24-06-202126-06-2021

Security daily (25-06-2021)

AWS welcomes Wickr to the team

We’re excited to share that AWS has acquired Wickr, an innovative company that has developed the industry’s most secure, end-to-end encrypted, communication technology. With Wickr, customers and partners benefit from advanced security features not available with traditional communications services – across messaging, voice and video calling, file sharing, and collaboration. This gives security conscious enterprises […] (AWS Security Blog)

Hackers are using bootleg copies of 'Grand Theft Auto V' game to mine Monero

Hackers are infecting torrented copies of popular video games with malware that disables antivirus programs,  in order to leverage gamers’ computers to mine cryptocurrency, according to a recent report from Avast. The malware, which researchers have named “Crackonosh,” has infected over 220,000 unique devices since 2020. Using the coin miner known as XMRig, cybercriminals have been able to make a total of roughly $2 million worth of Monero cryptocurrency with the malware. Infected files used to install the malware included malicious copies of popular games including The Sims 4, Grand Theft Auto V and Fallout 4. By duping users who download free versions of games that normally cost upwards of $50, fraudsters prey on unwitting users to borrow their computing power. Malicious traffic against the video game industry grew more than any other industry over the past year, according to a recent report from researchers at Akamai Technologies. Criminals are […] The post Hackers are using bootleg copies of 'Grand Theft Auto V' game to mine Monero appeared first on CyberScoop. (CyberScoop)

British tourists charged £1000s for pier visits in billing blunder

That's a LOT of money just to visit a seaside pier! (Naked Security)

Google Tracking Cookies Ban Delayed Until 2023

(News ≈ Packet Storm)

Disconnect Your WD My Book Live NAS Off The Internet Now

(News ≈ Packet Storm)

How Hackers Are Using Gamers To Become Crypto-Rich

(News ≈ Packet Storm)

FIN7 Hacking Group Member Lands Seven Year Prison Term

(News ≈ Packet Storm)

Google Extends Support for Tracking Party Cookies Until 2023

Google's sweeping proposals to deprecate third-party cookies in Chrome browser is going back to the drawing board after the company announced plans to delay the rollout from early 2022 to late 2023, pushing back the project by nearly two years. "While there's considerable progress with this initiative, it's become clear that more time is needed across the ecosystem to get this right," Chrome's (The Hacker News)

Watch Out! Zyxel Firewalls and VPNs Under Active Cyberattack

Taiwanese networking equipment company Zyxel is warning customers of an ongoing attack targeting a "small subset" of its security products such as firewall and VPN servers. Attributing the attacks to a "sophisticated threat actor," the firm noted that the attacks single out appliances that have remote management or SSL VPN enabled, namely in the USG/ZyWALL, USG FLEX, ATP, and VPN series running (The Hacker News)

Crackonosh virus mined $2 million of Monero from 222,000 hacked computers

A previously undocumented Windows malware has infected over 222,000 systems worldwide since at least June 2018, yielding its developer no less than 9,000 Moneros ($2 million) in illegal profits. Dubbed "Crackonosh," the malware is distributed via illegal, cracked copies of popular software, only to disable antivirus programs installed in the machine and install a coin miner package called XMRig (The Hacker News)

FIN7 Supervisor Gets 7-Year Jail Term for Stealing Millions of Credit Cards

A Ukrainian national and a mid-​level supervisor of the hacking group known as FIN7 has been sentenced to seven years in prison for his role as a "pen tester" and perpetuating a criminal scheme that enabled the gang to compromise millions of customers debit and credit cards. Andrii Kolpakov, 33, was arrested in Spain on June 28, 2018, and subsequently extradited to the U.S. the following year on (The Hacker News)

Mercedes-Benz Customer Data Flies Out the Window

For over three years, a vendor was recklessly driving the cloud-stored data of luxury-car-owning customers and wannabe buyers. (Threatpost)

PS3 Players Ban: Latest Victims of Surging Attacks on Gaming Industry  

Every Sony PlayStation 3 ID out there was compromised, provoking bans of legit players on the network. (Threatpost)

FIN7 ‘Pen Tester’ Headed to Jail Amid $1B in Payment-Card Losses

One of the Carbanak cybergang's highest-level hackers is destined to serve seven years while making $2.5 million in restitution payments. (Threatpost)

Cisco ASA Bug Now Actively Exploited as PoC Drops

In-the-wild XSS attacks have commenced against the security appliance (CVE-2020-3580), as researchers publish exploit code on Twitter. (Threatpost)

My Book Live Users Wake Up to Wiped Devices, Active RCE Attacks

“I am totally screwed,” one user wailed after finding years of data nuked. Western Digital advised yanking the NAS storage devices offline ASAP: There's an exploit. (Threatpost)

Hackers Crack Pirated Games with Cryptojacking Malware

Threat actors have so far made about $2 million from Crackonosh, which secretly mines Monero cryptocurrency from affected devices. (Threatpost)

Spam Downpour Drips New IcedID Banking Trojan Variant

The primarily IcedID-flavored banking trojan spam campaigns were coming in at a fever pitch: Spikes hit more than 100 detections a day. (Threatpost)

24-06-202126-06-2021

/security-daily/ 26-06-2021 23:44:22