US sanctions four companies selling hacking tools, including NSO Group & Candiru
therecord.media/us-sanctions-four-companies-selling-hacking-tools-including-nso-group-candiru/ The US government has sanctioned today four companies that develop and sell spyware and other hacking tools, the US Department of Commerce announced today. The four companies include Israel’s NSO Group and Candiru, Russian security firm Positive Technologies, and Singapore-based Computer Security Initiative Consultancy.
Too early to tell’ if Russia has cracked down on ransomware gangs, Nakasone says
therecord.media/too-early-to-tell-if-russia-has-cracked-down-on-ransomware-gangs-nakasone-says/ The country’s top military cyber official on Wednesday said that is too soon to know if the Kremlin has taken action against ransomware gangs operating on Russian soil.
BlackMatter ransomware says its shutting down due to pressure from local authorities
therecord.media/blackmatter-ransomware-says-its-shutting-down-due-to-pressure-from-local-authorities/ The criminal group behind the BlackMatter ransomware have announced plans today to shut down their operation, citing pressure from local authorities.
CERT-France: Lockean ransomware group behind attacks on French companies
therecord.media/cert-france-lockean-ransomware-group-behind-attacks-on-french-companies/ French cybersecurity officials have identified today for the first time a ransomware “affiliate group” that is responsible for a long list of attacks against French companies over the past two years. Identified as Lockean, the group’s activities and modus operandi were detailed today in a comprehensive report published by France’s Computer Emergency Response Team (CERT-FR), a division of ANSSI, the country’s national cybersecurity agency.
Cybercrime underground flush with shipping companies’ credentials
intel471.com/blog/shipping-companies-ransomware-credentials The actors responsible for selling these credentials range from newcomers to the most prolific network access brokers that Intel 471 tracks.
Clearview AI slammed for breaching Australians’ privacy on numerous fronts
www.zdnet.com/article/clearview-ai-slammed-for-breaching-australians-privacy-on-numerous-fronts/ Despite uncovering Clearview AI’s intrusive practices, Australia’s Information Commissioner conceded that the number of Australians who have had their biometric information scraped by the company was unknown.
Coinbase notification scam steals US$11 million in bitcoin from a crypto account in 10 minutes
www.notebookcheck.net/Coinbase-notification-scam-steals-US-11-million-from-a-bitcoin-account-in-10-minutes.576725.0.html In a warning to Coinbase users not to fall for fake customer service representatives, a subscriber got their Bitcoin account plundered with their own helping hand.
Tortilla’ Wraps Exchange Servers in ProxyShell Attacks
threatpost.com/tortilla-exchange-servers-proxyshell/175967/ The Microsoft Exchange ProxyShell vulnerabilities are being exploited yet again for ransomware, this time with Babuk from the new “Tortilla” threat actor.
UK Labour Party discloses data breach after ransomware attack
www.bleepingcomputer.com/news/security/uk-labour-party-discloses-data-breach-after-ransomware-attack/ The U.K. Labour Party notified members that some of their information was impacted in a data breach after a ransomware attack hit a supplier managing the party’s data.
New Tool: cs-extract-key.py
blog.didierstevens.com/2021/11/03/new-tool-cs-extract-key-py/ cs-extract-key.py is a tool designed to extract cryptographic keys from Cobalt Strike beacon process memory dumps.
Stealthier version of Mekotio banking trojan spotted in the wild
www.bleepingcomputer.com/news/security/stealthier-version-of-mekotio-banking-trojan-spotted-in-the-wild/ A new version of a banking trojan known as Mekotio is being deployed in the wild, with malware analysts reporting that it’s using a new, stealthier infection flow.
Linux Foundation adds software supply chain security to LFX
www.zdnet.com/article/linux-foundation-adds-software-supply-chain-security-to-lfx/ Our software supply chains are under attack. The Linux Foundation, via its LFX tools, is set to defend them. Enhanced and free to use, LFX Security makes it easier for open source projects to secure their code. Specifically, the LFX Security module now includes automatic scanning for secrets-in-code and non-inclusive language, adding to its existing automated vulnerability detection capabilities
The Booming Underground Market for Bots That Steal Your 2FA Codes
www.vice.com/en/article/y3vz5k/booming-underground-market-bots-2fa-otp-paypal-amazon-bank-apple-venmo The bots convincingly and effortlessly help hackers break into Coinbase, Amazon, PayPal, and bank accounts. “The bot is great for people who don’t have social engineering skills, “
This Steam phish baits you with free Discord Nitro
blog.malwarebytes.com/malwarebytes-news/2021/11/this-steam-phish-baits-you-with-free-discord-nitro/ Weeks ago, we talked about the one effective lure that could get a Discord user to consider clicking on a scam link they were generously given, either by a random user or a legitimate contact who also happened to have fallen for the same ploy: free Discord Nitro subscriptions.
Credit card skimmer evades Virtual Machines
blog.malwarebytes.com/threat-intelligence/2021/11/credit-card-skimmer-evades-virtual-machines/ There are many techniques threat actors use to slow down analysis or, even better, evade detection. Perhaps the most popular method is to detect virtual machines commonly used by security researchers and sandboxing solutions.
CISA creates catalog of known exploited vulnerabilities, orders agencies to patch
therecord.media/cisa-creates-catalog-of-known-exploited-vulnerabilities-orders-agencies-to-patch/ The US Cybersecurity and Infrastructure Security Agency has established today a public catalog of vulnerabilities known to be exploited in the wild and has issued a binding operational directive ordering US federal agencies to patch affected systems within specific timeframes and deadlines. CISA Director Jen Easterly said that while the binding operational directive is can only force US federal agencies to take action, all organizations should take action and patch the listed vulnerabilities, as the same exploits are also used to attack private entities as well. Seel also:
Sonos, HP, and Canon devices hacked at Pwn2Own Austin 2021
www.bleepingcomputer.com/news/security/sonos-hp-and-canon-devices-hacked-at-pwn2own-austin-2021/ During the first day of Pwn2Own Austin 2021, contestants won $362, 500 after exploiting previously unknown security flaws to hack printers, routers, NAS devices, and speakers from Canon, HP, Western Digital, Cisco, Sonos, TP-Link, and NETGEAR.
Report: Cost of a Data Breach in Energy and Utilities
securityintelligence.com/articles/cost-data-breach-energy-utilities/ On average, the cost of a data breach rose by 10% from 2020 to 2021. The energy industry ranked fifth in data breach costs, surpassed only by the health care, financial, pharmaceutical and technology verticals, according to the 17th annual Cost of a Data Breach Report. Some energy cybersecurity measures can help reduce the cost of a data breach in a big way. For example, take a look at zero trust deployments, artificial intelligence and automation.
Google warns Android users of zero-day vulnerability being actively attacked
www.bitdefender.com/blog/hotforsecurity/google-warns-android-users-of-zero-day-vulnerability-being-actively-attacked/ Google’s latest monthly security patches for the Android operating system contains fixes for 39 flaws, including one security vulnerability that the tech giant says is being actively exploited in the wild.