In December 2018, bling vendor Signet Jewelers fixed a weakness in their Kay Jewelers and Jared websites that exposed the order information for all of their online customers. This week, Signet subsidiary Zales[.]com updated its website to remediate a nearly identical customer data exposure. Last week, KrebsOnSecurity heard from a reader who was browsing Zales[.]com and suddenly found they were looking at someone else's order information on the website. READ MORE...
A Russian national believed to be a member of the TrickBot malware development team has been extradited to the U.S. and is currently facing charges that could get him 60 years in prison. 38-year old Vladimir Dunaev, also known as FFX, was a malware developer that supervised the creation of TrickBot's browser injection module, the indictment alleges. He is the second malware developer associated with the TrickBot gang that the Department of Justice arrested this year. READ MORE...
Europol has announced the arrest of 12 individuals believed to be linked to ransomware attacks against 1,800 victims in 71 countries. According to the law enforcement report, the actors have deployed ransomware strains such as LockerGoga, MegaCortex, and Dharma, as well as malware like Trickbot and post-exploitation tools like Cobalt Strike. LockerGoga first appeared in the wild in January 2019, when it hit 'Altran Technologies', a French engineering and R&D consultant, part of the Capgemini group. READ MORE...
He lolls around on yachts, wears a luxury watch with a Bitcoin address engraved on its dial, and is suspected of buying it all with money he made as a core member of the REvil ransomware gang. The showy billionaire goes by "Nikolay K."on social media, and German police are hoping he'll cruise out of Russia on his next vacation - preferably, to a country with a cooperation agreement with Germany so they can arrest him. READ MORE...
Attacks involving SEO poisoning -- where adversaries artificially increase the search engine ranking of websites hosting their malware to lure potential victims -- are on the rise. In the past few months, attackers have used the tactic in at least two campaigns across Menlo Security's global customer base, researchers there say: one to distribute the REvil ransomware sample and the other to drop a backdoor called SolarMarker. READ MORE...
There is some more good news for those who have fallen foul of ransomware. Czech security firm Avast has developed decryption utilities for victims of not one, not two, but three different ransomware strains - meaning that victims who have been hit may be spared paying a ransom to their attackers. The ransomware in question is Babuk, LockFire, and AtomSilo. In a blog post, Avast's researchers explained that their decryption tool tackled both AtomSilo and Lockfire ransomware strains. READ MORE...
Halloween, the scariest day of the year, is upon us. That can mean only one thing: children donning costumes of either their heroes or the scariest thing they can think of, and running door to door trying to gather as many sweets from their neighbors as they can. However, while some of the ghosts and ghouls, warlocks and witches on the streets are imaginary, the ones that can be found in cyberspace are all too real. READ MORE...
A security researcher has disclosed technical details for a Windows zero-day privilege elevation vulnerability and a public proof-of-concept (PoC) exploit that gives SYSTEM privileges under certain conditions. A public proof-of-concept (PoC) exploit and technical details for an unpatched Windows zero-day privilege elevation vulnerability has been disclosed that allows users to gain SYSTEM privileges under certain conditions. READ MORE...