Security daily (26-06-2020)

Spring 2020 PCI DSS report now available with 124 services in scope

Amazon Web Services (AWS) continues to expand the scope of our PCI compliance program to support our customers’ most important workloads. We are pleased to announce that six services have been added to the scope of our Payment Card Industry Data Security Standard (PCI DSS) compliance program. These services were validated by Coalfire, our independent […] (AWS Security Blog)

Russian national pleads guilty to being part of $568 million fraud ring

A 33-year-old Russian man has pleaded guilty to being part of a cybercriminal enterprise that caused more than $568 million in losses through identity theft and stolen payment cards, the U.S. Justice Department announced Friday. Sergey Medvedev is accused of being a leader of the Infraud Organization, an online forum that trafficked in stolen financial data, malware “and other contraband,” the department said in a press release. Medvedev, also known as “Stells,” “segmed” and “serjbear,” pleaded guilty to RICO conspiracy in federal court in Nevada, U.S. officials said. Infraud was founded a decade ago by a Ukrainian national who wanted to make it the internet’s top spot for “carding,” or buying things with stolen credit card data, according to the indictment. Infraud members routed interested buyers to the automated sites of members, which offered malware and stolen financial and personal data, according to prosecutors. The organization’s slogan was, “In Fraud We Trust,” prosecutors […] The post Russian national pleads guilty to being part of $568 million fraud ring appeared first on CyberScoop. (CyberScoop)

Admitted Russian scammer Aleksei Burkov sentenced to 9 years by US court

A U.S. judge has sentenced an admitted Russian scammer to nine years in prison, marking the likely end of a years-long legal saga that has involved secretive cybercriminal forums, high-level political negotiations and a proposed prisoner swap. Aleksei Burkov, 30, appeared in federal court in Alexandria, Va., to hear his sentence. The normally clean-cut Burkov appeared unshaven and with longer hair and wearing a mask as he spoke to the court through a translator. “I repent for my actions and regret my behavior in the past,” he said in a low voice. “In my childhood I met some hackers and I chose the wrong path. Only in jail did I realize how much of a wrong path my life took.” The 108-month sentence will incorporate time already served, meaning Burkov likely will spend another four and a half years in prison before he is released. The Russian man pleaded guilty in January to […] The post Admitted Russian scammer Aleksei Burkov sentenced to 9 years by US court appeared first on CyberScoop. (CyberScoop)

Man sentenced, two others charged, in connection with Satori IoT botnet

Even after being charged, Kenneth Schuchman continued to create and operate a DDoS botnet, and communicate with his co-conspirators. Read more in my article on the Hot for Security blog. (Graham Cluley)

Fancy hacking a PlayStation? Sony announces its bug bounty program

Got a PS4? Like to hack? (Naked Security)

REvil gang threaten to auction celebrity data from Mariah Carey, Lebron James, MTV and more

The ransomware gang is threatening to auction celebrities' legal documents stolen from the law firm it paralyzed in May. (Naked Security)

Nvidia Squashes Display Driver Code Execution Bug

(News ≈ Packet Storm)

Glupteba Malware Leverages Blockchain As A Comms Channel

(News ≈ Packet Storm)

Republicans Who Don't Understand Encryption Introduce Bill To Break It

(News ≈ Packet Storm)

More Than 75% Of All Vulnerabilities Reside In Indirect Dependencies

(News ≈ Packet Storm)

'Satori' IoT DDoS Botnet Operator Sentenced to 13 Months in Prison

The United States Department of Justice yesterday sentenced a 22-year-old Washington-based hacker to 13 months in federal prison for his role in creating botnet malware, infecting a large number of systems with it, and then abusing those systems to carry out large scale distributed denial-of-service (DDoS) attacks against various online service and targets.

According to court documents, (The Hacker News)

DarkCrewFriends Returns with Botnet Strategy

The botnet can be used to mount different kinds of attacks, including code-execution and DDoS. (Threatpost)

8 U.S. City Websites Targeted in Magecart Attacks

Researchers believe that Click2Gov, municipal payment software, may be at the heart of this most recent government security incident. (Threatpost)

‘Cardplanet’ Operator Sentenced to 9 Years for Selling Stolen Credit Cards

The carding store victimized mainly U.S. citizens and is responsible for $20 million in fraudulent purchases. (Threatpost)

Satori Botnet Creator Sentenced to 13 Months in Prison

The creator of the Satori/Okiru, Masuta and Tsunami/Fbot botnets has been sentenced to prison for compromising hundreds of thousands of devices. (Threatpost)

TikTok To Stop Clipboard Snooping After Apple Privacy Feature Exposes Behavior

App will stop reading users’ device cut-and-paste data after a new banner alert in an Apple update uncovered the activity. (Threatpost)


/security-daily/ 27-06-2020 23:44:23