Matt Kapko

Both?

Former Army soldier pleads guilty to widespread attack spree linked to AT&T, Snowflake and others Cameron Wagenius faces a maximum of 27 years in prison. A researcher that helped with the investigation called this ‘one of the most significant wins in the fight against cybercrime.'

21-year-old former Army soldier pleaded guilty Tuesday to charges stemming from a series of attacks and extortion attempts last year on telecommunications companies, including AT&T. tip @techmeme.com cyberscoop.com/cameron-wage...

Scattered Spider weaves web of social-engineered destruction The cybercrime ring has infiltrated more than 100 businesses since 2022, including more than a dozen since it regrouped earlier this year.

Scattered Spider weaves web of social-engineered destruction. The cybercrime ring has infiltrated more than 100 businesses since 2022, including more than a dozen since it regrouped earlier this year. via @mattkapko.com cyberscoop.com/scattered-sp...

Top FBI cyber official: Salt Typhoon ‘largely contained’ in telecom networks Brett Leatherman told CyberScoop in an interview that while the group still poses a threat, the bureau is focused on resilience and victim support, and going on offense could be in the future.

NEW: The head of the FBI's cyber div told @timstarks.bsky.social that Salt Typhoon is “largely contained” and “dormant” in the networks, “locked into the location they’re in” and “not actively infiltrating information" in an exclusive intv with @cyberscoop.bsky.social cyberscoop.com/top-fbi-cybe...

Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report A cartel affiliate notified an FBI agent about a hacker who infiltrated cameras and phones to track an FBI official’s meetings, the DOJ inspector general said.

Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report cyberscoop.com/hacker-helpe...

Constant Headache, followed very shortly after by NBTSA.

Thank you, @colinwood.me

Hat tip to @ransomwaresommelier.com, @kaylintrychon.bsky.social, @chetwisniewski.securitycafe.ca.ap.brid.gy, @christiaanbeek.bsky.social and Rob Lee @sansinstitute.bsky.social

The ‘16 billion password breach’ story is a farce Experts told CyberScoop the research 'doesn’t pass a sniff test' and detracts from needed conversations around credential abuse and information stealers.

Supposed experts and mainstream media have spent the past few days hyperventilating over reports of a colossal data breach that exposed more than 16 billion credentials. There’s just one inconvenient detail: evidence to support its sensational claim is lacking. cyberscoop.com/colossal-dat...

Cybercrime crackdown disrupts malware, infostealers, marketplaces across the globe A burst of global law enforcement actions during the past few weeks marked by a flurry of successful takedowns gives cybercrime experts a jolt of hope.

Cybercrime crackdown disrupts malware, infostealers, marketplaces across the globe. A burst of global law enforcement actions during the past few weeks marked by a flurry of successful takedowns gives cybercrime experts a jolt of hope. via @mattkapko.com cyberscoop.com/cybercrime-c...

Internet infamy drives The Com's crime sprees Unit 221B’s Allison Nixon said crackdowns have effectively shown the group that their actions carry real consequences.

The Com’s chaotic, sprawling network, composed of mostly teenagers and young adults, are committing their crimes primarily for notoriety amongst their peers on the internet,
@nixonnixoff.bsky.social said during a presentation @sleuthcon.bsky.social. cyberscoop.com/the-com-subc...

CrowdStrike, Microsoft aim to eliminate confusion in threat group attribution Wild variances in naming taxonomies aren’t going away, but a new initiative from the security vendors aims to more publicly address obvious overlap in threat group attribution.

CrowdStrike and Microsoft announced an agreement Monday to formally connect the different names each company uses for the same threat groups in their attribution analysis. via @mattkapko.com cyberscoop.com/crowdstrike-...

YouTube video by CyberScoop Treasury sanctions crypto scam facilitator that allegedly stole $200M from US victims

Treasury sanctions crypto scam facilitator that allegedly stole $200M from US victims. The Philippines-based company Funnull operated a large cybercrime platform encompassing more than 332,000 domains, the FBI said. via @mattkapko.com youtu.be/ytmg-jbyl6o?... | cyberscoop.com/funnull-cryp...

Treasury sanctions crypto scam facilitator that allegedly stole $200M from US victims The Treasury Department on Thursday sanctioned Philippines-based Funnull Technology on Thursday for its role in "pig butchering schemes."

This is good news!

Just as ransomware has a whole ecosystem built up around it, so do these scam call centers, but at a much larger scale. Taking down one of the bigger ecosystem players will, hopefully, have a disruptive effect.

via @mattkapko.com & @cyberscoop.bsky.social

Questions mount as Ivanti tackles another round of zero-days The besieged security vendor maintains the latest exploited vulnerabilities in its products are entirely linked to unspecified security issues in open-source libraries. Some researchers aren’t buying ...

Multiple attackers are raiding Ivanti customers’ systems again by exploiting a pair of closely intertwined vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM) to achieve unauthenticated remote code execution. via @mattkapko.com cyberscoop.com/ivanti-epmm-...

YouTube video by CyberScoop New Russian state-sponsored APT quickly gains global reach, hitting expansive targets

Laundry Bear, a group recently identified by Dutch intelligence and security services, stole work-related contact details on the Netherlands’ national police force in September 2024, Microsoft researchers said. via @mattkapko.com www.youtube.com/watch?v=b53l... | cyberscoop.com/laundry-bear...

New Russian state-sponsored APT quickly gains global reach, hitting expansive targets Laundry Bear, a group recently identified by Dutch intelligence and security services, stole work-related contact details on the Netherlands’ national police force in September 2024, Microsoft researc...

A newly discovered Russian state-sponsored threat group has targeted a large swath of industries, especially in #NATO member states and #Ukraine, part of a global #espionage campaign in support of Moscow’s interests, Microsoft Threat Intelligence said in a Tuesday blog post. via @mattkapko.com

DanaBot malware operation seized in global takedown The successful break-up of DanaBot marks the second high-profile law enforcement disruption of a widespread malware operation in as many days.

The successful break-up of DanaBot marks the second high-profile law enforcement disruption of a widespread malware operation in as many days. via @mattkapko.com cyberscoop.com/danabot-malw...

Lumma Stealer toppled by globally coordinated takedown Global law enforcement authorities and Microsoft seized or disrupted the prolific infostealer’s central command infrastructure, malicious domains and marketplaces where the malware was sold.

Lumma Stealer, a widely used infostealer malware linked to cybercrime sprees and multiple high-profile attacks, was dismantled through a coordinated global operation meant to seize its core infrastructure. via @mattkapko.com cyberscoop.com/lumma-steale...

YouTube video by CyberScoop Who needs VC funding? How cybercriminals spread their ill-gotten gains to everyday business ventures

An extensive investigation by #Sophos X-Ops, pulled from thousands of posts on two Russian-language and three English-language cybercrime forums, uncovered the dark underbelly of illegal schemes #cybercriminals use to reinvest their money. via @mattkapko.com youtu.be/DVCEMR0hc_4?...

Who needs VC funding? How cybercriminals spread their ill-gotten gains to everyday business ventures The benefits of cybercrime aren't all flashy cars and watches. Sophos X-Ops researchers discovered it also fuels a far-reaching mix of ordinary, sometimes unremarkable businesses.

Great story from @mattkapko.com and @sophossecurity.bsky.social on what cybercriminals do with their money: it's not all lambos and bottle service, its often laundered through legit businesses (with forums featuring guides on how to bury cash in the ground) cyberscoop.com/what-cybercr...

SonicWall customers confront resurgence of actively exploited vulnerabilities The network security device vendor is making a regular appearance on CISA’s known exploited vulnerabilities catalog. Unlike its competitors, SonicWall hasn’t signed the secure-by-design pledge.

Vulnerabilities are proliferating in SonicWall devices and software this year. The company is among many network security device vendors targeted by cybercriminals. Yet, unlike almost all of its competitors, SonicWall hasn't signed CISA's secure-by-design pledge. cyberscoop.com/sonicwall-ex...

CrowdStrike cuts 5% of workforce after revenue jumped 29% last year CEO George Kurtz said the decision to cut about 500 jobs was driven by internal efficiency gains from AI and multibillion-dollar opportunities in new market segments.

#CrowdStrike is cutting 5% of its #workforce, about 500 positions, telling its staff that it’s shifting resources and realigning its operating model for growth in new market segments, according to a Wednesday filing with the SEC. via @mattkapko.com cyberscoop.com/crowdstrike-...

PowerSchool customers hit by downstream extortion threats The large education tech vendor was hit by a cyberattack and paid a ransom in December. Now, a threat actor is attempting to extort the company’s customers with stolen data.

Five months after education software vendor PowerSchool paid an unnamed threat actor a #ransom in exchange for the deletion of sensitive stolen data, some of the company’s customers are now receiving #extortion demands. via @mattkapko.com cyberscoop.com/powerschool-...

Amazon, CrowdStrike, Google and Palo Alto Networks claim no change to threat intel sharing under Trump Top security leaders at some of the largest tech and cybersecurity vendors said public-private collaborative work continues, despite budget cuts and personnel changes.

Amazon, CrowdStrike, Google and Palo Alto Networks claim no change to threat intel sharing under Trump. Top security leaders at some of the largest tech and cybersecurity vendors said public-private collaborative work continues, despite budget cuts and personnel changes. via @mattkapko.com

North Korean operatives have infiltrated hundreds of Fortune 500 companies Security leaders at Mandiant and Google Cloud say nearly every major company has hired or received applications from North Korean nationals working on behalf of the country’s regime.

Security leaders at Mandiant and Google Cloud say nearly every major company has hired or received applications from North Korean nationals working on behalf of the country’s regime. via @mattkapko.com cyberscoop.com/north-korea-...

Matt Kapko, Reporter, CyberScoop - Pressing Matters Are you ready for RSA 2025? Matt Kapko of CyberScoop is, and he definitely doesn't want to hear about AI, although he and I–and everyone listening to the podcast today–all know he will. In addition to...

🎙️ Ready for #RSA 2025? CyberScoop’s @mattkapko.com joined the latest episode of Pressing Matters to preview the conference—and yes, #AI talk is inevitable.

🔗 Listen here: www.buzzsprout.com/2028393/epis...

California economy now the world's fourth-largest, overtaking Japan If California were its own country, its economy would now rank as the fourth-largest of any nation in the globe, Gov. Gavin Newsom said this week.

www.latimes.com/california/s...

Cyber threat wonks and incident response firms don't have to release all of their research during the chaos of RSA. Yet, without fail, they do this year after year. Good luck cutting through the noise.

Matt Kapko, Reporter, CyberScoop - Pressing Matters Are you ready for RSA 2025? Matt Kapko of CyberScoop is, and he definitely doesn't want to hear about AI, although he and I–and everyone listening to the podcast today–all know he will. In addition to...

I usually ask the questions, but not this time. It was an honor to join Big Valley Marketing's Pressing Matters podcast. We covered a lot of ground, maybe too much. This is my story and I'm grateful for the thought and care Dave Reddy put into our conversation. www.buzzsprout.com/2028393/epis...