14-01-202116-01-2021

Security daily (15-01-2021)

Joker's Stash, a forum for stolen data, says it will shut down within 30 days

An administrator of a notorious forum for stolen payment data and illicitly obtained personal information says they will shutter the site in 30 days.  The Joker’s Stash — an online hub where millions of credit card numbers from restaurants and supermarket chains, among others — will cease operation in the coming month, according to post Friday seen by multiple threat intelligence firms. Word of the closure comes from an administrator whom one researcher described as “credible,” and comes after a recent law enforcement action against part of the site.  The site will shut down on Feb. 15, according to the administrator who goes by the name “JokerStash.” “Joker goes on a well-deserved retirement. Joker’s Stash is closing,” the post said, according to a transcript provided to CyberScoop by Gemini Advisory, a security firm. “When we opened years ago, nobody knew us. Today we are one of the largest cards/dumps marketplace[s].” […] The post Joker's Stash, a forum for stolen data, says it will shut down within 30 days appeared first on CyberScoop. (CyberScoop)

Rob Joyce named new NSA cybersecurity director

Rob Joyce, the National Security Agency’s special U.S. liaison officer at the U.S. Embassy in London, will replace Anne Neuberger as director in the agency’s Cybersecurity Directorate, the NSA announced Friday. The Biden transition team announced Wednesday that Neuberger will soon be joining the Biden administration as deputy national security adviser for cyber and emerging technology on the National Security Council (NSC). It was not immediately clear who would take on Joyce’s role as the NSA’s senior cryptologic representative in the U.K. Joyce has a long track record of working in cybersecurity leadership roles in the U.S. government. He previously served as senior advisor for cybersecurity strategy to the NSA director, and before that served as special assistant to the president and cybersecurity coordinator on the NSC at the White House. At the NSC Joyce was responsible for national and international cybersecurity strategy and policy for the government. His expertise in cyber-operations […] The post Rob Joyce named new NSA cybersecurity director appeared first on CyberScoop. (CyberScoop)

Signal endures 'technical difficulties' amid new popularity

2021 has so far been a chaotic year, and now Signal is bearing the brunt of it. Signal users around the world began reporting issues sending messages in the mobile application Friday morning. Some users, including the author of this article, found messages took much longer to send than normal, or received a notice that the service was “unavailable” when trying to send messages. Some users told CyberScoop they were having issues as early as Thursday. Signal acknowledged in a statement the application is having “technical difficulties”, but did not offer an explanation. “We are working hard to restore service as quickly as possible,” Signal said in a tweet. Signal did not immediately respond to requests for comment about the technical difficulties and their origin. The issues emerged days after Signal reported a sudden uptick in new users following the storming of the Capitol earlier this month. Signal was downloaded […] The post Signal endures 'technical difficulties' amid new popularity appeared first on CyberScoop. (CyberScoop)

After judge orders release of hacker tied to ISIS, US says 'Not so fast'

A convicted hacker whom a U.S. court granted compassionate release during the coronavirus pandemic may remain behind bars after all, following accusations that he committed crimes while in custody.  Since 2016, Ardit Ferizi, a Kosovan national, has been serving a 20-year prison sentence for providing details about 1,300 U.S. military and government personnel to the Islamic State terrorist group. A judge in December awarded Ferizi, who is overweight and has asthma, compassionate release, citing his vulnerability to COVID-19.  That was until the U.S. Department of Justice on Jan. 12 unsealed a federal complaint against Ferizi alleging that he had committed multiple new federal crimes while he had been in prison. The charges involve Ferizi allegedly operating a scheme with a family member — who had access to Ferizi’s old email accounts — to monetize stolen personal information, credit card numbers and other data.  Ferizi was being held in the Federal […] The post After judge orders release of hacker tied to ISIS, US says 'Not so fast' appeared first on CyberScoop. (CyberScoop)

Ransomware Now To Blame For Half Of Healthcare Data Breaches

(News ≈ Packet Storm)

High Severity Cisco Flaw Found In CMX Software For Retailers

(News ≈ Packet Storm)

Cloud Attacks Are Bypassing MFA, Feds Warn

(News ≈ Packet Storm)

After Musk Tweet, Signal And Telegram See Millions Of New Downloads

(News ≈ Packet Storm)

Tractors, Pod Ice Cream and Lipstick Awarded CES 2021 Worst in Show

Expert panel awards dubious honors to 2021 Consumer Electronics Show’s biggest flops, including security and privacy failures. (Threatpost)

Microsoft Implements Windows Zerologon Flaw ‘Enforcement Mode’

Starting Feb. 9, Microsoft will enable Domain Controller “enforcement mode” by default to address CVE-2020-1472. (Threatpost)

Apple Kills MacOS Feature Allowing Apps to Bypass Firewalls

Security researchers lambasted the controversial macOS Big Sur feature for exposing users' sensitive data. (Threatpost)

Google Boots 164 Apps from Play Marketplace for Shady Ad Practices

The tech giant removes 164 more offending Android apps after banning software showing this type of behavior from the store last year. (Threatpost)

14-01-202116-01-2021

/security-daily/ 16-01-2021 23:44:25