Round Up of Major Breaches and Scams
The U.S. Federal Reserve today issued guidance on how financial organizations from the United States can mitigate payment fraud attempts scammers carry out with the help of synthetic identity accounts. The white paper published today by the Federal Reserve on mitigating synthetic identity payments fraud comes after two previous white papers on defining and detecting such payments fraud attempts.
A hacker has uploaded ransom notes on 22,900 MongoDB databases left exposed online without a password, a number that accounts for roughly 47% of all MongoDB databases accessible online, ZDNet has learned today. The hacker is using an automated script to scan for misconfigured MongoDB databases, wiping their content, and leaving a ransom note behind asking for a 0.015 bitcoin (~$140) payment.
The Cybersecurity and Infrastructure Security Agency (CISA) today issued guidance on how to protect against cyberattacks launched from the activity originating from or routed through the Tor anonymity network. Tor is a software enabling internet anonymity by automatically encrypt and reroute a user’s web requests through a network of Tor nodes (relay layers).
Round Up of Major Malware and Ransomware Incidents
In a report published today, cyber-security firm Lookout said it found evidence connecting Android malware that was used to spy on minorities in China to a large government defense contractor from the city of Xi’an. Lookout’s 52-page report details a years-long hacking campaign that has primarily targeted the Uyghur ethnic minority to a lesser degree.
A venerable point-of-sale (POS) malware called Alina that’s been around since 2012 is back in circulation, with a new trick for stealing credit- and debit-card data: Domain Name System (DNS) tunneling. DNS is the mechanism by which numeric IP addresses are linked to website names; DNS translates human-readable domain names to IP addresses so browsers can load internet resources.
A Windows Point-of-Sale (POS) malware has been discovered using the DNS protocol to smuggle stolen credit cards to a remote server under attacker’s control. POS malware is installed on point of sale systems to monitor for payments using credit cards. When a payment is processed on a remote terminal or the local machine, the malware will scrape the credit card and send it to a remote command and control.
A newly revealed set of mobile hacking tools adds to the extensive picture of Chinese government surveillance aimed at the country’s Uighur minority. Like Android-focused surveillance kits before them, the malicious software is capable of stealing sensitive data on target phones and turning them into listening devices, according to mobile security firm Lookout, which made the discovery.
Proofpoint researchers have published findings on a campaign involving the Hakbit ransomware. As their blog post states, the ransomware is being spread via spear-phishing emails targeted at individuals in “mid-level positions across the pharmaceutical, legal, financial, business service, retail, and healthcare sector.”
A new version of Android malware, which exfiltrates and sends SMS messages, has been detected stealing financial and application data and reading account information and contact lists. According to research by Cybereason, the malware, which it calls FakeSpy, is under constant development and has been active for over three years.
Round Up of Major Vulnerabilities and Patches
ll of the security holes were reported to Netgear through Trend Micro’s Zero Day Initiative (ZDI), including five by a hacker who uses the online moniker d4rkn3ss, from VNPT ISC, and five by Pedro Ribeiro and Radek Domanski of Team Flashback. Ribeiro and Domanski disclosed the flaws at the Pwn2Own Tokyo 2019 hacking contest in November 2019, which earned them $25,000.