IT Security Newsletter - 04/19/2021
HackBoss malware poses as hacker tools on Telegram to steal digital coins
The authors of a cryptocurrency-stealing malware are distributing it over Telegram to aspiring cybercriminals under the guise of free malicious applications. Researchers have named the malware HackBoss and say that its operators likely stole more than $500,000 from wannabe hackers that fell for the trick. Although there is nothing sophisticated about HackBoss, the scheme proves to be effective as it tempts victims with the prospect of getting hacking tools. READ MORE...
SolarWinds Hacking Campaign Puts Microsoft in the Hot Seat
The sprawling hacking campaign deemed a grave threat to U.S. national security came to be known as SolarWinds, for the company whose software update was seeded by Russian intelligence agents with malware to penetrate sensitive government and private networks. Yet it was Microsoft whose code the cyber spies persistently abused in the campaign's second stage, rifling through emails and other files of such high-value targets as then-acting Homeland Security chief Chad Wolf. READ MORE...
Vulnerabilities in OpENer Stack Expose Industrial Devices to Attacks
Multiple vulnerabilities in the OpENer stack could be exploited in attacks aimed at supervisory control and data acquisition (SCADA) and other industrial systems that use OpENer. Maintained by EIPStackGroup and designed for I/O adapter devices, the OpENer EtherNet/IP (ENIP) stack offers support for multiple I/O and explicit connections, implements the ENIP and CIP industrial protocols, and is highly popular among major SCADA vendors. READ MORE...
Serious Security: Rowhammer is back, but now it's called SMASH
Remember Rowhammer? Well, it's back, and this time it's called SMASH. Rowhammering is a reliability problem that besets many computer memory chips, notably including the sort of RAM in your laptop or mobile phone. Simply put, rowhammering means that if you read the same memory adddresses over and over and over again, millions of times… the repeated nanoscopic electrical activity in the part of the chip where your data is actually stored may cause enough interference. READ MORE...
Discord Nitro gift codes now demanded as ransomware payments
In a novel approach to ransom demands, a new ransomware calling itself 'NitroRansomware' encrypts victim's files and then demands a Discord Nitro gift code to decrypt files. While Discord is free, they offer a Nitro subscription add-on for $9.99 per month that provides additional perks, such as larger uploads, HD video streaming, enhanced emojis, and the ability to boost your favorite server, so its users enjoy extra functionality as well. READ MORE...
BazarLoader Malware Abuses Slack, BaseCamp Clouds
The BazarLoader malware is leveraging worker trust in collaboration tools like Slack and BaseCamp, in email messages with links to malware payloads, researchers said. And in a secondary campaign aimed at consumers, the attackers have added a voice-call element to the attack chain. The BazarLoader downloader, written in C++, has the primary function of downloading and executing additional modules. BazarLoader was first observed in the wild last April. READ MORE...
iOS Kids Game Morphs into Underground Crypto Casino
A kids' game called "Jungle Run" that, until recently, was available in the Apple App store, was secretly a cryptocurrency-funded casino set up to scam people out of money. Kosta Eleftheriou, who found the scam, is a tech entrepreneur and founder of Apple Watch keyboard app FlickType who, it's worth noting, is currently entangled in anti-trust litigation he filed against Apple in March. He's also developed a popular cybersecurity side hustle tracking down malicious apps lurking in the iOS store. READ MORE...
Sysadmin of fake cybersecurity company sentenced to jail after billion-dollar crime spree
35-year-old Ukrainian national Fedir Hladyr worked as the sysadmin for the FIN7 gang (also sometimes known as Carbanak, Navigator Group, or Anunak) which made its fortune targeting retailers, restaurants, and gambling firms in more than 40 countries across the globe, stealing 20 million customer card records at thousands of business locations. FIN7's high profile targets included the likes of Lord & Taylor and Saks Fifth Avenue. READ MORE...
COVID-19-themed cyberattack detections continue to surge
McAfee released its new report, examining cybercriminal activity related to malware and the evolution of cyber threats in the third and fourth quarters of 2020. In Q4, there was an average of 648 threats per minute, an increase of 60 threats per minute (10%) over Q3. The two quarters also saw COVID-19-related cyber-attack detections increase by 240% in Q3 and 114% in Q4, while Powershell threats again surged 208% due to continued increases in Donoff malware activity. READ MORE...
FCC to Focus Efforts on 5G, Software and Cloud Service Vulnerabilities
Former Chairman of the Federal Communications Commission (FCC), Ajit Pai, resigned on the day of President Biden's inauguration. He was replaced by Acting Chairwoman Jessica Rosenworcel, who last month delivered her first major action by fining Texas based telemarketers a record $225 million. Last Thursday (April 15th), Rosenworcel made a statement on future priorities by reestablishing the Communications, Security, Reliability, and Interoperability Council (CSRIC) with a focus on 5g networks. READ MORE...
Amex cards removed from Google Pay due to expired certificate
An expired certificate has led to the repeated removal of linked American Express credit cards from user's Google Pay accounts. Starting yesterday, Google Pay users with linked American Express cards began receiving emails that Google removed their linked Amex card. These emails came as a surprise as the user's Amex cards were not expired and canceled. After receiving the emails, Google Pay users flocked to Twitter to see if they were the only ones affected. READ MORE...
- ...in 1764, the British Parliament bans the American colonies from printing paper money, to limit inflation for British merchants.
- ...in 1946, actor Tim Curry ("The Rocky Horror Picture Show", Stephen King's "It") is born in Cheshire, England.
- ...in 1971, the Soviet Union launches Salyut 1, the first space station to be placed in Earth orbit.
- ...in 1987, "The Simpsons" first appears as a series of animated shorts shown on "The Tracey Ullman Show."