IT Security Newsletter - 1/17/2020
FBI Seize WeLeakInfo.com For Selling Info From Data Breaches
As a clear indication of how law enforcement views the commercial disclosure of stolen information, the FBI has seized the WeLeakInfo.com domain and international law enforcement arrested two individuals for selling subscriptions to data exposed in breaches. These accessed credentials were then used to conduct attacks in the UK, Germany, and the US.
Fraudsters Set Up Site Selling Temporary Social Security Numbers
Some fraudsters have set up a scam site claiming to be for a data protection fund created by the U.S. Federal Trading Commission (FTC) to offer financial compensation to users whose personal data appeared in information leaks. This is a reinterpretation of the classic advance-fee scam where the victim makes a small payment inebriated by the promise of getting a much larger sum in return.
TrickBot Now Uses a Windows 10 UAC Bypass to Evade Detection
The TrickBot Trojan has received an update that adds a UAC bypass targeting the Windows 10 operating system so that it infects users without displaying any visible prompts. A UAC bypass allows programs to be launched without displaying a User Account Control prompt that asks users to allow a program to run with administrative privileges. In a new TrickBot sample, Head of SentinelLabs Vitali Kremez discovered that the trojan is now using the Windows 10 Fodhelper bypass.
Satan Ransomware Reborn to Torment Businesses
A ransomware with the un-snappy moniker of “5ss5c” has emerged on the scene and appears to be in active development. According to independent researcher Bart Blaze, the malware is the successor to the Satan ransomware, and its authors are still experimenting with focused targeting (China, for now) and features.
Researchers find serious flaws in WordPress plugins used on 400k sites
Serious vulnerabilities have recently come to light in three WordPress plugins that have been installed on a combined 400,000 websites, researchers said. InfiniteWP, WP Time Capsule, and WP Database Reset are all affected. The highest-impact flaw is an authentication bypass vulnerability in the InfiniteWP Client, a plugin installed on more than 300,000 websites. It allows administrators to manage multiple websites from a single server.
FBI Plans to Notify States About Local Election Breaches
The FBI, in a change of policy, is committing to inform state officials if local election systems have been breached, federal officials said Thursday. In the past, the FBI would alert local governments about attacks on their electoral systems without automatically sharing that information with the state. That meant state officials, left in the dark, might be in a position of certifying the accuracy of election results without realizing there had been problems in individual counties.
‘Fleeceware’ Apps Downloaded 600M Times from Google Play
Google has made a concerted effort in recent months to try to eliminate bad apps for its Android mobile platform on the Google Play store—something the company historically has battled. However, fleeceware apps—which trick users into paying excessive amounts of money for simple apps with functionality that’s available free elsewhere—are still getting past Google’s radar in significant numbers, according to security researchers.