Phishing platform Rockstar 2FA trips, and “FlowerStorm” picks up the pieces

Former members tied to the Black Basta ransomware operation have been observed sticking to their tried-and-tested approach of email bombing and Microsoft Teams phishing to establish persistent access to target networks. “Recently, attackers have introduced Python script execution alongside these techniques, using cURL requests to fetch and deploy malicious payloads,” ReliaQuest said in a report

There’s a follow-up to the Helsinki incident affecting hundreds of thousands of children and adults in 2024. The government has finished its investigation and published its findings and recommendations. From their press release: The City of Helsinki’s Education Division (KASKO) was targeted by a serious data breach in spring 2024. As a consequence of the…

Updates include novel abuse of recruitment platforms, modified infection chains, and expansion into a hybrid operation that combines data theft and ransomware deployment

Phillip Sitter and William Morris report and update on a case in Iowa where security researchers were arrested — for doing what they had been hired to do. Add this to any list of legal threats researchers face. Dallas County is paying $600,000 to two men who sued after they were arrested in 2019 while testing……

Annie Grayer and Sean Lyngaas report: Suspected Chinese hackers have broken into the email accounts of attorneys and advisers at a powerful Washington, DC, law firm in an apparent intelligence-gathering operation, the firm, Wiley Rein, told clients this week in a memo reviewed by CNN. The hackers responsible have been known to target information related…

Major Chinese Router Manufacturer Facing Increased Scrutiny After Chinese EspionageU.S. authorities have launched multiple investigations while reportedly considering banning the widely popular Chinese-manufactured TP-Link routers amid ongoing security risks linked to Chinese cyberespionage and hacking campaigns targeting American critical infrastructure sectors.