15-04-202117-04-2021

Security daily (16-04-2021)

FIN7 'technical guru' sentenced to 10 years in prison

A U.S. federal judge on Friday sentenced Fedir Hladyr to 10 years in prison for his alleged role as an administrator of the multibillion-dollar cybercrime group known as FIN7, which has breached hundreds of U.S. firms. The 10-year sentence includes three years Hladyr has already spent in detention since his arrest, and $2.5 million in restitution to be distributed to victims. FIN7 is one of the most formidable cybercriminal groups of the last decade, allegedly siphoning off millions of credit card numbers from restaurant and hospitality chains in 47 U.S. states. And Hladyr, a Ukrainian in his mid-30s, is allegedly a big reason that FIN7 operated like a well-oiled multinational corporation. Hladyr allegedly controlled an instant messaging service that the crime group used to upload stolen payment card data and screenshots from hacked financial firms. He also allegedly organized FIN7’s work through a project-tracking software that managed thousands of stolen usernames […] The post FIN7 'technical guru' sentenced to 10 years in prison appeared first on CyberScoop. (CyberScoop)

Codecov dev tool hit in another supply chain hack

There’s another supply chain hack on the block. Starting in January, attackers began altering Codecov’s Bash Uploader script and accessing Codecov customers’ information, the firm announced Thursday. Codecov, a platform that provides customers with reviews of code, found out about the unauthorized access and meddling on April 1. Bash Uploader is a tool that customers use to share code reports with Codecov. The incident could impact Codecov customers’ credentials, tokens or keys passed through users’ continuous integration environments, as well as any services or datastores that could be accessed with those credentials or keys, the firm said in a blog. The incident may also have impacted the Codecov-actions uploader for Github, the Codecov CircleCl Orb and the Codecov Bitrise Step, the firm warned. Codecov customers include Atlassian, Mozilla, Sweetgreen, Tile and The Washington Post, according to Codecov’s website. Codecov has 29,000 customers in all, Codecov said. Codecov is just the […] The post Codecov dev tool hit in another supply chain hack appeared first on CyberScoop. (CyberScoop)

How (and why) cyber specialists hacked a North American utility's smart meter

The hackers behind some of the most impactful intrusions of industrial organizations in the last five years have meticulously searched for ways to move from facilities’ IT networks to the more sensitive computers that interact with machinery.  Before alleged Russian hackers cut power in Ukraine in 2015, for example, they spent many months mapping out utility computer networks and gathering grid workers’ credentials. And the hackers that triggered the 2017 shutdown of a Saudi petrochemical plant with the so-called Triton malware are known for using dozens of different tools to maintain access to IT and industrial networks. As state-sponsored hackers continue to probe U.S. infrastructure, cybersecurity experts regularly emulate those landmark attacks today to break into their clients’ networks in order to protect them. The latest example comes from Mandiant, FireEye’s incident response unit, which this week publicized the techniques it used to infiltrate a North American utility’s industrial control systems […] The post How (and why) cyber specialists hacked a North American utility's smart meter appeared first on CyberScoop. (CyberScoop)

A push for cybersecurity philanthropic giving launches

Over nearly a decade, cybersecurity-related philanthropic giving has constituted a fraction of one percent of the billions of dollars devoted to peace and security causes. An open letter Friday signed by trade associations, non-profits, charitable foundations, think tanks and well-known cybersecurity professionals aims to change that trend as part of what could be a series of future steps. “We believe that private philanthropy is ideally suited to support the development of an emerging field of theorists and practitioners across cybersecurity domains,” reads the letter. “Anyone who cares about national security, innovation, economic development, personal privacy, or civil liberties should care about cybersecurity. Private philanthropy is a critical missing piece to meet this urgent need.” The William and Flora Hewlett Foundation, Craig Newmark Philanthropies, and Gula Tech Foundation led the effort to organize the letter, signed by 30 different organizations and individuals. They include former White House cyber coordinator and current […] The post A push for cybersecurity philanthropic giving launches appeared first on CyberScoop. (CyberScoop)

S3 Ep28.5: Hacking back – is attack an acceptable form of defence? [Podcast]

Listen now - and have your say on this divisive issue in our comments! (Naked Security)

Master Python, Django, Git & GitHub with This Bundle

If you're looking to get started with your training in web development, a natural starting point is learning to code with Python and then saving and sharing your work on Git and GitHub. These are standard tools of the industry, and mastering them will put you one big step closer to succeeding in the professional sphere.

The Learn Python & Django Developer Bundle is a highly-rated teaching tool that can train you in Python, Django, Git, GitHub, and more; and it's currently on sale for $29.99, a discount of 98%. You can get an even bigger discount with our Mother's Day coupon code below... more (Null Byte « WonderHowTo)

Clear the Logs & Bash History on Hacked Linux Systems to Cover Your Tracks & Remain Undetected

As a hacker, the final stage of exploitation is covering their tracks, which involves wiping all activity and logs so that they can avoid being detected. It's especially crucial for persistence if the target will be accessed again in the future by the attacker.

To show you the basics of covering your tracks, we'll compromise a target first, then explore some techniques used to delete Bash history, clear logs, and remain hidden after exploiting a Linux system. You can check out our Cyber Weapons Lab video below that outlines my guide or skip below to get right to the written steps.

Video:... more (Null Byte « WonderHowTo)

Swinburne University Confirms Over 5,000 Individuals Affected In Data Breach

(News ≈ Packet Storm)

Bitcoin Tumbles After Turkey Bans Crypto Payments Citing Risks

(News ≈ Packet Storm)

US Government Strikes Back At Kremlin For SolarWinds Hack Campaign

(News ≈ Packet Storm)

Facebook Faces Mass Legal Action Over Data Leak

(News ≈ Packet Storm)

Flaw Allows Attackers To Brick Kubernetes Clusters

(News ≈ Packet Storm)

Google Project Zero Cuts Bug Disclosure Timeline To A 30-Day Grace Period

(News ≈ Packet Storm)

Severe Bugs Reported in EtherNet/IP Stack for Industrial Systems

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday issued an advisory warning of multiple vulnerabilities in the OpENer EtherNet/IP stack that could expose industrial systems to denial-of-service (DoS) attacks, data leaks, and remote code execution. All OpENer commits and versions prior to February 10, 2021, are affected, although there are no known public exploits that (The Hacker News)

BazarLoader Malware Abuses Slack, BaseCamp Clouds

Two cyberattack campaigns are making the rounds using unique social-engineering techniques. (Threatpost)

iOS Kids Game Morphs into Underground Crypto Casino

A malicious ‘Jungle Run’ app tricked security protections to make it into the Apple App Store, scamming users out of money with a casino-like functionality. (Threatpost)

NSA: 5 Security Bugs Under Active Nation-State Cyberattack

Widely deployed platforms from Citrix, Fortinet, Pulse Secure, Synacor and VMware are all in the crosshairs of APT29, bent on stealing credentials and more. (Threatpost)

Mandiant Front Lines: How to Tackle Exchange Exploits

Matt Bromiley, senior principal consultant with Mandiant, offers checklists for how small- and medium-sized businesses (SMBs) can identify and clear ProxyLogon Microsoft Exchange infections. (Threatpost)

Google Project Zero Cuts Bug Disclosure Timeline to a 30-Day Grace Period

The zero-day flaw research group has revised its disclosure of the technical details of vulnerabilities in the hopes of speeding up the release and adoption of fixes. (Threatpost)

15-04-202117-04-2021

/security-daily/ 17-04-2021 23:44:23