OSN March 29, 2021

by | Mar 29, 2021 | Open Source News

Title: U.S. Charges Close To 500 Individuals For COVID-19 Fraud, Criminal Activity
Date Published: March 29, 2021

https://www.zdnet.com/article/us-charges-close-to-500-individuals-for-covid-19-fraud-criminal-activity/

Excerpt: “Law enforcement worldwide has tried to clamp down on such activities and organizations including the World Health Organization (WHO) are constantly releasing advice on the latest scams.In an update published last week, the DoJ said that 474 defendants to date have been publicly charged “with criminal offenses based on fraud schemes connected to the COVID-19 pandemic.” The US agency says that these alleged criminals are responsible for trying to fraudulently obtain at least $569 million from consumers and the US government itself across 56 federal districts.”

Title: Billions of Records Have Been Hacked Already. Make Cybersecurity a Priority of Risk Disaster, Warns Analyst
Date Published: March 29, 2021

https://www.zdnet.com/article/billions-of-records-have-been-hacked-already-make-cybersecurity-a-priority-of-risk-disaster-warns-analyst/

Excerpt: “More data records have been compromised in 2020 alone than in the past 15 years combined, in what is described as a mounting “data breach crisis” in the latest study from analysis firm Canalys. Over the past 12 months, 31 billion data records have been compromised, found Canalys. This is up 171% from the previous year, and constitutes well over half of the 55 billion data records that have been compromised in total since 2005.”

Title: Official PHP Git Server Targeted in Attempt to Bury Malware in Code Base
Date Published: March 29, 2021

https://www.zdnet.com/article/official-php-git-server-targeted-in-attempt-to-bury-malware-in-code-base/#ftag=RSSbaffb68

Excerpt: “On Sunday, PHP programming language developer and maintainer Nikita Popov said that two malicious commits were added to the php-src repository in both his name and that of PHP creator Rasmus Lerdorf.  The malicious commits, which appeared to be signed off under the names of Popov and Lerdorf (1,2), were masked as simple typographical errors that needed to be resolved. However, instead of escaping detection by appearing so benign, contributors that took a closer look at the “Fix typo” commits noted malicious code that triggered arbitrary code within the user agent HTTP header if a string began with content related to Zerodium.”

Title: Hades Ransomware Linked to Hafnium and Exchange Attacks
Date Published: March 29, 2021

https://www.infosecurity-magazine.com/news/hades-ransomware-linked-hafnium/

Excerpt: “The ransomware crew was responsible for attacks on trucking giant Forward Air and a handful of others. It has been linked to infamous Russian cybercrime operation Evil Corp (Indrik Spider), as a new variant of its WasterdLocker ransomware, designed to help the group escape sanctions that would discourage victims to pay up.”

Title: Call Center Provider Experiences Major Data Leak
Date Published: March 29, 2021

https://www.hackread.com/call-center-provider-experiences-data-leak/

Excerpt: “The dataset was exposed for almost 24 hours and the database kept growing in real-time with thousands of calls per hour being added to the records. From the time when it was exposed till when it was secured again, the database logged 1.48 million robocalls altogether and the majority of the calls were outgoing but some call-backs were also logged. The database belonged to 200 Networks, LLC, a company based in Reno, Nevada. The security researchers informed the company of their findings and 200 Networks restricted public access shortly after.”

Title: New Bugs Could Let Hackers Bypass Spectre Attack Mitigations On Linux Systems
Date Published: March 29,  2021

https://thehackernews.com/2021/03/new-bugs-could-let-hackers-bypass.html

Excerpt: “Discovered by Piotr Krysiuk of Symantec’s Threat Hunter team, the flaws — tracked as CVE-2020-27170 and CVE-2020-27171 (CVSS scores: 5.5) — impact all Linux kernels prior to 5.11.8. Patches for the security issues were released on March 20, with Ubuntu, Debian, and Red Hat deploying fixes for the vulnerabilities in their respective Linux distributions.”

Title: Doxing in the Corporate Sector
Date Published: March 29,  2021

https://securelist.com/corporate-doxing/101513/

Excerpt: “The first and simplest step that can be taken by cybercriminals is to gather data from publicly accessible sources. The Internet can provide doxers with all kinds of helpful information, such as the names and positions of employees, including those who occupy key positions in the company. Such key positions include the CEO, HR department director, and chief accountant.”

Title: German MPs Hit by Russian-Backed Phishing Attacks
Date Published: March 29, 2021

https://www.infosecurity-magazine.com/news/german-mps-hit-russianbacked/

Excerpt: “The phishing emails were spoofed to appear as if urgent messages sent by providers GMX and T-Online. The politicians belong to governing parties the CDU/CSU and SPD. Political activists in Hamburg and Bremen were also attacked, according to Der Spiegel. It’s unclear whether any sensitive information was leaked as a result of the attacks. The report claimed that the campaign has been attributed to a GRU-linked group known as “Ghostwriter”. Ghostwriter operations in the past have been mainly focused on creating and disseminating online propaganda designed to turn people, especially in eastern Europe and the Baltic, against the US and NATO.”

Title: Ziggy Ransomware Admin Announced It Will Refund Victims Who Paid the Ransom
Date Published: March 29, 2021

https://securityaffairs.co/wordpress/116079/malware/ziggy-ransomware-refunds-victims.html

Excerpt: “Ziggy ransomware admin leaked a SQL file containing 922 decryption keys along with a decryptor. The ransomware admin also shared the source code for a different decryptor with BleepingComputer that includes offline decryption keys that could be used when the infected system is not connected to the Internet. In order to decrypt the files, the victims have to provide three decryption keys that are included in the SQL file. The ransomware gang released an offline decryption tool to decrypt infected files while not being connected to the Internet or the command and control server was unreachable.”