Security daily (05-10-2020)

John McAfee arrested in Spain, charged with tax evasion

The Justice Department unsealed an indictment Monday against cybersecurity pioneer John McAfee following his arrest in Spain. McAfee stands accused of evading taxes, in part by using cryptocurrency. McAfee founded the antivirus firm that bears his name, but has spent at least a decade in frequent brushes with the law, and not just in the United States. The indictment, dated from June, does not allege that McAfee received any money from, or otherwise had any connection to his former company during the period he allegedly failed to pay taxes, from 2014 to 2018. McAfee left the security firm more than 20 years ago. The indictment states that his millions of dollars in income during the four-year stretch came from promotion of cryptocurrencies, consulting work, speaking engagements and the rights to his story for a documentary. McAfee, the indictment alleges, routed his income into cryptocurrency exchange accounts and bank accounts of others, and sought to conceal assets, including […] The post John McAfee arrested in Spain, charged with tax evasion appeared first on CyberScoop. (CyberScoop)

Rare case of UEFI hacking hit targets interested in North Korea, Kaspersky says

Spies have long coveted the ability to compromise a computer’s booting process and, with it, the means of controlling just about every part of the machine. The booting process — how a computer powers on — offers access to the machine’s operating system and all of the accompanying sensitive data. The crucial computing code that manages that booting process, known as UEFI firmware, represents a valuable target for hackers, though also one that remains difficult to infiltrate. Researchers from security company Kaspersky on Monday revealed what they described as the second case of malicious UEFI firmware found in use in the wild. Security specialists found UEFI implants that appeared to be part of a larger hacking operation carried out by Chinese-speaking operatives against diplomatic organizations and non-governmental organizations in Africa, Asia and Europe. It’s an apparent case of cyber-espionage that took place from 2017 to 2019, with the evident aim of gathering information related to North Korea. All of the hackers’ targets did work […] The post Rare case of UEFI hacking hit targets interested in North Korea, Kaspersky says appeared first on CyberScoop. (CyberScoop)

Foreign spies use front companies to disguise their hacking, borrowing an old camouflage tactic

Professional hackers who already try to hide their activity through an array of technical means now seem to be trying on more corporate disguises, by creating front companies or working as government contractors to boost their legitimacy. U.S. law enforcement in September accused hackers based in Iran and China of conducting global espionage operations while appearing to exist as otherwise innocuous technology firms. While the public nature of the charges are proof the efforts weren’t entirely successful, the tactic marks an evolution of the use of dummy corporations since a group of financial scammers stole a reported $1 billion by posing as a cybersecurity testing firm. “It just makes it harder to figure out who’s doing what, and what are their motivations,” John Demers, the U.S. assistant attorney general for national security, said of the apparent motivation in a recent interview. “For a company that’s suffered a breach, it may […] The post Foreign spies use front companies to disguise their hacking, borrowing an old camouflage tactic appeared first on CyberScoop. (CyberScoop)

US arrests suspected hackers accused of video game piracy

The alleged leaders of an international video game piracy group apparently didn’t do enough to protect their scheme from the prying eyes of the feds. The Department of Justice says two men have been arrested on felony charges of helping run Team Xecuter, which sold modification kits and other tools that allowed users of the Nintendo Switch and other gaming devices to play pirated versions of games. The federal indictment charges Canadian national Gary Bowser, French national Max Louarn and Chinese national Yuanning Chen with 11 counts of wire fraud, conspiracy to commit wire fraud and money laundering in connection with Team Xecuter. The indictment does not link the three men to any other hacking groups. In many ways, though, the Justice Department’s approach to charging them mirrors other recent efforts to accuse and apprehend foreigners in cybercrime cases involving financial fraud or cyber-espionage. Team Xecuter, which claims to have been […] The post US arrests suspected hackers accused of video game piracy appeared first on CyberScoop. (CyberScoop)

Naked Security Live – Stay on top of phishing scams

Naked Security Live - here's the recorded version of our latest video. Enjoy. (Naked Security)

If you connect it, protect it

Last week, we said that "Friends don't let friends get scammed." They don't let themselves get scammed, either! (Naked Security)

Zoom Tries To Make Good On Security, Privacy Promises

(News ≈ Packet Storm)

Could Someone Hack My Microchip Implant?

(News ≈ Packet Storm)

The Volunteer Hackers Protecting The US Election

(News ≈ Packet Storm)

Grindr Accounts Could Be Easily Hacked With Email Address

(News ≈ Packet Storm)

Four npm Packages Found Uploading User Details On A GitHub Page

(News ≈ Packet Storm)

Secure Your SaaS Apps With Security Posture Management Platform

As security professionals who have spent more than a few years in the industry, we know a good challenge when we see one. SaaS and cloud-based technologies are growing rapidly, offering organizations convenience and constant feature refreshes without the need to install and deploy software on-premises. However, even when referred to as 'a game-changer,' many organizations are still highly (The Hacker News)

Post Grid WordPress Plugin Flaws Allow Site Takeovers

Team Showcase, a sister plugin, is also vulnerable to the XSS and PHP object-injection bugs -- together they have 66,000 installs. (Threatpost)

Black-T Malware Emerges From Cryptojacker Group TeamTNT

The cryptojacking malware variant builds on the TeamTNT group’s typical approach, with a few new — and sophisticated — extras. (Threatpost)

Malware Families Turn to Legit Pastebin-Like Service

AgentTesla, LimeRAT, W3Cryptolocker and Redline Stealer are now using Paste.nrecom in spear-phishing attacks. (Threatpost)


/security-daily/ 06-10-2020 23:44:24