Iranian Hackers Charged in March Are Still Actively Phishing Universities
Catalin Cimpanu
https://www.bleepingcomputer.com/news/security/iranian-hackers-charged-in-march-are-still-actively-phishing-universities/
Excerpt
“An Iranian hacking group has continued its phishing operations undeterred by indictments from the US Department of Justice.The group's name is Cobalt Dickens or Silent Librarian. In March 2018, the US DOJ charged nine hackers it believed were behind the group's activity.”
California Police Arrest Teenage ‘SIM Swapper’ Who Allegedly Stole Crypto From Cell Phones
William Suberg
https://cointelegraph.com/news/california-police-arrest-teenage-sim-swapper-who-allegedly-stole-crypto-from-cell-phones
Excerpt
“Police in California have arrested an alleged hacker who stole Bitcoin (BTC) totalling more than $1 million by hijacking cellphones, investigative cybercrime blog Krebs on Security reported Wednesday, August 22.”
Ryuk Ransomware Crew Makes $640,000 in Recent Activity Surge
Catalin Cimpanu
https://www.bleepingcomputer.com/news/security/ryuk-ransomware-crew-makes-640-000-in-recent-activity-surge/
Excerpt
“A new ransomware strain named Ryuk is making the rounds, and, according to current reports, the group behind it has already made over $640,000 worth of Bitcoin.”
Arrested BitConnect kingpin is connected to yet another cryptocurrency scam
Neer Varshney
https://thenextweb.com/hardfork/2018/08/20/bitconnect-cryptocurrency-scam-india/
Excerpt
“Nearly eight months after BitConnect pulled one of the most iconic exit scams in cryptocurrency history, the authorities across the globe are still catching up with the crooks behind the pyramid scheme.”
U.S. states demand better access to secrets about election cyber threats
Christopher Bing
https://uk.reuters.com/article/us-usa-election-cyber-access/u-s-states-demand-better-access-to-secrets-about-election-cyber-threats-idUKKBN1L12JS
Excerpt
“U.S. state election officials are demanding better access to sometimes classified federal government information about hacking threats to voting systems.”
Indian Cosmos Bank Malware Attack Ends with Theft of $13.5 Million
Milena Dimitrova
https://securityboulevard.com/2018/08/indian-cosmos-bank-malware-attack-ends-with-theft-of-13-5-million/
Excerpt
“Cosmos Bank, known as India’s second-largest cooperative bank, has been breached by hackers, and a total of 940 million rupees, or $13.5 million, were stolen. More specifically, attackers stole customer details via a malware attack on the bank’s ATM servers, and succeeded in transferring money to a Hong Kong-based company’s account.”
British and Canadian Governments Accidentally Exposed Passwords and Security Plans to the Entire Internet
Yael Grauer
https://theintercept.com/2018/08/16/trello-board-uk-canada/
Excerpt
“By misconfiguring pages on Trello, a popular project management website, the governments of the United Kingdom and Canada exposed to the entire internet details of software bugs and security plans, as well as passwords for servers, official internet domains, conference calls, and an event-planning system.”
Potential BlackIT Botnet Attacks Can Bring down IoT Devices
Martin Beltov
https://sensorstechforum.com/potential-blackit-botnet-attacks-can-bring-iot-devices/
Excerpt
“A group of researchers presented a new concept malware at the Usenix Security Symposium this week called the BlackIoT botnet. It is a theoretical offensive that is still not available as an executable code that can be used in real-world attacks. One of the proposed reasons for creating the theoretical model is the vast deployment of IoT devices both by end users and in business environments serving various purposes. There are three distinct attack types that are described in the synopsis giving information on how it can be implemented in an intrusion attempt. They range from basic attacks (manipulating single settings) to more complex device modifications.”
Former Microsoft engineer sent behind bars for role in ransomware extortion scheme
Charlie Osborne
https://www.zdnet.com/article/former-microsoft-engineer-sent-behind-bars-for-role-in-ransomware-extortion-scheme/
Excerpt
“A former Microsoft engineer has been given an 18-month prison sentence after being found guilty of laundering money acquired from Reveton ransomware victims.”
Wi-fi could be used to detect weapons and bombs
https://www.bbc.co.uk/news/technology-45196164
Excerpt
“Ordinary wi-fi could be used to detect weapons and explosives in public places, according to a study led by the Rutgers University in New Jersey.”
FBI Eyes Plethora of River-Related Threats
https://www.securityweek.com/fbi-eyes-plethora-river-related-threats
Excerpt
“Giant cranes loading and unloading gargantuan barges. Oil tankers, supply vessels and pipelines serving a vital energy industry. Flood control structures. Chemical plants. Cruise ships. Drinking water sources. All computer-reliant and tied in some way to the internet. All of them vulnerable to cyber thieves, hackers and terrorists.”
Hundreds of Instagram accounts were hijacked in a coordinated attack
Pierluigi Paganini
https://securityaffairs.co/wordpress/75377/hacking/instagram-accounts-hacked.html
Excerpt
“Hundreds of Instagram accounts were hijacked in what appears to be the result of a coordinated attack, all the accounts share common signs of compromise.”
Turning off Location History doesn’t prevent Google from knowing your location
Zeljka Zorz
https://www.helpnetsecurity.com/2018/08/14/google-location-tracking/
Excerpt
“If you believe that by turning off Location History on your Android device or iPhone means that Google won’t be able to know your location, think again: Princeton University researchers have confirmed Google services store users’ location regardless of those settings.”
Former NSA top hacker names the filthy four of nation-state hacking
Iain Thomson
https://www.theregister.co.uk/2018/08/13/former_nsa_top_hacker_names_the_filthy_four_of_nationstate_hacking/
Excerpt
“DEF CON Rob Joyce, the former head of the NSA’s Tailored Access Operations hacking team, has spilled the beans on which nations are getting up to mischief online.”
Cybersecurity pact sought
http://www.thesundaily.my/news/2018/08/02/cybersecurity-pact-sought
Excerpt
“Southeast Asian nations are set to announce a deal with China on a working text for negotiations over a code of conduct to ease tension in the South China Sea at a meeting that began today.”
The FBI warns about compromised IoT devices
Zeljka Zorz
https://www.helpnetsecurity.com/2018/08/06/spot-compromised-iot-devices/
Excerpt
“The FBI is instructing users on how to recognize when their IoT devices have been compromised and advising them on how to keep them secure.”
ZombieBoy, a new Monero miner that allows to earn $1,000 on a monthly basis
Pierluigi Paganini
https://securityaffairs.co/wordpress/75070/malware/zombieboy-monero-miner.html
Excerpt
“The security researcher James Quinn has spotted a new strain of crypto mining worm dubbed ZombieBoy that appears to be very profitable and leverages several exploits to evade detection.”
U.S. Payment Processing Services Targeted by BGP Hijacking Attacks
Lawrence Abrams
https://www.bleepingcomputer.com/news/security/us-payment-processing-services-targeted-by-bgp-hijacking-attacks/
Excerpt
“According to a new report, three United States payment processing companies were targeted by BGP hijacking attacks on their DNS servers. These Internet routing attacks were designed to redirect traffic directed at the payment processors to servers controlled by malicious actors who would then attempt to steal the data.”
Rise in email impersonation attacks makes companies re-assess their security efforts
https://www.helpnetsecurity.com/2018/08/03/email-impersonation-attacks/
Excerpt
“Most companies believe they’ve experienced serious data breaches driven by email impersonation in the past 12 months – but are not doing nearly enough to prevent future impersonation attacks, according to a new study conducted by the Ponemon Institute.”
Employees who witness compliance violations twice as likely to leave company
https://www.helpnetsecurity.com/2018/08/03/compliance-violations/
Excerpt
“Twenty-nine percent of employees observed at least one compliance violation at work in 2016 or 2017, according to a survey by Gartner. The survey, which sampled more than 5,000 employees at all levels, found that these workers are twice as likely to leave their organization.”
Cybercrime gangs continue to go where the money is
https://www.helpnetsecurity.com/2018/08/03/phishing-activity-trends-report/
Excerpt
“According to the APWG’s new Phishing Activity Trends Report, phishing in the first part of 2018 surged 46 percent higher than late 2017. The total number of phish detected in the first quarter of 2018 was 263,538. That was up from the 180,577 observed in the fourth quarter of 2017. It was also significantly greater than the 190,942 seen in the third quarter of 2017.”
Ten years ago someone breached into a server of the Yale University
Pierluigi Paganini
https://securityaffairs.co/wordpress/74970/data-breach/yale-data-breach.html
Excerpt
“Ten years ago someone breached into a server of the Yale University, but because the intrusion happened nearly ten years ago there is much more information about how it occurred.”
DOJ arrests three Ukrainians allegedly tied to FIN7 hacking gang
Patrick Howell O'Neill
https://www.cyberscoop.com/fin7-carbanak-indictment-doj-ukraine/
Excerpt
“Three Ukrainians accused of hacking vast quantities of financial data from U.S. businesses have been indicted, the Department of Justice announced on Wednesday.”
Read full article