NIST published a draft framework for the security non-fungible tokens (NFTs)
IR 8472, Non-Fungible Token Security | CSRC
Catalin Cimpanu
campuscodi@mastodon-social.mostr.pub
npub1tqfu...aefw
Cybersecurity reporter for Risky Business
#infosec #cybersecurity #security
Security firm WithSecure has discovered a new threat actor named DUCKPORT focused on infecting users with malware in order to hijack accounts that have access to Facebook's advertising and business platforms.
WithSecure says the group is based in Vietnam and appears to have spun out of a group named DUCKTAIL.
Meet the Ducks: Vietnamese threat groups targeting Meta Business accounts
In this report we share an overview of current and emerging threats surrounding Meta's ad ecosystem that are pre-dominantly originating out of Viet...
PyPI malware found last month linked to Lazarus/DPRK: 
DPRK hackers are known to use malicious libraries for their attacks, but have previously been linked to npm only: 
ReversingLabs
VMConnect supply chain attack continues, evidence points to North Korea | ReversingLabs
ReversingLabs researchers discovered more packages that are part of the previously identified VMConnect campaign, and evidence linking the campaign...
The GitHub Blog
Security alert: social engineering campaign targets technology industry employees
GitHub has identified a low-volume social engineering campaign that targets the personal accounts of employees of technology firms. No GitHub or np...
Rest of the World has published an article showing how the accounts of Chinese dissidents get flooded with spammy adult content every time they post something critical of the regime: 
Something similar happened last year when Chinese porn spam bots flooded the site in an attempt to mask news of anti-Covid protests in China: https://www.washingtonpost.com/technology/2022/11/27/twitter-china-spam-protests/
Rest of World
Chinese sextortion scammers are flooding Twitter
Scammers are targeting Chinese-language users, harassing political dissidents and influential figures.
GCHQ’s National Cyber Security Centre and international partners share technical details about Infamous Chisel, new malware used to target the Ukrainian military
UK and allies support Ukraine calling out Russia
Malware, dubbed Infamous Chisel, enables unauthorised access to compromised Android devices.
AhnLab researchers have published a report on Andariel's latest campaigns and operations.
The report covers malware like NukeSped variant Volgmer, Andardoor, AndarLoader, DuarianBeacon, TigerRAT, Black RAT, Goat RAT, and the Troy reverse shell.
That's quite the arsenal.
ASEC
Analysis of Andariel’s New Attack Activities - ASEC
Analysis of Andariel’s New Attack Activities ASEC
Wired has published an exposé on Bentley, a Russian national named Maksim Sergeevich Galochkin, who leads a software development team inside the Trickbot cybercrime group: 
Nisos, which helped Wired with its article, has also published a report showcasing that Trickbot was working with the Russian FSB intelligence agency in some sort of capacity: 
WIRED
Unmasking Trickbot, One of the World’s Top Cybercrime Gangs
A WIRED investigation into a cache of documents posted by an unknown figure lays bare the Trickbot ransomware gang’s secrets, including the ident...
Nisos
Trickbot in Light of Trickleaks Data
Revealing Trickbot's ties to the Russian government and unraveling the true identity of 'bentley' through in-depth analysis of Trick...
Smishing Triad group has collected the personal and financial data of more than 108,000 victims
Resecurity | "Smishing Triad" Targeted USPS and US Citizens for Data Theft
Apparently, Huntress had developed a QakBot vaccine they were using to prevent infections
"Come the end of December 2022, we dropped the number of new Qakbot infection reports down to practically zero."
Huntress
Qakbot Malware Takedown and Defending Forward | Huntress
With the FBI's takedown of Qakbot malware, we're sharing how the Huntress team developed our own Qakbot vaccine and our commitment to defend forward.
Talks from the x33fcon Europe 2023 security conference, which took place at the end of May, are now available on YouTube.
https://www.youtube.com/playlist?list=PL7ZDZo2Xu3332bKrXyCb0VEg52nqmMAcv
InQuest researchers look at the history of Antibot, an open-source tool that started as a GitHub project but is now one of the go-to solutions used to filter bot and authentic traffic on phishing sites and other malware control panels.
OPSWAT
Advanced Network Detection & Response - MetaDefender NDR - OPSWAT
Our Network Detection and Response is purpose-built to help your SOC team operate at peak efficiency. Talk to an expert about MetaDefender NDR today.
Netenrich researchers look at new versions of ADHUBLLKA, a ransomware strain used to target individuals and small businesses with small ransom demands ranging from $800 to $1,600.
Identifying ADHUBLLKA Ransomware: LOLKEK, BIT, OBZ, U2K, TZW Variants
Netenrich threat researchers discuss the methods and techniques used to discover and classify a newly found ransomware strain of the ADHUBLLKA family.
An investigation by web developer Travis Brown has found that around 70% of Elon Musk's Twitter followers are likely bot accounts there to just inflate his follower numbers.
Raw data: 
Article: 
Gist
elonmusk-followers.md
GitHub Gist: instantly share code, notes, and snippets.
Mashable
Elon Musk's X follower count bloated by millions of new, inactive accounts
We took a close look at Elon Musk's more than 150 million followers on X aka Twitter. What we found is…concerning.
Security researchers from watchTowr have published a technical analysis and proof-of-concept code for CVE-2023-36844, an RCE in Juniper SRX and EX devices.
watchTowr Labs
CVE-2023-36844 And Friends: RCE In Juniper Devices
As part of our Continuous Automated Red Teaming and Attack Surface Management technology - the watchTowr Platform - we're incredibly proud of our a...
Security researchers who attended the Black Hat and DEFCON security conferences in Las Vegas at the start of the month and stayed at the Caesars Palace Hotel and Casino should be aware that cases of Legionnaires' disease had been reported among hotel guests.
Southern Nevada Health District
Southern Nevada Health District conducting Legionnaires’ disease investigation at Caesars Palace Hotel and Casino
Russian hackers have disrupted the services of Poland's national railway system
Ticker
Hackers bring down Poland’s train network in massive cyber attack
Polish intelligence agencies are currently conducting an investigation into a cyberattack that targeted the country’s railway infrastructure,...
Reddit seems to believe 7-Zip's website was hacked
https://old.reddit.com/r/windows/comments/1614g3o/did_7zip_get_hacked_server_distributing_different/
