Experienced fraudsters made off with $15 million from a U.S. company after carefully running an email compromise that took about two months to complete. The cybercriminal executed their plan with surgical precision after gaining access to email conversations about a commercial transaction. They inserted themselves in the exchange to divert the payment and were able to keep the theft hidden long enough to get the money. Although researchers investigated events at a single victim. READ MORE...
Credit card skimming group Fullz House has compromised and injected the website of US mobile virtual network operator (MVNO) Boom! Mobile with a credit card stealer script. Boom! Mobile provides US-based customers with postpaid and prepaid no-contract wireless service plans that work on the nation's largest cellular networks including AT&T, Verizon, and T-Mobile. This type of compromise is known as a MageCart attack (aka web skimming or e-skimming) it consists of threat actors injecting malicious JavaScript scripts. READ MORE...
Malware researchers monitoring ransomware threats noticed a sharp increase for these attacks over the past months compared to the first six months of 2020. At the top of the list are Maze, Ryuk, and REvil (Sodinokibi) ransomware families, according to recently published data from Check Point and IBM Security X-Force Incident Response team. Both companies observed a surge in ransomware incidents at a global level between June and September, with some threats being more active than others. READ MORE...
Spies have long coveted the ability to compromise a computer's booting process and, with it, the means of controlling just about every part of the machine. The booting process - how a computer powers on - offers access to the machine's operating system and all of the accompanying sensitive data. The crucial computing code that manages that booting process, known as UEFI firmware, represents a valuable target for hackers, though also one that remains difficult to infiltrate. READ MORE...
The United Nations' International Maritime Organization (IMO) last week said some of its systems were disrupted as a result of a cyberattack. IMO describes itself as the "global standard-setting authority for the safety, security and environmental performance of international shipping." The organization says its main role is to develop a fair and effective regulatory framework that is universally adopted and implemented. IMO's website and other web services were first disrupted on September 30. READ MORE...
A new Mirai-based botnet is targeting zero-day vulnerabilities in Tenda routers, according to researchers at 360 Netlab, a unit of Chinese cybersecurity company Qihoo 360. Dubbed Ttint, the Remote Access Trojan (RAT) contains distributed denial of service capabilities, just as any Mirai offspring does, but also implements 12 remote access functions, including a Socket5 proxy, modifying router DNS and iptables, and running system commands. In order to circumvent detection of typical traffic generated by Mirai botnets. READ MORE...
Researchers have discovered the latest cryptojacking malware gambit from TeamTNT, called Black-T. The variant builds on the group's typical approach, with a few new - and sophisticated - extras. TeamTNT is known for its targeting of Amazon Web Services (AWS) credentials, to break into the cloud and use it to mine for the Monero cryptocurrency. But according to researchers with Palo Alto Network's Unit 42, with Black-T, the group has added in additional capabilities to its tactics, techniques and procedures (TTPs). READ MORE...
The Iran-linked threat actor known as MuddyWater is actively targeting the Zerologon vulnerability in Windows Server, Microsoft warns. Also known as Seedworm, MERCURY, and Static Kitten, and initially analyzed in 2017, MuddyWater is mainly focused on organizations in the Middle East and regions nearby. Highly active, the group was observed expanding its target list and leveraging a broad and varied toolset. Although further details on the threat actor's operations emerged last year. READ MORE...
Most victims of Magecart-based attacks tend to be typical online shops selling various goods. However, every now and again we come across different types of businesses which were affected simply because they happened to be vulnerable. Today we take a quick look at a mobile operator who offers cell phone plans to its customers. Their website lets you shop for devices and service with the well known shopping cart experience. However, criminals related to the Fullz House group that was previously documented for their phishing. READ MORE...
Researchers discovered several potentially serious vulnerabilities in Pepperl+Fuchs Comtrol's RocketLinx industrial switches, including ones that can be exploited to take complete control of devices. The flaws were disclosed this week by SEC Consult, the Austria-based cybersecurity consultancy whose researchers found the issues. The German industrial automation solutions provider also published advisories this week to inform customers about patches and workarounds. A total of five types of vulnerabilities were discovered. READ MORE...
The Justice Department unsealed an indictment Monday against cybersecurity pioneer John McAfee following his arrest in Spain. McAfee stands accused of evading taxes, in part by using cryptocurrency. McAfee founded the antivirus firm that bears his name, but has spent at least a decade in frequent brushes with the law, and not just in the United States. The indictment, dated from June, does not allege that McAfee received any money from, or otherwise had any connection to his former company. READ MORE...