Sunday, July 24, 2022 // (IG): BB //Weekly Sponsor: The Fintel Brief
Twitter Faces New Security Issue As Hacker Puts 5.4 Million Twitter Account Details For Sale At $30,000
FROM THE MEDIA: Amid all the Twitter drama that has taken place recently, the company is facing more dilemmas. But this time around, it’s acknowledging a new security threat that not too many people saw coming, including its own team of security analysts. The security vulnerability was first spotted in the year 2022 and since then, we’ve seen it make its way to huge claims of putting the app’s 5.4 million account details for sale. And in return, it wants a price tag of $30,000. When you actually come to think of the offer, it’s definitely not huge. If you refer to the recent past in the digital world, well, there was a hacker that offered 478 million account details for sale belonging to users of T Mobile.
READ THE STORY: Digital Information World // Twitter
North Korean hackers attack EU targets with Konni RAT malware
FROM THE MEDIA: Threat analysts have uncovered a new campaign attributed to APT37, a North Korean group of hackers, targeting high-value organizations in the Czech Republic, Poland, and other European countries. In this campaign, the hackers use malware known as Konni, a remote access trojan (RAT) capable of establishing persistence and performing privilege escalation on the host. Konni has been associated with North Korean cyberattacks since 2014, and most recently, it was seen in a spear-phishing campaign targeting the Russian Ministry of Foreign Affairs.
READ THE STORY: BleepingComputer
FBI seized $500,000 worth of bitcoin obtained from Maui ransomware attacks
FROM THE MEDIA: The U.S. Department of Justice (DoJ) has seized $500,000 worth of Bitcoin from North Korean threat actors who used the Maui ransomware to target several organizations worldwide. “The Justice Department today announced a complaint filed in the District of Kansas to forfeit cryptocurrency paid as ransom to North Korean hackers or otherwise used to launder such ransom payments. In May 2022, the FBI filed a sealed seizure warrant for the funds worth approximately half a million dollars.” reads the announcement published by DoJ. “The seized funds include ransoms paid by health care providers in Kansas and Colorado.”
READ THE STORY: Security Affairs
The SBU detained a hacker who stole databases of Ukrainian banks and sold them to the Russian Federation
FROM THE MEDIA: Employees of the SBU’s cyber department detained a hacker who specialized in stealing information with limited access circulating in the electronic systems of domestic and foreign companies and banks. He created specialized malware to gain unauthorized access to computer networks. He then purposefully distributed it through the e-mails of banks and businesses and thus gained remote access to their digital systems. The hacker “leaked” this information into anonymous Internet platforms, which were administered from the territory of the Russian Federation by representatives of the Russian special services.
READ THE STORY: Odessa Journal
“You can hit a missile with a virus – you can’t hit a virus with a missile”: Listen to the latest episode of Defense Matters
FROM THE MEDIA: IN THE LEAD-UP Israel Defense, in association with the Israel Aerospace Industries (IAI) is proud to present its new podcast: Defense Matters – A podcast about defense, technology, and the powers that move them. This is our last episode before we go on Summer Break and we wanted to go big. Since our world is replete with cyber, we focused on its complex reach into our lives. Our central guest this time is Erez Kreiner, Former Director of the Cyber Division of the Israel Security Agency (ISA, better known as Shin Bet), and currently a Senior Research Fellow at the Institute for Counterterrorism at Reichman University.
READ THE STORY: Israel Defense
Cybersecurity Alert Issued For Scarily Realistic Appearing YouTube Ad Malware On Google Search
FROM THE MEDIA: There is a new alert making the rounds by cybersecurity experts about a YouTube ad malware that’s so realistic looking that it’s being considered scary. The ad is dispersed across Google Search and can be seen redirecting vulnerable victims toward a new scam related to tech support. Moreover, it even has the capability of acting like it’s a new security alert that’s getting issuance from Windows Defender, making it harder to detect. The news comes to us from Malwarebytes which is known to be a leading cybersecurity company. They have gone on to reveal how the giant campaign is more or less serving as abuse for ads displayed across Google.
READ THE STORY: Digital Information World
Neopets Hacker Tries To Sell 69 Million Users' Account Information for Bitcoin
FROM THE MEDIA: Reports emerged concerning a major data breach of the popular online game Neopets, by a hacker currently holding information and accounts ransom. Neopets announced online, "Neopets recently became aware that customer data may have been stolen. We immediately launched an investigation assisted by a leading forensics firm. We are also engaging law enforcement and enhancing the protections for our systems and our user data." It added, "It appears that email addresses and passwords used to access Neopets accounts may have been affected. We strongly recommend that you change your Neopets password. If you use the same password on other websites, we recommend that you also change those passwords."
READ THE STORY: CBR
Chasing Bitcoin: Why North Korea Ransomware Attacks Target U.S. Health Care Providers
FROM THE MEDIA: The U.S Department of Justice (DOJ) announced this week that around $500,000 in BitcoinBTC has been seized from North Korean threat actors who were using Maui ransomware to attack healthcare organizations in the United States. DOJ filed a complaint in the District of Kansas asking for the forfeiture of the Bitcoin be returned to the victims of the attacks which were healthcare providers in Kansas and Colorado.
READ THE STORY: Forbes
MedusaLocker Server Likely Spotted In The Wild
FROM THE MEDIA: Attack surface risk firm Censys says it came across a Russian server with a collection of red teaming tools used to compromise hosts and maintain control. Further analysis connected the initial server with another Russian server that, as recently as mid-June, contained a malware kit pointing to an online domain used by the MedusaLocker group.
The U.S. federal government issued a warning only earlier this month about MedusaLocker ransomware, noting it exploits unsecured remote desktop software and uses phishing campaigns. Cybereason in 2020 found the malware to be prevalent in the healthcare industry. Medical centers are especially likely to pay ransomware given practitioners reluctance to disrupt patient care (see: Hackers Claim Drug Data Theft as Reports Warn Health Sector).
READ THE STORY: GovInfoSec
77% Of Cybercriminal Marketplaces Need Licenses To Sell –Report
FROM THE MEDIA: The report released by HP Inc, titled: ‘The Evolution of Cybercrime: Why the Dark Web is Supercharging the Threat Landscape and How to Fight Back – an HP Wolf Security Report,’ revealed that, 85 per cent of these use escrow payments, and 92 per cent have a third-party dispute resolution service, adding that every marketplace provides vendor feedback scores. The HP Wolf Security threat team worked with Forensic Pathways, a leading group of global forensic professionals, on a three-month dark web investigation, scraping and analyzing over 35 million cybercriminal marketplaces and forum posts to understand how cybercriminals operate, gain trust, and build reputation.
READ THE STORY: Leadership
Next Windows 11 delays brute force attacks by default
FROM THE MEDIA: Brute-force attacks are commonly used by threat actors to gain access to systems. Especially Remote Desktop Protocol attacks are frequently used to gain remote access to Windows machines. Microsoft notes that human-operated ransomware attacks use Remote Desktop Protocol brute force attacks frequently to break into accounts.
One of the main shortcomings of Windows is that there is no default limitation that delays brute force attacks. While organizations may implement additional protections, e.g., by going passwordless or enabling two-factor authentication, most Windows systems are not protected against attacks.
READ THE STORY: GHACKS
Items of interest
Chinese journalist, who wept on air over Shinzo Abe's death, attempts suicide after being cyber-bullied
FROM THE MEDIA: A Chinese journalist allegedly tried to kill herself after she received an onslaught of criticism from Chinese nationals for an emotional reportage on the killing of Shinzo Abe. The journalist, Zeng Ying, was brutally trolled by Chinese netizens for sobbing while reporting live on Shinzo Abe’s assassination earlier this month. Many Chinese netizens thought Ying showing emotions on her live stream for Shanghai’s online media outlet The Paper was “unprofessional” and “unpatriotic”, according to a report by the Independent. She was criticized for not considering the stance of the Chinese people regarding Abe’s controversial political legacy.
READ THE STORY: India Today
Could Russia’s war on Ukraine escalate into a global cyberwar? (Video)
FROM THE MEDIA: When Russia began amassing troops on Ukraine’s border in late 2021, many security experts predicted a similar build-up of Russian hackers along the ideological boundaries of cyberspace, ready to match any physical strike with an equally damaging virtual attack.
The Dynamics of Russian Cyberwar (Video)
FROM THE MEDIA: In this keynote presentation recorded on May 23rd, I explore how Russia has used cyber warfare against Ukraine. This talk clarifies some confusion about the impact of Russia's cyber on the war, and addresses how Russia understands their cyber capacity as a tool of state power.
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com