Categories
APT Breach Cyber Security Hacking Malware Phishing Ransomware Scam Vulnerability

Alina malware spotted using new trick to steal credit/debit card data, Hacker ransoms 22,900 MongoDB databases, and more

Major cybersecurity events on 2nd July 2020 (Evening Post): Federal Reserve issues advisory on how to mitigate payment fraud using synthetic identity accounts. Hakbit ransomware campaign targets specific European countries. FakeSpy campaign uses postal app to steal data.

Round Up of Major Breaches and Scams

Federal Reserve shares tips on mitigating synthetic identity fraud

The U.S. Federal Reserve today issued guidance on how financial organizations from the United States can mitigate payment fraud attempts scammers carry out with the help of synthetic identity accounts. The white paper published today by the Federal Reserve on mitigating synthetic identity payments fraud comes after two previous white papers on defining and detecting such payments fraud attempts.

Hacker ransoms 23k MongoDB databases and threatens to contact GDPR authorities

A hacker has uploaded ransom notes on 22,900 MongoDB databases left exposed online without a password, a number that accounts for roughly 47% of all MongoDB databases accessible online, ZDNet has learned today. The hacker is using an automated script to scan for misconfigured MongoDB databases, wiping their content, and leaving a ransom note behind asking for a 0.015 bitcoin (~$140) payment.

US Govt shares tips on defending against cyberattacks via Tor

The Cybersecurity and Infrastructure Security Agency (CISA) today issued guidance on how to protect against cyberattacks launched from the activity originating from or routed through the Tor anonymity network. Tor is a software enabling internet anonymity by automatically encrypt and reroute a user’s web requests through a network of Tor nodes (relay layers).

Round Up of Major Malware and Ransomware Incidents

Connection discovered between Chinese hacker group APT15 and defense contractor

In a report published today, cyber-security firm Lookout said it found evidence connecting Android malware that was used to spy on minorities in China to a large government defense contractor from the city of Xi’an. Lookout’s 52-page report details a years-long hacking campaign that has primarily targeted the Uyghur ethnic minority to a lesser degree.

Alina Point-of-Sale Malware Spotted in Ongoing Campaign

A venerable point-of-sale (POS) malware called Alina that’s been around since 2012 is back in circulation, with a new trick for stealing credit- and debit-card data: Domain Name System (DNS) tunneling. DNS is the mechanism by which numeric IP addresses are linked to website names; DNS translates human-readable domain names to IP addresses so browsers can load internet resources.

Windows POS malware uses DNS to smuggle stolen credit cards

A Windows Point-of-Sale (POS) malware has been discovered using the DNS protocol to smuggle stolen credit cards to a remote server under attacker’s control. POS malware is installed on point of sale systems to monitor for payments using credit cards. When a payment is processed on a remote terminal or the local machine, the malware will scrape the credit card and send it to a remote command and control.

Chinese mobile surveillance of Uighurs more pervasive than previously thought, researchers say

A newly revealed set of mobile hacking tools adds to the extensive picture of Chinese government surveillance aimed at the country’s Uighur minority. Like Android-focused surveillance kits before them, the malicious software is capable of stealing sensitive data on target phones and turning them into listening devices, according to mobile security firm Lookout, which made the discovery.

Hakbit ransomware campaign targeting specific European countries

Proofpoint researchers have published findings on a campaign involving the Hakbit ransomware. As their blog post states, the ransomware is being spread via spear-phishing emails targeted at individuals in “mid-level positions across the pharmaceutical, legal, financial, business service, retail, and healthcare sector.”

Malware Uses Postal App Lure to Send SMS Messages and Steal Data

A new version of Android malware, which exfiltrates and sends SMS messages, has been detected stealing financial and application data and reading account information and contact lists. According to research by Cybereason, the malware, which it calls FakeSpy, is under constant development and has been active for over three years.

Round Up of Major Vulnerabilities and Patches

Netgear Starts Patching Serious Vulnerabilities Affecting Tens of Products

ll of the security holes were reported to Netgear through Trend Micro’s Zero Day Initiative (ZDI), including five by a hacker who uses the online moniker d4rkn3ss, from VNPT ISC, and five by Pedro Ribeiro and Radek Domanski of Team Flashback. Ribeiro and Domanski disclosed the flaws at the Pwn2Own Tokyo 2019 hacking contest in November 2019, which earned them $25,000.