BEC Breach Bug Cyber Security Data leak Hacking Malware Ransomware Scam Spying Virus Vulnerability

Hacker sentenced to 7 years after hacking LinkedIn, Twitter users get “Something went wrong” error messages, and more

Major cybersecurity events on 1st October 2020 (Evening Post): FBI tip prompted takedown of 130 fake Twitter accounts during debate. InterPlanetary Storm botnet infects 13K Mac, Android devices. Russian Fancy Bear hackers may have penetrated a US Federal Agency.

Round Up of Major Breaches and Scams

Experts Warn of $15m Global BEC Campaign

Security experts have discovered a major new Business Email Compromise (BEC) campaign that has already stolen over $15 million from a possible 150 organizations. Israeli incident response specialist Mitiga was first called in after a multimillion-dollar transaction went awry, according to head of research, Andrey Shomer. It appears that a cyber-criminal was monitoring email communications between a corporate buyer and seller, and at the last minute, stepped in to impersonate the seller, sending over new wire payment instructions.

Twitter says FBI tip prompted takedown of 130 fake accounts during debate

Intelligence from the FBI prompted Twitter to take down roughly 130 accounts that “appeared to originate in Iran,” and were trying to generate conflict during the presidential debate Tuesday, the social media company reported. In its announcement Wednesday, Twitter did not offer more details about the origin of the accounts or the extent of the FBI’s tip, but said it would publish the results of its full investigation later.

Russian Who Hacked LinkedIn, Dropbox Sentenced to 7 Years in Prison

A Russian hacker who was found guilty of hacking LinkedIn Dropbox , and Formspring over eight years ago has finally been sentenced to 88 months in United States prison, that’s more than seven years by a federal court in San Francisco this week. Yevgeniy Aleksandrovich Nikulin, 32, of Moscow hacked into servers belonging to three American social media firms, including LinkedIn, Dropbox, and now-defunct social-networking firm Formspring, and stole data on over 200 million users.

Twitter is down with users seeing “Something went wrong” errors

Twitter users are currently experiencing issues around the world, with users unable to use the website and mobile apps. When attempting to access Twitter’s website, users are given “Something went wrong” errors or other messages stating that the company is aware of the problem and are working on restoring access. This outage started within the last 30 minutes and according to DownDetector, social media platform, Twitter is currently experiencing an outage in the U.S, Europe, India, Japan, Australia, and other parts of the world.

Anthem to Pay Nearly $40M Settlement Over 2015 Cyberattack

Health insurer Anthem has agreed to another multimillion-dollar settlement over a cyberattack on its technology that exposed the personal information of nearly 79 million people. The Blue Cross-Blue Shield insurer said Wednesday that it will pay $39.5 million to settle an investigation by a group of state attorneys general. Anthem said it was the last open investigation into the attack. The company also agreed nearly two years ago with the U.S. Department of Health and Human Services to pay $16 million to settle possible privacy violations.

Round Up of Major Malware and Ransomware Incidents

InterPlanetary Storm Botnet Infects 13K Mac, Android Devices

In addition to Windows and Linux machines, a new variant of the malware now targets Mac and Android devices. A new variant of the InterPlanetary Storm malware has been discovered, which comes with fresh detection-evasion tactics and now targets Mac and Android devices (in addition to Windows and Linux, which were targeted by previous variants of the malware). Researchers say, the malware is building a botnet with a current estimated 13,500 infected machines across 84 countries worldwide. Half of the infected machines are in Hong Kong, South Korea and Taiwan.

Hackers leak files stolen in Pakistan’s K-Electric ransomware attack

The Netwalker ransomware operators have published the stolen data for K-Electric, Pakistan’s largest private power company, after a ransom was not paid. On September 7th, 2020, K-Electric suffered a Netwalker ransomware attack that disrupted online billing services, but not the supply of power. Soon after, BleepingComputer obtained access to the Tor ransom payment page for K-Electric’s attack, where ransomware operators demanded a $3,850,000 payment. The attackers also stated that they would release files stolen during the attack if a ransom was not paid.

Tycoon malware: What it is, how it works and how to prevent it

It has been said that a picture is worth a thousand words. In the world of malware, a picture is worth an infection — in other words, a picture can actually be the malware (ransomware, specifically in this case) that initially infects the compromised machine. This malware is called Tycoon and it uses an obscure image format to infect machines and inflict its ransomware chaos onto the compromised machine.

Russia’s Fancy Bear Hackers Likely Penetrated a US Federal Agency

A warning that unidentified hackers broke into an agency of the US federal government and stole its data is troubling enough. But it becomes all the more disturbing when those unidentified intruders are identified—and appear likely to be part of a notorious team of cyberspies working in the service of Russia’s military intelligence agency, the GRU.

Round Up of Major Vulnerabilities and Patches

Windows Subsystem for Linux 2 bypasses the Windows 10 Firewall

The Windows Subsystem for Linux 2 will bypass the Windows 10 firewall and any configured rules, raising security concerns for those who use the feature. In a blog post today, Mullvad VPN explained that their product includes an ‘Always require VPN’ option that blocks Internet access via the Windows Firewall unless connected to the VPN. After Mullvad received a tip from a user, it was determined that WSL2 Linux distributions bypass the Windows 10 firewall and its configured rules, and prevent the VPN’s ‘Always require VPN’ security feature from working.