Security daily (01-06-2021)

Cybercrime forum advertises alleged database, source code from Russian firm that helped Parler

A seller on a popular cybercrime forum appears to be offering up source code and a database they say belongs to DDoS-Guard, the Russia-based hosting site that helped right-leaning social media company Parler get back online after Amazon Web Services banished it. Parler billed itself as an alternative to Twitter after that social media firm cracked down on alt-right misinformation and disinformation, but found itself shunned by AWS and others after complaints about its safeguards against hate speech and calls for violence after the the Jan. 6 insurrection. Security vendor Group-IB, which noticed the listing, said that while DDoS-Guard offers hosting services and protection against distributed denial-of-service attacks, it also has been labeled a “bulletproof hosting” provider — one that’s lenient toward cybercriminals and other shady operators. The seller listed the DDoS-Guard database and source code for $350,000 on exploit.in, a long-running forum used mainly by Russian-speaking scammers that birthed […] The post Cybercrime forum advertises alleged database, source code from Russian firm that helped Parler appeared first on CyberScoop. (CyberScoop)

Ex-US ambassador, anti-corruption activists in Ukraine were targets of suspected Russian phishing

An ex-U.S. ambassador to Russia, anti-corruption activists in Ukraine and election observers in other parts of Eastern Europe were among the apparent targets of a suspected Russian state-sponsored hacking effort, according to data linked to the spying operation that a researcher shared with CyberScoop. The list offers classic examples of organizations that Russian spies might want to infiltrate, including those working to expose graft, combat disinformation and promote secure elections. It also points to the persistent threats that small nonprofits face from well-resourced hackers, as well as the long-running alleged Russian efforts to undermine democratic institutions. Microsoft on May 27 said hackers had used a breached account belonging to the U.S. Agency for International Development, a U.S. government agency, to send phishing emails to some 3,000 email accounts at 150 organizations in 24 countries (U.S. officials estimated an even broader set of targets: 7,000 accounts and 350 organizations.) Microsoft blamed […] The post Ex-US ambassador, anti-corruption activists in Ukraine were targets of suspected Russian phishing appeared first on CyberScoop. (CyberScoop)

Global beef provider JBS interrupted by 'organized' attack

Production at a number of meat packaging facilities in Australia, Canada and the U.S. were disrupted Tuesday as JBS, the world’s largest meat supplier, contended with a digital security incident. Brazil-based JBS, which employs more than 230,000 people globally, said Sunday it had been the target of an “organized cybersecurity attack” that apparently targeted the firm’s IT systems in North America and Australia. The company is the largest meat and food processing firm in Australia, with 47 facilities there as well as offices in Canada and Colorado. The specific nature of the security incident remains unclear. The hack, though, comes just three weeks after hackers infected another commodities provider, Colonial Pipeline, with ransomware, which halted fuel deliveries in the southern U.S. for multiple days. The White House has been in contact with JBS since Sunday, and has offered assistance to the company, principal deputy press secretary Karine Jean-Pierre told reporters […] The post Global beef provider JBS interrupted by 'organized' attack appeared first on CyberScoop. (CyberScoop)

“Have I Been Pwned” breach site partners with… the FBI!

If your password gets stolen as part of a data breach, you'll probably be told. But what if your password gets pwned some other way? (Naked Security)

Global Meat Processor JBS Hit By Cyberattack

(News ≈ Packet Storm)

$83 Million Intercepted In Asian Cybercrime Takedown

(News ≈ Packet Storm)

This Android Trojan Malware Uses Fake Apps To Infect Smartphones, Steal Bank Details

(News ≈ Packet Storm)

The SolarWinds Hackers Aren't Back - They Never Went Away

(News ≈ Packet Storm)

Malware Can Use This Trick to Bypass Ransomware Defense in Antivirus Solutions

Researchers have disclosed significant security weaknesses in popular software applications that could be abused to deactivate their protections and take control of allow-listed applications to perform nefarious operations on behalf of the malware to defeat anti-ransomware defenses. The twin attacks, detailed by academics from the University of Luxembourg and the University of London, are aimed (The Hacker News)

Report: Danish Secret Service Helped NSA Spy On European Politicians

The U.S. National Security Agency (NSA) used a partnership with Denmark's foreign and military intelligence service to eavesdrop on top politicians and high-ranking officials in Germany, Sweden, Norway, and France by tapping into Danish underwater internet cables between 2012 and 2014. Details of the covert wiretapping were broken by Copenhagen-based public broadcaster DR over the weekend based (The Hacker News)

SolarWinds Hackers Target Think Tanks With New 'NativeZone' Backdoor

Microsoft on Thursday disclosed that the threat actor behind the SolarWinds supply chain hack returned to the threat landscape to target government agencies, think tanks, consultants, and non-governmental organizations located across 24 countries, including the U.S. Some of the entities that were singled out include the U.S. Atlantic Council, the Organization for Security and Co-operation in (The Hacker News)

Cyber-Insurance Fuels Ransomware Payment Surge

Companies relying on their cyber-insurance policies to pay off ransomware criminals are being blamed for a recent uptick in ransomware attacks. (Threatpost)

Where Bug Bounty Programs Fall Flat

Some criminals package exploits into bundles to sell on cybercriminal forums years after they were zero days, while others say bounties aren't enough . (Threatpost)

How Mobile Ad Fraud has Evolved in the Year of the Pandemic

Mobile ad fraud has always been a challenge for network operators in all parts of the globe, but the pandemic has made users more vulnerable than ever before due to the sheer amount of time they now spend with their devices. (Threatpost)

Cyberattack Forces Meat Producer to Shut Down Operations in U.S., Australia

Global food distributor JBS Foods suffered an unspecified incident over the weekend that disrupted several servers supporting IT systems and could affect the supply chain for some time. (Threatpost)


/security-daily/ 02-06-2021 23:44:23