📬 Razzia in Berlin und Brandenburg: massenhafter Versand von SMS als Betrugsversuch
#Mobilfunk #Szene #§263StGB #BerlinTempelhof #dpaMeldung #Kurznachrichten #PhisingBetrüger #Simfarm #SMS https://sc.tarnkappe.info/90eb1c

Europol Dismantles SIM Farm Network Powering 49 Million Fake Accounts Worldwide

Europol announced the disruption of a sophisticated cybercrime-as-a-service (CaaS) platform that operated a SIM farm and enabled its customers to carry out a broad spectrum of crimes ranging from phishing to investment fraud.

#SIMfarm #Europol #CaaS #cybercrime #security #cybersecurity #hackers #hacking

https://thehackernews.com/2025/10/europol-dismantles-sim-farm-network.html

Faszinierend - #Heise gibt Einblicke in eine aufgeflogene Sim-Farm mit 40000 aktiven Sim-Karten https://www.youtube.com/watch?v=EgbOzut6O6M #itsecurity #simfarm #simbox

https://youtube.com/shorts/oGOQOUq28nA?si=vILC34YsoIG81dHQ

49 Million Fake Accounts Busted: Inside Europol's Epic Cybercrime Takedown

Linktr.ee/562AlexD

#Europol #OperationSIMCARTEL #Cybercrime #SpanishNationalPolice #SIMFarm #DigitalSecurity #OnlineFraud #Phishing #InvestmentScams #MadridRaid #DeadInternetTheory #BotAccounts

Hey team! 👋 It's been a bit quiet on the news front over the last 24 hours, but we've still got some important updates on a major cybercrime takedown, ongoing infostealer campaigns, and a significant data privacy fine. Let's dive in:

Europol Disrupts Massive SIM Farm Network 🛡️

- Europol, in 'Operation SIMCARTEL', has dismantled a sophisticated cybercrime-as-a-service (CaaS) platform operating SIM farms globally.
- The operation led to seven arrests, seizure of 1,200 SIM box devices containing 40,000 active SIM cards, five servers, and significant financial assets.
- This network enabled the creation of over 49 million fake online accounts, facilitating phishing, smishing, investment fraud, and other crimes across more than 80 countries.

📰 The Hacker News | https://thehackernews.com/2025/10/europol-dismantles-sim-farm-network.html

TikTok Videos Push Infostealers via ClickFix Attacks ⚠️

- Cybercriminals are actively using TikTok videos, disguised as free activation guides for popular software like Windows and Spotify, to spread information-stealing malware.
- The campaign leverages a "ClickFix" social engineering technique, tricking users into executing malicious PowerShell commands as an administrator.
- This script downloads Aura Stealer, which then exfiltrates sensitive data including browser credentials, authentication cookies, and cryptocurrency wallet information.

🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/tiktok-videos-continue-to-push-infostealers-in-clickfix-attacks/

Experian Fined for Mass Data Collection Violations 🔒

- Experian Netherlands has been hit with a EUR 2.7 million ($3.2 million) fine by the Dutch Data Protection Authority (AP) for multiple GDPR violations.
- The company unlawfully collected personal data from various public and private sources, including the Chamber of Commerce and telecom/energy companies, without informing individuals or obtaining consent.
- This data was used to generate credit scores, which adversely affected individuals' ability to secure services or pay installments, highlighting critical data privacy breaches.

🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/legal/experian-fined-32-million-for-mass-collecting-personal-data/

#CyberSecurity #ThreatIntelligence #Cybercrime #Europol #SIMFarm #Malware #Infostealer #TikTok #SocialEngineering #DataPrivacy #GDPR #Experian #InfoSec

It's been a busy 24 hours in the cyber world with significant updates on recent breaches, innovative threat actor techniques, critical vulnerabilities, and ongoing legal battles over digital privacy. Let's dive in:

Recent Cyber Attacks & Breaches ⚠️

- Peer-to-peer lender Prosper confirmed a September cyberattack, with HaveIBeenPwned reporting 17.6 million affected victims. Compromised data includes email addresses, personal details, and Social Security numbers, though customer accounts and funds remain safe.
- Dairy Farmers of America (DFA) disclosed a June ransomware attack by the Play gang, which used sophisticated social engineering to steal sensitive personal information, including SSNs and bank account numbers, from 4,546 individuals. This highlights a concerning trend of increasing attacks on the food and agriculture sector.
- Envoy Air, an American Airlines subsidiary, confirmed data theft from its Oracle E-Business Suite by the Clop extortion group. Clop exploited zero-day vulnerabilities (CVE-2025-61882, CVE-2025-61884) in Oracle EBS, a campaign that has affected dozens of organisations, including Harvard University.
- Europol's "SIMCARTEL" operation dismantled a sophisticated cybercrime network responsible for over 3,200 fraud cases and $5.8 million in losses. The network used 1,200 SIM box devices and 40,000 active SIM cards to facilitate phishing, scams, and other crimes across 80+ countries by providing anonymous phone numbers for fake accounts.
- An indictment against former US National Security Adviser John Bolton revealed that suspected Iranian hackers accessed his email account in July 2021, threatening to leak sensitive materials and drawing comparisons to past high-profile email breaches.

🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2025/10/17/prosper_breach/
🗞️ The Record | https://therecord.media/dairy-farm-leaked-info-ransomware
🗞️ The Record | https://therecord.media/regional-airline-envoy-oracle
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/american-airlines-subsidiary-envoy-confirms-oracle-data-theft-attack/
🤫 CyberScoop | https://cyberscoop.com/europol-dismantles-cybercime-network-sim-boxes-fraud/
🗞️ The Record | https://therecord.media/europe-sim-farms-raided-latvia-austria-estonia
🤫 CyberScoop | https://cyberscoop.com/john-bolton-indictment-says-suspected-iranian-hackers-accessed-his-emails-issued-threats/

New Threat Research & Tradecraft 🛡️

- North Korean threat groups, including Famous Chollima and UNC5342, are employing advanced evasive techniques. Famous Chollima uses BeaverTail and OtterCookie for keylogging and screenshotting, while UNC5342 leverages EtherHiding, a JavaScript payload that uses a public blockchain as a decentralised, resilient C2 server.
- These groups primarily target job seekers with fake offers and technical assessments to deploy multi-stage malware (JadeSnow, BeaverTail, InvisibleFerret) for espionage, persistent network access, and cryptocurrency theft.
- Microsoft has revoked over 200 fraudulent certificates used by the Vanilla Tempest (aka Vice Society/Vice Spider) ransomware group. These certificates signed fake Microsoft Teams installers that delivered the Oyster backdoor, ultimately leading to Rhysida ransomware deployment, often initiated via SEO poisoning.

🤫 CyberScoop | https://cyberscoop.com/north-korea-attackers-evasive-techniques-malware/
💥 The Hacker News | https://thehackernews.com/2025/10/microsoft-revokes-200-fraudulent.html

Critical Vulnerabilities & Exposure 🚨

- A critical out-of-bounds write vulnerability (CVE-2025-9242, CVSS 9.3) in WatchGuard Fireware OS's IKEv2 process allows unauthenticated remote code execution (RCE). This pre-authentication flaw, affecting internet-exposed VPN services, is highly attractive to ransomware groups and requires immediate patching.
- Over 266,000 F5 BIG-IP instances are exposed online following a nation-state breach (linked to China's UNC5291) that stole source code and undisclosed vulnerabilities. F5 has released patches for 44 flaws, and CISA has mandated federal agencies to update or decommission end-of-life devices by late October.
- Microsoft patched CVE-2025-55315 (CVSS 9.8), the highest-severity ASP.NET Core flaw ever, which is an HTTP request smuggling bug in the Kestrel web server. This vulnerability could allow authenticated attackers to hijack credentials, bypass security controls, or perform injection attacks, necessitating prompt updates for all affected .NET applications.
- ConnectWise addressed two critical vulnerabilities in its Automate RMM platform: CVE-2025-11492 (CVSS 9.6) for cleartext sensitive data transmission and CVE-2025-11493 (CVSS 8.8) for lack of update integrity verification. These flaws, especially when combined, enable adversary-in-the-middle (AiTM) attacks to intercept traffic and push malicious updates, posing a significant supply chain risk.

💥 The Hacker News | https://thehackernews.com/2025/10/researchers-uncover-watchguard-vpn-bug.html
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/over-266-000-f5-big-ip-instances-exposed-to-remote-attacks/
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-highest-severity-aspnet-core-flaw-ever/
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/connectwise-fixes-automate-bug-allowing-aitm-update-attacks/

Digital Rights & Regulatory Battles ⚖️

- The Electronic Frontier Foundation (EFF) and three US labor unions are suing the Trump administration over its "Catch and Revoke" social media surveillance program. This program uses AI to monitor non-citizen visa holders' online activity for "anti-American" views, raising serious First Amendment and privacy concerns, and has led to union members self-censoring.
- The Computer & Communications Industry Association (CCIA) is challenging Texas's new "App Store Accountability Act," which mandates age verification and parental consent for app downloads for users under 18. The CCIA argues this law is an unconstitutional "censorship regime" that infringes on free speech and user privacy, while being largely ineffective.

🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2025/10/17/labor_unions_surveillance_lawsuit/
🗞️ The Record | https://therecord.media/tech-industry-texas-age-gating

#CyberSecurity #ThreatIntelligence #Ransomware #DataBreach #NationState #APT #ZeroDay #Vulnerability #RCE #SupplyChain #SIMFarm #SocialEngineering #AI #DataPrivacy #Regulatory #InfoSec #CyberAttack #Malware #IncidentResponse

Ich glaube, nachdem nun selbst einige Medien aus dem InfoSec-Bereich die stark nach Humbug riechende SIM-Farm-Geschichte des USSS völlig unkritisch übernommen haben, bin ich wohl gezwungen, den Medienkonsum einiger Medien zu überdenken.

Positiv erwähnt sei Seytonic.

#USpol #USSS #UNGA #NYC #NewYork #SIMFarm #Infosec #Security

This article about the #SIMFarm in #NYC is actually not that bad. It's still cybering a little, but not too cringe. https://lite.cnn.com/2025/09/27/us/nyc-network-secret-service-investigation

#SimFarm found in #NewYork massive threat
Https://www.wired.com/story/sim-farm-new-york-threatened-us-infrastructure-feds-say/

The SIM Farm Hardware Seized by the Secret Service Is Also Popular With Ticket Scalpers

https://fed.brid.gy/r/https://www.404media.co/the-sim-farm-hardware-seized-by-the-secret-service-is-also-popular-with-ticket-scalpers/

‘SIM Farms’ Are a #Spam Plague. A Giant One in New York Threatened US #infrastructure , Feds Say

The agency says it found a network of some 300 #servers and 100,000 #SIM cards—enough to knock out cell service in the #NYC area. Experts say it mirrors facilities typically used for #cybercrime.
#simfarm

https://www.wired.com/story/sim-farm-new-york-threatened-us-infrastructure-feds-say/

Secret Service dismantles massive SIM farm. Mobile domain becoming security battleground.
https://jpmellojr.blogspot.com/2025/09/secret-service-telecom-takedown-sparks.html
#MobileSecurity #SIMFarm #NationalSecurity #SecretService

30 million texts per minute, enough to knock out NYC cell service!! Spam’s getting serious, stay sharp out there. #SIMFarm #Scams #CyberSecurity #InfoSec

‘SIM Farms’ Are a Spam Plague....

🚨 BREAKING NEWS: Secret Service "uncovers" shocking SIM farm, aka... a regular Tuesday for organized crime. 🎉 Major newspapers regurgitate official statements, failing once again to distinguish between a spy thriller and a tech support nightmare. 📞💥
https://cybersect.substack.com/p/that-secret-service-sim-farm-story #SecretService #SIMfarm #OrganizedCrime #TechNews #SpyThriller #HackerNews #ngated

That Secret Service SIM farm story is bogus

https://cybersect.substack.com/p/that-secret-service-sim-farm-story

#HackerNews #SecretService #SIMfarm #Bogus #Cybersecurity #News #HackerNews

NYC's Criminal SIM Farm Isn't New

#News #TechNews #SIMfarm #NYC #UnitedNations #Cybersecurity #Cybercrime

https://youtu.be/idXAxqktvhs

Daily podcast: NYC's Criminal SIM Farm Isn't New

#News #TechNews #SIMfarm #NYC #UnitedNations #Cybersecurity #Cybercrime #podcast

https://soundcloud.com/nickaesp/sim

Some #SimFarm gameplay tips:

* (Lake) water pumps can also used to push water in ditches further (e.g. coming from "weak" windmills)
* Irrigation ditches make the best fences for animals as they can't cross them
* Animals trapped in barns (using ditches) increase in price every week *and* don't eat from those expensive hay bales
* Roads and ditches can be built outside your land, saving precious space
* Small and large sheds can also store bought chemicals (in case you like that sort of thing)

In #SimFarm one of your biggest expenses is the spraying of your fields with fertilizer and chemicals.

Spraying is supposed to cost $200 (that's what the tooltip tells you) but actually costs $275. That's 37.5% more!

There is a way to buy them in advance for $200 but it involves a lot of (in my opinion) unfun micromanagement and clicking.

That's why I wrote a patcher for the game (v1.0 and v1.3, #DOS) that brings the price down to $200.

You can get it here: https://gofile.io/d/FdBmu6

#SimFarm apparently a crop editor that you could order separately from Leaping Lizard Software (probably for #DOS?)

I found out about it from a usenet post (https://groups.google.com/g/comp.sys.mac.games/c/lV5lrFs0EUw, 1995) asking if the editor was also for Mac. The writer learned about it from an ad in the SimFarm Almanac book (a "strategy guide" although one review called it shallow and more of an extended tutorial)

Unfortunately both book and program are nowhere to be found but I'd love to get my hands on either of them.