10 January 2023
2022
Son of Conti: Ransomware tries its hand at politics
Dina Temple-Raston and Sean Powers
https://therecord.media/son-of-conti/
Excerpt:
“It has been a busy spring for the Russian-speaking ransomware group Conti. After an unprecedented leak of its internal chat logs earlier in the year that had experts predicting the group’s demise, Conti, or at least some subset of it, came back with a vengeance.”
450GB of Suspected AMD Data Stolen by RansomHouse Gang
Waqas
https://www.hackread.com/ransomhouse-hacking-amd-stealing-450gb-of-data/
Excerpt:
“Leading US-based chipmaker AMD is the latest alleged victim of a targeted data breach. The company’s spokesperson confirmed investigating a cyberattack from data cybercrime gang RansomHouse. The gang reportedly extorted data from AMD, however, the incident is currently under investigation.”
Threat actors increasingly use third parties to run their scams
https://www.helpnetsecurity.com/2022/06/28/threat-actors-impersonate-vendors/
Excerpt:
“Abnormal Security released new research that showcases a rising trend in financial supply chain compromise as threat actors impersonate vendors more than ever before.”
Hackers Exploit Mitel VoIP Zero-Day in Likely Ransomware Attack
Ravie Lakshmanan
https://thehackernews.com/2022/06/hackers-exploit-mitel-voip-zero-day-bug.html
Excerpt:
“A suspected ransomware intrusion attempt against an unnamed target leveraged a Mitel VoIP appliance as an entry point to achieve remote code execution and gain initial access to the environment.”
LockBit Ransomware Disguised as Copyright Claim E-mail Being Distributed
https://asec.ahnlab.com/en/35822/
Excerpt:
“The ASEC analysis team has once again discovered the distribution of LockBit ransomware using phishing e-mail, and disguising itself as copyright claims e-mail which was introduced in the previous blog. The filename of the attachment in e-mail had password included, which is similar to that of phishing e-mail distributed last February (see the link below).”
President Putin’s Economic Forum Speech Delayed due to DDoS Attack
Deeba Ahmed
https://www.hackread.com/putins-economic-forum-speech-delayed-ddos-attack/
Excerpt:
“A Distributed Denial of Service attack (DDoS attack) disrupted the proceedings at the 25th St Petersburg International Economic Forum, regarded as the Russian answer to the Davos World Economic Forum.”
Germany's Green Party Says Email System Hit by Cyberattack
Associated Press
https://www.securityweek.com/germanys-green-party-says-email-system-hit-cyberattack
Excerpt:
“The German Green party, which is part of the country’s governing coalition, says its IT system was hit by a cyberattack last month that affected email accounts belonging to Foreign Minister Annalena Baerbock and Economy Minister Robert Habeck.”
New 'BidenCash' site sells your stolen credit card for just 15 cents
Bill Toulas
https://www.bleepingcomputer.com/news/security/new-bidencash-site-sells-your-stolen-credit-card-for-just-15-cents/
Excerpt:
“A recently launched carding site called 'BidenCash' is trying to get notoriety by leaking credit card details along with information about their owners.The platform was set up at the end of April but kept its offerings to lower level because its infrastructure was not ready to accommodate large-scale operations.”
Photos of kids taken from spyware-ridden phones found exposed on the internet
https://blog.malwarebytes.com/stalkerware/2022/06/photos-of-kids-taken-from-spyware-ridden-phones-found-exposed-on-the-internet/
Excerpt:
“A stalkerware-type app that boasts “the best free phone spying software on the market,” has exposed the data it snooped on from the phones it was installed in. The data exposed by TheTruthSpy included GPS locations and photos on victims’ phones, and images of children and babies.”
Facebook Messenger Scam Duped Millions
Nate Nelson
https://threatpost.com/acebook-messenger-scam/179977/
Excerpt:
“For months now, millions of Facebook users have been duped by the same phishing scam that cons users into handing over their account credentials.”
Citrix warns critical bug can let attackers reset admin passwords
Sergiu Gatlan
https://www.bleepingcomputer.com/news/security/citrix-warns-critical-bug-can-let-attackers-reset-admin-passwords/
Excerpt:
“Citrix warned customers to deploy security updates that address a critical Citrix Application Delivery Management (ADM) vulnerability that can let attackers reset admin passwords.”
2,000 arrests in crackdown on social engineering and business email scams
Liam Tung
https://www.zdnet.com/article/2000-arrests-in-crackdown-on-social-engineering-and-business-email-scams/
Excerpt:
“The international police organization Interpol has arrested 2,000 people in a crackdown on social-engineering rackets and intercepted $50 million in illicit funds.”
25 million free VPN user records exposed
Jurgita Lapienytė
https://cybernews.com/security/25-million-free-vpn-user-records-exposed/
Excerpt:
“The Cybernews team discovered an open database containing 18.5GB connection logs generated by the BeanVPN app.”
Cloudflare mitigates 26 million request per second DDoS attack
Omer Yoachimik
https://blog.cloudflare.com/26m-rps-ddos/
Excerpt:
“Last week, Cloudflare automatically detected and mitigated a 26 million request per second DDoS attack — the largest HTTPS DDoS attack on record.”
Kaiser Permanente Exposes Nearly 70K Medical Records in Data Breach
Elizabeth Montalbano
https://threatpost.com/kaiser-permanente-breach/179949/
Excerpt:
“Kaiser Permanente suffered a data breach due to email compromise on April 5 that potentially exposed the medical records of nearly 70,000 patients, the company revealed earlier this month.”
K-KOMM ambil tindakan tegas untuk elakkan kebocoran data rakyat Malaysia
Azzam Samsuddin
https://bm.technave.com/k-komm-ambil-tindakan-tegas-untuk-elakkan-kebocoran-data-rakyat-malaysia-61323
Excerpt:
“Baru-baru ini, terdapat satu isu tular di Twitter yang melibatkan penjualan data peribadi rakyat Malaysia oleh sebuah laman web sumber terbuka (open-source intelligence) dan ini telah menimbulkan keresahan di kalangan orang ramai.”
New Zimbra Email Vulnerability Could Let Attackers Steal Your Login Credentials
Ravie Lakshmanan
https://thehackernews.com/2022/06/new-zimbra-email-vulnerability-could.html
Excerpt:
“A new high-severity vulnerability has been disclosed in the Zimbra email suite that, if successfully exploited, enables an unauthenticated attacker to steal cleartext passwords of users sans any user interaction.”
A cybercriminal stole 1 million Facebook account credentials over 4 months
Brian Stone
https://www.techrepublic.com/article/a-cybercriminal-stole-1-million-facebook-account-credentials-over-4-months/
Excerpt:
“As phishing attacks continue to be a go-to for threat actors, one scam found that a user had stolen a million Facebook account credentials over a span of just four months. Anti-phishing company PIXM found that a fake login portal for Facebook was being used as a stand-in for the social network site’s landing page, and that users were entering their account information in an attempt to log in to the site only to have their information stolen.”
Healthcare is most likely to pay the ransom
https://www.helpnetsecurity.com/2022/06/09/ransomware-attacks-healthcare-sector/
Excerpt:
“Sophos has published a sectoral survey report which reveals a 94% increase in ransomware attacks on the organizations surveyed in the healthcare sector. In 2021, 66% of healthcare organizations were hit; 34% were hit the previous year.”
Shields Health Care Group notifies 2,000,000 patients after hack
Dissent
https://www.databreaches.net/shields-health-care-group-notifies-2000000-patients-after-hack/
Excerpt:
” Shields Health Care Group, Inc. (“Shields”) provides management and imaging services for dozens of covered entities in New England. On March 28, 2022, Shields was alerted to suspicious activity that may have involved data compromise. Their investigation discovered that an unknown threat actor had access to certain systems between March 7 and March 21 and had acquired data within that time period.”
Ransomware attacks setting new records
https://www.helpnetsecurity.com/2022/06/07/ransomware-attacks-increase/
Excerpt:
“Zscaler released the findings of its annual ThreatLabz Ransomware Report, which revealed an 80 percent increase in ransomware attacks year-over-year.”
10 Most Prolific Banking Trojans Targeting Hundreds of Financial Apps with Over a Billion Users
Ravie Lakshmanan
https://thehackernews.com/2022/06/10-most-prolific-banking-trojans.html
Excerpt:
“10 of the most prolific mobile banking trojans have set their eyes on 639 financial applications that are available on the Google Play Store and have been cumulatively downloaded over 1.01 billion times.”
Brute force attacks against Windows Remote Desktop
https://trunc.org/learning/brute-force-attacks-against-windows-remote-desktop
Excerpt:
“We come from the Linux world and we don't use Windows very often. However, we have been "forced" to use it more here at Trunc lately as we work to properly support Windows logs. Because of that, we installed a Windows 11 Pro server on Azure as one of our testing servers for our Windows logging agent.”
Costa Rican government held up by ransomware … again
Brandon Vigliarolo
https://www.theregister.com/2022/06/06/security_in_brief/
Excerpt:
“IN BRIEF Last month the notorious Russian ransomware gang Conti threatened to overthrow Costa Rica's government if a ransom wasn't paid. This month, another band of extortionists has attacked the nation.”
100 days of war in Ukraine: How the conflict is playing out in cyberspace
André Lameiras
https://www.welivesecurity.com/2022/06/03/100-days-war-ukraine-conflict-cyberspace/
Excerpt:
“On January 14th this year, a raid by Russian law enforcement authorities made headlines all over the world, as it resulted in the arrests of 14 members of the infamous Sodinokibi/REvil ransomware gang. The crackdown came after a series of talks between U.S. and Russian officials, including June’s Geneva meeting between Presidents Biden and Putin. The Russian intelligence agency, FSB, confirmed that “the individual responsible for the attack on Colonial Pipeline last spring” was arrested as part of the raid.”
Millions of Budget Smartphones With UNISOC Chips Vulnerable to Remote DoS Attacks
Eduard Kovacs
https://www.securityweek.com/millions-budget-smartphones-unisoc-chips-vulnerable-remote-dos-attacks
Excerpt:
“Millions of budget smartphones that use UNISOC chipsets could have their communications remotely disrupted by hackers due to a critical vulnerability discovered recently by researchers at cybersecurity firm Check Point.”
Cybercriminals Expand Attack Radius and Ransomware Pain Points
Threatpost
https://threatpost.com/criminals-expand-attack-radius/179832/
Excerpt:
“Melissa Bischoping, security researcher with Tanium and Infosec Insiders columnist, urges firms to consider the upstream and downstream impact of “triple extortion” ransomware attacks.”
Hackers Gained Access to Tens of Thousands of Patients' Test Results in California's Biggest Hospital System
Lucas Ropek
https://gizmodo.com/kaiser-permanente-data-breach-69-000-patients-1849059782
Excerpt:
“California’s biggest hospital system has divulged a massive data breach that exposed sensitive medical information on some 69,000 patients.”
Autonomous vehicles can be tricked into erratic driving behavior
https://www.helpnetsecurity.com/2022/06/02/autonomous-vehicles-can-be-tricked/
Excerpt:
“When a driverless car is in motion, one faulty decision by its collision-avoidance system can lead to disaster, but researchers at the University of California, Irvine have identified another possible risk: Autonomous vehicles can be tricked into an abrupt halt or other undesired driving behavior by the placement of an ordinary object on the side of the road.”
Twice as Many Healthcare Organizations Now Pay Ransom
Phil Muncaster
https://www.infosecurity-magazine.com/news/healthcare-organizations-pay-ransom/
Excerpt:
“Global healthcare organizations (HCOs) experienced a 94% year-on-year surge in ransomware attacks last year, with almost twice as many electing to pay their extorters, according to new data from Sophos.”
FBI seizes domains tied to stolen records, DDoS services
Tonya Riley
https://www.cyberscoop.com/fbi-seizes-domains-tied-to-stolen-records-and-ddos-services/
Excerpt:
“The FBI and Justice Department said Tuesday they had seized the domain of a search engine service that claimed to offer users the ability to scour billions of records of personal data from more than 10,000 data breaches, effectively shutting down the criminal operation.”