Krebs On Security: Inside ‘Evil Corp,’ a $100M Cybercrime Menace
The U.S. Justice Department this month offered a $5 million bounty for information leading to the arrest and conviction of a Russian man indicted for allegedly orchestrating a vast, international cybercrime network that called itself “Evil Corp” and stole roughly $100 million from businesses and consumers. As it happens, for several years KrebsOnSecurity closely monitored the day-to-day communications and activities of the accused and his accomplices. What follows is an insider’s look at the back-end operations of this gang.
This Alleged Bitcoin Scam Looked a Lot Like a Pyramid Scheme
The world of cryptocurrency has no shortage of imaginary investment products. Fake coins. Fake blockchain services. Fake cryptocurrency exchanges. Now five men behind a company called BitClub Network are accused of a $722 million scam that allegedly preyed on victims who thought they were investing in a pool of bitcoin mining equipment.
New Orleans Suffers Ransomware Attack, Emergency Services Intact
The City of New Orleans, Louisiana has suffered a ransomware attack that has led to the shut down of the city's servers and computer, but the city states emergency services remain intact. According to a press conference held by Mayor LaToya Cantrell, it was confirmed that the city was hit by a ransomware attack, but that no ransom demands have been found at this time.
Attackers Steal Credit Cards in Rooster Teeth Data Breach
Rooster Teeth Productions have suffered a data breach that allowed attackers to steal credit card and other payment information from shoppers on the company's online store. The production company, known for its popular shows and documentaries such as RTDocs, Crunch Time, Red vs. Blue, gen:LOCK, and Day 5, suffered an attack that redirected shoppers to a fake payment form on checkout. According to a data breach notification, Rooster Teeth discovered on December 2nd that their online store was hacked earlier that day.
Plundervolt – stealing secrets by starving your computer of voltage
The funky vulnerability of the month – what we call a BWAIN, short for Bug With an Impressive Name – is Plundervolt, also known as CVE-2019-11157. Plundervolt is a slightly ponderous pun on Thunderbolt (a hardware interface that’s had its own share of security scares), and the new vulnerability has its own domain and website, its own HTTPS certificate, its own pirate-themed logo, and a media-friendly strapline.
Critical Bug in WordPress Plugins Open Sites to Hacker Takeovers
Security researchers are warning users of two WordPress plugins – made by Brainstorm Force – that they need to patch a “major” vulnerability that could allow hackers to gain administrative access to any website using the plugins. According to Brainstorm Force, it is only aware of one customer who had its website compromised because of this bug. However, another source is also reported a successful attack since the bug was discovered on Wednesday.
FIN8 Targets Card Data at Fuel Pumps
The notorious FIN8 cybercrime group has a new target when it comes to skimming payment-card details from consumers: Point-of-sale (PoS) systems used at fuel pumps at gas stations. Visa warned this week in a public alert posted online that its Payment Fraud Disruption (PFD) department has seen at least two separate campaigns emerging this past summer that targeted fuel pumps.
Patch issued for critical Windows bug
Microsoft has warned users to patch their Windows systems after researchers found that a flaw is being actively exploited in the wild. The Windows exploit, tagged CVE-2019-1458, has been patched by Microsoft as part of a round of 36 updates across a range of services, and could give attackers higher privileges on compromised machines. Cyber criminals taking advantage of this exploit, moreover, can avoid protection mechanisms in the Google Chrome browser.
Schneider Electric Patches Vulnerabilities in Modicon, EcoStruxure Products
Schneider Electric last week informed customers that patches have been made available for vulnerabilities in some Modicon controllers and several EcoStruxure products. According to Schneider, Modicon M580, M340, Quantum and Premium controllers are affected by three denial-of-service (DoS) vulnerabilities. The vendor says all three flaws are caused by “improper check for unusual or exceptional conditions.”
