityConference #InvestigationsOngoing #BavarianBroadcastingCorporation #cybercrime #cybersecurity

On Friday, the websites of the Bavarian State Government and the Ministry of Digital Affairs were temporarily inaccessible due to a suspected pro-Russian cyberattack. The Bavarian State Office for Information Security confirmed on Sunday that the attack was likely linked to “pro-Russian hacktivism.”

Fortunately, no data was compromised, and no damage occurred. The affected websites were only temporarily unavailable. The Bavarian State Criminal Police Office stated that it could not determine whether the attack was related to the Munich Security Conference. Investigations are ongoing, and the Bavarian Broadcasting Corporation was the first to report the incident.

→ Read more on heise.de

10

Dutch Police Seize 127 Servers from Sanctioned Hosting Service

#DutchPolice #ServerSeizure #Zservers #BulletproofHosting #LockBit #ContiGang #Malware #CyberSecurity #InternationalSanctions #CyberCrime #cybersecurity

This week, Dutch police seized 127 servers used by Zservers, a bulletproof hosting service under international sanctions. The raid at the Paul van Vlissingenstraat data centre in Amsterdam followed a long-term investigation into ZServers/XHost. The U.S., U.K., and Australia linked Zservers to the LockBit ransomware operation, and Dutch police found connections to the Conti cybercrime gang. The servers also contained malware, including botnets.

ZServers/XHost had been under scrutiny for a year due to its advertisement of criminal activities and anonymous services. No arrests were made, but the Cybercrime Team Amsterdam will continue investigating the data found on the servers. The U.S. sanctions identified two Russian nationals, Alexander Igorevich Mishin and Aleksandr Sergeyevich Bolshakov, as administrators of Zservers, with Britain targeting four other employees and Xhost Internet Solutions LP.

→ Read more on therecord.media

Contact us

+49 89 360 5310 | security-awareness@metafinanz.de

The editors are not responsible for the content of each article.