07-04-202109-04-2021

Security daily (08-04-2021)

US intelligence report warns of increased offensive cyber, disinformation around the world

Over the course of the next 20 years, nation-states will see a rise in targeted offensive cyber-operations and disinformation in an increasingly “volatile and confrontational” global security landscape, according to a new U.S. intelligence assessment. The U.S. intelligence community’s Global Trends report, issued on Thursday, notes many of theses offensive cyber-operations will likely target civilian and military infrastructure. Nation-states will likely increasingly favor tools that allow them to operate below the level of armed conflict in order to avoid the geopolitical and resource costs that come with violence and traditional warfare, the report adds. Countries also will leverage proxies such as hackers or military contractors to disrupt their adversaries, according to the assessment, which is issued by the National Intelligence Council, which reports to the Director of National Intelligence. “Proxies and private companies can reduce the cost of training, equipping, and retaining specialized units and provide manpower for countries with […] The post US intelligence report warns of increased offensive cyber, disinformation around the world appeared first on CyberScoop. (CyberScoop)

No honor among thieves: Scammers target stolen credit card hubs

Two online hubs for stolen credit cards found themselves on the receiving end of hack-and-leak operations last month. User data from the card store Swarmshop was posted to a different underground forum on March 17, exposing hundreds of thousands of compromised payment card records, security vendor Group-IB said in a report out Thursday. That follows news from last month that another forum, Carding Mafia, had been hacked, also exposing hundreds of thousands of user accounts. Word of the nefarious activity only is the latest drama to emerge from the cybercriminal underground. Another notorious forum, Joker’s Stash, recently shut down after attention from global law enforcement officials. In an unrelated case, a Russian man pleaded guilty in January to running an illicit hosting service meant to further fraud schemes. In the case of Swarmshop, it’s also actually the second time cybercriminals have targeted it. “While the source of the breach remains unclear, […] The post No honor among thieves: Scammers target stolen credit card hubs appeared first on CyberScoop. (CyberScoop)

Fake job listings help suspected Iranian hackers aim at targets in Lebanon

Suspected Iranian hackers have zeroed-in on a target in Lebanon, according to Check Point research published Thursday. Researchers caught attackers sending an unidentified Lebanese target documents that purported to contain details about job opportunities. If accessed in certain ways, those documents would deploy malware against victims. One such document imitated Ntiva IT, a consulting firm based in Virginia, Check Point said. In order to be infected, targets would have needed to enable macros on the documents, triggering a process that launches malware every five minutes. The hackers, which Check Point suspects belong to a hacking group known as APT34 or OilRig, have been using a new backdoor to access their targets, according to the researchers. APT34, which researchers say has been operating since 2014, is believed to frequently rely on decoy job opportunities to trap targets in their campaigns. The group used LinkedIn in 2019 to go after espionage targets […] The post Fake job listings help suspected Iranian hackers aim at targets in Lebanon appeared first on CyberScoop. (CyberScoop)

European cops collected data from encrypted chat service for weeks prior to cocaine bust

Breached encrypted messaging tools increasingly seem to provide European law enforcement agencies with a kind of roadmap to high profile drug busts.  Belgium’s Federal Police force on Monday said they had seized nearly 28 tons of cocaine with a street value of 1.4 billion euros ($1.65 billion) after officials accessed an encrypted messaging service, as CNN first reported. The activity came after police said in March they had decrypted half a billion messages sent via the Sky ECC service, and arrested 48 people. The cocaine seizure appears to be the result of that initial investigation, as officials say they spent weeks tracking messages and gathering information about cocaine shipments before intercepting packages at the port of Antwerp.  It was only the latest example of European police accessing hard-to-crack technology to collect evidence about suspected criminals, though.  Dutch police working with French officials last year broke into another messaging service, EncroChat, […] The post European cops collected data from encrypted chat service for weeks prior to cocaine bust appeared first on CyberScoop. (CyberScoop)

Italian charged with hiring “dark web hitman” to murder his ex-girlfriend

Fortunately, this suspect wasn't as anonymous as he thought... (Naked Security)

S3 Ep27: Census scammers, beg bounties and data breach fines [Podcast]

New episode - listen now! (Naked Security)

Tons Of PII Leaked Due To Swarmshop Hack

(News ≈ Packet Storm)

Attackers Blowing Up Discord, Slack With Malware

(News ≈ Packet Storm)

Should Firms Be More Worried About Firmware Cyber-Attacks?

(News ≈ Packet Storm)

Ransomware Crooks Are Targeting Vulnerable VPN Devices

(News ≈ Packet Storm)

Hackers Exploit Unpatched VPNs to Install Ransomware on Industrial Targets

Unpatched Fortinet VPN devices are being targeted in a series of attacks against industrial enterprises in Europe to deploy a new strain of ransomware called "Cring" inside corporate networks. At least one of the hacking incidents led to the temporary shutdown of a production site, said cybersecurity firm Kaspersky in a report published on Wednesday, without publicly naming the victim. The (The Hacker News)

NIST and HIPAA: Is There a Password Connection?

When dealing with user data, it's essential that we design our password policies around compliance. These policies are defined both internally and externally. While companies uphold their own password standards, outside forces like HIPAA and NIST have a heavy influence. Impacts are defined by industry and one's unique infrastructure. How do IT departments maintain compliance with NIST and HIPAA? (The Hacker News)

MITRE Madness: A Guide to Weathering the Upcoming Vendor Positioning Storm

April is usually a whirlwind month for the cybersecurity industry as it coincides with the release of the highly regarded and influential MITRE ATT&CK test results. The ATT&CK test measures cybersecurity platforms' abilities to detect and react to emulated, multistep attacks that can be used as a barometer of platform effectiveness.  This means that every cybersecurity vendor will be tripping (The Hacker News)

Adware Spreads via Fake TikTok App, Laptop Offers

Cybercriminals are encouraging users to send the "offers" via WhatsApp to their friends as well. (Threatpost)

Zero-Day Bug Impacts Problem-Plagued Cisco SOHO Routers

Cisco says it will not patch three small business router models and one VPN firewall device with critical vulnerabilities. (Threatpost)

IcedID Banking Trojan Surges: The New Emotet?

A widespread email campaign using malicious Microsoft Excel attachments and Excel 4 macros is delivering IcedID at high volumes, suggesting it's filling the Emotet void. (Threatpost)

Azure Functions Weakness Allows Privilege Escalation

Microsoft's cloud-container technology allows attackers to directly write to files, researchers said. (Threatpost)

Hackers Exploit Fortinet Flaw in Sophisticated Cring Ransomware Attacks

Industrial enterprises in Europe are target of campaign, which forced a shutdown of industrial processes in at least one of its victims’ networks, according to researchers. (Threatpost)

07-04-202109-04-2021

/security-daily/ 09-04-2021 23:44:22