And so, the fabled Oxfordshire adage rings true again. Yes, revenge truly is a main course best dished up in the Wembley sunshine, in front of a 30,000-strong yellow wall, and with a Championship spot to contest.

Well, at least that could have been Des Buckingham’s message to Oxford’s players as they wandered out to face a team who had swatted them aside by five goals in mid-March. Because what followed cackled in the face of Bolton’s “clear favourites” tag. Josh Murphy sparkled, scoring twice in the first half, and Oxford were promoted.

Continue reading...

💾

© Photograph: Jacques Feeney/Offside/Getty Images

💾

© Photograph: Jacques Feeney/Offside/Getty Images

• Updates from the 4.15pm BST kick-off at Wembley
• Have any thoughts? Send them to Will via email

Des Buckingham: “This is the most special day. I grew up in the area.

“We stuck to what we have done over the past two or three months. It is about enjoying the present.

Continue reading...

💾

© Photograph: Andrew Kearns/CameraSport/Getty Images

💾

© Photograph: Andrew Kearns/CameraSport/Getty Images

Source: www.proofpoint.com – Author: 1 Source: Thongden Studio via Shutterstock A likely Chinese threat actor is using a recent variant of the notorious Gh0st RAT malware to try and steal information from artificial intelligence experts in US companies, government agencies, and academia. Researchers at security vendor Proofpoint first spotted the campaign earlier this month and […]

La entrada US AI Experts Targeted in SugarGh0st RAT Campaign – Source: www.proofpoint.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

The US government has announced charges, seizures, arrests and rewards as part of an effort to disrupt a scheme that generates revenue for North Korea.

The post Woman Accused of Helping North Korean IT Workers Infiltrate Hundreds of US Firms appeared first on SecurityWeek.

Source: www.darkreading.com – Author: Jai Vijayan, Contributing Writer Source: Thongden Studio via Shutterstock A likely Chinese threat actor is using a recent variant of the notorious Gh0st RAT malware to try and steal information from artificial intelligence experts in US companies, government agencies, and academia. Researchers at security vendor Proofpoint first spotted the campaign earlier […]

La entrada US AI Experts Targeted in SugarGh0st RAT Campaign – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: www.infosecurity-magazine.com – Author: 1 UK organizations are trailing their European counterparts on time to remediate software flaws in the US Known Exploited Vulnerability (KEV) catalog, according to a new report from Bitsight. The security vendor reviewed the security posture of 1.4 million entities, excluding cloud and other service providers, to compile its report, A […]

La entrada UK Lags Europe on Exploited Vulnerability Remediation – Source: www.infosecurity-magazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Google releases Chrome 125 to the stable channel with patches for nine vulnerabilities, including a zero-day.

The post Third Chrome Zero-Day Patched by Google Within One Week appeared first on SecurityWeek.

Google has patched CVE-2024-4761, the second exploited vulnerability addressed by the company within one week.

The post Google Patches Second Chrome Zero-Day in One Week appeared first on SecurityWeek.

I don't know why YouTube is serving me all these concerts right now, but I'm not complaining. Here's Soundgarden - Hyde Park - Hard Rock Calling 7-13-2012 - Pro Shot (HQ) Full Show [1h54m], arguably the band at the height of their career after taking a break and reforming. This concert is shortly before the release of their final album King Animal.

SETLIST: 01 Searching With My Good Eye Closed 02 Spoonman 03 Gun 04 Jesus Christ Pose 05 Black Hole Sun 06 Outshined 07 Hunted Down 08 Drawing Flies 09 Blow Up the Outside World 10 Fell on Black Days 11 Ugly Truth 12 My Wave 13 The Day I Tried to Live 14 Beyond the Wheel 15 Let Me Drown 16 Pretty Noose 17 Superunknown 18 4th of July Encore 19 Rusty Cage 20 Slaves & Bulldozers/(In My Time of Dying)

A Chrome 124 update patches the second Chrome zero-day that has been found to be exploited in malicious attacks in 2024.

The post Exploited Chrome Zero-Day Patched by Google appeared first on SecurityWeek.

If you need to keep your data on your network but still want the power and convenience of GitGuardian, we've got you covered.

The post Understanding GitGuardian’s Self-Hosted Solution appeared first on Security Boulevard.

I have spoken at several TED conferences over the years.

• TEDxPSU 2010: “Reconceptualizing Security”
• TEDxCambridge 2013: “The Battle for Power on the Internet”
• TEDMed 2016: “Who Controls Your Medical Data?”

I’m putting this here because I want all three links in one place.

CISA says a critical GitLab password reset flaw is being exploited in attacks and roughly 1,400 servers have not been patched.

The post 1,400 GitLab Servers Impacted by Exploited Vulnerability appeared first on SecurityWeek.

Palo Alto Networks has shared remediation instructions for organizations whose firewalls have been hacked via CVE-2024-3400.

The post Palo Alto Networks Shares Remediation Advice for Hacked Firewalls appeared first on SecurityWeek.

The founders and CEO of Samourai Wallet, Keonne Rodriguez, and William Lonergan Hill, have been apprehended and charged with serious offenses related to money laundering and unlicensed money transmitting.  The money laundering charges stem from the alleged operation of Samourai Wallet as an unlicensed money-transmitting business, facilitating over $2 billion in illicit transactions and laundering more than $100 million in criminal proceeds.  Previously, Samourai Wallet was a prominent mobile Bitcoin wallet prioritizing user privacy and security. The crypto app was a popular choice among crypto users that aligns with Bitcoin's core principles of decentralization, financial privacy, transparency, security, and fungibility.

Samourai Wallet Operator Arrest and Assets Seized

[caption id="attachment_64836" align="alignnone" width="624"] Source: justice.gov[/caption] The announcement of the Samourai Wallet operator arrest was made jointly by Damian Williams, the United States Attorney for the Southern District of New York; Thomas Fattorusso, the Special Agent in Charge of the New York Field Office of the Internal Revenue Service, Criminal Investigation (IRS-CI); and James Smith, the Assistant Director in Charge of the New York Field Office of the Federal Bureau of Investigation (FBI). According to the indictment, Rodriguez and Hill were actively involved in developing, marketing, and operating the Samourai Wallet, which served as a conduit for illegal financial activities, including transactions originating from notorious dark web markets like Silk Road and Hydra Market. Rodriguez was arrested in Pennsylvania, while Hill was apprehended in Portugal based on the charges filed in the United States. Efforts are underway to extradite Hill to face trial in the U.S. District Court. The case has been assigned to U.S. District Judge Richard M. Berman. Rodriguez, 35, of Harmony, Pennsylvania, and Hill, 65, were charged with conspiracy to commit money laundering and conspiracy to operate an unlicensed money-transmitting business, carrying maximum sentences of 20 years and five years in prison, respectively.

The Crackdown of Samourai Wallet Operators

The crackdown on Samourai Wallet extends beyond the arrests of its operators. In collaboration with authorities in Iceland, the web servers and domain associated with Samourai Wallet were seized, along with a seizure warrant served on the Google Play Store, preventing further downloads of the Samourai mobile application in the United States. U.S. Attorney Damian Williams emphasized the gravity of the allegations, stating that Rodriguez and Hill knowingly facilitated large-scale money laundering through Samourai Wallet, providing criminals with a platform to conceal the origins of illicit funds.  “Rodriguez and Hill allegedly knowingly facilitated the laundering of over $100 million of criminal proceeds from the Silk Road, Hydra Market, and a host of other computer hacking and fraud campaigns. Together with our law enforcement partners, we will continue to relentlessly pursue and dismantle criminal organizations that use cryptocurrency to hide illicit conduct”, said Williams According to the indictment, Rodriguez and Hill began developing the Samourai Wallet around 2015, offering users a mobile application for managing their cryptocurrency assets. The application, downloaded over 100,000 times, allowed users to store their private keys while employing centralized servers to facilitate transactions. Samourai Wallet offered features such as "Whirlpool," a cryptocurrency mixing service, and "Ricochet," which added unnecessary intermediate transactions to obscure the source of funds. The indictment further alleges that Rodriguez and Hill actively promoted the Samourai Wallet as a tool for criminals to evade detection and launder money. Social media posts and marketing materials indicated their awareness of the illicit use of their platform, with references to servicing individuals engaged in criminal activities. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

CISA warns organizations of a two-year-old Windows Print Spooler vulnerability being exploited in the wild.

The post CISA Warns of Windows Print Spooler Flaw After Microsoft Sees Russian Exploitation appeared first on SecurityWeek.

In a federal courtroom today, a Florida man received a 48-month prison sentence for his involvement in laundering the proceeds of scams targeting American consumers and businesses, revealing the grim realities of transnational fraud and its impact on victims.

Niselio Barros Garcia Jr., 50, of Winter Garden, was part of a network that laundered funds obtained through various fraudulent schemes, including romance scams, business email compromises, and other fraud tactics.

Money Laundering Scam Details

Court documents revealed that Garcia provided bank accounts to his co-conspirators, who used them to receive proceeds from these scams. Subsequently, Garcia transferred the illicit funds in Bitcoin through a cryptocurrency exchange to co-conspirators located in Nigeria. Romance scams involve perpetrators creating fake online personas to exploit victims emotionally and financially, while business email compromises entail criminals hacking or spoofing business email accounts to initiate fraudulent money transfers. These schemes inflict not only significant financial losses but also profound emotional and psychological impacts on victims. Garcia, who pleaded guilty to conspiracy to commit money laundering in January, admitted to personally laundering over $2.3 million of criminal proceeds. As part of his sentence, Garcia was ordered to forfeit $464,923.91 in proceeds that he personally received from the offense. Despite Garcia's conviction, four additional defendants charged in the scheme remain at large.

Department of Justice's Commitment to Combat Fraud

Principal Deputy Assistant Attorney General Brian Boynton emphasized the Department of Justice's commitment to prosecuting transnational fraud and those who facilitate it. Boynton highlighted the crucial role of third-party money launderers in enabling large-scale transnational fraud schemes. By facilitating the concealment of illicit profits, these individuals contribute to the perpetuation of fraud networks. “This case demonstrates the department’s continued commitment to prosecuting transnational fraud and those who knowingly facilitate it,” said the head of the Justice Department’s Civil Division. “By facilitating the concealment of illicit profits, third-party money launderers enable large-scale transnational fraud schemes. This case underscores the department’s commitment to protecting consumers and disrupting the infrastructure that makes these crimes lucrative,” he added further. The case was investigated by the FBI Buffalo Field Office, underscoring the collaborative efforts of law enforcement agencies to combat financial fraud. Trial Attorneys Lauren M. Elfner and Matthew Robinson of the Civil Division’s Consumer Protection Branch prosecuted the case, reflecting the Justice Department's dedication to holding perpetrators of financial fraud accountable. Amidst the prevalence of such scams, the Justice Department operates the National Elder Fraud Hotline (1-833-FRAUD-11 or 1-833-372-8311) to provide support to victims aged 60 and older who have experienced financial fraud. Managed by the Office for Victims of Crime, the hotline offers personalized assistance by assessing the needs of victims and guiding them through the reporting process. Case managers help victims connect with appropriate reporting agencies, provide information on reporting procedures, and offer referrals and resources on a case-by-case basis. The hotline, available Monday through Friday from 10:00 a.m. to 6:00 p.m. ET in English, Spanish, and other languages, emphasizes the importance of reporting fraud to help authorities identify and prosecute perpetrators and increase the chances of recovering losses. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

CrushFTP patches a zero-day vulnerability allowing unauthenticated attackers to escape the VFS and retrieve system files.

The post CrushFTP Patches Exploited Zero-Day Vulnerability appeared first on SecurityWeek.

Shadowserver has identified roughly 6,000 internet-accessible Palo Alto Networks firewalls potentially vulnerable to CVE-2024-3400.

The post Thousands of Palo Alto Firewalls Potentially Impacted by Exploited Vulnerability  appeared first on SecurityWeek.

Microsoft warns that several OpenMetadata vulnerabilities are being exploited to deploy cryptomining malware to Kubernetes environments.

The post OpenMetadata Vulnerabilities Exploited to Abuse Kubernetes Clusters for Cryptomining   appeared first on SecurityWeek.

Palo Alto Networks firewall vulnerability CVE-2024-3400 increasingly exploited after PoC code has been released. 

The post Exploitation of Palo Alto Firewall Vulnerability Picking Up After PoC Release appeared first on SecurityWeek.

One bill would require apps like Instagram and TikTok to prioritize young people’s safety, and the other would restrict the collection of consumer data.

© Michael Dwyer/Associated Press

On February 9, 2024, the Justice Department announced that an international operation had seized internet domains that were selling information-stealing malware. Federal authorities in Boston seized www.warzone.ws and three related domains, which sold the Warzone RAT malware.

The Warzone RAT malware, a sophisticated Remote Access Trojan (RAT), enabled cybercriminals to browse victims’ file systems, take screenshots, record keystrokes, steal victims’ usernames and passwords, and watch victims through their web cameras, all without their knowledge or permission.

On February 7, 2024, two suspects were arrested in Malta and Nigeria, accused of selling the malware and supporting cybercriminals who used it for malicious purposes.

The operation was led by the FBI, and supported by Europol and the Joint Cybercrime Action Taskforce (J-CAT).

Anyone who is a victim of a Warzone RAT computer intrusion is urged to report it to the FBI via its Warzone RAT Victim Reporting Form.

Signs of infection

There are some know Indicators of Compromise (IOCs) for recent versions of the Warzone RAT (aka AveMaria Stealer):

SHA 256 hashes:

0246d4eb99473ba449b98548167d0767b68b075749a8962d0573851f505689b5

19dba570adb979d9063882d8dd6d880d1f37f25e600cc07097646946ebc947a2

7de4fbda4834453be39c6e20697ab0cde46cf417c953a2f1ba3ab63442d49981

94f836d1cd5bfe8a245a0b66076c86506f53b2fae38ed5da7b2f13cfa07b6cac

b66c5ebef83e48811156c3499b79c798c178d5655d6448403cb070061aba4f4d

dd1fa6cb67aa97468e62afeec6bfa9c1cb52f5acf029ab77a0fdd2e34cd50a21

de492c6384df2afd8c36f3f8ca910d93a21a2981b3c3a80e8a858d643122d488

Warzone RAT is usually spread by emails that use social engineering methods to trick the receiver into downloading and triggering the infection.

General signs that a RAT is active on your system may be:

• A slow computer and seemingly slow internet connection.
• Unknown processes in Task Manager.
• Missing or altered files on your system.
• Unknown entries in the list of installed programs/software.

Prevention

To keep RATs off your systems, the most general rules of security apply:

• Keep your software and internet connected devices updated.
• Only download apps and other software from trusted sources.
• Be careful about which sites you visit and which emails you open.
• Never open unsolicited email attachments.
• Use an up-to-date anti-malware solution.

Malwarebytes and ThreatDown products will detect the Warzone RAT as:

• Trojan.MalPack.PNG.Generic
• Trojan.MalPack.MSIL.Generic
• Generic.Malware.AI.DDS
• Malware.AI.2990474738
• Trojan.MalPack

---

Our business solutions remove all remnants of ransomware and prevent you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.