Close Menu

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    What's Hot

    Review of Departmental Implementation of the Avoiding Complicity in Mistreatment by Foreign Entities Act for 2023

    July 17, 2026

    Infosec News Nuggets — July 17, 2026 – AboutDFIR

    July 17, 2026

    Review of Departmental Implementation of the Avoiding Complicity in Mistreatment by Foreign Entities Act for 2023: Backgrounder

    July 17, 2026
    Facebook X (Twitter) Instagram
    • Demos
    • Technology
    • Gaming
    • Buy Now
    Facebook X (Twitter) Instagram Pinterest Vimeo
    Canadian Cyber WatchCanadian Cyber Watch
    • Home
    • News
    • Alerts
    • Tips
    • Tools
    • Industry
    • Incidents
    • Events
    • Education
    Subscribe
    Canadian Cyber WatchCanadian Cyber Watch
    Home»News»Infosec News Nuggets — July 17, 2026 – AboutDFIR
    News

    Infosec News Nuggets — July 17, 2026 – AboutDFIR

    adminBy adminJuly 17, 2026No Comments4 Mins Read
    Share Facebook Twitter Pinterest LinkedIn Tumblr Reddit Telegram Email
    Share
    Facebook Twitter LinkedIn Pinterest Email


    Two Scattered Spider Hackers Get 5.5 Years Each for £29 Million TfL Hack

    Owen Flowers, 18, and Thalha Jubair, 20, were each sentenced to five and a half years at Woolwich Crown Court for the 2024 hack of Transport for London, which left 148 TfL systems inoperable and forced all 27,000 of the transport authority’s employees into the office to get their passwords reset in person, with the NCA and CPS putting total losses and recovery costs at £29 million. Both pleaded guilty on the day their trial was set to begin, admitting to the UK’s most serious computer misuse charge on the basis that they were reckless as to whether they caused significant risk of serious harm — the CPS says they’re believed to be the first hackers successfully prosecuted under that provision. Investigators found a screenshot of TfL network connectivity and videos of Jubair moving through TfL systems saved on Flowers’ laptop, and Flowers separately admitted conspiring against two US healthcare systems, telling associates in chat logs that locking down one system’s infrastructure “might kill some 90-year-old on life support.”

     

    GoSerpent: A Persistent Threat Evolves With Sophisticated Data Collection and Exfiltration

    Kaspersky researchers uncovered a patient, multi-stage espionage campaign targeting government and diplomatic entities across Southeast Asia, built around a Go-based remote access trojan called GoSerpent that has been active since at least 2021 and resurfaced with an evolved toolset in 2026. The operation deploys GoSerpent alongside a file-collection component to quietly harvest sensitive documents for weeks before any exfiltration occurs, then follows up with credential dumping via Mimikatz-style tools and a newer Stowaway proxy/RAT combination that moves stolen data out through network shares rather than direct network callouts. The campaign’s patience — allowing weeks of silent collection before exfiltration and layering multiple custom tools rather than relying on a single payload — reflects the kind of long-horizon intelligence-gathering operation typically associated with state-aligned threat actors, with researchers noting possible links to the previously tracked TetrisPhantom cluster.

     

    Old UEFI Shims Expose Systems to Secure Boot Bypass

    ESET disclosed that 11 old, largely forgotten UEFI shim bootloaders — all signed by Microsoft and dating from 2013 to 2025 — can be exploited to bypass Secure Boot protections on any UEFI-based machine that trusts Microsoft’s third-party UEFI certificate authority, regardless of the operating system installed. Tracked as CVE-2026-8863 and CVE-2026-10797, the flaw allows attackers to execute untrusted code during the boot process and deploy bootkits even with Secure Boot enabled, since the vulnerable shims extend trust to compromised second-stage bootloaders. ESET reported the findings to CERT/CC in February and Microsoft revoked the vulnerable shims during June’s Patch Tuesday, but organizations need to update their trusted boot applications and certificates before applying the revocation list — doing it out of order can render systems unbootable.

     

    Dutch Police Bust Investment Fraud Ring Stealing Over €100 Million

    Dutch police announced the arrest of multiple individuals suspected of running an international investment fraud scheme with tens of thousands of victims worldwide, built around 20 call centers staffed by more than 700 people posing as financial advisers and estimated to have generated over €100 million ($114 million) per month at its peak. The main suspect, a 46-year-old Israeli-Polish national previously prosecuted for hacking several foreign government organizations, was arrested in Poland in May and extradited to the Netherlands; authorities say additional arrests should not be ruled out. The scheme built trust with victims over extended periods using realistic fake investment platforms showing fictitious profits, then persuaded them to keep increasing their “investments” through cryptocurrency transfers — Dutch authorities have so far linked at least 550 reports of fraud and $28.6 million in confirmed losses to the operation, with most victims in the investigation losing more than €10,000 each.

     

    F5 Fixes 3 NGINX Flaws Enabling Potential Remote Code Execution, Memory Disclosure, and DoS Attacks

    F5 issued security advisories for three new vulnerabilities affecting NGINX Plus and NGINX Open Source — CVE-2026-56434, a use-after-free flaw in the SSI module; CVE-2026-42533, a heap buffer overflow tied to regex captures in the map directive; and CVE-2026-60005 — all of which can be triggered by unauthenticated attackers to crash worker processes, disclose limited memory contents, or potentially execute code depending on configuration. The most critical of the three, CVE-2026-42533, occurs when a string expression references regex capture variables tied to a map directive before the map’s own output variable is defined, allowing a specially crafted HTTP request to trigger the overflow. As with several other recent NGINX advisories, code execution is only possible on systems where ASLR is disabled or can be bypassed, but organizations running affected configurations should review their setups and apply F5’s patches promptly given the pattern of rapid weaponization seen with prior NGINX flaws this year.



    Source link

    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
    Previous ArticleReview of Departmental Implementation of the Avoiding Complicity in Mistreatment by Foreign Entities Act for 2023: Backgrounder
    Next Article Review of Departmental Implementation of the Avoiding Complicity in Mistreatment by Foreign Entities Act for 2023
    admin
    • Website

    Related Posts

    News

    Review of Departmental Implementation of the Avoiding Complicity in Mistreatment by Foreign Entities Act for 2023

    July 17, 2026
    News

    Review of Departmental Implementation of the Avoiding Complicity in Mistreatment by Foreign Entities Act for 2023: Backgrounder

    July 17, 2026
    News

    New Windows LegacyHive zero-day gives hackers admin privileges

    July 17, 2026
    Add A Comment

    Comments are closed.

    Demo
    Top Posts

    Catchy & Intriguing

    March 17, 202677 Views

    The Canadian Password Playbook: Navigating Compliance and Building Strong Passwords

    March 25, 202634 Views

    IP Address Investigations and Local OSINT

    March 20, 202634 Views
    Stay In Touch
    • Facebook
    • YouTube
    • TikTok
    • WhatsApp
    • Twitter
    • Instagram
    Latest Reviews
    85
    Featured

    Pico 4 Review: Should You Actually Buy One Instead Of Quest 2?

    January 15, 2021 Featured
    8.1
    Uncategorized

    A Review of the Venus Optics Argus 18mm f/0.95 MFT APO Lens

    January 15, 2021 Uncategorized
    8.9
    Editor's Picks

    DJI Avata Review: Immersive FPV Flying For Drone Enthusiasts

    January 15, 2021 Editor's Picks

    Subscribe to Updates

    Get the latest tech news from FooBar about tech, design and biz.

    Demo
    Most Popular

    Catchy & Intriguing

    March 17, 202677 Views

    The Canadian Password Playbook: Navigating Compliance and Building Strong Passwords

    March 25, 202634 Views

    IP Address Investigations and Local OSINT

    March 20, 202634 Views
    Our Picks

    Review of Departmental Implementation of the Avoiding Complicity in Mistreatment by Foreign Entities Act for 2023

    July 17, 2026

    Infosec News Nuggets — July 17, 2026 – AboutDFIR

    July 17, 2026

    Review of Departmental Implementation of the Avoiding Complicity in Mistreatment by Foreign Entities Act for 2023: Backgrounder

    July 17, 2026

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    Facebook X (Twitter) Instagram Pinterest
    • Home
    • Technology
    • Gaming
    • Phones
    • Buy Now
    © 2026 ThemeSphere. Designed by ThemeSphere.

    Type above and press Enter to search. Press Esc to cancel.