Security daily (17-02-2021)

White House warns SolarWinds breach cleanup will take time

The White House has a message for America: it’s going to take a long time to sort through the fallout from the massive espionage operation spurred on by the SolarWinds breach uncovered late last year. Deputy National Security Advisor for Cyber and Emerging Technology Anne Neuberger stressed during a White House briefing Wednesday that the way the suspected Russian hackers infiltrated a SolarWinds network management software update with malicious code has made it more difficult for federal investigators to track down the details of the compromise. “We believe it took them months to plan and execute this compromise. It will take us some time to uncover this layer by layer,” Neuberger said, estimating it will take a number of months for the U.S. government to get its hands around the issue properly. “Many of the private sector compromises are technology companies including networks of companies whose products can be used […] The post White House warns SolarWinds breach cleanup will take time appeared first on CyberScoop. (CyberScoop)

US charges alleged North Korean hackers with trying to steal $1.3 billion in cybercrime spree

Prosecutors unsealed an indictment on Wednesday charging three North Korean computer programmers with a criminal conspiracy to steal and extort $1.3 billion from financial institutions and companies in both cryptocurrency and cash. The charges expand on the first case brought in 2018 against a North Korean regime-affiliated hacker tied to some of the nation’s most prominent alleged hacking campaigns, including the 2014 Sony attack, the 2016 Bangladesh bank heist and the 2017 WannaCry outbreak. In a second unsealed case on Wednesday, a Canadian-American citizen pleaded guilty to serving as a money launderer for numerous schemes, including a cyber bank heist that North Korean hackers orchestrated. “As laid out in today’s indictment, North Korea’s operatives, using keyboards rather than guns, stealing digital wallets of cryptocurrency instead of sacks of cash, are the world’s leading bank robbers,” said Assistant Attorney General John Demers of the Justice Department’s National Security Division. The indictment […] The post US charges alleged North Korean hackers with trying to steal $1.3 billion in cybercrime spree appeared first on CyberScoop. (CyberScoop)

Nigerian man sentenced 10 years for $11 million phishing scam

A Nigerian national, Obinwanne Okeke, has been sentenced to 10 years in prison for allegedly coordinating an international spearphishing campaign that has cost victims approximately $11 million in losses. The scheme, which lasted from 2015 to 2019, targeted Unatrac Holding Limited, a British firm that acted as the export sales office for Caterpillar, with fake invoices and wire transfer requests. The FBI opened an investigation into the alleged scam in 2018 after Unatrac raised alarm about an email compromise operation that had targeted the firm, according to court documents. The scheme collected the credentials of hundreds of victims over the course of the operation, according to the FBI press release on the matter. It’s the kind of business email compromise scam that plagues businesses around the world. There were $1.7 billion worth of losses caused by BEC scams in 2019 alone, the most recent year the FBI has published data […] The post Nigerian man sentenced 10 years for $11 million phishing scam appeared first on CyberScoop. (CyberScoop)

Flaw in popular video software Agora could have let eavesdroppers in on private calls

A software flaw could have allowed hackers to spy on private calls through dating and telehealth applications, according to McAfee research published Wednesday. The flaw, which stems from an encryption error, affected a video-calling software development kit (SDK) developed by Agora.io that is used by dating services such as eHarmony, Plenty of Fish, MeetMe and Skout and medical applications such as Talkspace, Practo and Dr. First’s Backline, according to McAfee. Agora is used by 1.7 billion devices for a whole host of applications used for educational, retail and gaming purposes as well as for other socializing reasons, the company says. The flaw, known as CVE-2020-25605, is accounted for in an update Agora issued in mid-December, according to McAfee. An Agora spokesperson said in a statement the company was able to reach out to customers to help them address the issue. “Thanks to McAfee, we found a vulnerability in our software […] The post Flaw in popular video software Agora could have let eavesdroppers in on private calls appeared first on CyberScoop. (CyberScoop)

“ScamClub” gang outed for exploiting iPhone browser bug to spew ads

Stay away from popup surveys that want personal data. Tell your friends... (Naked Security)

Spy Pixels In Emails Have Become Endemic

(News ≈ Packet Storm)

Dutch Police Post Friendly Warnings On Hacking Forums

(News ≈ Packet Storm)

France Ties Russia's Sandworm To A Multiyear Hacking Spree

(News ≈ Packet Storm)

Trump's Election Fighting Law Firm Jones Day Gets Breached

(News ≈ Packet Storm)

Hackers Are Starting To Code Malware For Apple's M1 Computers

(News ≈ Packet Storm)

Stolen Jones Day Law Firm Files Posted on Dark Web

Jones Day, which represented Trump, said the breach is part of the Accellion attack from December. (Threatpost)

Windows, Linux Devices Hijacked In Two-Year Cryptojacking Campaign

The WatchDog malware has flown under the radar for two years in what researchers call one of the 'largest' Monero cryptojacking attacks ever. (Threatpost)

Ninja Forms WordPress Plugin Bug Opens Websites to Hacks

The popular plugin is installed on more than 1 million websites, and has four flaws that allow various kinds of serious attacks, including site takeover and email hijacking. (Threatpost)

U.S. Accuses North Korean Hackers of Stealing Millions

The feds have expanded the list of financial and political hacking crimes they allege are linked to Lazarus Group and North Korea. (Threatpost)


/security-daily/ 18-02-2021 23:44:23