Cyber security aggregate rss news

Cyber security aggregator - feeds history

image for Klarna

 Security

Klarna, a popular online payment company, was forced to temporarily shut down its service after complaints that users were being indiscriminately logged into other people's accounts.   Klarna advertises itself as the world's largest payment and shopping service, offering smarter and more flexible shopping   show more ...

experiences to 90 million active consumers at more than 250,000 merchants in 17 countries.  According to the Swedish website Di.Se (translated), users were able to see the full details of other accounts, including their personal details, postal address, purchases, and payment m... (read more)

image for New Spyware Designed ...

 Security

The Uyghur minority in China and Pakistan is at the center of an ongoing espionage campaign aimed at tricking targets into downloading a Windows backdoor to collect sensitive data from their PCs.  According to joint research published by Check Point Research and Kaspersky, "Considerable effort was put into   show more ...

disguising the payloads, whether by creating delivery documents that appear to be originating from the United Nations using up to date related themes, or by setting up websites for non-existing organizations claiming to fund charity groups".  The Uyghurs are a Turkic ethnic minority indigenous to central and East Asia Xinjiang Uyghur Autonomous Region Northwest China. Since at least 2015, government authorities have kept a close eye on the region, detaining and interning hundreds of thousands in what the government calls Vocational Education... (read more)

image for Trojanized AnyDesk I ...

 Security

Cybersecurity experts announced on Wednesday the takedown of a clever malvertising network that targeted AnyDesk and delivered a weaponized installation of the remote desktop software via fake Google ads in search results pages.   The campaign, believed to be launched as early as April 21, 2021, contains a malicious   show more ...

file that masquerades as the notorious AnyDesk and, when executed, downloads a PowerShell implant to collect and exfiltrate system information.  [ORIGIMG=2] Researchers from Crowdstrike said in a study that "The script had some obfuscation and multiple functions that resembled an implant as well as a hardcoded domain (zoomstatistic[.]com) to 'POST' reconnaissance information such as user name, hostname, operating system, IP address, and the current process name".  According to the company's website, AnyDesk's remote desktop ... (read more)

image for DHS Issues First Cyb ...

 Security

The Department of Homeland Security has released the first cybersecurity rule for the pipeline industry. The legislation, released Thursday morning, is part of the Biden administration's attempts to strengthen the security of the nation's infrastructure following a ransomware attack earlier this month on a   show more ...

company that controls the nation's largest fuel pipeline.   Colonial Pipeline halted all pipeline operations after it was

image for Boss of ATM Skimming ...

 All About Skimmers

Florian “The Shark” Tudor, the alleged ringleader of a prolific ATM skimming gang that siphoned hundreds of millions of dollars from bank accounts of tourists visiting Mexico over the last eight years, was arrested in Mexico City on Thursday in response to an extradition warrant from a Romanian court.   show more ...

Florian Tudor, at a 2020 press conference in Mexico in which he asserted he was a legitimate businessman and not a mafia boss. Image: OCCRP. Tudor, a native of Craiova, Romania, moved to Mexico to set up Top Life Servicios, an ATM servicing company which managed a fleet of relatively new ATMs based in Mexico branded as Intacash. Intacash was the central focus of a three–part investigation KrebsOnSecurity published in September 2015. That series tracked the activities of a crime gang working with Intacash that was bribing and otherwise coercing ATM technicians to install sophisticated Bluetooth-based skimmers inside cash machines throughout popular tourist destinations in and around Mexico’s Yucatan Peninsula — including Cancun, Cozumel, Playa del Carmen and Tulum. Follow-up reporting last year by the Organized Crime and Corruption Reporting Project (OCCRP) found Tudor and his associates compromised more than 100 ATMs across Mexico using skimmers that were able to remain in place undetected for years. The OCCRP, which dubbed Tudor’s group “The Riviera Maya Gang,” estimates the crime syndicate used cloned card data and stolen PINs to steal more than $1.2 billion from bank accounts of tourists visiting the region. Last year, a Romanian court ordered Tudor’s capture following his conviction in absentia for attempted murder, blackmail and the creation of an organized crime network that specialized in human trafficking. Mexican authorities have been examining bank accounts tied to Tudor and his companies, and investigators believe Tudor and his associates paid protection and hush money to various Mexican politicians and officials over the years. In February, the leader of Mexico’s Green Party stepped down after it emerged that he received funds from Tudor’s group. This is the second time Mexican authorities have detained Tudor. In April 2019, Tudor and his deputy were arrested for illegal firearms possession. That arrest came just months after Tudor allegedly ordered the execution of a former bodyguard who was trying to help U.S. authorities bring down the group’s lucrative skimming operations. Tudor’s arrest this week inside the premises of the Mexican Attorney General’s Office did not go smoothly, according to Mexican news outlets. El Universal reports that a brawl broke out between Tudor’s lawyers and officials at the Mexican AG’s office, and a video released by the news outlet on Twitter shows Tudor resisting arrest as he is being hauled out of the building hand and foot. A Mexican judge will decide on Tudor’s extradition to Romania in the coming weeks.

 Trends, Reports, Analysis

The FBI has identified at least 16 Conti ransomware attacks targeting U.S. healthcare and first responder networks, such as emergency medical services, law enforcement agencies, municipalities, and 911 dispatch centers.

 Feed

Ubuntu Security Notice 4967-2 - USN-4967-1 fixed a vulnerability in nginx. This update provides the corresponding update for Ubuntu 14.04 ESM and 16.04 ESM. Luis Merino, Markus Vervier, and Eric Sesterhenn discovered that nginx incorrectly handled responses to the DNS resolver. A remote attacker could use this issue   show more ...

to cause nginx to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

 Feed

This paper is focused on the various ways in which threat hunting can be performed. It is based on the author's research of semi-automating the entire process by creating a tool based on machine learning and applying analytics.

 Feed

Cybersecurity researchers from FireEye unmasked additional tactics, techniques, and procedures (TTPs) adopted by Chinese threat actors who were recently found abusing Pulse Secure VPN devices to drop malicious web shells and exfiltrate sensitive information from enterprise networks. FireEye's Mandiant threat intelligence team, which is tracking the cyberespionage activity under two threat

 Feed

Microsoft on Thursday disclosed that the threat actor behind the SolarWinds supply chain hack returned to the threat landscape to target government agencies, think tanks, consultants, and non-governmental organizations located across 24 countries, including the U.S. "This wave of attacks targeted approximately 3,000 email accounts at more than 150 different organizations," Tom Burt, Microsoft's

 Feed

Cybersecurity researchers have disclosed a new backdoor program capable of stealing user login credentials, device information and executing arbitrary commands on Linux systems. The malware dropper has been dubbed "Facefish" by Qihoo 360 NETLAB team owing its capabilities to deliver different rootkits at different times and the use of Blowfish cipher to encrypt communications to the

 Business + Partners

You’ve likely heard of software-as-a-service (SaaS), infrastructure-as-a-service (IaaS), and numerous other “as-a-service” platforms that help support the modern business world. What you may not know is that cybercriminals often use the same business concepts and service models in their own organizations as   show more ...

regular, non-criminal enterprises; i.e., the same practices the majority of their intended victims use.As senior threat research analyst Kelvin Murray explains to Joe Panettieri, editor of Channel E2E and MSSP alert, in our most recent Hacker Files podcast, cybercrime-as-a-service “essentially follows the same path as most as-a-service things in business.” He goes on to explain, “If you were a small company in 2002 and needed to set up email, you’d set up a mail server, a mail relay, mail clients, and you might hire an email admin. And then you might have to set up things like spam filters yourself. People like Microsoft figured out that they could just provide all of [these services] from a web page and rent it out to companies and take all the hassle out of companies’ hands.” That’s the as-a-service model in a nutshell.According to Kelvin, a very similar thing happened in the cybercriminal space. Effectively, talented criminals who’ve written successful malicious code have begun renting access to their own cybercrime “solutions” to lower-level criminals who either don’t have the resources or know-how to design, write, and execute cyberattacks on their own.Of course, the people providing the so-called service don’t do so out of any goodness in their hearts; they do it for a cut (sometimes a significant one) of any profits made in an attack that uses their code. Hear more about the evolution of cybercrime-as-a-service in the full podcast. Be sure to check out other discussions and recordings in our Cybersecurity Sound Studio. The post An Inside Look at Cybercrime-as-a-Service appeared first on Webroot Blog.

2021-05
SAT
SUN
MON
TUE
WED
THU
FRI
MayJuneJuly