<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 11/18/2020

SHARE

Breaches

FIN7 recruiter Andrii Kolpakov pleads guilty to role in global hacking scheme

One of the ringleaders of FIN7, a global hacking crew accused of stealing more than $1 billion by posing as a cybersecurity vendor, has admitted his role in the scheme. Andrii Kolpakov pleaded guilty on Monday to conspiracy to commit wire and bank fraud and conspiracy to commit computer hacking as part of his involvement with FIN7. U.S. prosecutors had accused Kolpakov, a Ukrainian national, of working as a manager and recruiter for the crew. READ MORE...


Hackers Steal 46 Million Animal Jam Account Records, Dating Back 10 Years

Don't worry if you haven't heard of Animal Jam.It's not a game that's aimed at you - it's target audience are kids between 7-12 years old. With more than 300 million registered players, Animal Jam is a wildly popular online game which sees kids adopt their favourite animal guises and explore a brightly-coloured world. Animal Jam likes to present itself as "safe and fun," but this week we have learnt that that doesn't mean it can't ever suffer a security breach. READ MORE...

Hacking

Symantec implicates APT10 in sweeping hacking campaign against Japanese firms

A Chinese government-linked hacking group whose operatives have been indicted by the U.S. and sanctioned by the European Union is suspected in a year-long effort to steal sensitive data from numerous Japanese companies and their subsidiaries, security researchers said Tuesday. The attackers, known as APT10 or Cicada, have been burrowing into the networks of companies in the automotive, pharmaceutical and engineering sectors, according to researchers from antivirus provider Symantec. READ MORE...

Trends

ThreatList: Pharma Mobile Phishing Attacks Turn to Malware

As pharmaceutical companies such as Pfizer race to develop a vaccine for COVID-19, mobile phishing gangs are swapping up their tactics in hopes to get their hands on critical research. Cybercriminals previously targeted pharmaceutical company employee credentials. However, new research shows that 77 percent of pharmaceutical mobile phishing attempts in the third-quarter of 2020 sought to deliver malware on victims' systems. This shift, which reflects a 106 percent increase in malware delivery in mobile phishing. READ MORE...

Software Updates

Google confirms Chrome crashing bug on Macs with Apple CPUs

Google is currently working on fixing a known issue causing a Google Chrome web browser version launched earlier today for Apple processors to suddenly crash. "Earlier today we updated our Chrome download page to include a new version of Chrome optimized for new macOS devices featuring an Apple processor," Chrome Support Manager Craig Tumblison said. "We've discovered that the version of Chrome made available for download today may crash unexpectedly." READ MORE...

Malware

New 'Chaes' Malware Targets Latin American E-Commerce Users

Dubbed Chaes, the new threat is a multi-stage piece of malware designed to harvest sensitive information such as login credentials, credit card numbers, and additional financial details. Chaes' operators mainly focus on Brazilians who use the MercadoLivre e-commerce platform. The malware has been designed to specifically target MercadoLivre's payment page MercadoPago and harvest customer financial information from it. Chaes' final payload is a Node.js information stealer. READ MORE...

Information Security

Financial system not keeping up with cyberthreats, new report says

Four years after the biggest bank hack ever, the global financial system remains vulnerable to cyberattacks that could cause severe disruptions, according to a report Wednesday that draws advice from government officials, the financial industry and other experts. The assessment from the Carnegie Endowment for International Peace and the Word Economic Forum is the culmination of years of work, with touchstones ranging from the 2016 Bangladesh Bank heist where hackers made off with $81 million. READ MORE...

Exploits/Vulnerabilities

Hackers are actively probing millions of WordPress sites

Unknown threat actors are scanning for WordPress websites with Epsilon Framework themes installed on over 150,000 sites and vulnerable to Function Injection attacks that could lead to full site takeovers. "So far today, we have seen a surge of more than 7.5 million attacks against more than 1.5 million sites targeting these vulnerabilities, coming from over 18,000 IP addresses," Wordfence QA engineer and threat analyst Ram Gall said. Scanning for vulnerable sites. READ MORE...

Science & Culture

To Pay or Not to Pay: Responding to Ransomware From a Lawyer's Perspective

Ransomware has grown an additional gnarly tentacle: data extortion. It was gruesome enough with threat actors encrypting data in place but has morphed and added data extortion to the mix. Cases are emerging with a two-part payload of data encryption and data extraction, where data is encrypted in place while a small portion of unknown data is ferried offline under the threat of publication. (Or, in the case of cybercriminal organizations such as the now defunct Maze group. READ MORE...

On This Date

  • ...in 1928, Walt Disney releases "Steamboat Willie", the first animated cartoon with synchronized sound.
  • ...in 1953, English comics writer Alan Moore, the creator of the influential 1980s graphic novels "Watchmen" and "V For Vendetta", is born in Northampton, England.
  • ...in 1966, Sandy Koufax, ace pitcher for the Los Angeles Dodgers, retires from baseball. He started as a basketball player for the University of Cincinnati Bearcats.
  • ...in 1987, a special edition 1963 Ferrari 250 GTO hardtop was sold for $1,600,000 at an automobile auction in Italy, setting a new public auction record.