Swiss authorities have arrested a Ukrainian national who is believed to be the leader of the Zeus botnet hacker group. The hacker was on the FBI wanted list. More: - The suspect, named Vyacheslav Igorevich Penchukov, is now awaiting extradition to the U.S.
- Penchukov and eight other members of the Zeus botnet group allegedly infected thousands of computers with Zeus. The malware is capable of stealing passwords, account numbers, banking credentials, etc.
- After gaining access to bank accounts illegally, the hackers would redirect salary payments from the firm's payroll toward numerous individuals who weren't a part of the company and stole the funds.
- The original Zeus malware was allegedly created by an anonymous individual known by the handle "lucky12345."
- Two members of the group were sentenced to two years in prison after being extradited to the U.K. in 2014.
| |
The Lazarus group is using the Dtrack backdoor to attack targets in Europe and Latin America. DTrack allows criminals to upload, download, start or delete files on the victim host. More: - DTrack first retrieves the payload by reading it from an offset within the file. After retrieving the location of the next stage and its key, the malware then decrypts the buffer. The DTrack toolset has a keylogger, a screenshot maker, and a module for gathering victim system information. By having access to these tools, threat actors can move laterally in order to steal information.
- The malware targets sectors such as education, chemical manufacturing, governmental research centers, policy institutes, IT service providers, utility providers, and telecommunication firms.
- In terms of countries, the group is using DTrack to target organizations in Germany, Brazil, India, Italy, Mexico, Switzerland, Saudi Arabia, Turkey, and the United States.
- Lazarus has not changed most of the backdoor's content since it was first tracked back in 2019, but the fact that the group is still deploying it means that it has confidence in its ability to breach its targets.
Zoom Out: - U.S. authorities consider Lazarus group to be backed by the North Korean government. The group has been active since 2010 and is responsible for many cyberattacks against private and public organizations.
- In March 2022, the hacker group infamously stole over $600M from Axie Infinity, a blockchain-based game. Only $30M was recovered after the breach, with the rest of the funds still not retrieved.
- The group is known for the WannaCry Ransomware attack, a hacking campaign that affected 200,000 devices in 150 countries. The attack lasted for more than nine hours.
| |
 A message from SECURITY COMPASS The only secure developer training that is accredited by (ISC)² Explore role-based, language-specific, secure developer training that meets developers where they are in their knowledge and learning style to ensure they successfully develop and apply secure coding skills. Go beyond secure coding training. Retain talent, remain competitive, and stay compliant. Choose over 50 cybersecurity courses covering topics including: - AppSec Fundamentals
- Secure Coding
- Secure Mobile
- Compliance, PCI-DSS, CCPA, HIPAA
- Operational Security, like DevSecOps Fundamentals and DevSecOps for Managers
Influence developers to adopt secure coding without getting in their way. Learn more
| |
Google has won a lawsuit against two Russian nationals who operated the glupteba botnet. The Glupteba malware could steal user credentials and other data, mine cryptocurrencies, and turn compromised devices into proxies. More: - Glupteba managed to affect over 1 million Windows devices, stealing user credentials, mining cryptocurrencies, and turning these compromised devices into proxies.
- By filing the lawsuit, Google attempted to stop the malware's hosting and infrastructure provider, placing warning pages in front of malicious domains, terminating tens of millions of Google Docs used to distribute the malware, shutting down thousands of Google accounts used by the cybercriminals, and warning users before downloading malicious files.
- The Southern District of New York granted Google the right to have its defense fees paid back.
- The two defendants may be extradited to the U.S. if they travel to countries that have an extradition treaty with the U.S. government.
| |
Akeyless Security has raised a $65M Series B to offer safe storage for company secrets. The product is used by Wix, Cimpress-VistaPrint, Outbrain, etc. More: - Akeyless Security offers a Secrets Management-as-a-Service platform. This platform is centralized and maintenance-free.
- The company has Fortune 50 clients as well as small and mid-sized businesses.
- The round was led by NGP Capital, with participation from existing investors Team8 Capital and Jerusalem Venture Partners. This funding takes the total amount raised by the company to $80M.
- Akeyless is based in Tel Aviv, Israel.
| |
 A message from DELL Tech Savings Keep Coming! Dell's Black Friday deals are here to help you from client systems to infrastructure hardware. We have your startup covered with the best scalable technology. Our most powerful 13-inch XPS laptop is up to twice as powerful as before* in the same size. It features 12th Gen Intel® Core™ processors and the latest battery technology, providing long battery life in a lightweight design—all for a stunning combination of speed, performance, and premium mobility. Plus, dual fans are now larger, providing up to 55% more airflow* and in turn, enabling a more powerful system in the same size without increasing noise or temperature. Inside members can save up to 50% off on Dell orders when connected to a Startup Advisor. For more information go to www.dell.com/inside or contact us at startups@dell.com. Claim your discount
| |
Eye Security has raised a $17.6M funding round to offer subscription-based all-in-one cybersecurity services. Bessemer Venture Partners, an investor in Shopify, Pinterest, and Linkedin, led the round. More: - Eye Security provides enterprise-grade 24/7 risk monitoring, response, and cyber insurance services in Europe. The company's monitoring software scans clients' systems for anomalies and warns them whenever a risk is imminent. The product also alerts the client when their software is outdated.
- The company offers three pricing plans: Cyber Guard ($9.31 per employee per month), Cyber Guard Plus ($10.35), and Cyber Guard Insured (Custom price).
- The Hague-based company has worked with companies such as KeyTec Netherlands, Van der Most Transport, Signature Foods, etc.
| |
Quick Hits: - Apis Cor holds the current Guinness World Record for the largest 3D-printed building on Earth. Invest in the future of construction.*
- Hundreds of databases from the Amazon relational database service have been exposed. The service is used to create database backups, making the leak particularly dangerous for its users.
- A new report shows that 44% of companies plan to cut back on their cybersecurity spending next year as a result of the macroeconomic conditions.
- The Open Source Security Foundation has adopted the Secure Supply Chain Consumption Framework, a framework built by Microsoft meant to help mitigate cybersecurity risks.
- A group of Senate Democrats is calling for an investigation over Twitter's security practices. The investigation would focus on the timeline since Elon Musk took control of the company.
*This is sponsored content.
| |
Upcoming events at Inside:
| |
 |  | Arbër is an Inside writer who also has experience in entrepreneurship. He has experience covering Consumer Tech, Venture Capital, NFTs, Crypto, etc. Arbër holds a Bachelor's degree in Business from XAMK University in Finland. When he is not reading(and writing) business news, he chooses to watch sports or anime...and then read news about sports or anime. |   | | Editor | Aaron Crutchfield is based in the high desert of California. Over the last two decades, he has spent time writing and editing at various local newspapers and defense contractors in California. When he's not working, he can often be found looking at the latest memes with his kids or working on his 1962 and 1972 Fords. | |
Security Compass delivers best-practice, role-based, accredited eLearning solutions. | |
| |
