FBI Seizes Bot Shop ‘Genesis Market’

Several domain names tied to Genesis Market, a bustling cybercrime store that sold access to passwords and other data stolen from millions of computers infected with malicious software, were seized by the Federal Bureau of Investigation (FBI) today. KrebsOnSecurity reports: Sources tell KrebsOnsecurity the domain seizures coincided with “dozens” of arrests in the United States and abroad targeting those who allegedly operated the service, as well as suppliers who continuously fed Genesis Market with freshly-stolen data. Active since 2018, Genesis Market’s slogan has long been, “Our store sells bots with logs, cookies, and their real fingerprints.” Customers could search for infected systems with a variety of options, including by Internet address or by specific domain names associated with stolen credentials.

But earlier today, multiple domains associated with Genesis had their homepages replaced with a seizure notice from the FBI, which said the domains were seized pursuant to a warrant issued by the U.S. District Court for the Eastern District of Wisconsin. But sources close to the investigation tell KrebsOnSecurity that law enforcement agencies in the United States, Canada and across Europe are currently serving arrest warrants on dozens of individuals thought to support Genesis, either by maintaining the site or selling the service bot logs from infected systems. The seizure notice includes the seals of law enforcement entities from several countries, including Australia, Canada, Denmark, Germany, the Netherlands, Spain, Sweden and the United Kingdom. […]

One feature of Genesis that sets it apart from other bot shops is that customers can retain access to infected systems in real-time, so that if the rightful owner of an infected system creates a new account online, those new credentials will get stolen and displayed in the web-based panel of the Genesis customer who purchased that bot. “While some infostealers are designed to remove themselves after execution, others create persistent access,” reads a March 2023 report from cybersecurity firm SpyCloud. “That means bad actors have access to the current data for as long as the device remains infected, even if the user changes passwords. SpyCloud says Genesis even advertises its commitment to keep the stolen data and the compromised systems’ fingerprints up to date. “According to our research, Genesis Market had more than 430,000 stolen identities for sale as of early last year — and there are many other marketplaces like this one,” the SpyCloud report concludes.

Read more of this story at Slashdot.

Chrome 112 Released With WASM Garbage Collection Trial, CSS Nesting

Google today promoted the Chrome 112 web browser to their stable channel on all supported platforms. Phoronix reports: Starting as an origin trial with Chrome 112 is WebAssembly (WASM) Garbage Collection support. Yes, garbage collection to allow for efficient support for high-level managed languages with WebAssembly. This trial support allows for compilers targeting WASM to integrate with a garbage collector in the host VM. Also on the WebAssembly front with today’s Chrome browser update is making WebAssembly tail call support available out of the box. This adds explicit tail call and indirect tail call opcodes. This support is useful for correct/efficient implementations of languages that require tail call elimination, compilation of control constructs that can be implemented with it, and other computations being expressed as WASM functions.

Meanwhile by default in Chrome 112 is now CSS nesting support as the ability to nest CSS style rules inside other style rules for increasing modularity and maintainability of style sheets. Chrome 112 also adds support for the CSS animation-composition property. Behind a developer flag is also the background-blur feature that allows using a native platform’s API for camera background segmentation. This is intended for use with web-based video conferencing applications running within the web browser to make use of native platform APIs. A full list of changes is available on the Chrome Releases blog.

Read more of this story at Slashdot.

Capita, Company Providing UK’s Nuclear Submarine Training, Says It’s Successfully Contained ‘Cyber Incident’

Capita, the United Kingdom’s largest outsourcing company, confirmed Monday that an IT outage which left staff locked out of their accounts on Friday was caused by “a cyber incident.” The Record reports: Staff attempting to login were erroneously told their usual passwords were “incorrect” according to reports, fueling speculation that a cyberattack was to blame, although not all of Capita’s 61,000 employees were affected. At the time, a Capita spokesperson said the company was investigating “a technical issue.”

In an update on Monday about the incident sent to the Regulatory News Service, the company confirmed it “experienced a cyber incident primarily impacting access to internal Microsoft Office 365 applications.” The nature of the incident has not been disclosed. While financially motivated ransomware attacks remain a prevalent threat for organizations in Britain, Capita also provides services to the British government that may be of interest to state-sponsored espionage groups.

Capita’s numerous contracts include several with the Ministry of Defence. Last year, a consortium it leads took control over engineering and maintenance support of training simulators for the Royal Navy’s nuclear-powered ballistic missile submarines used as part of the U.K.’s nuclear deterrent. In its statement, Capita said: “Immediate steps were taken to successfully isolate and contain the issue,” which was “limited to parts of the Capita network.”

Read more of this story at Slashdot.

Planned NFT-Based Private Club in San Francisco Stalled by Uncompleted Permitting Steps

Remember that entrepreneur planning an ostentatious NFT-based restaurant/members-only club in San Francisco? Seven months later it’s still “an empty husk of a building, hindered by construction delays and unfulfilled crypto dreams,” reports SFGate:

Last August, Joshua Sigel held a “groundbreaking” event at what he said would be the future home of Sho Restaurant, located atop Salesforce Park in San Francisco. He told the gathered media that construction of the proposed Japanese fine dining restaurant would begin in less than two months, once some permitting issues were resolved, with a targeted opening date of September or October of 2023.

Sigel maintained that he’d soon be offering 3,275 Sho Club NFT (non-fungible token) memberships — first via a private sale, then a larger public sale in late September — which would serve as the backbone of Sho Restaurant’s clientele. (Sigel is the CEO of Sho Group, which encapsulates Sho Restaurant and Sho Club.) There were to be 2,878 “Earth” NFT memberships, priced at $7,500 each; 377 “Water” NFT memberships, priced at $15,000 each; and 20 “Fire” NFT memberships; priced at $300,000 each. The NFTs are basically membership cards for the restaurant, spruced up with Web3 jargon…. Each membership tier comes with increasingly luxurious benefits, though restaurant reservations would also be available for nonmembers.

Seven months later, things don’t seem to be going very well for Sho Club or for Sho Restaurant. I recently walked over to Salesforce Park and peered inside the shell of the building that’s supposed to become a restaurant; I saw an empty space that looks almost exactly the same as it did in August. The mock-up design photos that journalists looked at during the “groundbreaking” in August remain strewn about on the floor. Permits for Sho Restaurant haven’t been issued, the result of Sho Restaurant designers not yet responding to a number of San Francisco Department of Building Inspection notes, among a host of permitting steps that haven’t been completed. Sho Club social media accounts have been radio silent since late September….

Sho Club appears to have sold around 100 NFT memberships, rather than 3,275, as Sigel originally projected. I repeatedly reached out to Sigel, to Sho Club, and its public relations representatives. No one replied to my questions.

Read more of this story at Slashdot.