IT Security Newsletter

IT Security Newsletter - 7/8/2020

Written by Cadre | Wed, Jul 8, 2020

Feds indict 'fxmsp' in connection with million-dollar hacking operation

The U.S. Department of Justice has charged a man with hacking-related crimes as part of an investigation into a group of foreign scammers accused of targeting more than 300 organizations throughout the world. Prosecutors in the Western District of Washington charged Andrey Turchin, who resides in Kazakhstan, with five felony counts in connection with a year-long fraud effort. READ MORE...

Keeper Threat Group Rakes in $7M from Hundreds of Compromised E-Commerce Sites

Since its launch three years ago, the Keeper threat group has compromised more than 570 e-commerce websites, from online liquor stores to Apple product resellers. And experts warn of future, increasingly sophisticated attacks against online merchants worldwide. The Keeper group, a faction of the Magecart umbrella, consists of an interconnected network of 64 attacker domains and 73 exfiltration domains. READ MORE...

Company web names hijacked via outdated cloud DNS records

US security researcher Zach Edwards recently tweeted about finding 250 company website names that had been taken over by cybercriminals. He didn't name the brands, but insists that the organisations affected include banks, healthcare companies, restaurant chains, civil rights groups and more. The issue here is that the websites themselves haven't been hacked, but their DNS entries have. READ MORE...

Microsoft takes down domains used in COVID-19-related cybercrime

Microsoft took control of domains used by cybercriminals as part of the infrastructure needed to launch phishing attacks designed to exploit vulnerabilities and public fear resulting from the COVID-19 pandemic. The threat actors who controlled these domains were first spotted by Microsoft's Digital Crimes Unit (DCU) while attempting to compromise Microsoft customer accounts in December 2019 using phishing emails designed to help harvest contact lists, sensitive documents, and other sensitive information. READ MORE...

German police seize DDoSecrets server distributing 'BlueLeaks' files

German law enforcement officials have seized a server belonging to an anti-secrecy organization that recently published a trove of data stolen from U.S. police agencies, the group's co-founder says. Emma Best, who helps lead the Distributed Denial of Secrets group, said in a tweet Tuesday that prosecutors in the municipality of Zwickau have taken the group's "primary public download server." In an advisory that Best tweeted, police said the server was seized by the department of public prosecution. READ MORE...

ThiefQuest info-stealing Mac wiper gets free decryptor

Poor coding of the ThiefQuest ransomware in disguise that targets macOS users allows recovery of encrypted files, which would remain lost in lack of a backup. While the malware (initially named EvilQuest) deploys the encryption routine immediately after infecting a system, paying a ransom is not an option because it offers no way to contact the attackers. The ransom note informs victims that they have 72 hours to pay $50 if they want to unlock the encrypted files. READ MORE...

Cerberus Banking Trojan Delivered via App Hosted on Google Play

A harmless-looking currency converter application downloaded by more than 10,000 users from Google Play was designed to deliver the Cerberus banking Trojan. A Malware-as-a-Service (Maas), Cerberus is known for its mobile remote access Trojan (mRAT) capabilities, as well as functionality through which it logs keystrokes and steals credentials, information from Google Authenticator, and SMS messages. READ MORE...

MongoDB is subject to continual attacks when exposed to the internet

On average, an exposed Mongo database is breached within 13 hours of being connected to the internet. The fastest breach recorded was carried out 9 minutes after the database was set up, according to Intruder. MongoDB is a general purpose, document-based, distributed database that consistently ranks in the top 5 most-used databases worldwide. It is used by a wide range of organizations all over the globe to store and secure sensitive application and customer data. READ MORE...

  • ...in 1853, Commodore Matthew Perry's diplomatic expedition sails into Japan's Edo Bay, now known as Tokyo Bay.
  • ...in 1950, President Truman appoints Gen. Douglas MacArthur as head of the United Nations Command in the Korean War.
  • ...in 1959, Maj. Dale R. Ruis and Master Sgt. Chester M. Ovnand become the first Americans killed in the American phase of the Vietnam War.
  • ...in 1970, Grammy-winning singer-songwriter Beck Hansen AKA Beck ("Odelay", "Sea Change") is born in Los Angeles.