Categories
APT Breach Cryptojacking Cyber Security Data leak Emotet Espionage Hacking Malware Maze Phishing Ransomware Skimming Smuggling spouseware Stalkerware Trojan Vulnerability

Iranian hackers charged for cyber espionage, Warner Music Group faces lawsuit over data breach, and more

Major cybersecurity events on 17th September 2020 (Morning Post): In multiple incidents US charges hackers and cyber criminals for espionage, global attacks, and cryptocurrency phishing spree. Hacker finds former Australian Prime Minister Tony Abbot’s passport number from Instagram post.

Round Up of Major Breaches and Scams

US Charges Five Members of China-Linked APT41 for Global Attacks

The five Chinese nationals are among seven defendants arrested for intrusion campaigns into more than 100 organizations, the DoJ reports. Five members of APT41, an attack group with alleged ties to China, have been charged for their roles in computer intrusion campaigns targeting more than 100 organizations around the world, the Department of Justice reports. Two of their co-conspirators have been arrested in Malaysia.

US charges two Iranian hackers for years-long cyber-espionage, cybercrime spree

The US has filed charges and is seeking the arrest of two Iranian nationals believed to have carried out cyber-intrusions at the behest of the Iranian government and for their own personal financial gain. In an indictment unsealed today, prosecutors accused Hooman Heidarian and Mehdi Farhadi, both from Hamedan, Iran, of launching cyber-attacks against a wide range of targets since at least 2013.

American IT-businessman of Russian origin says Durov gave data of Telegram to Kremlin

The founder of Telegram Pavel Durov gave the messenger with the data of all users to the Kremlin because the messenger became an unbearable financial burden, the costs of which exceeded $2-3 million a month, said an American IT businessman of Russian origin, the head of Pi5 Cloud Michael Talan. He clarified that Durov had financial problems related to Telegram after the decision of the American Securities and Exchange Commission, which banned the Russian programmer from launching the TON commercial platform.

Two Russians Charged in $17M Cryptocurrency Phishing Spree — Krebs on Security

U.S. authorities today announced criminal charges and financial sanctions against two Russian men accused of stealing nearly $17 million worth of virtual currencies in a series of phishing attacks throughout 2017 and 2018 that spoofed websites for some of the most popular cryptocurrency exchanges. The Justice Department unsealed indictments against Russian nationals Danil Potekhin and Dmitirii Karasavidi, alleging the duo was responsible for a sophisticated phishing and money laundering campaign that resulted in the theft of $16.8 million in cryptocurrencies and fiat money from victims.

Lawsuit Filed Against Warner Music Group Over Data Breach

A lawsuit has been filed against Warner Music Group following the disclosure of a data breach that compromised customers’ sensitive personal information. Warner notified customers of a breach earlier this month after discovering a number of its e-commerce websites had fallen victim to a prolonged skimming attack. Attackers were able to access personal data entered by customers into the impacted sites between April 25, 2020, and August 5, 2020.

Hacker finds ex-Aussie PM’s passport number using his Instagram post

The Prime Minister in the discussion is Tony Abbott whose Instagram post with his boarding pass allowed a hacker to dig deep into a much bigger issue within the Qantas website. When traveling, some people have the urge to share their journey with the entire world, especially on social media. This article shows how your urge to show off can expose your personal information to the masses. Former Australian Prime Minister Tony Abbott did the same back on March 22nd, 2020 by uploading a picture of his boarding pass on Instagram for his return flight from Tokyo to Sydney.

Chinese Tech Giant Alibaba’s Servers Found To Be Involved In Data Theft, At-least 72 Servers Sending Data To China

Top intelligence sources have told media that Chinese data cloud servers are sending data of Indian users to China, and that the Chinese technology giant Alibaba’s equipment in India may be involved in this. Officials speaking to News18 network have reportedly disclosed that ‘all sensitive and ancillary forms of data’ are sent to remote servers in China. Chinese firms are able to lure Indian organisations and customers by offering data servers at very low prices, and for this reason the Chinese offerings are quite popular among Indian businesses.

Round Up of Major Malware and Ransomware Incidents

Google ‘formally’ bans stalkerware apps from the Play Store

Google has updated its Play Store rules to impose a “formal” ban on stalkerware apps, but the company has left a pretty huge loophole in place for stalkerware to be uploaded on the official store as child-tracking applications. Stalkerware is a term used to describe apps that track a user’s movements, snoop on calls and messages, and record other apps’ activity. Stalkerware, also known as spouseware, is usually advertised to users as a way to discover cheating partners, track children while outside their homes, and as a way to keep an eye on employees at work.

Likely Links Emerge Between Lazarus Group and Russian-Speaking Cybercriminals

Researchers examine security incidents over the past several years that seemingly connect North Korea’s Lazarus Group with Russian-speaking attackers. Analysis published today examines reports from years of security incidents to pinpoint links between Lazarus Group, historically tied to North Korea, and Russian-speaking cybercriminals.

Emotet strikes Quebec’s Department of Justice: An ESET Analysis

The cyber attack affects 14 inboxes belonging to the Department of Justice was confirmed by ESET researchers. ESET’s team of malware researchers in Montreal, in collaboration with journalist Hugo Joncas, helped shed light on a cyber attack that affected the Quebec Department of Justice. Indeed, on August 11 and 12, the Department of Justice suffered a cyber attack in which malicious actors used malicious software to infect 14 inboxes under the Department‘s jurisdiction.

Source code of Cerberus banking Trojan leaked on underground forums

The source code of the infamous Cerberus banking Trojan has been released for free on underground hacking forums following a failed auction. The author of the Cerberus banking Trojan has released the source code of the malware on underground hacking forums following a failed auction. In July, the authors of the notorious Cerberus Android banking trojan auctioned their project for a price starting at $50,000, but buyers could have had closed the deal for $100,000.

US Staffing Firm Hit by Ransomware Again

One of the largest IT staffing companies in America has been hit by a second ransomware attack in nine months. At the start of September, Artech Information Systems disclosed a data breach caused by a ransomware attack perpetrated between January 5 and 8, 2020. Attackers deployed the ransomware three days after gaining unauthorized access to some of the company’s systems. The incident was picked up by the company following reports of suspicious activity on the user account of an Artech employee.

“LockBit” Launches Ransomware Blog, Blackmails Two Companies

Gemini Advisory’s analysts uncovered a September 14, 2020 post on a Russian-language dark web forum by a cybercriminal group operating under the moniker “LockBit,” in which they advertised starting their own blog under the same name. LockBit is a Russian-language ransomware team, alongside “REvil”/”Sodinokibi” and “Maze,” that advertises its services on Russian-language dark web forums.

Round Up of Major Vulnerabilities and Patches

h2c Smuggling: A New ‘Devastating’ Kind of HTTP Request Smuggling

The newly discovered form of HTTP request smuggling could have widespread impact because any proxy can be affected, researchers say. Here’s what infosec pros should know. A new type of hack that piggybacks malicious Web requests alongside legitimate ones could be used to create a broad range of havoc in an organization, a report from cybersecurity company Bishop Fox reveals.

Android app security: Over 12,000 popular Android apps contain undocumented backdoors

When many people think about malware and other malicious or suspicious software, they focus on computers. It is common best practice to have an antivirus program installed and regularly running on these machines. Smartphones are rapidly becoming the most common and popular device for computation and Internet access. An “always connected” culture means that many people are constantly checking their devices and have entrusted them with access to their online accounts and sensitive data via installed applications.