Possible Phishing
on: hxxp[:]//jpscode2222[.]github[.]io/netflix
Analysis at: https://urldna.io/scan/67e6f1903b7750000d89db15
#cybersecurity #phishing #infosec #urldna #scam #infosec

A wise #cybersecurity warrior learns to recognize his foes. Hot-headed knaves simply repeat their own fighting moves over and over. https://cromwell-intl.com/cybersecurity/attack-study/?s=mc

iCloud Mail has DNS misconfigured

https://www.mail-tester.com/test-p3tdhnk3o

Possible Phishing
on: hxxps[:]//ups[.]com-uqol[.]xin
Analysis at: https://urldna.io/scan/67e6ec743b7750000d89da69
#cybersecurity #phishing #infosec #urldna #scam #infosec

NSA F9T53 Opsec Special Bulletin: Signal Vulnerability

https://www.scribd.com/document/843124910/NSA-full

Our latest newsletter is out, get it while it's hot!

https://opalsec.io/daily-news-update-friday-march-28-2025-australia-melbourne-2/

Key stories:

Oracle's under fire: A breach at Oracle Health compromised patient data, with Oracle allegedly shifting responsibility to hospitals and avoiding documentation. This follows hot on the heels of denial regarding an alleged Oracle Cloud breach, raising serious questions about their security culture.

Clop's back in the headlines: Sam's Club - a Walmart subsidiary - is investigating claims of a Clop ransomware attack, potentially linked to the Cleo file transfer vulnerability that has already hit other organizations hard.

Don't miss this bizarre twist: Cable operator WideOpenWest (WOW!) is dealing with a breach claimed by Arkana Group, who are publicizing the stolen data (usernames, passwords, etc.) with a… Russian music video. The alleged attack vector? Infostealer malware.

Get up to speed with these stories and more: https://opalsec.io/daily-news-update-friday-march-28-2025-australia-melbourne-2/

If you'd like to get the latest Cyber Security news wrapped up and delivered to your inbox every day, subscribe to our newsletter here!

https://opalsec.io/daily-news-update-friday-march-28-2025-australia-melbourne-2/#/portal/signup

Our latest newsletter is out, get it while it's hot!

https://opalsec.io/daily-news-update-friday-march-28-2025-australia-melbourne-2/

Key stories:

Oracle's under fire: A breach at Oracle Health compromised patient data, with Oracle allegedly shifting responsibility to hospitals and avoiding documentation. This follows hot on the heels of denial regarding an alleged Oracle Cloud breach, raising serious questions about their security culture.

Clop's back in the headlines: Sam's Club - a Walmart subsidiary - is investigating claims of a Clop ransomware attack, potentially linked to the Cleo file transfer vulnerability that has already hit other organizations hard.

Don't miss this bizarre twist: Cable operator WideOpenWest (WOW!) is dealing with a breach claimed by Arkana Group, who are publicizing the stolen data (usernames, passwords, etc.) with a… Russian music video. The alleged attack vector? Infostealer malware.

Get up to speed with these stories and more: https://opalsec.io/daily-news-update-friday-march-28-2025-australia-melbourne-2/

If you'd like to get the latest Cyber Security news wrapped up and delivered to your inbox every day, subscribe to our newsletter here!

https://opalsec.io/daily-news-update-friday-march-28-2025-australia-melbourne-2/#/portal/signup

New ransom group blog post!

Group name: rhysida
Post title: Forrest City School District
Info: https://cti.fyi/groups/rhysida.html

We published a blog yesterday about a PhaaS and phishing kit that employs DoH and DNS MX records to dynamically serve personalized phishing content. It also uses adtech infrastructure to bypass email security and sends stolen credentials to various data collection spaces, such as Telegram, Discord, and email. https://blogs.infoblox.com/threat-intelligence/a-phishing-tale-of-doh-and-dns-mx-abuse/

Russian Phishing Uses Fake CIA Sites to Target Anti-war, Ukraine Supporters https://hackread.com/russia-phishing-fake-cia-sites-anti-war-ukraine-supporters/ #ScamsandFraud #Cybersecurity #PhishingScam #Security #Phishing #Ukraine #Russia #Fraud #Scam #CIA

#Infostealer campaign compromises 10 #npm packages, targets devs

https://www.bleepingcomputer.com/news/security/infostealer-campaign-compromises-10-npm-packages-targets-devs/

New ransom group blog post!

Group name: ransomhub
Post title: www.bassi.it
Info: https://cti.fyi/groups/ransomhub.html

Pete #Hegseth is always textin me about Yemen this Yemen that. Yemen that’s crazy lose my #Signal
#tech #politics #cybersecurity

Chinese #FamousSparrow hackers deploy upgraded #malware in attacks

https://www.bleepingcomputer.com/news/security/chinese-famoussparrow-hackers-deploy-upgraded-malware-in-attacks/

Three security bypasses have been discovered in Ubuntu Linux’s unprivileged user namespace restrictions, which could be enable a local attacker to exploit vulnerabilities in kernel components. #Ubuntu #Linux #CyberSecurity https://www.bleepingcomputer.com/news/security/new-ubuntu-linux-security-bypasses-require-manual-mitigations/

A newly discovered phishing-as-a-service (PhaaS) operation that researchers call Morphing Meerkat, has been using the DNS over HTTPS (DoH) protocol to evade detection. #PhishingAlert #CyberSecurity
https://www.bleepingcomputer.com/news/security/phishing-as-a-service-operation-uses-dns-over-https-for-evasion/

Wow. Thank you to @thisismissem for taking this time to write this up.

(I freely admit I only understood about half)

https://writings.thisismissem.social/open-source-tools-for-the-future-of-decentralized-moderation/

Hackers can now hijack solar power systems.

46 new bugs found in inverters from Sungrow, Growatt, and SMA. Attackers could shut down power, cause blackouts, or remotely control devices like a botnet.

One trick? Reset accounts to default password: 123456 #CyberSecurity
https://thehackernews.com/2025/03/researchers-uncover-46-critical-flaws.html

"[T]he main thing that people need to understand about Signal is that messages are encrypted from my phone to your phone in such a way that Signal can't read them as they go through their servers. The government could not read them off of Signal servers even with a warrant, even if they really wanted to. But if somebody has access to your phone, they can read those messages the same way you can by looking at them with their eyeballs because the messages have to be decrypted for you to read.

Now, there are a lot of ways that you can get access to somebody's phone. You can look over their shoulder while they're reading their messages, right? You can find out their password and unlock their phone, right? You can use forensic tools that police have like a Cellebrite or a break-in device to unlock phones, and then you can read the messages that way. You can also use malware. Installing malware on somebody's phone is a way that governments often gain access to people's private encrypted communications. Things like Pegasus malware or they're recently written about malware from Paragon Solutions that was going after WhatsApp messages, which was also end-to-end encrypted.

A concern about national security folks using these devices for the communications is that it makes it much more likely that their devices will get targeted by malware. And there's a lot of countries that have espionage capabilities that have the capability to target people's phones that would be very interested in knowing what Pete Hegseth is talking about, or what other high-level cabinet officials are talking about. So that makes for a very juicy intelligence target for foreign intelligence, and I think it's safe to assume that's something that many countries are now going to be going after."

https://www.techpolicy.press/about-that-signal-chat/

The #MorphingMeerkat phishing kit is exploiting DNS vulnerabilities to spoof 100+ brands, using dynamic fake login pages and anti-analysis techniques.

Read: https://hackread.com/morphing-meerkat-phishing-kit-dns-spoof-brands/