Plus: Italy is being targeted with a phishing campaign
| Part of  Network | |
 Presented by  |
A Russian hacker group tracked as Cold River APT targeted three nuclear research centers in the U.S. in 2022. The campaigns happened between August and September. More: - The Cold River APT group targeted the Brookhaven, Argonne, and Lawrence Livermore national laboratories.
- The hacker group created fake log-in pages and sent them to nuclear scientists, attempting to steal their credentials through phishing.
- Neither representatives from the laboratories nor security researchers have been able to confirm if the hacking campaign was successful and, if so, what data was stolen.
- Also known as Calisto, Cold River APT has become increasingly more active ever since the war in Ukraine began in February 2022.
- The threat actor has attacked NATO, U.S. NGOs, Ukrainian defense contractors, etc.
| |
Dark-web drug marketplaces are creating custom Android apps to evade detection. The trend gained momentum after Hydra, the world's largest online drug marketplace, was shut down. More: - At least 10 darknet markets have been created, hoping to fill the gap left by Hydra's shutdown.
- All of the apps being used were built on the M-Club CMS engine on Android.
- By using an app, threat actors can send the location of their package without having to be present at the moment of the exchange.
- These 10 drug markets are tracked as follows:
- RuTor (291,000 subscribers)
- WayAway (162,000)
- Legalizer (161,000)
- OMG! (75,000)
- Solaris (60,000), etc.
- Some of the apps that are being used are:
- Yakudza
- TomFord24
- 24Deluxe
- PNTS32, etc.
- Overall, illegal drug marketplaces had nearly 1 million new subscribers in 2022.
| |
 A message from SUPERSIDE 450+ companies are getting high-quality creative assets fast… Without increasing their headcount And guess what - they’re all world class, executing on graphic design projects for clients like Amazon, Meta, and Epic Games. That’s the whole ethos of Superside, to delight you with top-notch graphic design projects at a fraction of the cost. More affordable than an agency, more reliable than freelancers: With Superside, you’ll get a team of creative wizards who are at-the-ready to deliver you creative solutions on time, every time. - Heinous deadline? Superside starts working in as little as 30 minutes
- Ultra-thin budget? Know what you’ll be paying before projects get underway
- One-of-a-kind project? Superside hires the top 1% of creatives to deliver you blue-chip designs
Don’t just take our word for it. See how Superside satisfies the most unique creative asks and demo it today. Book Your Free Demo
| |
GitHub has launched a new security feature that lets developers scan their code for any possible security flaws. The feature currently only works for Python, JavaScript, and Ruby repositories. More: - To access this new option, developers have to follow a few steps:
- Find Code security and analysis in settings
- Click the "Set up" drop-down menu, and choose the Default option.
- Click on Enable QL.
- Once users click on Enable QL, the tool will start tracking vulnerabilities in the repository.
- Code scanning is free for all public repositories, and it's also available as a GitHub Advanced Security feature for GitHub Enterprise private repositories.
| |
Italy is being targeted with a new hacking campaign that aims to steal crypto wallet information. Hackers are using phishing as a threat vector. More: - Once the victim clicks the link, a password-protected ZIP file named "IT_Fattura_n99392.zip" is downloaded into the device's local storage.
- Once the file is opened, a script is installed into the device, and the malware is deployed.
- The hacking campaign can steal metadata and information such as cookies, bookmarks, credit cards, downloads, and credentials, as well as several cryptocurrency wallets. Some of the liable cryptocurrencies and crypto wallets are:
- Bitcoin
- Zcash
- Ethereum
- Monero
- Litecoin
- Coinbase, etc.
- All of this information is transmitted to a remotely controlled domain that is in the hands of the threat actor.
| |
The Department of Homeland Security and CISA are developing an AI-powered cybersecurity collaborative defense tool. The tool will be used to test different artificial intelligence algorithms. More: - This project is meant to develop a next-generation analytics ecosystem for strategic and critical cybersecurity problem-solving that incorporates on-premises and virtual computing environments.
- The tool will be used to support datasets, tools, and collaboration for other security missions.
- The sandbox will be named The CISA Advanced Analytics Platform for Machine Learning.
- CAP-M will build and automate the ML solution loop and then automate the workflows.
| |
Quick Hits: - Delight your family, guests, or team like never before with Vestaboard, the award-winning messaging display. Learn more.*
- Zoom has patched several security flaws. The bugs affected Windows and macOS devices and could have allowed threat actors to gain unauthorized device privileges.
- Victor Zhora, chief digital transformation officer at the State Service of Special Communication and Information Protection of Ukraine, has stated that Russia's cyberattacks against Ukraine should be treated as war crimes by international law.
- Researchers are warning that hackers have begun creating malware campaigns using ChatGPT, the famous AI conversational tool that has recently gone viral.
- Researchers have discovered a new vulnerability in the JsonWebToken open-source project. The vulnerability, which could enable hackers to have remote code execution privileges, is being tracked as CVE-2022-23529.
- Low email open rates? Test out these 4 workflow strategies to get higher open rates — up to 300% more.*
*This is sponsored content.
| |
Upcoming events at Inside: - January 10 - Inside Startups Coffee Break (Register Here)
- January 12 - AMA with Gun.io - Building and managing software development teams w/ Deividi Silva (Watch On Demand)
- January 13 - AMA with LinearB - Improving workflow for developers w/ Ori Keren (Watch On Demand)
- January 17 - Inside Marketing Coffee Break (Register Here)
- January 18 - Inside Interview with Lacework - 4 Common Attack Paths in Cloud Security (Register Here)
| |
 |  | Arbër is an Inside writer who also has experience in entrepreneurship. He has experience covering Consumer Tech, Venture Capital, NFTs, Crypto, etc. Arbër holds a Bachelor's degree in Business from XAMK University in Finland. When he is not reading(and writing) business news, he chooses to watch sports or anime...and then read news about sports or anime. |   | | Editor | Aaron Crutchfield is based in the high desert of California. Over the last two decades, he has spent time writing and editing at various local newspapers and defense contractors in California. When he's not working, he can often be found looking at the latest memes with his kids or working on his 1962 and 1972 Fords. | |
Superside: The secret source for hiring the top 1% design talent 2X faster and 50% less expensive. | |
| 767 Bryant St. #203, San Francisco, CA 94107
Copyright © 2023 Inside.com | |
| |
