10Fold – Security Never Sleeps – 44

Your daily digest of “All Things Security” gathered, collected and researched by your very own 10Fold Security Practice team.

Big items to considerA state-sponsored hack has published contact info for 20,000 FBI employees after making a public threat on twitter. A new bank hack allows attackers to make unlimited ATM withdrawals. Paris Uber has blacked out its service for four hours today in protest of the government. Java-based malware has given a backdoor into most operating systems, the malware was identified and taken down in 2015 but has since resurfaced with a new name and slightly different strain of malware.

Hackers publish contact info of 20,000 FBI employees Publication: CNN Reporter name: Mary Kay Mallonee

Hackers, making good on a threat, published contact information for 20,000 FBI employees Monday afternoon, just one day after posting similar data on almost 10,000 Department of Homeland Security employees. The hackers, tweeting from the account @DotGovs, claim they obtained the details by hacking into a Department of Justice database. The hackers boasted on Twitter, “FBI and DHS info is dropped and that’s all we came to do, so now its time to go, bye folks! #FreePalestine.”


Clever bank hack allowed crooks to make unlimited ATM withdrawals Publication: Ars Technica Reporter name: Dan Goodin

“As a result, each time when criminals picked up the money from a card of the compromised bank in an ATM of another bank, [the] infected system automatically rolled back the transactions,” security researchers with Kaspersky Lab, the security firm that uncovered the Metel attack platform, wrote in a blog post published Monday. “That’s why the balance on the cards remained the same, allowing the cybercriminal to withdraw money limited only by the amount of cash in the ATM. The criminals made similar cash-outs at different ATM machines.”


Uber blacks out app in Paris to protest government, taxi opposition Publication: CNet Reporter name: Katie Collins

Ride-hailing service Uber shut down its Paris operations for four hours today and asked customers to publicize its fight with a French government showing support for the traditional taxi business. The company, standing behind drivers’ opposition to the French prime minister’s plans to crack down on its business, shut down its car service between 11 a.m. and 3 p.m. local time on Tuesday. “We understand that this can be very annoying for many of you, and please excuse us,” Uber said in an email to users in the French capital. “But the prime minister’s decision would lead to 10,000 drivers unemployed.”


Java “RAT-as-a-Service” backdoor openly sold through website to scammers Publication: Ars Technica Reporter name: Sean Gallagher

A family of Java-based malware that has given attackers a backdoor into Windows, Linux, Mac OS X, and Android devices since 2013 has risen from the dead once again as a “commercial” backdoor-as-a-service. It was recently detected in an attack on a Singapore bank employee. Previously known as AlienSpy or Adawind, the malware was all but shut down in 2015 after the domains associated with its command and control network were suspended by GoDaddy. But according to Vitaly Kamluk, the director of Kaspersky Lab’s Asia/Pacific research and analysis team, the malware has been modified, rebranded, and is open for service again to customers ranging from Nigerian scam operators to possible nation-state actors. Ars has confirmed that the service is offered openly through a website on the public Internet.