Security daily (19-04-2021)

Geico data breach opens door to unemployment scams

Over the course of six weeks earlier this year, fraudsters repeatedly stole driver’s license numbers from a database maintained by Geico. Now, the motor vehicle insurer is warning customers that the scammers could apply for unemployment benefits using the pilfered data. “If you receive any mailings from your state’s unemployment agency/department, please review them carefully and contact that agency/department if there is any chance fraud is being committed,” Sheila King, a manager for data privacy at Geico, wrote in a breach notice letter posted to the website of California’s attorney general on April 15. The perpetrators of the breach used personal information on Geico customers that they acquired elsewhere to access Geico’s sales system and steal the driver’s license numbers, according to King. Geico has taken “additional security enhancements” to guard against fraud on its website in light of the incident, King added. It was unclear how many people were […] The post Geico data breach opens door to unemployment scams appeared first on CyberScoop. (CyberScoop)

'Gamaredon' hackers target Ukrainian officials amid rising Russian tensions

Russian hackers have a long history of going after organizations in Ukraine, but one group especially has tunnel vision for the former Soviet republic. And recently, it looks like those hackers returned with a new campaign targeting Ukrainian government officials, threat researchers say. Gamaredon — also known as Primitive Bear — is behind the malicious cyber activity, Anomali concluded with “high confidence” in research shared with CyberScoop in advance of its publication. The campaign first appeared in January and ran through at least mid-March, Anomali said. Publication of the research coincides with escalating tensions between the two nations, with a Russian troop buildup along the Ukrainian border. “This one is interesting because the alignment of real world events is just another indication of potential hybrid warfare that Russia is known to engage in,” said Gage Mele, lead cyber threat intelligence analyst at Anomali. It caps a busy period for Gamaredon, […] The post 'Gamaredon' hackers target Ukrainian officials amid rising Russian tensions appeared first on CyberScoop. (CyberScoop)

NATO tests its hand defending against blended cyber-disinformation attacks

Member nations of the North Atlantic Treaty Organization have banded together in recent days to confront an apparent cyberattack carried out against a NATO member’s critical infrastructure, according to the alliance. NATO is also working to battle a stream of disinformation about the attack against island state Berylia that has flooded social media, the alliance said. While many world leaders have faced off with blended cyber and disinformation operations in recent years, the NATO members in this case are not in fact facing a real threat. NATO crafted the scenario, which was carried out by a fabricated non-NATO nation-state “Crimsonia,” as part of an annual simulation exercise. Known as Locked Shields, it’s designed to test leaders’ readiness to deal with live cyberthreats. Berylia, the target of the fake attack and disinformation, is also an imagined state. The exercise — which had Crimsonia target Berylia’s financial services sector, mobile networks and […] The post NATO tests its hand defending against blended cyber-disinformation attacks appeared first on CyberScoop. (CyberScoop)

Naked Security Live – To hack or not to hack?

Latest video - watch now! We look at the recent FBI "webshell hacking" controversy from both sides. (Naked Security)

Serious Security: Rowhammer is back, but now it’s called SMASH

Simply put: reading from RAM in your program could write to RAM in someone else's (Naked Security)

High-Level Organizer Of FIN7 Hacking Group Gets Ten Years In Prison

(News ≈ Packet Storm)

Nintendo Sues Bowser Over Team Xecuter's Switch Hacks

(News ≈ Packet Storm)

Huawei Denies Spying Accusation In The Netherlands

(News ≈ Packet Storm)

The World's Largest Hacking Conferences Are Back IRL This Summer

(News ≈ Packet Storm)

Lazarus APT Hackers are now using BMP images to hide RAT malware

A spear-phishing attack operated by a North Korean threat actor targeting its southern counterpart has been found to conceal its malicious code within a bitmap (.BMP) image file to drop a remote access trojan (RAT) capable of stealing sensitive information. Attributing the attack to the Lazarus Group based on similarities to prior tactics adopted by the adversary, researchers from Malwarebytes (The Hacker News)

Passwordless: More Mirage Than Reality

The concept of "passwordless" authentication has been gaining significant industry and media attention. And for a good reason. Our digital lives are demanding an ever-increasing number of online accounts and services, with security best practices dictating that each requires a strong, unique password in order to ensure data stays safe. Who wouldn't want an easier way? That's the premise behind (The Hacker News)

Malware That Spreads Via Xcode Projects Now Targeting Apple's M1-based Macs

A Mac malware campaign targeting Xcode developers has been retooled to add support for Apple's new M1 chips and expand its features to steal confidential information from cryptocurrency apps. XCSSET came into the spotlight in August 2020 after it was found to spread via modified Xcode IDE projects, which, upon the building, were configured to execute the payload. The malware repackages payload (The Hacker News)

NitroRansomware Asks for $9.99 Discord Gift Codes, Steals Access Tokens

The malware seems like a silly coding lark at first, but further exploration shows it can wreak serious damage in follow-on attacks. (Threatpost)

Ransomware: A Deep Dive into 2021 Emerging Cyber-Risks

Our new eBook goes beyond the status quo to take a look at the evolution of ransomware and what to prepare for next. (Threatpost)

What COVID-19 Taught Us: Prepping Cybersecurity for the Next Crisis

Sivan Tehila, cybersecurity strategist at Perimeter 81, discusses climate change and the cyber-resilience lessons companies should take away from dealing with the pandemic. (Threatpost)


/security-daily/ 20-04-2021 23:44:22