image - hacking

SolarWinds Hack Obtained Emails of Top U.S. Department of Homeland Security Officials

source: reuters.com

Hackers suspected of working for Russia got access to an email account belonging to the former head of the U.S. Department of Homeland Security, which is responsible for cybersecurity, in the SolarWinds hack, the Associated Press reported here on Monday.

The AP report said the intelligence value of the hacking of Chad Wolf, the former acting secretary of the DHS, and of email accounts belonging to officials in the department’s cybersecurity staff, was not publicly known.

The DHS did not immediately respond to a request for comment.

In the security breach at SolarWinds Corp which came to light in December, hackers infiltrated the U.S. tech company’s network management software and added code that allowed them to spy on end users. The hackers penetrated nine federal agencies and 100 companies.

Last week, Reuters reported that a planned Biden administration executive order would require many software vendors to notify their federal government customers when the companies have a cybersecurity breach.

 

Young Adults, Seniors Over 75 Most Susceptible to Cyber Fraud: Report

source: technewsworld.com

The most vulnerable cybercrime victims are young adults and adults over 75, according to the latest research revealed in the LexisNexis Risk Solutions biannual Cybercrime Report.

Released Feb. 23, the report tracks global cybercrime activity from July 2020 through December 2020. The report reveals how unprecedented global change in 2020 created new opportunities for cybercriminals around the world, particularly as they targeted new users of online channels.

LexisNexis’ research found a 29 percent growth in global transaction volume compared to the second half of 2019. This growth came in the financial services (29 percent), e-commerce (38 percent) and media (9 percent) sectors. The number of human-initiated attacks dropped in 2020 by roughly 184 million, while the number of bot attacks grew by 100 million.

Continue reading “Young Adults, Seniors Over 75 Most Susceptible to Cyber Fraud: Report”

source: securityweek.com

Five Months After Takedown Attempt, CISA and FBI Warn of Ongoing TrickBot Attacks

Attacks employing the TrickBot malware continue, leveraging phishing emails as the initial infection vector, the Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) warn.

In a joint advisory published on Wednesday, the two agencies revealed that a sophisticated group of cybercrime actors is leveraging a traffic infringement phishing scheme to lure victims into downloading the TrickBot malware.

Continue reading “Five Months After Takedown Attempt, CISA and FBI Warn of Ongoing TrickBot Attacks”

Swiss Hacker Indicted After Claiming Credit for Breaching Nissan, Intel

image - hacking

source: reuters.com

A Swiss computer hacker who has claimed credit for helping steal or distribute proprietary data from Nissan Motor Co, Intel Corp and most recently security camera startup Verkada was indicted on Thursday, U.S. prosecutors announced.

Till Kottmann, 21, remains in Lucerne and has been notified about the pending charges, the U.S. attorney’s office in Seattle said in a statement.

Kottmann did not immediately respond to a request for comment following the announcement of the indictment, which came after midnight in Lucerne.

Continue reading “Swiss Hacker Indicted After Claiming Credit for Breaching Nissan, Intel”

 

Why ‘Thinking Small’ Is the Way to Stop Ransomware and Other Cyber Attacks

source: cyberdefensemagazine.com

 

Yuval Baron, CEO at AlgoSec, explains why micro-segmentation is one of the most effective methods to limit the damage of attacks on a network

On August 15, 2020, the cruise line Carnival Corporation fell victim to a cyber-attack that may have resulted in the loss of personal data of millions of passengers and crew members.

Carnival is the world’s largest travel and leisure company with approximately 13 million passengers per year. The company has not revealed how many customers or which of their individual brands were affected but what we do know is that law enforcement agencies were been notified because one of the brands reported a ransomware attack that broke through an encrypted part of their network.

Continue reading “Why ‘Thinking Small’ Is the Way to Stop Ransomware and Other Cyber Attacks”

Chinese Hackers Using Firefox Extension to Spy On Tibetan Organizations 

source: thehackernews.com


“In recent campaigns identified in February 2021, browser extension delivery domains have prompted users to ‘Switch to the Firefox Browser’….”

Cybersecurity researchers today unwrapped a new campaign aimed at spying on vulnerable Tibetan communities globally by deploying a malicious Firefox extension on target systems.

“Threat actors aligned with the Chinese Communist Party’s state interests delivered a customized malicious Mozilla Firefox browser extension that facilitated access and control of users’ Gmail accounts,” Proofpoint said in an analysis.

Continue reading “Chinese Hackers Using Firefox Extension to Spy On Tibetan Organizations”

Maza Russian Cybercriminal Forum Suffers Data Breach

source: zdnet.com


The Maza cybercriminal forum has reportedly suffered a data breach leading to the leak of user information. 

On March 3, Flashpoint researchers detected the breach on Maza — once known as Mazafaka — which has been online since at least 2003. 

Maza is a closed and heavily-restricted forum for Russian-speaking threat actors. The community has been connected to carding — the trafficking of stolen financial data and payment card information — and the discussion of topics including malware, exploits, spam, money laundering, and more. 

Once the forum was compromised, the attackers who took the forum over posted a warning message claiming “Your data has been leaked / This forum has been hacked.”

Continue reading “Maza Russian Cybercriminal Forum Suffers Data Breach”

Google Warning: North Korean Hackers Breach Windows And Chrome Defenses To Attack Security Researchers

source: forbes.com

North Korean hackers have been masquerading as cybersecurity bloggers in order to target researchers in the field, according to Google. They’re doing so by exploiting mysterious weaknesses in computers running the most up-to-date versions of  Microsoft Windows and Google Chrome, the tech giant warned Monday.

Adam Weidemann, a researcher at Google’s Threat Analysis Group, said the attacks have been ongoing over the last three months. The hackers set up fake Twitter accounts to show off security research and link to a blog. One of the accounts—@br0vvnn—claimed to be the founder of @BrownSec3Labs and looked to be posting innocuous research as well as promoting others’ work, including Google’s own researcher Ben Hawkes. Earlier this month, another Google researcher, Thomas Shadwell, was sent a Twitter direct message by one of the hackers’ personas, Zhang Guo, though it’s unclear what they wanted. While the blog did contain some legitimate research (as well as faked material), it also hosted an exploit that would install a backdoor on the victim’s PC. Only Windows PCs have been attacked thus far.

Continue reading “Google Warning: North Korean Hackers Breach Windows…”

How Email Attacks are Evolving in 2021

source:  threatpost.com


The money being wire transferred by business email compromise victims is on the rise, as cybersecurity criminals evolve their tactics.

Hundreds of thousands of dollars lost. Financial and emotional ruin. And in some cases, suicide. These are some of the outcomes business email compromise (BEC) attacks have on victims, said Ronnie Tokazowski, senior threat researcher with Agari.

These type of attacks don’t garner the same attention as high-profile hacks, he said. Why? Because BEC attacks are simple – yet potent. Instead of having to develop malware or complex attack chains, all attackers need to do is send an email – usually mimicking a coworker’s email account or using a compromised account –  and con victims to wire transfer money, for example. But the fallout from these types of attacks are devastating.

Continue reading “How Email Attacks are Evolving in 2021”

Netlab, the networking security division of Chinese security firm Qihoo 360, said it had discovered a new fledgling malware operation that is currently infecting Android devices for the purpose of assembling a DDoS botnet, according to a ZDNetreport. 

The botnet, Matryosh, is going after Android devices that have left their ADB debug interface exposed on the internet. Netlab says Matryosh is a ADB-targeting botnet, using the Tor network to hide its command and control servers. The encryption algorithm implemented in this botnet and the process of obtaining C2 are nested in layers, “like Russian nesting dolls,” why is why Netlabnamed it Matryosh. 

Commenting on the news, Burak Agca, Engineer at Lookout, a San Francisco, Calif.-based provider of mobile security solutions, says, “The key feature of this attack is the exploitation of ADB, a long standing Android feature that’s meant to provide developers a simple method to communicate with, and remotely control devices. ADB allows anyone to connect to a device, install apps and execute commands, without authentication.

Continue reading “New Matryosh Botnet Targeting Android Devices”