Security daily (04-06-2021)

Latvian national charged with writing malware used by Trickbot hackers

U.S. prosecutors have charged a 55-year-old Latvian national with developing computer code used in tandem with the infamous malicious software known as TrickBot, which has defrauded countless people while infecting tens of millions of computers worldwide. The defendant, known as Alla Witte, was arraigned in a federal court in Cleveland on Friday after being arrested in Miami in February, the Justice Department said. She is accused of being part of a criminal organization that operated in Russia, Belarus, Ukraine and Suriname, and which infected the computers of hospitals, schools, public utilities and government agencies in the U.S. Witte wrote “code related to the control, deployment, and payments of ransomware,” the Justice Department said in a press release. She also allegedly provided computer code to other members of the criminal group that tracked users of the TrickBot malware. The malicious code was designed to steal banking login credentials, credit card numbers […] The post Latvian national charged with writing malware used by Trickbot hackers appeared first on CyberScoop. (CyberScoop)

Government, industry scramble to prioritize ransomware amid fallout from pipeline, JBS breaches

Three weeks ago, the U.S. Chamber of Commerce — the most powerful business lobby in the country — called on the federal government to take several steps to combat ransomware. This week, the White House’s deputy national security adviser penned a letter to industry … urging them to take several steps to combat ransomware. Those are two of the latest moves in a long dance between the feds and private sector over cybersecurity, with a tempo that has hastened considerably since the Colonial Pipeline ransomware attack. Even as both sides say the respective calls for action on ransomware in the oft-hailed “public-private partnership” are well-received, they’re redoubling their messages to each other. As the ransomware challenge looms increasingly large and has proven difficult to wrestle, two of the largest players are trying to find their footing. “While businesses need to do what they can to enhance their security, the government […] The post Government, industry scramble to prioritize ransomware amid fallout from pipeline, JBS breaches appeared first on CyberScoop. (CyberScoop)

Tokyo Olympics organizers' data swept up in Fujitsu hack: report

The organizing committee of the Tokyo Olympics is the latest victim of a breach in which hackers broke into a Japanese government contractor’s data-sharing tool, according to a Japanese media report. The breach affected some 170 people who participated in a cybersecurity drill ahead of the Olympic Games next month, Kyodo News reported. The leaked data included the names and affiliations of people from 90 organizations involved in hosting the Olympics, according to the outlet. It’s apparently the latest Japanese organization to be swept up in an incident that began with unidentified attackers accessing data-sharing software made by technology firm Fujitsu. The breach of the tool last month has reportedly given hackers access to data at multiple Japanese government ministries. Fujitsu has suspended use of the software as it investigates the breach. The Japanese government’s National Center of Incident Readiness and Strategy for Cybersecurity (NISC), which hosted the cybersecurity drill, […] The post Tokyo Olympics organizers' data swept up in Fujitsu hack: report appeared first on CyberScoop. (CyberScoop)

Hacking accusations are meant to stir conflict ahead of US summit, Russian president says

Russian President Vladimir Putin on Friday said that accusations that the Russian state is in anyway linked to a recent ransomware attack against global meat supplier JBS are “nonsense.” The FBI has blamed the attack on REvil, a group thought to be based out of Russia. U.S. officials have not tied the attack to the Russian government. That breach came after an unrelated incident against Colonial Pipeline, a major U.S. fuel supplier, in which the FBI blamed another alleged Russia-based gang, DarkSide. “I have heard about some meat processing company, it’s nonsense, we understand it’s just laughable. A pipeline? It’s nonsense, too,” Putin told a Russian news station. U.S. President Joe Biden emphasized in May that U.S. intelligence officials do not believe the Russian government was involved in the Colonial Pipeline hack. “We do not believe — emphasis on we do not believe — the Russian government was involved in […] The post Hacking accusations are meant to stir conflict ahead of US summit, Russian president says appeared first on CyberScoop. (CyberScoop)

SIM swapping victim alleges T-Mobile failed to stop $20,000 cryptocurrency scam

A Pennsylvania woman who lost the equivalent of $20,000 in cryptocurrency as part of a mobile fraud scheme says T-Mobile failed to protect her account in the face of a wave of similar incidents. Sima Kesler, in a complaint filed Wednesday in Pennsylvania Eastern District Court, alleges she was the victim of a May 2020 SIM swapping scheme, in which scammers convince a phone carrier to give them control of an individual user’s account. With control of a victim’s phone information, thieves can receive text messages and access unrelated accounts tied to the victim’s mobile number. In this case, Kesler says she stored roughly $20,000 in a Coinbase account connected to her T-Mobile subscription. Unknown fraudsters had tricked T-Mobile customer service personnel into handing over access to Kesler’s account, which they then used to deplete her Coinbase of virtually all cryptocurrency, according to the complaint. Kesler’s complaint alleges that she […] The post SIM swapping victim alleges T-Mobile failed to stop $20,000 cryptocurrency scam appeared first on CyberScoop. (CyberScoop)

How to hack into 5500 accounts… just using “credential stuffing”

Passwords - don't just pay them lip service. (Naked Security)

Chrome 91 Will Warn Users When Installing Untrusted Extensions

(News ≈ Packet Storm)

Supreme Court Narrows Interpretation Of CFAA, To The Relief Of Ethical Hackers

(News ≈ Packet Storm)

Google PPC Ads Used To Deliver Infostealers

(News ≈ Packet Storm)

FBI Says It Is Investigating About 100 Types Of Ransomware

(News ≈ Packet Storm)

WordPress Redirect Hack via Test0.com/Default7.com

Malicious redirect is a type of hack where website visitors are automatically redirected to some third-party website: usually it’s some malicious resource, scam site or a commercial site that buys traffic from cyber criminals (e.g. counterfeit drugs or replica merchandise). Types of Malicious Redirects There are two major types of malicious redirects: server-side redirects and client-side redirects. Server-side redirects take place before a visitor even loads a page. The most common techniques used by server-side redirect hacks are “rewrite” rules in Apache .htaccess files or PHP code injected into legitimate files. Continue reading WordPress Redirect Hack via Test0.com/Default7.com at Sucuri Blog. (Sucuri Blog)

10 Critical Flaws Found in CODESYS Industrial Automation Software

Cybersecurity researchers on Thursday disclosed as many as ten critical vulnerabilities impacting CODESYS automation software that could be exploited to remote code execution on programmable logic controllers (PLCs). "To exploit the vulnerabilities, an attacker does not need a username or password; having network access to the industrial controller is enough," researchers from Positive (The Hacker News)

Google Chrome to Help Users Identify Untrusted Extensions Before Installation

Google on Thursday said it's rolling out new security features to Chrome browser aimed at detecting suspicious downloads and extensions via its Enhanced Safe Browsing feature, which it launched a year ago. To this end, the search giant said it will now offer additional protections when users attempt to install a new extension from the Chrome Web Store, notifying if it can be considered "trusted. (The Hacker News)

Experts Uncover Yet Another Chinese Spying Campaign Aimed at Southeast Asia

An ongoing cyber-espionage operation with suspected ties to China has been found targeting a Southeast Asian government to deploy spyware on Windows systems while staying under the radar for more than three years. "In this campaign, the attackers utilized the set of Microsoft Office exploits and loaders with anti-analysis and anti-debugging techniques to install a previously unknown backdoor on (The Hacker News)

Cyberattack Suspected in Cox TV and Radio Outages

Cox Media Group tv, radio station streams affected by a reported ransomware attack. (Threatpost)

Supreme Court Limits Scope of Controversial Hacking Law

Judges rule that Georgia police officer did not violate CFAA when he accessed law-enforcement data in exchange for bribe money, a ruling that takes heat off ethical hackers. (Threatpost)

REvil Ransomware Gang Spill Details on US Attacks

The REvil ransomware gang is interviewed on the Telegram channel called Russian OSINT. (Threatpost)


/security-daily/ 05-06-2021 23:44:22