Security daily (11-06-2021)

Burgeoning ransomware gang Avaddon appears to shut down, mysteriously

A ransomware gang has apparently disappeared just as its fortunes were rising. Ransomware experts said Avaddon shut down as of Friday. The operators left no explanation for why they might have done so, and they’re letting their remaining victims off the hook. Avaddon sent Bleeping Computer 2,934 decryption keys, after which the security firm Emsisoft produced a free, public decryption tool. After last month’s ransomware attack on Colonial Pipeline caused disruptions in the U.S. on fuel delivery, Avaddon became one of the most prolific posters of victim data to its extortion site, compared to other such groups. “This is great news,” tweeted Allan Liska, a Recorded Future analyst specializing in ransomware. “Avaddon was considered a second tier ransomware operator, but since the Colonial Pipeline attack they have been tied with Conti in terms of number of victims posted to their extortion site.” But with success has come attention. The FBI […] The post Burgeoning ransomware gang Avaddon appears to shut down, mysteriously appeared first on CyberScoop. (CyberScoop)

Hackers reportedly used EA Games' Slack to breach network, access source code

Hackers who reportedly stole valuable source code from games company Electronic Arts did so by first infiltrating the company’s Slack, a representative for a group claiming credit for the attack told Motherboard. For just $10, the hackers purchased a cookie that allowed them to infiltrate the $5 billion company’s Slack. They then posed as an employee to convince at IT administrator to grant them authentification to get into the company’s corporate network. The EA hack, first reported by Motherboard, included some game source code and related tools. No player data was accessed in the breach and the company does not expect the hack to impact its games, EA said in a statement. EA did not immediately respond to an email asking for verification of the hackers’ claims that they leveraged Slack to carry out the operation. The attack highlights the vulnerabilities created by workplace communication technologies, which have skyrocketed in […] The post Hackers reportedly used EA Games' Slack to breach network, access source code appeared first on CyberScoop. (CyberScoop)

McDonald’s discloses hack of customer data in South Korea and Taiwan

Hackers recently breached the IT systems of McDonald’s and accessed email addresses, phone numbers and delivery addresses for certain customers in South Korea and Taiwan, the fast food giant said Friday. “In the coming days, a few additional markets will take steps to address files that contained employee personal data,” McDonald’s said in an emailed statement. The burger chain said it quickly identified and contained the breach, which involved a “small number of files.” No customer payment information was affected, according to McDonald’s. The breach also involved business contact information of U.S. employees and franchisees, the Wall Street Journal reported. In some cases, the intruders also accessed data about restaurant seating capacity and the square footage of play areas, the Journal reported. It was unclear who was responsible for the hack. A McDonald’s spokesperson did not respond to an emailed question on who the culprit might be. McDonald’s, which reported […] The post McDonald’s discloses hack of customer data in South Korea and Taiwan appeared first on CyberScoop. (CyberScoop)

ALPACA – the wacky TLS security vulnerability with a funky name

Don't panic - this isn't another Heartbleed. But it's a fascinating reminder of why doing things the easy way isn't always the best way. (Naked Security)

How Hackers Used Slack To Break Into EA Games

(News ≈ Packet Storm)

STEM Audio Table Rife With Business Threatening Bugs

(News ≈ Packet Storm)

McDonald's Operations In South Korea And Taiwan Hit By Data Breach

(News ≈ Packet Storm)

US Retailer Carter Leaks PII With URL Shortener

(News ≈ Packet Storm)

Password Attacks 101

According to the 2020 Data Breaches report by Verizon, 25% of all breaches involved the use of stolen credentials. And for small businesses, that number hit 30%. Brute force attacks have a similar share, accounting for 18% of all breaches, and 34% of those for small businesses. Why are password attacks like brute forcing so effective? And how exactly do they work? Let’s take a look at three kinds of password attacks that present a real threat to sites and businesses of all sizes. Continue reading Password Attacks 101 at Sucuri Blog. (Sucuri Blog)

Mozilla Says Google's New Ad Tech—FLoC—Doesn't Protect User Privacy

Google's upcoming plans to replace third-party cookies with a less invasive ad targeted mechanism have a number of issues that could defeat its privacy objectives and allow for significant linkability of user behavior, possibly even identifying individual users. "FLoC is premised on a compelling idea: enable ad targeting without exposing users to risk," said Eric Rescorla, author of TLS standard (The Hacker News)

Hackers Can Exploit Samsung Pre-Installed Apps to Spy On Users

Multiple critical security flaws have been disclosed in Samsung's pre-installed Android apps, which, if successfully exploited, could have allowed adversaries access to personal data without users' consent and take control of the devices.  "The impact of these bugs could have allowed an attacker to access and edit the victim's contacts, calls, SMS/MMS, install arbitrary apps with device (The Hacker News)

Live Cybersecurity Webinar — Deconstructing Cobalt Strike

Organizations' cybersecurity capabilities have improved over the past decade, mostly out of necessity. As their defenses get better, so do the methods, tactics, and techniques malicious actors devise to penetrate their environments. Instead of the standard virus or trojan, attackers today will deploy a variety of tools and methods to infiltrate an organization’s environment and attack it from (The Hacker News)

7-Year-Old Polkit Flaw Lets Unprivileged Linux Users Gain Root Access

A seven-year-old privilege escalation vulnerability discovered in the polkit system service could be exploited by a malicious unprivileged local attacker to bypass authorization and escalate permissions to the root user. Tracked as CVE-2021-3560 (CVSS score: 7.8), the flaw affects polkit versions between 0.113 and 0.118 and was discovered by GitHub security researcher Kevin Backhouse, who said (The Hacker News)

New Cyber Espionage Group Targeting Ministries of Foreign Affairs

Cybersecurity researchers on Thursday took the wraps off a new cyberespionage group that has been behind a series of targeted attacks against diplomatic entities and telecommunication companies in Africa and the Middle East since at least 2017. Dubbed "BackdoorDiplomacy," the campaign involves targeting weak points in internet-exposed devices such as web servers to perform a panoply of cyber (The Hacker News)

U.S. Authorities Shut Down Slilpp—Largest Marketplace for Stolen Logins

The U.S. Department of Justice (DoJ) Thursday said it disrupted and took down the infrastructure of an underground marketplace known as "Slilpp" that specialized in trading stolen login credentials as part of an international law enforcement operation. Over a dozen individuals have been charged or arrested in connection with the illegal marketplace. The cyber crackdown, which involved the joint (The Hacker News)

Unpatched Bugs Found Lurking in Provisioning Platform Used with Cisco UC

A trio of security flaws open the door to remote-code execution and a malware tsunami. (Threatpost)

Baby Clothes Giant Carter’s Leaks 410K Customer Records

Purchase automation software delivered shortened URLs without protections. (Threatpost)

REvil Hits US Nuclear Weapons Contractor: Report

"We hereby keep a right (sic) to forward all of the relevant documentation and data to military agencies of our choise (sic)" REvil reportedly wrote. (Threatpost)

Cyberpunk 2077 Hacked Data Circulating Online

CD Projekt Red confirmed that employee and game-related data appears to be floating around the cyber-underground, four months after a hack on the Witcher and Cyberpunk 2077 developer. (Threatpost)

Monumental Supply-Chain Attack on Airlines Traced to State Actor

Airlines are warned to scour networks for traces of the campaign, likely the work of APT41, lurking in networks. (Threatpost)

Police Grab Slilpp, Biggest Stolen-Logins Market

There were more than 80 million login credentials for sale, used to inflict over $200 million in losses in the U.S. alone. (Threatpost)

Hackers Steal FIFA 21 Source Code, Tools in EA Breach

Raft of other proprietary game data and related software and developer kits also pilfered in the unspecified attack, which the company is investigating. (Threatpost)


/security-daily/ 12-06-2021 23:44:23