Security daily (07-06-2021)

Insurer Chubb paid $65,000 to help a city unlock ransomware in 2018. A second hack was more expensive.

A city in California didn’t disclose a ransomware payment for more than two years after its insurer covered the cost, the city manager acknowledged amid yet another ransomware attack on the municipality. In 2018, officials in Azusa, Calif. paid $65,000 through its insurer Chubb to free up its most vital system and used a free decryption key to unlock the others, City Manager Sergio Gonzalez said. The hackers took control of the city’s police dispatch system for more than a week in the fall that year, he said. State-by-state data breach notification laws have different triggers for when hacking victims must report publicly on what happened. “We did not make a public statement and did not have to file anything legally because we could confirm that no data was migrated out” of police servers, Gonzalez said, according to local new accounts. In an interview with CyberScoop, Gonzalez said the city […] The post Insurer Chubb paid $65,000 to help a city unlock ransomware in 2018. A second hack was more expensive. appeared first on CyberScoop. (CyberScoop)

MoviePass settles with the FTC over exposing private information, misleading consumers

Defunct subscription service MoviePass won’t have to pay users for exposing their personal information, or for quietly blocking them from using the movie ticket service’s “one ticket per day” feature. The now-bankrupt company settled with the Federal Trade Commission Tuesday over allegations that it failed to secure users’ personal information and misled them about the company’s subscription offerings, the agency announced. The subscription service, which launched in 2011, once attracted more than 3 million paid subscribers for its unrivaled service of offering unlimited movie theater passes for initially just $9.99 a month. The business model turned out to be unsustainable, with the company turning to increased prices and eventually bankruptcy in January 2020 after struggling to retain subscribers. Failure to secure a server of users’ private information led to the exposure of tens of thousands of names, birthdates, customer card numbers and credit card numbers between at least May and […] The post MoviePass settles with the FTC over exposing private information, misleading consumers appeared first on CyberScoop. (CyberScoop)

DOJ seizes $2.3 million in cryptocurrency payments from Colonial Pipeline ransomware attack

The Justice Department announced Monday that it had retrieved $2.3 million in cryptocurrency payments Colonial Pipeline made in the DarkSide ransomware attack. In May, Colonial — which delivers an estimated 45% of fuel consumed on the East Coast — paid its attackers $4.4 million worth of cryptocurrency in an incident that propelled ransomware into visibility it didn’t previously have in the U.S. On Monday, pursuant to a seizure warrant issued by the United States District Court for the Northern District of California, the department got some of that payment back, DOJ officials said at a news conference. “The sophisticated use of technology to hold businesses and even whole cities hostage for profit is a decidedly 21st century challenge — but the old adage ‘follow the money’ still applies,” Deputy Attorney General Lisa Monaco said. “Today we turned the tables on DarkSide.” It’s not the first time DOJ has seized cryptocurrency […] The post DOJ seizes $2.3 million in cryptocurrency payments from Colonial Pipeline ransomware attack appeared first on CyberScoop. (CyberScoop)

US Cyber Command, CISA warn of hackers exploiting critical VMware flaw

Hackers have been leveraging a critical flaw in the software that Silicon Valley vendor VMware uses to manage virtual machines in large data centers, U.S. Cyber Command warned on Saturday. The flaw allows an attacker to execute code remotely and potentially infiltrate sensitive computing environments that run on VMware’s widely used server management software. Security fixes have been available since May 25, but the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency and Cyber Command, a U.S. military unit, urged users to update their software after researchers discovered at least one public exploit for the vulnerability. “Please patch immediately!” the command tweeted on Saturday. VMware itself issued an urgent advisory telling clients to apply the patch on May 25. As corporations and government agencies increasingly use cloud computing to consolidate data, the value of flaws in code built by VMware and other vendors has only grown. Bad Packets, a […] The post US Cyber Command, CISA warn of hackers exploiting critical VMware flaw appeared first on CyberScoop. (CyberScoop)

Latvian woman charged with writing malware for the Trickbot Group

Looking for contract programming work? You might be surprised at what's on offer out there. (Naked Security)

REvil Ransomware Gang Spill Details On US Attacks

(News ≈ Packet Storm)

WhatsApp Hijack Scam Continues To Spread

(News ≈ Packet Storm)

Apple Updates AirTags After Stalking Fears

(News ≈ Packet Storm)

Patch Now: Attackers Are Hunting For This Critical VMware vCenter Flaw

(News ≈ Packet Storm)

Hacker Lexicon: What Is A Supply Chain Attack?

(News ≈ Packet Storm)

Researchers Discover First Known Malware Targeting Windows Containers

Security researchers have discovered the first known malware, dubbed "Siloscope," targeting Windows Server containers to infect Kubernetes clusters in cloud environments. "Siloscape is heavily obfuscated malware targeting Kubernetes clusters through Windows containers," said Unit 42 researcher Daniel Prizmant. "Its main purpose is to open a backdoor into poorly configured Kubernetes clusters in (The Hacker News)

Hackers Breached Colonial Pipeline Using Compromised VPN Password

The ransomware cartel that masterminded the Colonial Pipeline attack early last month crippled the pipeline operator's network using a compromised virtual private network (VPN) account password, the latest investigation into the incident has revealed. The development, which was reported by Bloomberg on Friday, involved gaining an initial foothold into the networks as early as April 29 through (The Hacker News)

Latvian Woman Charged for Her Role in Creating Trickbot Banking Malware

The U.S. Department of Justice (DoJ) on Friday charged a Latvian woman for her alleged role as a programmer in a cybercrime gang that helped develop TrickBot malware. The woman in question, Alla Witte, aka Max, 55, who resided in Paramaribo, Suriname, was arrested in Miami, Florida on February 6. Witte has been charged with 19 counts, including conspiracy to commit computer fraud and aggravated (The Hacker News)

FBI Claws Back Millions of DarkSide’s Ransom Profits

The tables have been turned, the FBI & DOJ said after announcing the use of blockchain technology to track down the contents of DarkSide's cryptocurrency wallet. (Threatpost)

Bad Apple: App Store Rife with Fraud, Fleeceware

Malicious apps make up 2 percent of top grossing apps in Apple App Store. (Threatpost)

Novel ‘Victory’ Backdoor Spotted in Chinese APT Campaign

Researchers said the malware has been under development for at least three years. (Threatpost)


/security-daily/ 08-06-2021 23:44:23