Round Up of Major Breaches and Scams
The US Federal Bureau of Investigation says pranksters are hijacking weakly-secured smart devices in order to live-stream swatting incidents. “Recently, offenders have been using victims’ smart devices, including video and audio capable home surveillance devices, to carry out swatting attacks,” the FBI said in a public service announcement published today. Officials say pranksters are taking over devices on which owners created accounts but reused credentials that previously leaked online during data breaches at other companies.
Microsoft says that SolarWinds hackers aimed at compromising the victims’ cloud infrastructure after deploying the Solorigate backdoor (aka Sunburst). The Microsoft 365 Defender Team revealed that the goal of the threat actors behind the SolarWinds supply chain attack was to move to the victims’ cloud infrastructure once infected their network with the Sunburst/Solorigate backdoor. “With this initial widespread foothold, the attackers can then pick and choose the specific organizations they want to continue operating within,” Microsoft explains.
UK police also give some food for thought to those on the verge of breaking the law The long arm of the law has caught up with 21 people who are believed to have bought purloined login credentials on the now-defunct WeLeakInfo.com website and used them to break into other people’s online accounts and commit various cybercrimes. Some of those arrested are also suspected of having used the criminal marketplace for trading in tools such as Remote Access Trojans (RATs) and crypters.
A federal judge Tuesday dismissed Apple’s copyright infringement lawsuit against cybersecurity startup Corellium in a case which could have implications for researchers who find software bugs and vulnerabilities. Judge Rodney Smith said Apple failed to show a legal basis for protecting its entire iOS operating system from security researchers. Apple sued the Florida-based startup in 2019 claiming its “virtualization” of iOS software constituted copyright infringement.
The Voyager cryptocurrency brokerage platform halted trading yesterday after suffering a cyberattack targeting their DNS configuration. Voyager Digital LLC is a cryptocurrency broker that allows investors to trade assets using the Voyager mobile app. Voyager has rapidly grown this year with a 40x growth in 12 months and $200 million in assets under management. Yesterday, the Voyager trading platform was suddenly shut down with an announcement that it was “currently undergoing maintenance.”
Personal information belonging to clients of an Auckland financial services firm has been published on the dark web after the company fell victim to a ransomware attack. Earlier this month a blog post on the dark web showed cyberattackers appeared to be in possession of sensitive information held by financial services company Staircase Financial Management. The post on NetWalker Blog had a countdown clock indicating how much time was left before the data was made public.
Round Up of Major Malware and Ransomware Incidents
Cloud storage provider Wasabi suffered an outage after a domain used for storage endpoints was suspended for hosting malware. Wasabi is a cloud storage provider that competes with solutions like Amazon S3 by offering significantly cheaper services, not charging egress or API fees, and promising a 99.99% data durability. Yesterday, at approximately 2:30 PM EST, Wasabi users suddenly found that they could no longer access their storage buckets hosted on the wasabisys.com domain.
Round Up of Major Vulnerabilities and Patches
Black man sues police, saying he was falsely ID’d by facial recognition, joining other Black Americans falling victim to the technology’s racial bias. Racial bias against non-white skin in facial recognition landed Nijeer Parks ten days in jail in 2019 after the technology falsely identified him as a shoplifting suspect, a new lawsuit says. It didn’t matter that he hadn’t been to the location of the crime, a Hampton Inn hotel in Woodbridge, New Jersey, according to Parks. The tech fingered him and that was enough for police, he said.
Multiple vulnerabilities have been discovered in ArubaNetwork’s ArubaOS and SD-WAN, which could result in arbitrary code execution. Aruba (a Hewlett Packard Enterprise company) is the worldwide second-largest enterprise WLAN vendor after Cisco. ArubaOS is its WLAN controller system for automating WLAN management, and SD-WAN (software defined WAN) is its cloud-oriented WAN orchestration system. Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code in context of the user running the application.