14 June 2022
2021
Cowards Hit Papua New Guinea With Ransomware During Covid-19 Surge
Matt Novak
https://gizmodo.com/cowards-hit-papua-new-guinea-with-ransomware-during-cov-1847953543
Excerpt:
“Papua New Guinea’s government finance office has been hit with a ransomware cyberattack and the hackers are demanding bitcoin, according to Bloomberg News. And while many of the specifics surrounding the attack are still unclear, it’s becoming obvious that hackers won’t just target the wealthiest countries and richest corporations with ransomware anymore.”
Police arrest 150 in joint US-Europe dark web sweep
https://www.france24.com/en/live-news/20211026-police-arrest-150-in-joint-us-europe-dark-web-sweep
Excerpt:
“Police in Europe and the United States announced Tuesday the arrest of 150 people who allegedly bought and sold significant volumes of drugs, weapons and other illegal goods on the dark web.”
Iranian gas stations out of service after distribution network hacked
Ionut Ilascu
Excerpt:
“Gas stations from the National Iranian Oil Products Distribution Company (NIOPDC) have stopped working today due to a cyberattack that affected the entire distribution network.”
Pakistani agents hack Sambalpur University website
WCE 3
https://kalingatv.com/state/pakistani-agents-hacks-sambalpur-university-website/
Excerpt:
“Sambalpur: In a shocking incident, some Pakistani agents reportedly hacked the official website of Sambalpur University in Odisha today.”
Hacker sells the data for millions of Moscow drivers for $800
Bill Toulas
Excerpt:
“Hackers are selling a stolen database containing 50 million records of Moscow driver data on an underground forum for only $800.”
Gigabyte Allegedly Hit by AvosLocker Ransomware
Lisa Vaas
https://threatpost.com/gigabyte-avoslocker-ransomware-gang/175642/
Excerpt:
“The AvosLocker ransomware gang is claiming that it breached tech giant Gigabyte and has leaked a sample of what it claims are files stolen from the Taiwanese company’s network. It’s offering to sell the rest.”
Aussie cyber spies to control critical infrastructure during ransomware attacks
Inigo Vaca
Excerpt:
“The new bill, if passed, will allow cyberwarfare operatives to take over control of critical infrastructure under attack.”
FBI warns of fake govt sites used to steal financial, personal data
Sergiu Gatlan
Excerpt:
“The FBI warned the US public that threat actors actively use fake and spoofed unemployment benefit websites to harvest sensitive financial and personal information from unsuspecting victims.”
Secure your databases against opportunistic attackers
Zeljka Zorz
https://www.helpnetsecurity.com/2021/10/19/secure-databases/
Excerpt:
“If you connect databases / servers to the internet and secure them poorly, you can count on them getting compromised quickly.”
Sinclair confirms ransomware attack after TV station disruptions
Jonathan Greig
https://www.zdnet.com/article/sinclair-confirms-ransomware-attack-after-tv-station-disruptions/
Excerpt:
“Sinclair Broadcast Group -- which controls hundreds of TV stations across the US -- has confirmed a ransomware attack on certain servers and workstations.”
The importance of crisis management in the age of ransomware
Zeljka Zorz
https://www.helpnetsecurity.com/2021/10/18/ransomware-crisis-management/
Excerpt:
“Cybersecurity crises are becoming commonplace. With the massive surge in ransomware attacks in the last few years, businesses can’t afford to ignore the increasing possibility of facing one, and should invest money and effort into crisis management.”
Check your iPhone for compromised passwords... NOW!
Adrian Kingsley-Hughes
https://www.zdnet.com/article/check-your-iphone-for-compromised-passwords-now/
Excerpt:
“Compromised passwords are a fast track to all sorts of online headaches.”
Student using iOS 15's Live Text to steal class notes gets an A+ at life
Jack Morse
Excerpt:
“A viral TikTok showing a student using iOS 15's Live Text to copy, and digitize, a classmate's notes has renewed interest in the mostly overlooked feature. Live Text allows iPhone users with an iPhone XS or newer (and the latest operating system) to take a photo of text, highlight that text, and then copy and paste it.”
When It Comes to Cybercrime Beware of Social Engineers
Luis Monzon
https://www.itnewsafrica.com/2021/10/when-it-comes-to-cybercrime-beware-of-social-engineers/
Excerpt:
“You would be forgiven for thinking that terms like phishing, vishing, whaling, and pharming all had something to do with either a water sport or a pharmaceutical company, but every one of these is a cybercrime attack.”
Human hacking increased as apps and browsers moved completely to the cloud
https://www.helpnetsecurity.com/2021/10/15/human-hacking-increased/
Excerpt:
“Human hacking – phishing attacks across all digital channels – has dramatically increased in 2021. SlashNext released its first report showing a 51% increase in attacks compared to 2020, and increasingly these attacks are happening outside of email.”
MyKings botnet operators already amassed at least $24 million
Pierluigi Paganini
https://securityaffairs.co/wordpress/123312/malware/mykings-botnet-still-alive.html
Excerpt:
“Avast Threat Labs researchers reported that the MyKings botnet (aka Smominru or DarkCloud) is still alive and is allowing its operators to earn huge amounts of money via cryptomining activities. Avast researchers reported that since 2019, MyKings operators have amassed at least $24 million in the Bitcoin, Ethereum, and Dogecoin. However, experts pointed out that the botnet uses more than 20 cryptocurrencies in total, for this reason the total financial gains could be greater than $24M.”
Cybersecurity shortcomings exposed by the pandemic
https://www.helpnetsecurity.com/2021/10/13/cybersecurity-shortcomings/
Excerpt:
“SecureAge announced the release of its study which polled 200 employers and 400 employees from around the UK business world during Q3 2021, and examined key cybersecurity topics and trends.”
Olympus suffers second cyberattack in 2021
Jonathan Greig
https://www.zdnet.com/article/olympus-announces-second-cyberattack-in-2021/
Excerpt:
“On Tuesday, Japanese tech manufacturer Olympus said that it was investigating a cyberattack on its IT systems in the US, Canada, and Latin America.”
Ukraine Police Cuff Botnet Herder Who Controlled 100K Machines
Phil Muncaster
https://www.infosecurity-magazine.com/news/ukrainian-police-cuff-botnet-100k/
Excerpt:
“Ukrainian law enforcers have arrested a suspected botnet herder responsible for controlling an automated network of around 100,000 compromised machines to launch DDoS and other attacks.”
Banking Insider Accused of Role in $1m BEC Scheme
Phil Muncaster
https://www.infosecurity-magazine.com/news/banking-insider-accused-role-bec/
Excerpt:
“Three men including one former bank employee have been indicted by a federal grand jury for their alleged role in a business email compromise (BEC) conspiracy.”
Google notifies 14,000 Gmail users of targeted APT28 attacks
Catalin Cimpanu
https://therecord.media/google-notifies-14000-gmail-users-of-targeted-apt28-attacks/
Excerpt:
“Google has sent email notifications to more than 14,000 Gmail users that they’ve been the target of a spear-phishing attack orchestrated by a state-sponsored hacking group.”
Twitch source code leaked by anonymous hacker
Ed Nightingale
https://www.eurogamer.net/articles/2021-10-06-twitch-source-code-leaked-by-anonymous-hacker
Excerpt:
“Twitch has finally acknowledged this morning's reports of a security breach and has said it is now investigating further.”
Large ransom demands and password-guessing attacks escalate
https://www.helpnetsecurity.com/2021/10/05/large-ransom-demands/
Excerpt:
“ESET released a report that summarizes key statistics from its detection systems and highlights notable examples of its cybersecurity research.”
Yet again, Cream Finance skimmed by crooks: $130m in crypto assets stolen
Thomas Claburn
https://www.theregister.com/2021/10/28/cream_ethereum_theft/
Excerpt:
“Decentralized finance biz Cream Finance became further decentralized on Wednesday with the theft of $130m worth of crypto assets from its Ethereum lending protocol.”
Ransomware Hackers Who Attacked Over 100 Companies Arrested in Ukraine
Ravie Lakshmanan
https://thehackernews.com/2021/10/ransomware-hackers-who-attacked-over.html
Excerpt:
“Law enforcement agencies have announced the arrest of two "prolific ransomware operators" in Ukraine who allegedly conducted a string of targeted attacks against large industrial entities in Europe and North America since at least April 2020, marking the latest step in combating ransomware incidents.”
Coinbase sends out breach notification letters after 6,000 accounts had cryptocurrency stolen
Jonathan Greig
Excerpt:
“Coinbase is sending out breach notification letters to thousands of users after they discovered a "third-party campaign to gain unauthorized access to the accounts of Coinbase customers and move customer funds off the Coinbase platform."
Britain to set up new cyber centre, threatens retaliation if attacked | #cybersecurity | #cyberattack
Excerpt:
” Britain will launch cyber attacks in response to similar actions by so-called “hostile states” like Russia, the country’s Defence Secretary says.”
Today’s cars are mobile data centers, and that data needs to be protected
Richard Searle
https://www.helpnetsecurity.com/2021/10/01/cars-mobile-data-centers/
Excerpt:
“In a recent report, AlixPartners estimate that the global microchip shortage will cost car manufacturers $110 billion dollars in 2021, through the lost production of around 3.9 million vehicles. The impact of this supply chain issue demonstrates how vital microelectronics and computational power have become within the context of modern vehicle design.”