Round Up of Major Breaches and Scams
One of the digital underground’s most popular stores for peddling stolen credit card information began selling a batch of more than three million new card records this week. KrebsOnSecurity has learned the data was stolen in a lengthy data breach at more than 100 Dickey’s Barbeque Restaurant locations around the country. On Monday, the carding bazaar Joker’s Stash debuted “BlazingSun,” a new batch of more than three million stolen card records, advertising “valid rates” of between 90-100 percent.
The hotly anticipated release of blockbuster video game FIFA 21 on Oct. 6, along with the return of professional play, are giving soccer fans reason to celebrate. And, unsurprisingly, cybercriminals are already figuring out how to capitalize. A report from researcher Christopher Boyd at Malwarebytes Labs outlined the various ways scammers are tapping into the oversized audience of FIFA 21 to turn a quick buck, including leveraging in-game goods and rewards.
Members of the QQAAZZ group helped cybercriminals conceal origins of stolen funds, DoJ alleges. An indictment unsealed this week by the US Department of Justice (DoJ) in a Pennsylvania federal court and another one from last October has shed more light on the vast criminal network that cyberthieves rely on to launder funds stolen from their victims.
Twitter is experiencing a worldwide service disruption preventing users from both sending tweets using Tweetdeck, the social network’s apps, and website, or from seeing their notifications. Twitter is currently investigating the issue leading to broken notifications and “Nothing to see here — yet” messages, as reported by countless users starting about an hour ago. When trying to tweet, users are currently seeing “Tweet failed: Twitter is temporarily over capacity. Please try again later” and “Something went wrong, but don’t fret — let’s give it another shot” errors.
Iran ’s cybersecurity authority revealed that two governmental departments were hit by cyberattacks this week, state media reported. State media reported on Thursday that Iran’s cybersecurity authority acknowledged cyberattacks on two unnamed governmental departments. The state-owned IRAN daily newspaper revealed that the cyberattacks took place on Tuesday and Wednesday respectively. Iranian authorities are investigating the attacks that were defined as important.
Puerto Rico’s firefighting department discloses a security breach, hackers breached its database and demanded $600,000. Puerto Rico’s firefighting department discloses a security breach, hackers breached its database and demanded a $600,000 ransom. According to the department’s director, Alberto Cruz, the ability of the department to respond to emergencies was not impacted by the attack. The department received an email from the threat actors that notifies it that they had encrypted its servers and demanded the payment of a ransom to release them.
Twitter temporarily suspended the account of the president of the United States’ election campaign for “posting private information.” The account @TeamTrump was locked for attempting to tweet a video referencing a recent article by the New York Post along with text describing presidential candidate Joe Biden as “a liar who has been ripping off our country for years.” The New York Post article published leaked emails that suggest that in 2015, while working for Ukrainian natural gas firm Burisma Holdings, Biden’s son Hunter arranged for the then Vice President Joe Biden to meet with a top executive at the company.
Round Up of Major Malware and Ransomware Incidents
Cybercriminal team previously associated with point-of-sale malware and data theft has now moved almost completely into the more lucrative crimes of ransomware and extortion. An assortment of ransomware campaigns since 2019 are actually the work of a single group, which has evolved from conducting point-of-sale attacks using malware to infiltrating networks and infecting systems with ransomware, researchers say.
The TrickBot botnet appears to have resumed normal operations days after Microsoft announced that it managed to take it down using legal means. On October 12, Microsoft and several partners announced that they were able to disrupt the TrickBot infrastructure by legally disabling IP addresses, making servers inaccessible and suspending services employed by the botnet. The effort was also aimed at preventing operators from registering new infrastructure.
The Egregor ransomware gang has hit the game developer Crytek and leaked files allegedly stolen from the systems of the gaming firm Ubisoft. A previously unknown ransomware gang dubbed Egregor has hit the game developer Crytek and leaked files allegedly stolen from the internal network of another leading gaming firm, Ubisoft. A few days ago, the Egregor ransomware operators posted archives containing unencrypted files allegedly stolen in two distinct attacks from the two gaming firms.
Round Up of Major Vulnerabilities and Patches
Adobe says the two critical flaws (CVE-2020-24407 and CVE-2020-24400) could allow arbitrary code execution as well as read or write access to the database. Two critical flaws in Magento – Adobe’s e-commerce platform that is commonly targeted by attackers like the Magecart threat group – could enable arbitrary code execution on affected systems. Retail is set to boom in the coming months which puts pressure on Adobe to rapidly patch up any holes in the popular Magento open-source platform, which powers many online shops.
A significant number of SonicWall firewalls may be affected by a critical vulnerability that can be exploited for denial-of-service (DoS) attacks and possibly arbitrary code execution. The vulnerability, identified as CVE-2020-5135, impacts various versions of SonicOS, the operating system powering SonicWall firewalls. The vendor has credited researchers at Tripwire and Positive Technologies for finding the security bug.
Microsoft says that customers can now disable JScript (JScript.dll) execution in Internet Explorer 11 after installing the Windows October 2020 monthly security updates. JScript is a legacy Microsoft implementation of the ECMAScript language specification in the form of an Active Scripting engine. Adding an option to disable JScript’s execution is a huge security improvement since it allows IT admins to provide their users with a more secure browsing experience across enterprise environments where IE11 is still the web browser of choices for legacy software solutions.
Self-driving cars are one of the coolest innovations of the 21st century and for good reason, you could finally sleep on your daily commute (not recommended though). However, as with any piece of technology, it comes with its flaws, many of which have been discovered before but there is one that has recently come to light. Explored by a group of researchers from the Ben-Gurion University of the Negev; the tests were done on 2 commercial advanced driver-assistance systems belonging to Tesla X and Mobileye 630 in which “phantom” objects were displayed in front of the 2 vehicles.