Title: Malicious Script Steals Credit Card Info Stolen by Other Hackers
Date Published: February 2, 2021
Excerpt: “Malwarebytes’ security researchers discovered the piggybacking skimmer while investigating a massive wave of compromised online stores running out of support Magento 1 installations. Even though spotting multiple card skimmer scripts on the same online shop is not unheard of, this one stood out due to its highly specialized nature. “The threat actors devised a version of their script that is aware of sites already injected with a Magento 1 skimmer,” Malwarebytes’ Head of Threat Intelligence Jérôme Segura explains in a report shared in advance with Bleeping Computer”.”
Title: Linux Malware Backdoors Supercomputers
Date Published: February 2, 2021
https://www.helpnetsecurity.com/2021/02/02/linux-malware-backdoors-supercomputers/
Excerpt: “ESET researchers have reverse engineered this small, yet complex malware that is portable to many operating systems including Linux, BSD, Solaris, and possibly AIX and Windows. “We have named this malware Kobalos for its tiny code size and many tricks; in Greek mythology, a kobalos is a small, mischievous creature,” explains Marc-Etienne Léveillé, who investigated the malware. “It has to be said that this level of sophistication is only rarely seen in Linux malware”.”
Title: Ransomware Operators Exploit Vmware ESXiFlaws To Encrypt Disks of VMs
Date Published: February 2, 2021
https://securityaffairs.co/wordpress/114124/malware/ransomware-attack-vmware-esxi.html
Excerpt: “Since October, the RansomExx Ransomware gang (also known as Defray777) expanded its operations by targeting VMWare virtual machines. Victims reported that their VMs were abruptly shut down and then all files on the datastore were encrypted (vmdk, vmx, logs). Threat actors left the ransom note at the datastore level. The news of the attack was also confirmed by the popular cybersecurity researchers Kevin Beaumont that reported that threat actors are using the two issues to bypass all Windows OS security, by shutting down VMs and encrypting the VMDK’s directly on hypervisor”.”
Title: Solarwinds Hack Prompts Congress To Put NSA in Encryption Hot Seat
https://threatpost.com/solarwinds-nsa-encryption/163561/
Date Published: February 1, 2021
Excerpt: “Congress is demanding the National Security Agency come clean on what it knows about the 2015 supply-chain attack against Juniper Networks. Members of Congress are demanding the U.S. National Security Agency (NSA) reveal what it knows about the 2015 Juniper Networks supply-chain delivery breach. In a letter sent by U.S. Senator Ron Wyden and nine additional members of Congress, the lawmakers demand a full account of the NSA-designed encryption algorithm compromised in 2015.”
Title: Washington State Breach Tied to Accellion Vulnerability
Date Published: February 2, 2021
https://www.bankinfosecurity.com/washington-state-breach-tied-to-accellion-vulnerability-a-15909
Excerpt: “On Monday, the Washington State Auditor’s Office acknowledged that it was investigating a breach that occurred in December 2020, when hackers took advantage of the vulnerability to access files that included the personally identifiable information of Washington state residents who filed unemployment insurance claims last year. Compromised data includes names, Social Security numbers, driver’s license numbers, state identification numbers, bank account numbers and bank routing numbers as well as places of employment, according to the announcement.”
Title: Agent Tesla Malware Spotted Using New Delivery & Evasion Techniques
Date Published: February 2, 2021
https://thehackernews.com/2021/02/agent-tesla-malware-spotted-using-new.html
Excerpt: “”The differences we see between v2 and v3 of Agent Tesla appear to be focused on improving the success rate of the malware against sandbox defenses and malware scanners, and on providing more C2 options to their attacker customers,” Sophos researchers noted. A .NET based keylogger and information stealer, Agent Tesla has been deployed in a number of attacks since late 2014, with additional features incorporated over time that allows it to monitor and collect the victim’s keyboard input, take screenshots, and exfiltrate credentials belonging to a variety of software such as VPN clients, FTP and email clients, and web browsers.”
Title: Interview With a Russian Cybercriminal
Date Published: February 2, 2021
https://www.darkreading.com/endpoint/interview-with-a-russian-cybercriminal/d/d-id/1340029
Excerpt: “To better understand the attacker’s perspective, Cisco Talos researchers interviewed a LockBit ransomware operator. Their interaction, as with many in the security world, began on Twitter. This operator, who would not share his name but is referred to as “Aleks,” tagged a member of the Talos team in a tweet promoting his compromise of a Latin American financial institution.”
Title: U.K. Arrest in ‘SMS Bandits’ Phishing Service
Date Published: February 1, 2021
https://krebsonsecurity.com/2021/02/u-k-arrest-in-sms-bandits-phishing-service/
Excerpt: “Authorities in the United Kingdom have arrested a 20-year-old man for allegedly operating an online service for sending high-volume phishing campaigns via mobile text messages. The service, marketed in the underground under the name “SMS Bandits,” has been responsible for blasting out huge volumes of phishing lures spoofing everything from COVID-19 pandemic relief efforts to PayPal, telecommunications providers and tax revenue agencies.”
Title: Netgain Ransomware Incident Impacts Local Governments
Date Published: February 2, 2021
Excerpt: “The attack against the IT services provider occurred on November 4 and resulted in Netgain taking offline some data centers to stop the unauthorized encryption process to spread across the network. It is common practice for ransomware gangs to steal data before encrypting it as this would help them pressure the victim into paying the ransom. Providers of managed services are an attractive target to ransomware gangs because they can extend the damage further down the line and hit multiple companies, so they can ask for a larger ransom and get paid.”
Title: Data on 3.2 Million Drivesure Clients Exposed on Hacking Forum
Date Published: February 2, 2021
Excerpt: “To prove the data’s quality, threat actor “pompompurin” detailed the leaked files and user information information in a lengthy post, according to researchers at Risk Based Security, who were the first to report the breach. The long post was unusual in that hackers typically only share valuable segments or trimmed down versions of user databases, the researchers wrote, but in this case, numerous backend files and folders were leaked.”