Tag Archives: fbi

10Fold- Security Never Sleeps- 176

Criminal Petya ‘ransomware’ starts to look like wiper malware

“Seemingly intended to wipe systems”

Suspected at first to be a ransomware attack, it seems that Petya, the latest cyberscare in the Ukraine, seems as though it was more of a targeted attack. Large firms such as FedEx, Cadbury, Maersk, and more were affected by the malware, however more indicators point to the fact that the attack was not financially motivated but intended to solely destroy device memory.

Cyber security in industrial control systems poor, says Crest

“Lack of efficient standards to deter attacks”

Industrial control environments are at risk of serious infrastructure risk based on a lack of technical security testing. Crest has publicly pressed for for an upgrade to the cyber security systems ICS environments in response.

Bill Would Bar Pentagon From Business With Russian Cyber Firm Kaspersky

“Russian Cyber Security Firm would be blocked”

A segment of a new bill making its way through the United States Senate would halt any contracting Kaspersky Labs has with the U.S. Department of Defense. The Russian-based security firm had FBI agents visit the homes of many employees in the last week by FBI agents, indicating that congressional pressure may force the company out of one of its markets.

10Fold- Security Never Sleeps- 160

And Now a Ransomware Tool That Charges Based On Where You Live

“Fatboy making rounds on Crimeware forums”

Recorded Future has been monitoring malware and its effects in less developed nations, reporting the discrepancies between charges made on victims living in wealthier countries.

Software Download Mirror Distributes Mac Malware

“Distributes a RAT for Mac devices”

The download mirror server for HandBrake, a video converting tool, was recenty compromised to distribute a RAT to Mac computers. Security alerts were posted on the firms website, announcing that between Tuesday and Saturday of last week Mac users may have downloaded compromised software. HandBrake suggests all users verify any downloads before running them.  

Google Researchers Say They Found A ‘Crazy Bad’ Windows Bug

“Weaknesses observed in Edge and Internet Explorer browsers”

Many popular browsers and antivirus programs have weaknesses, recently reported by Project Zero. Natalie Silvanovich, former security researcher at BlackBerry, leaked the story via Twitter over the weekend.

Phishing Scams Cost American Businesses Half A Billion Dollars A Year

“Over 22,000 incidents in the last three years”

Since October of 2013 more than $1.6 billion has been scammed from American firms. All states have been affected, and there does not see to be any obserable trend in the specific type of firms targeted.

Enjoy your read? Check out our other content here.

10Fold- Security Never Sleeps- 103

Hack Claims from Guccifer 2.0 Denounced by Clinton Foundation

“Widely believed to be political in motivation”

Guccifer 2.0, the hacker who claims responsibility for the Democratic National Committee leaks that aimed to expose corruption within its ranks, claims to have breached the servers of the Clinton Foundation and attained documents that could be damaging to Hillary Clinton’s presidential campaign, despite denial from the Clinton Foundation itself. The hacker posted screenshots of spreadsheets online, claiming that they were documents from the institution and that: ‘… her staff don’t even bother about the information security.”

The political motivations of the cyber-attack remain obvious, as the hacker made clear favorable reference to Julian Assange, founder of WikiLeaks and outspoken opponent of Hillary Clinton.

Report Claims that Email Provider Yahoo Assisted in Spying on U.S. Citizens

“Raises questions of why Yahoo did not fight the order”

A program developed by Yahoo Inc. last year reportedly allows the U.S. Federal government to search through email databases for certain phrases. Anonymous former employees narrowed government agencies involved to either or both the National Security Agency or the Federal Bureau of Intelligence.

The news is surprising, given the typical resistance to government mandates to enter customer accounts that tech firms generally uphold. However, Yahoo not only complied with the order, but dedicated its own resources and staff to assist with the operation.

TalkTalk fined £400K for mistakes that led to 2015 hack

“Actions first taken to clear its reputation of highly hacked service”

After the personal data theft of over 155,000 customers Telecom firm TalkTalk has been fined £400,000 for its security vulnerabilities in 2015. Well over 15,000 of those affected had bank information stolen and suffered serious ramifications for what Information Commissioner Elizabeth Dunham reported that even the most basic of security measures failed to be acted upon and “…(the company) could have done more to safeguard its customer information.”

Malware Infested-Ads Plaguing Spotify

“Free version of service seems to open malicious sites”

Malware seems to have worked its way into the Spotify servers and is continuously serving itself to the users who use the Spotify free product to stream music. The ads have been reported to open infected sites, causing potential harm to those that travel to them.

 

 

10Fold – Security Never Sleeps – 71

Your daily digest of “All Things Security” gathered, collected and researched by your very own 10Fold Security Practice team.

Big items to consider: The British government will now allow immigration officials to hack refugees phones. A botnet took control of 4,000 Linux computers and forced them to blast spam for over a year before the whole operation was shut down.  An analysis of Dridex infrastructure shows dangerous changes, potentially new operators.

Immigration officials allowed to hack phones of refugees and asylum seekers – Publication: BetaNews – Reporter name: Mark Wilson

The British government secretly rolled out powers that permitted the immigration officials to hack the mobile phones of asylum seekers and refugees, the Observer reveals. The Home Office has confirmed the hacking powers which have sparked outrage from privacy and human rights groups. In a statement about the powers afforded immigration officials, immigration minister James Brokenshire said: “They may only use the power to investigate and prevent serious crime which relates to an immigration or nationality offence, and have done so since 2013”.


Researchers help shut down spam botnet that enslaved 4,000 Linux machines – Publication: Ars Technica – Reporter name: Dan Goodin

A botnet that enslaved about 4,000 Linux computers and caused them to blast the Internet with spam for more than a year has finally been shut down. Known as Mumblehard, the botnet was the product of highly skilled developers. It used a custom “packer” to conceal the Perl-based source code that made it run, a backdoor that gave attackers persistent access, and a mail daemon that was able to send large volumes of spam. Command servers that coordinated the compromised machines’ operations could also send messages to Spamhaus requesting the delisting of any Mumblehard-based IP addresses that sneaked into the real-time composite blocking list, or CBL, maintained by the anti-spam service.


FBI Cyber Warning: Ignore Your CEO’s E-Mail And Phone Her Back — Or Your Company May Pay For It – Publication: Forbes – Reporter name: Steve Morgan

The FBI is warning people about a business email scheme which has resulted in huge losses to companies in Phoenix and other U.S. cities. A CEO seemingly emails an employee — typically in a finance or administrative role — instructing them to perform a wire transfer. The employee follows directions and executes the wire. Money is successfully transferred from the CEO’s company to another party. Turns out the CEO didn’t send the email. The CEO’s email identity was spoofed by a cybercriminal who sent the email. E-Mail spoofing is a widespread hacker practice involving the forgery of an e-mail header.


Dridex Malware Now Used For Stealing Payment Card Data– Publication: Dark Reading – Reporter name: Jai Vijayan

New analysis of the command and control panel and attack mechanisms of the Dridex banking Trojan shows the malware is being used in a wider range of malicious campaigns — and likely by a different set of threat actors than before. Spain-based security vendor buguroo says it recently was able to leverage a surprisingly easy-to-exploit weakness in the C&C infrastructure of Dridex to gain unprecedented visibility into how exactly the malware is being used. The analysis shows that Dridex is no longer being used just to hijack online banking sessions in order to transfer money from a victim’s account to fraudulent accounts, says Pablo de la Riva Ferrezuelo, chief technology officer and co-founder of buguroo.

10Fold – Security Never Sleeps – 9

Your daily digest of “All Things Security” gathered, collected and researched by your very own 10Fold Security Practice team.

Big items to consider: Hilton hotel has released a statement saying they have suffered a security breach that leaked customer financial information. The U.S. Air Force is looking into how classified data found its way into a report in Forbes magazine. Yet another root certificate preinstalled on Dell machines when they are shipped out to customers, this certificate makes the computer easy prey for malicious attacks while using public Wi-Fi networks. A Russian hacker who claims to have access to websites like Facebook and Twitter has recently been linked to the breach of 1.2 billion internet credentials.

Hilton Hotel Chain Reports Data Breach – Publication: Wall Street Journal – Reporter name: Craig Karmin

Hilton Worldwide Holdings Inc. on Tuesday said it suffered a security breach related to customer credit and debit card payments at its hotels, prompting the company to launch a global investigation to determine how far the breach had spread.


U.S. Air Force Looking Into Data Breach Related To Contract Protest: Sources – Publication: Reuters – Reporter name: Andrea Shalal

The U.S. Air Force is looking into how classified data about a competition for a next-generation U.S. bomber found its way into a report published by Forbes magazine, according to several sources familiar with the issue. Boeing Co and Lockheed Martin Corp this month filed a formal protest against the Air Force’s contract with Northrop Grumman Corp to develop the new long-range strike bomber, a deal worth up to $80 billion.


Dell In Hot Water Again As Second ‘Superfish’ Root Certificate Surfaces – Publication: ZDNet – Reporter name: Liam Tung

Dell customers have turned up a second root certificate installed on some Dell machines, which could make them easy prey for malicious attacks on public Wi-Fi networks. The second problematic root certificate is called DSDTestProvider. Its discovery follows yesterday’s removal by Dell of the dangerous eDellroot certificate from affected Dell PCs.


FBI Has Lead In Probe Of 1.2 Billion Stolen Web Credentials: Documents – Publication: Reuters – Reporter name: Nate Raymond

A hacker who once advertised having access to user account information for websites like Facebook (FB.O) and Twitter (TWTR.N) has been linked through a Russian email address to the theft of a record 1.2 billion Internet credentials, the FBI said in court documents. That hacker, known as “mr.grey,” was identified based on data from a cybsecurity firm that announced in August 2014 that it had determined an alleged Russian crime ring was responsible for stealing information from more than 420,000 websites, the documents said. The papers, made public last week by a federal court in Milwaukee, Wisconsin, provide a window into the Federal Bureau of Investigation’s probe of what would amount to the largest collection of stolen user names and passwords.