Security daily (30-03-2021)

Hacker team-ups pose 2021 threat to financial industry, group cautions

An information sharing group for the financial sector warned on Tuesday that banks will encounter growing danger this year from converging nation-state and criminal hackers, as well as supply chain risks and cross-border attacks. The report from the Financial Services Information Sharing and Analysis Center serves as a recap of threats the industry endured last year, as well as a forecast for 2021. Ransomware and other kinds of extortion attacks were among the biggest hazards for the financial services industry last year, FS-ISAC said. The organization said it expects further use of the increasingly common ransomware method of hackers leaking partial data to incentivize higher victim payments, and it said that more than 100 financial companies received distributed denial-of-service extortion threats last year. The organization also suggested that state-sponsored groups would leverage access or other techniques established by financially motivated scammers to boost their own operations. FS-ISAC did not point […] The post Hacker team-ups pose 2021 threat to financial industry, group cautions appeared first on CyberScoop. (CyberScoop)

PHP web language narrowly avoids “backdoor” supply chain attack

The crooks got in and added a backdoor to PHP, but it looks as though it was caught before any harm was done. (Naked Security)

PayPal Launches Crypto Checkout Service

(News ≈ Packet Storm)

Application Security Tactics Are Due For An Overhaul

(News ≈ Packet Storm)

Hackers Backdoor PHP After Breaching Internal Git Server

(News ≈ Packet Storm)

Intel Accused Of Wiretapping Because It Uses Analytics To Track Keystrokes, Mouse Movements On Its Website

(News ≈ Packet Storm)

MobiKwik Suffers Major Breach — KYC Data of 3.5 Million Users Exposed

Popular Indian mobile payments service MobiKwik on Monday came under fire after 8.2 terabytes (TB) of data belonging to millions of its users began circulating on the dark web in the aftermath of a major data breach that came to light earlier this month. The leaked data includes sensitive personal information such as:customer names,hashed passwords,email addresses,residential addresses,GPS (The Hacker News)

Ziggy Ransomware Gang Offers Refunds to Victims

Ziggy joins Fonix ransomware group and shuts down, with apologies to targets. (Threatpost)

Malicious Docker Cryptomining Images Rack Up 20M Downloads

Publicly available cloud images are spreading Monero-mining malware to unsuspecting cloud developers. (Threatpost)

SolarWinds Attackers Accessed DHS Emails, Report

Current and former administration sources say the nation-state attackers were able to read the Homeland Security Secretary's emails, among others. (Threatpost)

Intel Sued Under Wiretapping Laws for Tracking User Activity on its Website

A class-action suit in Florida accuses the tech giant of unlawfully intercepting communications by using session-replay software to capture the interaction of people visiting the corporate homepage Intel.com. (Threatpost)


/security-daily/ 31-03-2021 23:44:23