Security daily (09-09-2021)

Groove ransomware gang is a motley crew of disgruntled hackers, researchers say

Another new ransomware gang is making waves with an unconventional structure, its unique pedigree and an early victim. A coalition of researchers on Thursday explained what makes Groove, a gang that quietly emerged in July with a website, different: Namely, it eschews the traditional ransomware-as-a-service hierarchy in favor of an opportunistic pledge that they’ll work with anyone as long as there’s money to be made. The researchers — from McAfee Enterprises, Intel 471 and Coveware — traced the group’s origins to a likely split with the Babuk gang, part of a trend of turmoil within extortion groups that use the ransomware-as-a-service (RaaS) model where affiliates get to use an outfit’s malware in exchange for sharing profits. For instance, a disgruntled former Conti affiliate recently leaked the group’s attack playbook. Already, there’s evidence the researchers uncovered that Groove has worked with another ransomware gang, BlackMatter, that likewise recently emerged. That group […] The post Groove ransomware gang is a motley crew of disgruntled hackers, researchers say appeared first on CyberScoop. (CyberScoop)

National cyber director declares 'too soon to say we're out of the woods,' as US enjoys dip in ransomware

After a summer marked by big ransomware attacks from suspected Russian gangs, some of those same groups went quiet. National Cyber Director Chris Inglis said Thursday that it’s too early to tell if the trend will hold. “Those attacks have fallen off. Those syndicates have to some degree deconstructed,” Inglis said at an event hosted by the Ronald Reagan Presidential Foundation and Institute. “I think it’s a fair bet they have self-deconstructed and essentially gone cold and quiet to see whether the storm will blow over and whether they can then come back.” Whether they do so will depend largely on whether Russian President Vladimir Putin takes steps to undo the “permissive” atmosphere after U.S. President Joe Biden warned him repeatedly about ransomware attacks originating from his country. “It’s too soon to say we’re out of the woods on this,” Inglis said. The FBI blamed Russian ransomware gang REvil for […] The post National cyber director declares 'too soon to say we're out of the woods,' as US enjoys dip in ransomware appeared first on CyberScoop. (CyberScoop)

Money launderer connected to North Korean government hackers, 'Hushpuppi' is sentenced to 11 years

A U.S. court sentenced a Canadian man to 11 years in prison for his role in a global hacking and money laundering scheme allegedly spearheaded by North Korean cybercriminals. Ghaleb Alaumary, a 36-year-old Ontario native, was sentenced Wednesday to 140 months in federal prison and to pay more than $30 million in restitution after pleading guilty to two counts of conspiracy to commit money laundering, the Justice Department announced. The defendant’s role involved providing bank accounts into which North Korean hackers could funnel stolen currency, and then recruiting individuals to withdraw cash from ATMs around the world. The millions of dollars came from sources including the 2019 theft of a Maltese bank, a 2018 fraud from Pakistan’s BankIslami, as well as a professional soccer team based in the U.K., according to the Justice Department. Alaumary was also reportedly connected to Ramon Abbas, a Nigerian Instagram influencer better known as “Hushpuppi” […] The post Money launderer connected to North Korean government hackers, 'Hushpuppi' is sentenced to 11 years appeared first on CyberScoop. (CyberScoop)

S3 Ep49: Poison PACs, pointless alarms and phunky bugs [Podcast]

Latest episode - listen now! (Naked Security)

Microsoft Warns of Cross-Account Takeover Bug in Azure Container Instances

Microsoft on Wednesday said it remediated a vulnerability in its Azure Container Instances (ACI) services that could have been exploited by a malicious actor "to access other customers' information" in what the researcher described as the "first cross-account container takeover in the public cloud." An attacker exploiting the weakness could execute malicious commands on other users' containers, (The Hacker News)

Russian Ransomware Group REvil Back Online After 2-Month Hiatus

The operators behind the REvil ransomware-as-a-service (RaaS) staged a surprise return after a two-month hiatus following the widely publicized attack on technology services provider Kaseya on July 4. <!--adsense--> Two of the dark web portals, including the gang's Happy Blog data leak site and its payment/negotiation site, have resurfaced online, with the most recent victim added on July 8, (The Hacker News)

Fighting the Rogue Toaster Army: Why Secure Coding in Embedded Systems is Our Defensive Edge

There are plenty of pop culture references to rogue AI and robots, and appliances turning on their human masters. It is the stuff of science fiction, fun, and fantasy, but with IoT and connected devices becoming more prevalent in our homes, we need more discussion around cybersecurity and safety. Software is all around us, and it’s very easy to forget just how much we’re relying on lines of code (The Hacker News)

Hackers Leak VPN Account Passwords From 87,000 Fortinet FortiGate Devices

Network security solutions provider Fortinet confirmed that a malicious actor had unauthorizedly disclosed VPN login names and passwords associated with 87,000 FortiGate SSL-VPN devices. "These credentials were obtained from systems that remained unpatched against CVE-2018-13379 at the time of the actor's scan. While they may have since been patched, if the passwords were not reset, they remain (The Hacker News)

Thousands of Fortinet VPN Account Credentials Leaked

They were posted for free by former Babuk gang members who’ve bickered, squabbled and huffed off to start their own darn ransomware businesses, dagnabbit. (Threatpost)

McDonald’s Email Blast Includes Password to Monopoly Game Database

Usernames, passwords for database sent in prize redemption emails. (Threatpost)

Financial Cybercrime: Why Cryptocurrency is the Perfect ‘Getaway Car’

John Hammond, security researcher with Huntress, discusses how financially motivated cybercrooks use and abuse cryptocurrency. (Threatpost)

‘Azurescape’ Kubernetes Attack Allows Cross-Container Cloud Compromise

A chain of exploits could allow a malicious Azure user to infiltrate other customers' cloud instances within Microsoft's container-as-a-service offering. (Threatpost)


/security-daily/ 10-09-2021 23:44:22