Trojan Source as a software supply chain threat. Notes on ransomware’s evolution. Ransomware attacks hit Canadian targets.


Attacks, Threats, and Vulnerabilities

‘Trojan Source’ Attack Abuses Unicode to Inject Vulnerabilities Into Code (SecurityWeek) Researchers disclose the details of Trojan Source, an attack method that abuses Unicode to stealthily inject vulnerabilities into code.

‘Trojan Source’ Bug Threatens the Security of All Code (KrebsOnSecurity) Virtually all compilers — programs that transform human-readable source code into computer-executable machine code — are vulnerable to an insidious attack in which an adversary can introduce targeted vulnerabilities into any software without being detected, new research released today warns.…

New Trojan Source attack impacts compilers for most programming languages (The Record by Recorded Future) Academics from the University of Cambridge in the United Kingdom have published details today about a theoretical attack that can be used to insert malicious code inside legitimate apps via their comment fields.

Trojan Source and Why It Matters (Adam Caudill) Yesterday the news hit of a new vulnerability that threatens the security of all code; dubbed Trojan Source by the researchers from the University of Cambridge. From an initial analysis, it does seem to impact just about everything, and the status of fixes is very hit or miss at this point. But the real question is, does this even matter? Is this issue worth spending your time on? Let’s look closer.

Tens of Thousands Download “AbstractEmu” Android Rooting Malware (SecurityWeek) Lookout Security researchers identified 19 related malicious applications that were being distributed through Google Play and third-party app stores.

A Mysterious Network of Twitter Bots Promote Alleged NRA Hack (The Daily Beast) Ransomware gangs typically share information about their victims on their own extortion sites. But one group looks like it has an army of bots to amplify its demands on Twitter.

Ransomware Actors Use Significant Financial Events and Stock Valuation to Facilitate Targeting and Extortion of Victims (FBI) The FBI assesses ransomware actors are very likely using significant financial events, such as mergers and acquisitions, to target and leverage victim companies for ransomware infections

FBI: HelloKitty ransomware adds DDoS attacks to extortion tactics (BleepingComputer) The U.S. Federal Bureau of Investigation (FBI) has sent out a flash alert warning private industry partners that the HelloKitty ransomware gang (aka FiveHands) has added distributed denial-of-service (DDoS) attacks to their arsenal of extortion tactics.

Tactics, Techniques, and Indicators of Compromise Associated with Hello Kitty/FiveHands Ransomware (FBI) The FBI first observed Hello Kitty/FiveHands ransomware in January 2021. Hello Kitty/FiveHands actors aggressively apply pressure to victims typically using the double extortion technique. In some cases, if the victim does not respond quickly or does not pay the ransom, the threat actors will launch a Distributed Denial of Service (DDoS) attack on the victim company’s public facing website.

10 ways ransomware attackers pressure you to pay the ransom (TechRepublic) Attackers will vow to publicly release the stolen data, try to delete any backups and even deploy DDoS attacks to convince victims to give in to the ransom demands, says Sophos.

Were you duped into working for a cybercriminal gang? Here’s how to tell. (SC Media) FIN7 actors set up the fake pentesting company Bastion Secure as a front to conceal its cybercriminal hacking, say researchers. And it’s hiring.

Cring ransomware continues assault on industrial organizations with aging applications, VPNs (ZDNet) A Sophos report attributed a recent Cring attack to hackers in Belarus and Ukraine.

Byline about Cobalt Strike – From hero to villain and loyal sidekick of the cybercriminal (APN News) A good thing in the wrong hands can cause enormous damage. And that’s true in the cyber world, where Cobalt Strike framework has become something of a bogeyman. The tool was originally created by ethical hackers to help organizations test the security of computer systems, assess security levels and analyze the response to potential attacks. But the dark side never gives up, so when evil hackers saw the enormous potential of Cobalt Strike, they decided to exploit the tool for cybercrime.

Grimm Private Vulnerability Disclosure Program Reveals Multiple Vulnerabilities in Both Nagios Core and XI (BusinessWire) GRIMM, a forward-looking cybersecurity organization led by industry experts, today announced they performed dedicated vulnerability research into Nagi

New Zealand Cybersecurity Company Helps Squelch BlackMatter Ransomware Scheme (Tech Zone) A New Zealand cybersecurity firm is stamping out the BlackMatter ransomware scheme through a critical vulnerability. The firm is helping ransomware victims recover their data without having to pay out a ransom.

From Thanos to Prometheus: When Ransomware Encryption Goes Wrong (Security Intelligence) A weakness was recently uncovered in the key generation algorithm used in the ransomware Prometheus’s encryption process. Dig into the latest research from IBM Security X-Force.

NOBELIUM Demonstrates  Why Microsoft Is the Weakest Link (Cybereason) Troubling takeaways: Microsoft essentially took a product security advisory and framed it as threat research, and less than a year after the SolarWinds attacks, Microsoft allowed the same threat actors to slip through again…

Black Friday Scams are Coming—Online Shoppers Should Approach with Caution (Fortinet Blog) FortiGuard Labs threat analysis details how cybercriminals are using the promise of a fake gift card to steal cryptocurrency from their victims and how they are using fake documents to lure victims…

Possible cyberattack disrupts healthcare services in Canadian province -minister (Reuters) A possible cyber attack against the healthcare system in the Canadian province of Newfoundland has disrupted services and forced the cancellation of some appointments, health authorities said on Monday.

Newfoundland forced to revert to ‘paper-based system’ after possible cyber attack on health-care network (Niagara Falls Review) Thousands of Newfoundlanders in need of non-emergency surgeries, cancer treatment and diagnostic imaging have had their appointments cancelled.

Province’s Health Care System Seriously Impacted by Cyber Attack (VOCM) The province’s health care IT system has been seriously impacted by a cyber attack that has affected a wide ra…

Cyberattack on Clarence-Rockland should be warning to others, expert says (CBC) One cybersecurity expert says a string of attacks in the Ottawa-Gatineau region, including one on the city of Clarence-Rockland, should be a signal to others to bolster their cybersecurity.

Hive ransomware group extends to cloud-based Linux variants (SC Media) ESET researchers say the Hive group aims to move beyond Windows operating systems and attack Linux and cloud-based environments.

Jewellery firm Graff suffers ransomware attack, hackers begin leaking client details (Computing) Donald Trump, Oprah Winfrey, and Saudi Crown Prince Mohammed bin Salman are among the celebrities whose personal details have been leaked on the dark web

Squid Game fans duped by scam promising early release of season 2 (NZ Herald) It’s not the first time scammers have tried to cash in on the show’s huge popularity.

Watch out for Squid Game malware (Information Age) Attackers luring victims with popular Netflix show.

Acer hit by second cyberattack in one week (Digital Journal) Once is unfortunate, twice is clumsy. Computer company Acer stumbles again under a cyberattack.

Vulnerability Summary for the Week of October 25, 2021 (CISA) The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Security Patches, Mitigations, and Software Updates

Some Older Macs Reportedly Bricked After Installing macOS Monterey (MacRumors) macOS Monterey, released last week as the latest version of macOS, is bricking older Mac computers, rendering them unusable and unable to even turn…

Disgruntled employees pose one of the greatest cybersecurity risks (Security Brief) UNIFY Solutions finds disgruntled former employees pose one of the greatest cybersecurity risks to businesses of all sizes.

2021 identities and security survey results – understanding the trend (OneIdentity) 2021 identities and security survey results – understanding the trend toward unified identity security as a countermeasure to identity sprawl

Global Cybercrime Report: Which Countries Are Most At Risk? (SEON) SEON’s comprehensive report of cybercrime around the world in 2021 includes the safest countries for cybersecurity, the countries most at risk, and more.

Researchers predict an increase in ransomware attacks on eCommerce in the next years, as well as a 314 percent increase in HTTPS threats by 2021. (Brinkwire) Researchers predict an increase in ransomware attacks on eCommerce in the next years, as well as a 314 percent increase in HTTPS threats by 2021. (Photo

CyberArk Research: Lack of Security Controls and Visibility Into User Activity Continue to Put Organizations at Risk (CyberArk) News summary:  80 percent of organizations report employee misuse or abuse of access to business applications   Nearly half of organizations said they have limited ability to view user logs and audit user activity  The average end-user has access to more than 10 business applications, many of which contain high-value…

Splunk BrandVoice: The New Security Landscape: 4 Lessons Of Security Leaders For 2022 (Forbes) The consequences of the pandemic’s rapid shift to work-from-home — and the exponentially faster shift to cloud technology that it helped drive — include less visibility into the security ecosystem, less control of access points, and a larger, more varied attack surface for adversaries to target.

75% of businesses think remote workers pose greater risk than office workers (HR News) In a survey of UK cyber security, IT and business professionals commissioned by WatchGuard Technologies, 75% of respondents believe that remote workers

Zero trust in NZ, and its rise from fringe approach to industry standard (Security Brief) The guiding principle of a zero trust security model is that no-one in an organisation — from a new recruit to the CISO — is granted intrinsic trust to access the network.

UK manufacturers are feeling the cybersecurity heat (HR News) The UK’s manufacturing sector has been severely tested by cybersecurity attacks since the start of the pandemic, according to new research by Keeper


Cybersecurity M&A Roundup: 41 Deals Announced in October 2021 (SecurityWeek) The number of cybersecurity-related mergers and acquisitions announced in the past months has remained constant, with 41 deals announced in October 2021.

IBM to Expand Security Portfolio with Plans to Acquire ReaQta (IBM Newsroom) IBM Security announced an expansion of its cybersecurity threat detection and response capabilities with its plans to acquire ReaQta.

CrowdStrike to Acquire SecureCircle to Enforce Zero Trust Data Protection (CrowdStrike) CrowdStrike announces acquisition of SecureCircle to enable customers to gain visibility and control of how data is downloaded, used and shared via the endpoint SUNNYVALE, Calif. – November 1, 2021 – CrowdStrike Holdings, Inc. (Nasdaq: CRWD), a leader in cloud-delivered endpoint and workload protection, today announced it has agreed to acquire SecureCircle, a SaaS-based cybersecurity service […]

CrowdStrike acquires SaaS-based cybersecurity service SecureCircle (ZDNet) The company specifically cited the effect SecureCircle’s tools will have on CrowdStrike’s Falcon agent with securing the endpoint.

Oxeye Emerges from Stealth; Raises $5.3M in Seed Funding Led by MoreVC (EIN News) Company Brings Innovation to Cloud Native Application Security Testing Market Expected to Reach 500 Million Web Apps by 2023.

New Zealand anti-money laundering startup First AML raises $30 million series B (Startup Daily) Anti-money laundering regtech startup First AML has raised A$28.7 million (NZ$30m) in a series B led by Blackbird Ventures.

Engineering giant Jacobs to acquire intelligence software company BlackLynx (Dallas News) Dallas engineering giant Jacobs Engineering Group Inc. will acquire software provider BlackLynx Inc. to bolster its cyber and intelligence portfolio, the…

Dell spins off VMware to shareholders (CRN Australia) Five things to know about the year’s biggest deal.

UNITED ARAB EMIRATES/ISRAEL : Successor to Mohamed bin Zayed’s cyberattack outfit DarkMatter teams with ex-Mossad chief’s startup (Intelligence Online) Beacon Red, the hybrid warfare subsidiary of the Emirati defence company EDGE Group, recently announced a partnership with ex-Mossad chief Tamir Pardo’s XM Cyber. The two will work on vulnerability

Even the government’s premier cybersecurity bureau has a talent acquisition challenge (Federal News Network) It’s clear the cybersecurity threat continues to rise. And so does the shortage of cybersecurity talent to help take it on.

Facebook wants to target children as young as 6 to expand its user base, internal documents reveal (Computing) Meanwhile, whistleblower Frances Haugen has urged Mark Zuckerberg to step down as Facebook CEO

U.S. Telecoms Are Going to Start Physically Removing Huawei Gear (Bloomberg) All over the country, hardware from Huawei Technologies Co. and ZTE Corp. keeps American telecom networks humming. In the coming months, many of those networks are going to start ripping it all out.

Rural Telecoms Fear Coming Outages as Purge of Huawei Equipment Begins (Gizmodo) A $1.9 billion FCC program seeks to compensate small telecoms for removing Chinese equipment, but some fear the timelines are too tight.

Yahoo Pulls Out of China, Ending Tumultuous Two-Decade Relationship (Wall Street Journal) It is the second well-known U.S. tech firm to downsize China operations in less than a month

Security vendor ZeroFox appoints EMT, Netpoleon as local disties (CRN Australia) Threat intelligence and digital risk protection specialist.

AUKUS a boon for quantum pioneer (Information Age) QLabs eyes US, UK growth after $25m funding.

End of investor lock-up causes further fall in Darktrace share price (CityAM) Shares in cybersecurity company Darktrace continue to fall sharply as share lock-up on insiders expires on Wednesday.

2021 FAIR Awards Salute Cyber Risk Management Innovators at 2021 FAIR Conference (GlobeNewswire News Room) Nearly 2,000 CISOs and business, risk leaders hear from IBM, HPE, Federal Reserve, Netflix, Gartner; FAIR Institute’s Jack Jones introduces FAIR-CAM™; and…

Sumo Logic Names Lynne Doherty President, Worldwide Field Operations (Sumo Logic) Proven executive brings decades of experience leading highly productive organizations at McAfee and Cisco Systems to help capture significant opportunity  REDWOOD CITY, Calif., Nov. 01, 2021 (GLOBE NEWSWIRE) — Sumo Logic, (Nasdaq: SUMO), the pioneer in continuous intelligence , today announced the

SynSaber Appoints Renowned Cybersecurity Veterans Mark Weatherford and Ali Golshan to its Advisory Board (Benzinga) Highly distinguished cybersecurity visionaries bring unmatched knowledge and insight to growing industrial security innovator

Deep Instinct Expands Executive Leadership Team to Build Upon Recent Company Momentum (BusinessWire) Deep Instinct, the first company to apply end-to-end deep learning to cybersecurity, today announced the addition of two key leaders to the executive

Sumo Logic Names Lynne Doherty President, Worldwide Field Operations (GlobeNewswire News Room) Proven executive brings decades of experience leading highly productive organizations at McAfee and Cisco Systems to help capture significant opportunity …

BioCatch Welcomes New SVP of Sales and Operations (FindBiometrics) BioCatch has announced another important change to its executive leadership. The company is welcoming a new SVP of Sales and Operations…

Miro Pihkanen named CSO and Board Member at OwlGaze (Security Magazine) Miro Pihkanen joins OwlGaze as their new Chief Security Officer (CSO) and Board Member. In his security and advisor roles, Pihkanen will help the organization finalize a cyber threat detection solution.

KnowBe4 Promotes Lecio De Paula Jr. to Vice President of Data Protection (MarketScreener) De Paula’s promotion demonstrates KnowBe4’s commitment to complying with data protection requirements and standards

Sumo Logic Snags Top McAfee Enterprise Exec Lynne Doherty (CRN) Sumo Logic has landed top McAfee Enterprise go-to-market executive Lynne Doherty for a newly created role leading the data analytics company’s worldwide field operations.

Tanium Appoints Chief Marketing Officer Steve Daheb (BusinessWire) Steve Daheb joins Tanium as CMO

Products, Services, and Solutions

Confidential Computing Consortium Announces Gramine 1.0, New Research… (Intel) Intel, a founding member of the Confidential Computing Consortium, helps accelerate the adoption of confidential computing through product innovation and new market research.

Hush Announces Launch of New Comprehensive Digital Privacy Protection Solution (LinkedIn) Hush is proud to announce the launch of its new comprehensive digital privacy protection solution, designed to help consumers take back control of their digital privacy. Hush works by constantly monitoring users’ digital footprints with artificial intelligence, high

ExtraHop Introduces Breakthrough Decryption and Threat Detection Capabilities for Microsoft Environments | ExtraHop (ExtraHop) Out-of-Band Decryption and Powerful AI Help Security Teams Defend Critical Active Directory Infrastructure and Identify Microsoft Protocol Abuse Used to Carry Out A New Class of Advanced Attacks.

NETSCOUT Announces Availability of Omnis Cyber Intelligence (BusinessWire) NETSCOUT today announced the release of Omnis® Cyber Intelligence (OCI), the industry’s fastest and most scalable network security software solution.

CyberRes Announces Voltage SecureData Services, Delivering Its Patented, Privacy-enabling Technologies Cloud-native (PR Newswire) CyberRes, a Micro Focus line of business, today announced the release of Voltage SecureData Services, a cloud-native data protection offering…

Vectra AI Now Available in the Microsoft Azure Marketplace (PR Newswire) Vectra AI today announced the availability of Vectra Detect in the Microsoft Azure Marketplace, an online store providing applications and…

BlackBerry and Okta Partner to Deliver Seamless Identity and Access Capabilities (PR Newswire) BlackBerry Limited (NYSE: BB; TSX: BB) announced today a technology integration between Okta, Inc.’s (NASDAQ:OKTA) Identity Cloud and…

Dragos Launches Platform Integration as a Technology Partner With ServiceNow Operational Technology Management Solution (Yahoo Finance) Dragos has launched a platform integration as a technology partner for the ServiceNow Operational Technology Management solution.

Illusive Unveils New Identity Risk Management Offering for Microsoft Azure Active Directory (PR Newswire) Illusive, trusted by enterprises worldwide for protection against ransomware and cyber attacks, announced today Illusive Identity Risk…

Unmask Insider Threats and Errors and Regain Security Control with CyberArk Identity Secure Web Sessions (CyberArk) Employees across finance, sales, HR, marketing and virtually every other business department need access to web applications to do their jobs. In fact, new CyberArk research found that in a…

BT launches transformational new security platform to predict and prevent cyberattacks (Intelligent CIO Europe) Business and public sector bodies continue to face an exponential growth in the volume and complexity of cyberattacks, with new research from BT identifying a more than 50% increase in malware traffic over the last six months. Alongside a global shortage of skilled security professionals, organisations around the world are struggling to keep a lid […]

Wi-Fi Management Added into WatchGuard Cloud Enabling MSPs to Simplify Security Service Deployments Across the Company’s Full Technology Portfolio (WatchGuard Technologies) Additionally, new Wi-Fi 6 access points deliver a fast and simplified Wi-Fi experience with enhanced connectivity across wireless and IoT network devices

Business Test Factsheet August-September 2021 (AV-Comparatives) As part of its ongoing Enterprise Main-Test Series, AV-Comparatives has just released a factsheet with the latest test results for its Real-World

Qualys CloudView Adds Security for Infrastructure as Code Enabling DevSecOps Teams to Start Secure and Stay Secure (PR Newswire) Qualys, Inc. (NASDAQ: QLYS), a pioneer and leading provider of disruptive cloud-based IT, security and compliance solutions, today announced it…

Technologies, Techniques, and Standards

Consumer Software Criteria (NIST) As part of its assignment under the Presidential Executive Order on Improving the 

CISA and Partners Coordinate on Security, Combatting Misinformation for Election Day (Dark Reading) CISA will host an election situational awareness room to coordinate with federal partners, state and local election officials, private sector election partners, and political organizations to share real-time information and provide support as needed.

Google Introduces New Open-Source Data Privacy Protocol (SecurityWeek) Google launches Private Set Membership (PSM), an open source cryptographic protocol meant to ensure privacy during specific queries.

Ransomware decryptor roundup: BlackByte, Atom Silo, LockFile, Babuk decryptors released (ZDNet) This follows the release of multiple decryptors over the past few months, including REvil/Sodinokibi.

Digesting the Alphabet Soup – Can EDR and MDR Co-exist? (Infosecurity Magazine) How teams can best leverage a portfolio of detection and response strategies

New Research from One Identity Underscores that Unifying Identity Security is a Critical Step in Managing Identity Sprawl and Improving Overall Cybersecurity (OneIdentity)
Survey of over 1,000 IT Security Pros worldwide reveals that identities have more than doubled
Half of all companies use more than 25 different systems to manage access rights; more than 1 in 5 use more than 100 different systems
Almost two thirds o…

Aussie workers push back on monitoring tech (Technology Decisions) Australians may have allowed the office into their home, expedited by COVID-19, but they draw the line at employers using monitoring technology.

The Importance of Third-Party Risk Assessments in Healthcare (Health IT Security) Jeremy Huval, chief innovation officer at HITRUST, explains the importance of conducting third-party risk assessments to safeguard healthcare organizations.

A tip for delivering customer advocacy at a cybersecurity firm (Enterprise Times) Theresa Jones is the Chief Revenue Officer at NTT Groups Cyber Security Division. She has worked at NTT in sales roles across the organisation having joined initially through Dimension Data. She explained some of the challenges of her new role in a recent interview with Enterprise Times. The key challenges she faces are talent and marketing, something NTT is doing something about.

The Pentagon is moving away from the Joint Regional Security Stacks (C4ISRNet) The Pentagon’s chief information officer has decided to sunset JRSS in the next five years.

Marine Corps Activates Newest Cyber Defense Unit to Secure, Defend Reserve Force in Cyberspace (DVIDS) The Marine Corps has activated a new unit of cyber warriors in New Orleans to combat the ever-increasing threats in cyberspace in an effort to unify all cyber operations across the Corps. Unbeknownst to many, adversaries are disregarding traditional boundaries in attempts to disrupt and degrade communications, as well as, steal critical defense information on a daily basis. This unit is responsible for hardening, defending, and countering those threats for the Reserve Component spread across the United States at 158 Home Training Centers.

Engagement with French liaison, cadets furthers cyberspace security cooperation efforts (DVIDS) U.S. Army Cyber Command (ARCYBER) strengthened its partnership and advanced mutual security cooperation efforts in the information dimension in a meeting with the French liaison officer for the Army’s Cyber Center of Excellence and cadets from the École spéciale militaire de Saint-Cyr (Saint-Cyr Military Academy) here, Oct. 26, 2021.


Marshall U. launches new cyber security institute (Midland Reporter-Telegram) Marshall University has launched its newly formed Institute…

Legislation, Policy, and Regulation

EU to adopt new cybersecurity rules for smartphones, wireless, IoT devices (The Record by Recorded Future) The European Commission has ordered an update to the Radio Equipment Directive in order to introduce new cybersecurity guidelines for radio and wireless equipment sold on the EU market, such as mobile phones, tablets, fitness trackers, and other smart IoT devices.

Eurobites: EU forces device makers to boost cybersecurity (Light Reading) Also in today’s EMEA regional roundup: Sweden’s Enea lands US traffic classification deal; Net Insight synchronizes 5G; why data center architecture rocks.

FCC opens filing window for Huawei rip and replace funds (FierceWireless) “Removing insecure equipment from existing networks after installation is challenging,” said Acting FCC Chairwoman Jessica Rosenworcel.

FTC’s Effort to Strengthen Online Privacy Protections Faces Hurdles (Wall Street Journal) The agency’s plan to protect consumer privacy faces challenges including budget constraints, personnel changes and potential legal pushback.

Presidential Advisers Recommend Agencies Invest in Automating Software Assurance ( The National Security Telecommunications Advisory Committee is about to meet with senior cybersecurity officials from the White House on the issue.

Litigation, Investigation, and Law Enforcement

Israel, France to handle NSO spyware case ‘discreetly’, Israeli official says (Reuters) Israeli Prime Minister Naftali Bennett agreed with French President Emmanuel Macron that the alleged misuse of spyware developed by an Israeli company, including against Macron, would be handled “discreetly”, an Israeli official said on Monday.

U.S. Supreme Court declines to weigh public access to surveillance court rulings (Reuters) The U.S. Supreme Court on Monday declined to consider whether the public has a right to see significant decisions issued by a secretive court that approves government surveillance requests including some that are highly contentious.

Supreme Court won’t hear case seeking more transparency from secretive surveillance court (Washington Post) The Supreme Court on Monday declined to decide whether the public has at least a limited right to review the decisions of a largely secret federal surveillance court whose influence has been growing.

Controversy in Colombia after the complaint that the Ministry of Defense feigned digital sabotage to launch cyber-patrols during the protests (Market Research Telecast) The Foundation for Freedom of Expression (FLIP) of Colombia publicly denounced that the Ministry of Defense had feigned a digital attack on official accounts in…

The Demise of White House Market Will Shake Up the Dark Web (Wired) The popular marketplace’s closing leaves a big hole in the billion-dollar industry of illegal drugs, credit card and bank fraud, forged documents, and more.

Signal Provides Only Two Timestamps as Response to Grand Jury Subpoena (SecurityWeek) Signal says it can provide only a couple of timestamps in response to a grand jury subpoena for user data that it recently received from the District Court for the Central District of California.

Atlanta Man Charged for Role in BEC Fraud Scheme (SecurityWeek) Christian Akhatsegbe allegedly harvested credentials using phishing emails, then accessed the compromised accounts to send fraudulent invoices.

Teslas, Jet Skis And A $15 Million Fortune: The DOJ Says A 25-Year Army Vet Got Rich Off Dark Web Psychedelics (Forbes) A 30-year military veteran quietly became one of the more successful dark web narcotics dealers in history, according to the DOJ, with a $15 million fortune, and sales of liquid mushrooms worth more than $140 million in Bitcoin today.


Source link