NioCorp BEC scam, Australian IVF breach, SEC’s cyber unit
In today’s cybersecurity news…
Minerals company loses $500,000 to BEC scam
NioCorp Developments, a company that operates a minerals project in southeast Nebraska focusing on the production of niobium, scandium, and titanium, has alerted regulators to a break-in that occurred on February 14. Threat actors allegedly “broke into its information systems, including portions of its email systems,” and misdirected a half-million dollars intended to be sent to a vendor. The company is taking steps to remediate the incident and to search for any additional damage.
Australian IVF provider investigating cyber incident
The fertility services provider Genea confirmed on Wednesday that an unauthorized third party had accessed its systems but said it was still determining whether personal information had been compromised. It did not specify the nature of the cyberattack or the identity of those responsible. Genea, which operates multiple IVF clinics across Australia, said “it had taken some systems and servers offline as a precaution and was working to restore them while the investigation continued.” The company’s app, which allows patients to track their fertility cycles and access medical data, was also unavailable following the incident.
SEC replaces cryptocurrency fraud unit with emerging tech team
The Securities and Exchange Commission announced yesterday that the aid on Thursday that the Crypto Assets and Cyber Unit will be replaced by a smaller team that will focus on “cyber-related misconduct” affecting investors. This new team, the Cyber and Emerging Technologies Unit (CETU) will “combat fraud committed through means such as artificial intelligence, social media, the dark web, blockchain technology, hacking and account takeovers.”
Job ads target freelance developers via GitHub
We have seen this type of attack technique before. This most recent one targets freelance developers, using deceptive job ads to get victims to download malicious software disguised as legitimate tools. This campaign is primarily using GitHub repositories. As usual, the attackers pose as reputable companies, offering attractive gigs, including using fake websites. Security company ESET researchers have linked this campaign to a North Korea-linked threat actor they call “DeceptiveDevelopment.”
Huge thanks to our sponsor, Scrut Automation
NailaoLocker ransomware targets EU healthcare-related entities
Researchers from Orange Cyberdefense have uncovered a malware campaign that targets European organizations, including healthcare. Their discovery was made in late 2024, and the threat actors used ShadowPad, PlugX, and the previously undocumented NailaoLocker ransomware. The researchers believe this campaign makes use of a zero-day in Check Point Security Gateways with Remote Access VPN or Mobile Access features. The researchers state that Green Nailao “aligns with Chinese intrusion tactics,” such as DLL side-loading, suggesting this may be the work of China-linked APTs, but they said there is insufficient enough evidence to confirm this.
Microsoft working on fix for Windows 11 SSH connections bug
Following up on a story we covered last November, Microsoft is now testing a fix for an issue that has been around since November which is breaking SSH connections on some Windows 11 22H2 and 23H2 systems. A fix has been included in the Windows 11 Build 26100 in its Release Preview Channel. When the problem first emerged in November, Microsoft said that only a limited number of devices running Windows 11 enterprise, IOT, and education editions were affected but the company is now investigating whether consumer customers using Windows 11 Home or Pro editions may also be at risk.
Insight Partners discloses security breach
Representatives from the tech sector venture capital firm said the attack was detected on January 16, 2025. According to the company, threat actors “used a sophisticated social engineering technique to gain access to its infrastructure.” They believe the attacker was ejected that same day. The representatives add that “the incident did not impact its operations, with no evidence of the threat actor’s presence after January 16, 2025…[adding]…no significant impact on portfolio companies, funds, or stakeholders is anticipated.”
Amazon shuts its Android app store and Coins currency
Citing greater popularity within its own Amazon App Store, the company says it will discontinue its app store for Android on August 20, and on the same day, they will also be discontinuing the Amazon Coins program. The company also said “it will refund any coins that users hold as of August 20..[and added] … that only a small number of customers used the app store outside Amazon devices.