Categories
Breach Bug Cyber Security Data leak Hacking Malware Phishing Ransomware Scam Trojan Vulnerability

Users are advised to ignore FB Christmas bonus scam, Mexican drug cartels hold high-tech spyware, and more

Major cybersecurity events on 17th December 2020 (Evening Post): Phobos launches Orbital to find attack pathways and entry points in networks. Two malware-laced gems found in RubyGems repository, capable of replacing cryptocurrency wallet address in clipboard with attacker-supplied one.

Round Up of Major Breaches and Scams

Whistleblowers have come to us alleging spy agency wrongdoing, says UK auditor IPCO

Three UK law enforcement agents blew the whistle about unlawful state surveillance to the Investigatory Powers Commissioner’s office – and one of those incidents was bad enough for the investigation to still be ongoing today. The investigation’s existence was revealed in audit body IPCO’s annual report for 2018-19, published (PDF) earlier this week. In addition, an MI6 spy “engaged in serious crime overseas” which senior managers tried to cover up – only to be forced to admit what had happened when the agent crossed “red lines”.

Experts Urge Users to Ignore Facebook Christmas Bonus Scam

Identity theft experts are warning Facebook users to be on the lookout for a “Christmas bonus” scam which appears to be endorsed by their friends on the social network. Variations on these scams appear to have been circulating on Facebook since at least 2015. Most recently, users are being targeted by messages claiming to offer them a “Christmas bonus” or “Christmas benefit,” according to the non-profit Identity Theft Resource Center (ITRC).

Business are tracking customers and not telling them

Although most companies claim that they have well-defined consumer data protection and privacy policies, research has found that three in five US and Canadian companies fail to inform customers that they allow third-party services to use tracking codes on their websites. Zoho, an Austin based productivity app surveyed 1,416 individuals across Canada and the United States, with participants including a range of business leaders from C-level to manager roles, from a variety of business sizes.

Digging the recently leaked Chinese Communist Party database

KELA researchers analyzed a database recently leaked online that contains data for 1.9 million Chinese Communist Party members in Shanghai. After the announcement of the leak of the database which contains the personal information of 1.9 million Chinese Communist Party (CCP) members in Shanghai, KELA researchers have obtained it. This database includes the members’ name, sex, ethnicity, hometown, organization, ID number, address, mobile number, landline, and education.

Round Up of Major Malware and Ransomware Incidents

Mexican Drug Cartels with High-Tech Spyware

Sophisticated spyware, sold by surveillance tech companies to Mexican government agencies, are ending up in the hands of drug cartels: As many as 25 private companies — including the Israeli company NSO Group and the Italian firm Hacking Team — have sold surveillance software to Mexican federal and state police forces, but there is little or no regulation of the sector — and no way to control where the spyware ends up, said the officials.

Two Malware-Laced Gems Found in RubyGems Repository

Two Ruby gems that were found to pack malware capable of running persistently on infected machines were removed recently from the RubyGems hosting service. The two gems, pretty_color and ruby-bitcoin, contained malware that was targeting Windows machines and which was meant to replace any cryptocurrency wallet address in the clipboard with an attacker-supplied one. By replacing the crypto-wallet addresses, the malware helps the attackers hijack transactions and steal the victim’s funds.

When zombie malware leads to big-money ransomware attacks

The first thing people want to know when there’s a new ransomware story going around is: How much are the crooks asking for this time? Sadly, that is one question that victims themselves don’t need to ask, because the blackmailers who just attacked them will make jolly sure they know the “price”. In one recent and confronting story, an educational establishment in Scotland was confronted with an extortion demand for a surprisingly specific sum of money.

Round Up of Major Vulnerabilities and Patches

SolarWinds Trojan: Affected enterprises must use hot patches, isolate compromised gear

Hot patching and isolating potentially affected resources are on the IT response schedule as enterprises that employ SolarWinds Orion network-monitoring software look to limit the impact of the serious Trojan unleashed on the platform. The supply-chain attack, reported early this week by Reuters and detailed by security researchers at FireEye and Microsoft involves a potential state-sponsored, sophisticated actor gained access to a wide variety of government, public and private networks via Trojanized updates to SolarWind’s Orion network monitoring and management software.

Phobos launches Orbital, a tool for finding attack pathways and entry points into your network

Cybersecurity firm the Phobos Group has launched this week Orbital, a reconnaissance and risk assessment platform. Orbital, out of beta and in public trials, is the Phobos Group’s reimagining of how a reconnaissance platform should work and look like. It works by scanning a customer’s public-facing infrastructure and generating a report with issues it finds. But instead of delivering a 600-page report about every minutia in a company’s IT stack using convoluted terms like CVEs, DREAD scores, STRIDE models, or ATT&CK mappings, Orbital relies on the underestimated power of “plain English.”