OSN FEBRUARY 2, 2021

by | Feb 2, 2021 | Open Source News

Title: Malicious Script Steals Credit Card Info Stolen by Other Hackers

Date Published: February 2, 2021

https://www.bleepingcomputer.com/news/security/malicious-script-steals-credit-card-info-stolen-by-other-hackers/

Excerpt: “Malwarebytes’ security researchers discovered the piggybacking skimmer while investigating a massive wave of compromised online stores running out of support Magento 1 installations. Even though spotting multiple card skimmer scripts on the same online shop is not unheard of, this one stood out due to its highly specialized nature. “The threat actors devised a version of their script that is aware of sites already injected with a Magento 1 skimmer,” Malwarebytes’ Head of Threat Intelligence Jérôme Segura explains in a report shared in advance with Bleeping Computer”.”

Title: Linux Malware Backdoors Supercomputers

Date Published: February 2, 2021

https://www.helpnetsecurity.com/2021/02/02/linux-malware-backdoors-supercomputers/

Excerpt: “ESET researchers have reverse engineered this small, yet complex malware that is portable to many operating systems including Linux, BSD, Solaris, and possibly AIX and Windows. “We have named this malware Kobalos for its tiny code size and many tricks; in Greek mythology, a kobalos is a small, mischievous creature,” explains Marc-Etienne Léveillé, who investigated the malware. “It has to be said that this level of sophistication is only rarely seen in Linux malware”.”

Title: Ransomware Operators Exploit Vmware ESXiFlaws To Encrypt Disks of VMs

Date Published: February 2,  2021

https://securityaffairs.co/wordpress/114124/malware/ransomware-attack-vmware-esxi.html

Excerpt: “Since October, the RansomExx Ransomware gang (also known as Defray777) expanded its operations by targeting VMWare virtual machines. Victims reported that their VMs were abruptly shut down and then all files on the datastore were encrypted (vmdk, vmx, logs). Threat actors left the ransom note at the datastore level. The news of the attack was also confirmed by the popular cybersecurity researchers Kevin Beaumont that reported that threat actors are using the two issues to bypass all Windows OS security, by shutting down VMs and encrypting the VMDK’s directly on hypervisor”.”

Title: Solarwinds Hack Prompts Congress To Put NSA in Encryption Hot Seat

https://threatpost.com/solarwinds-nsa-encryption/163561/

Date Published: February 1, 2021

Excerpt: “Congress is demanding the National Security Agency come clean on what it knows about the 2015 supply-chain attack against Juniper Networks. Members of Congress are demanding the U.S. National Security Agency (NSA) reveal what it knows about the 2015 Juniper Networks supply-chain delivery breach. In a letter sent by U.S. Senator Ron Wyden and nine additional members of Congress, the lawmakers demand a full account of the NSA-designed encryption algorithm compromised in 2015.”

Title: Washington State Breach Tied to Accellion Vulnerability

Date Published: February 2,  2021

https://www.bankinfosecurity.com/washington-state-breach-tied-to-accellion-vulnerability-a-15909

Excerpt: “On Monday, the Washington State Auditor’s Office acknowledged that it was investigating a breach that occurred in December 2020, when hackers took advantage of the vulnerability to access files that included the personally identifiable information of Washington state residents who filed unemployment insurance claims last year. Compromised data includes names, Social Security numbers, driver’s license numbers, state identification numbers, bank account numbers and bank routing numbers as well as places of employment, according to the announcement.”

Title: Agent Tesla Malware Spotted Using New Delivery & Evasion Techniques

Date Published: February 2,  2021

https://thehackernews.com/2021/02/agent-tesla-malware-spotted-using-new.html

Excerpt: “”The differences we see between v2 and v3 of Agent Tesla appear to be focused on improving the success rate of the malware against sandbox defenses and malware scanners, and on providing more C2 options to their attacker customers,” Sophos researchers noted. A .NET based keylogger and information stealer, Agent Tesla has been deployed in a number of attacks since late 2014, with additional features incorporated over time that allows it to monitor and collect the victim’s keyboard input, take screenshots, and exfiltrate credentials belonging to a variety of software such as VPN clients, FTP and email clients, and web browsers.”

Title: Interview With a Russian Cybercriminal

Date Published:  February 2, 2021

https://www.darkreading.com/endpoint/interview-with-a-russian-cybercriminal/d/d-id/1340029

Excerpt: “To better understand the attacker’s perspective, Cisco Talos researchers interviewed a LockBit ransomware operator. Their interaction, as with many in the security world, began on Twitter. This operator, who would not share his name but is referred to as “Aleks,” tagged a member of the Talos team in a tweet promoting his compromise of a Latin American financial institution.”

Title: U.K. Arrest in ‘SMS Bandits’ Phishing Service

Date Published: February 1, 2021

https://krebsonsecurity.com/2021/02/u-k-arrest-in-sms-bandits-phishing-service/

Excerpt: “Authorities in the United Kingdom have arrested a 20-year-old man for allegedly operating an online service for sending high-volume phishing campaigns via mobile text messages. The service, marketed in the underground under the name “SMS Bandits,” has been responsible for blasting out huge volumes of phishing lures spoofing everything from COVID-19 pandemic relief efforts to PayPal, telecommunications providers and tax revenue agencies.”

Title: Netgain Ransomware Incident Impacts Local Governments

Date Published: February 2, 2021

https://www.bleepingcomputer.com/news/security/netgain-ransomware-incident-impacts-local-governments/

Excerpt: “The attack against the IT services provider occurred on November 4 and resulted in Netgain taking offline some data centers to stop the unauthorized encryption process to spread across the network. It is common practice for ransomware gangs to steal data before encrypting it as this would help them pressure the victim into paying the ransom. Providers of managed services are an attractive target to ransomware gangs because they can extend the damage further down the line and hit multiple companies, so they can ask for a larger ransom and get paid.”

Title: Data on 3.2 Million Drivesure Clients Exposed on Hacking Forum

Date Published:  February 2, 2021

https://www.scmagazine.com/home/security-news/data-on-3-2-million-drivesure-users-exposed-on-hacking-forum/

Excerpt: “To prove the data’s quality, threat actor “pompompurin” detailed the leaked files and user information information in a lengthy post, according to researchers at Risk Based Security, who were the first to report the breach. The long post was unusual in that hackers typically only share valuable segments or trimmed down versions of user databases, the researchers wrote, but in this case, numerous backend files and folders were leaked.”