Daily NCSC-FI news followup 2020-06-13

Fraudster gets maximum jail time for news site DDoS extortion

www.bleepingcomputer.com/news/security/fraudster-gets-maximum-jail-time-for-news-site-ddos-extortion/ Iranian-born U.S. citizen Andrew Rakhshan, previously convicted in Canada for fraud, was sentenced to the maximum sentence of five years and ordered to pay over $500, 000 after being found guilty of launching several distributed denial of service (DDoS) attacks against news websites.

Microsoft Joins Ban on Sale of Facial Recognition Tech to Police

threatpost.com/microsoft-joins-ban-on-sale-of-facial-recognition-tech-to-police/156521/ Microsoft has joined Amazon and IBM in banning the sale of facial recognition technology to police departments and pushing for federal laws to regulate the technology.

15 Individuals Plead Guilty to Multimillion-Dollar Online Auction Fraud Scheme

www.darkreading.com/attacks-breaches/15-individuals-plead-guilty-to-multimillion-dollar-online-auction-fraud-scheme/d/d-id/1338082 Fifteen Romanian nationals have pleaded guilty to a variety of charges tied to their participation in a multimillion-dollar online auction fraud scheme targeting Internet users in the US. A Department of Justice (DoJ) statement announcing the pleas described the defendants as participating in a scam where they posted false advertisements, typically for vehicles and other high-priced goods, on popular sites such as eBay and Craigslist.

Lamphone attack lets threat actors recover conversations from your light bulb

www.zdnet.com/article/lamphone-attack-lets-threat-actors-recover-conversations-from-your-light-bulb/ Academics record light variations in a light bulb to recover the sound waves (speech, conversations, songs) from a room 25 meters (80 feet) away. The technique, which they named Lamphone, revolves around the principle that objects vibrate when soundwave hits their surface. When this happens in a light bulb, academics say the vibrations also create small flickers in light emissions. They say that by using powerful sensors, they can record the light variations and reverse-engineer the sound waves that hit the light bulb’s surface.

Black Kingdom ransomware hacks networks with Pulse VPN flaws

www.bleepingcomputer.com/news/security/black-kingdom-ransomware-hacks-networks-with-pulse-vpn-flaws/ Operators of Black Kingdom ransomware are targeting enterprises with unpatched Pulse Secure VPN software or initial access on the network, security researchers have found. The malware got caught in a honeypot, allowing researchers to analyze and document the tactics used by the threat actors.

City of Florence to Pay $300, 000 Ransom after ransomware attack

securityaffairs.co/wordpress/104666/breaking-news/city-of-florence-ransomware.html Florence City in Alabama will pay a $300, 000 ransom worth of Bitcoins after its computer system was infected with a ransomware. “It appears they may have been in our system since early May over a month going through our system, ” Mayor Steve Holt said.Mayor Holt confirmed that the City’s system was infected with the DoppelPaymer ransomware.

Mirai Botnet Activity

isc.sans.edu/forums/diary/Mirai+Botnet+Activity/26234/ This past week, I noticed new activity from the Mirai botnet in my honeypot. The sample log with the IP and file associated with the first log appears to have been taken down (96.30.193.26) which appeared multiple times this week including today. . However, the last two logs from today are still active which is using a Bash script to download multiple exploits targeting various device types (MIPS, ARM4-7, MPSL, x86, PPC, M68k). Something else of interest is the User-Agent: XTC and the name viktor which appear to be linked to XTC IRC Botnet, aka Hoaxcalls.

You might be interested in …

Daily NCSC-FI news followup 2020-04-21

FBI warns of COVID-19 phishing targeting US health providers www.bleepingcomputer.com/news/security/fbi-warns-of-covid-19-phishing-targeting-us-health-providers/ The U.S. Federal Bureau of Investigation (FBI) today warned of ongoing phishing campaigns targeting US healthcare providers using COVID-19 themed lures to distribute malicious attachments. 2, 000 coronavirus scammers taken offline in major phishing crackdown www.zdnet.com/article/2000-coronavirus-scammers-taken-offline-in-major-phishing-crackdown/ And now cybersecurity authorities want your help with spotting […]

Read More

Daily NCSC-FI news followup 2020-06-09

CallStranger UPnP bug allows data theft, DDoS attacks, LAN scans www.bleepingcomputer.com/news/security/callstranger-upnp-bug-allows-data-theft-ddos-attacks-lan-scans/ A vulnerability in the Universal Plug and Play protocol implemented in billions of devices can be exploited to exfiltrate data, turn them into bots for distributed denial-of-service attacks (DDoS), and scan internal networks. US energy providers hit with new malware in targeted attacks www.bleepingcomputer.com/news/security/us-energy-providers-hit-with-new-malware-in-targeted-attacks/ […]

Read More

Daily NCSC-FI news followup 2020-06-22

Google Analytics as a data exfiltration channel www.kaspersky.com/blog/web-skimming-with-ga/35986/ Web skimming, a fairly common method of getting cardholder data from visitors of online stores, is a time-honored cybercriminal practice. Recently, however, our experts discovered a rather dangerous innovation involving the use of Google Analytics to exfiltrate stolen data. Lets explore why this is dangerous and how […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.