Help request. My brother has Stage 4 colorectal cancer.

His life insurance has refused to pay out on a technicality, meaning he and his loved ones cannot afford the mortgage on their home.

I've never asked for anything in return for infosec stuff, but if you have anything spare, please chuck it this direction instead:

https://gofund.me/b9a0d8f4

Here is a thread to watch on the /r/sysadmin/ at Reddit. Apparently, a number of Microsoft shops are getting a ton of alerts about credentials being leaked or compromised for Entra, MS's cloud-based identity and network access solution. Some report getting those accounts that caused alerts locked out. I suppose this could be some kind of glitch or false positive on MS's end....

https://www.reddit.com/r/sysadmin/comments/1k2pmkz/new_entra_leaked_credentials_no_breach_on_hibp_etc/?share_id=Wy8kDMc84FCgo1Jxr8AM5&utm_content=2&utm_medium=ios_app&utm_name=ioscss&utm_source=share&utm_term=1

Proofpoint Threat Research has additional observations to share related to Kaspersky’s CloudSorcerer research (https://securelist.com/cloudsorcerer-new-apt-cloud-actor/113056/). ⤵️

In late May 2024, we observed a campaign against a US-based organization using a freemail account spoofing a well-known US think tank organization using a fake event invitation as a lure.

The activity observed overlaps with the details in the Kaspersky report. We attribute this activity to a cluster currently tracked as UNK_ArbitraryAcrobat.

The malicious emails included a link to a ZIP file hosted on acrobat-inst[.]com.

If the ZIP file is downloaded and opened, a user is presented with a folder and 3 LNK files, all of which can be used to start the chain of malicious activity.

The LNKs will launch either the PDF or Word Document embedded in the folder, rename various components in the folder to new names, and then launch an embedded executable file, cache.tmp.

Upon execution, the loaded process reaches out to GitHub or TechNet profiles to fetch a hex-style blob in the profile with the same CDOY markers referenced in Kaspersky’s research.

The ZIP file contained duplicative components and contained references to MacOS but no logic to execute on such devices. We have not yet been able to find other LNK files with similar metadata or logic.

Korean telco allegedly infected its P2P users with malware

KT may have had an entire team dedicated to infecting its own customers A South Korean media outlet has alleged that local telco KT deliberately infected some customers with malware due to their excessive use of peer-to-peer (P2P) downloading tools.…
#theregister #IT
https://go.theregister.com/feed/www.theregister.com/2024/06/27/kt_p2p_malware_claim/

Every time I do tech support for my family I get very angry about people who whine about lacking "tech literacy".

90% of the stuff I have to teach them is how to navigate manipulative software and dark patterns. This has nothing to do with tech, but with capitalism. Tech is not complicated, it is just made maximally confusing on purpose to remove agency.

Better tech ed won't fix this.