IT Security Newsletter - 10/06/2020
The anatomy of a $15 million cyber heist on a US company
Experienced fraudsters made off with $15 million from a U.S. company after carefully running an email compromise that took about two months to complete. The cybercriminal executed their plan with surgical precision after gaining access to email conversations about a commercial transaction. They inserted themselves in the exchange to divert the payment and were able to keep the theft hidden long enough to get the money. Although researchers investigated events at a single victim. READ MORE...
Hacker group compromises mobile provider to steal credit cards
Credit card skimming group Fullz House has compromised and injected the website of US mobile virtual network operator (MVNO) Boom! Mobile with a credit card stealer script. Boom! Mobile provides US-based customers with postpaid and prepaid no-contract wireless service plans that work on the nation's largest cellular networks including AT&T, Verizon, and T-Mobile. This type of compromise is known as a MageCart attack (aka web skimming or e-skimming) it consists of threat actors injecting malicious JavaScript scripts. READ MORE...
Ransomware threat surge, Ryuk attacks about 20 orgs per week
Malware researchers monitoring ransomware threats noticed a sharp increase for these attacks over the past months compared to the first six months of 2020. At the top of the list are Maze, Ryuk, and REvil (Sodinokibi) ransomware families, according to recently published data from Check Point and IBM Security X-Force Incident Response team. Both companies observed a surge in ransomware incidents at a global level between June and September, with some threats being more active than others. READ MORE...
Rare case of UEFI hacking hit targets interested in North Korea, Kaspersky says
Spies have long coveted the ability to compromise a computer's booting process and, with it, the means of controlling just about every part of the machine. The booting process - how a computer powers on - offers access to the machine's operating system and all of the accompanying sensitive data. The crucial computing code that manages that booting process, known as UEFI firmware, represents a valuable target for hackers, though also one that remains difficult to infiltrate. READ MORE...
UN Maritime Agency Hit by 'Sophisticated Cyberattack'
The United Nations' International Maritime Organization (IMO) last week said some of its systems were disrupted as a result of a cyberattack. IMO describes itself as the "global standard-setting authority for the safety, security and environmental performance of international shipping." The organization says its main role is to develop a fair and effective regulatory framework that is universally adopted and implemented. IMO's website and other web services were first disrupted on September 30. READ MORE...
Ttint Botnet Targets Zero-Day Vulnerabilities in Tenda Routers
A new Mirai-based botnet is targeting zero-day vulnerabilities in Tenda routers, according to researchers at 360 Netlab, a unit of Chinese cybersecurity company Qihoo 360. Dubbed Ttint, the Remote Access Trojan (RAT) contains distributed denial of service capabilities, just as any Mirai offspring does, but also implements 12 remote access functions, including a Socket5 proxy, modifying router DNS and iptables, and running system commands. In order to circumvent detection of typical traffic generated by Mirai botnets. READ MORE...
Black-T Malware Emerges From Cryptojacker Group TeamTNT
Researchers have discovered the latest cryptojacking malware gambit from TeamTNT, called Black-T. The variant builds on the group's typical approach, with a few new - and sophisticated - extras. TeamTNT is known for its targeting of Amazon Web Services (AWS) credentials, to break into the cloud and use it to mine for the Monero cryptocurrency. But according to researchers with Palo Alto Network's Unit 42, with Black-T, the group has added in additional capabilities to its tactics, techniques and procedures (TTPs). READ MORE...
Microsoft Says Iranian Hackers Exploiting Zerologon Vulnerability
The Iran-linked threat actor known as MuddyWater is actively targeting the Zerologon vulnerability in Windows Server, Microsoft warns. Also known as Seedworm, MERCURY, and Static Kitten, and initially analyzed in 2017, MuddyWater is mainly focused on organizations in the Middle East and regions nearby. Highly active, the group was observed expanding its target list and leveraging a broad and varied toolset. Although further details on the threat actor's operations emerged last year. READ MORE...
Mobile network operator falls into the hands of Fullz House criminal group
Most victims of Magecart-based attacks tend to be typical online shops selling various goods. However, every now and again we come across different types of businesses which were affected simply because they happened to be vulnerable. Today we take a quick look at a mobile operator who offers cell phone plans to its customers. Their website lets you shop for devices and service with the well known shopping cart experience. However, criminals related to the Fullz House group that was previously documented for their phishing. READ MORE...
Critical Vulnerabilities Expose Pepperl+Fuchs Industrial Switches to Attacks
Researchers discovered several potentially serious vulnerabilities in Pepperl+Fuchs Comtrol's RocketLinx industrial switches, including ones that can be exploited to take complete control of devices. The flaws were disclosed this week by SEC Consult, the Austria-based cybersecurity consultancy whose researchers found the issues. The German industrial automation solutions provider also published advisories this week to inform customers about patches and workarounds. A total of five types of vulnerabilities were discovered. READ MORE...
John McAfee arrested in Spain, charged with tax evasion
The Justice Department unsealed an indictment Monday against cybersecurity pioneer John McAfee following his arrest in Spain. McAfee stands accused of evading taxes, in part by using cryptocurrency. McAfee founded the antivirus firm that bears his name, but has spent at least a decade in frequent brushes with the law, and not just in the United States. The indictment, dated from June, does not allege that McAfee received any money from, or otherwise had any connection to his former company. READ MORE...
- ...in 1866, the Reno gang carries out the first robbery of a moving train in the U.S., making off with over $10,000.
- ...in 1995, Astronomers discover 51 Pegasi is the second star known to have a planet orbiting it.
- ...in 2007, Explorer and author Jason Lewis becomes the first person to complete a human-powered circumnavigation of the globe.
- ...in 2010, the social media photo-sharing site Instagram is founded.