CyberSecurity News Byte

Hosted ByJim Guckin

Welcome to CyberSecurity News Byte with Jim Guckin, your one-stop resource for the latest cybersecurity news, updates, and discussions. Our podcast is a vital tool for CyberSecurity and IT professionals, as well as technology leaders, who need to stay on top of the ever-evolving digital landscape.

Episode 64: July 17 2023


SwingVPN Update –

JumpCloud Update:

AVrecon infects 70,000 routers

  • Lumen
    • Black Lotus Labs
    • Identified the RAT
      • Remote Access Trojan
    • Impacts SOHO routers
      • Small Office/Home Office
      • Been active for 2+ years
      • Built a botnet of 70,000 devices
        • In 20 countries
      • Warning
        • CISA issued a advisory about misconfigured network equipment
        • Binding Operational Directive 23-02
          • June 13th
        • Applies to Government…but you should pay attention to it.
      • Attack
        • Originally targeting Netgear
        • Switched to SOHO
        • Attacks
          • Used devices for…
            • Password sprays
            • Fraud
            • Proxying
          • Reconned the environment
            • Fed it back to C2 server
            • C2, passed it off to Second Stage Servers
              • ~15
            • Target other ARM based devices
            • Written in C
              • You know for ease of porting to new architecture.
            • Protection
              • Check for password guessing.
              • Regularly reboot and update SOHO routers
            • Thoughts
              • Work from Home
              • No perimeter anymore

WormGPT for clever phishing

  • SlashNext
    • new generative AI cybercrime tool
      • WormGPT
    • Advertised on dark web/telegram
    • way for adversaries to launch sophisticated phishing and business email compromise attacks.
  • Why?
    • GPT models have protections built in
      • Or being built
      • No boundaries in this version
      • OpenAI ChatGPT and Google Bard are increasingly taking steps to combat the abuse of large language models
    • This is designed for hackers by hackers and trained by hackers
    • Automation, as in business is everything.
      • create highly convincing fake emails
        • personalized to the recipient
      • thus increasing the chances of success for the attack
    • if English is not a first language…this makes it hard to easily identify phishing emails

Genesis Market sold despite FBI disruption

  • Genesis Market
    • cyber fraud platform
  • Announcement
    • Thursday July 13th
    • Deposit was made
      • Ownership transferred next month.
    • Comes from GenesisStore
      • Previous posts associated with the site
    • If you had an account
      • Not carried over
        • Was not part of the sale
      • New owner to create new accounts
        • Sort through the trust worthiness of users
      • What they got
        • All developments
        • Complete database
          • except for some details of the client base
        • Source codes, scripts
        • Server infrastructure.
      • FBI
        • Seized some of their domains
          • 3 months ago
          • Clear web
        • Sanctioned the platform.
        • 120 people were arrested.
        • Identified and located backend servers
          • 59,000 user accounts
        • Darkweb
          • Still mirrored not seized.
          • Sister sites up
            • Russian Market
            • 2easy Shop.

Story Updates, not update updates

  • Swing VPN
    • Ep 62 – June 26
    • Recap
      • June 4th, 2023, cybersecurity researcher “Lecromee”
      • dangerous DDoS botnet, posing significant risks.
    • Update
      • com was contacted by Google on June 22, confirming the veracity of the claims.
      • Limestone Software Solutions
        • Hotspot for Swing VPN
      • JumpCloud
        • Ep63 – July 10
        • ReCap
          • Cyber Incident without much communication
          • Asked users to reset their API keys.
        • Update
          • Confirmed breach.
            • state-backed hacking group breached its systems.
          • Target particular customers

released indicators of compromise (IOCs)

Leave a Reply

Your email address will not be published. Required fields are marked *