Security News

February 10, 2021

What’s most interesting about the Florida water system hack? That we heard about it at all.

This post was originally published on this siteStories about computer security tend to go viral when they bridge the vast divide between geeks and luddites, and this week’s news about a hacker who tried to poison a Florida town’s water supply was understandably front-page material. But for security nerds who’ve been warning about this sort of thing for ages, the most surprising aspect of the incident seems to be that we learned about it at all. Spend a few minutes searching Twitter, Reddit or any number of other social media sites and you’ll find countless examples of researchers posting proof […]
February 9, 2021

Microsoft Patch Tuesday, February 2021 Edition

This post was originally published on this siteMicrosoft today rolled out updates to plug at least 56 security holes in its Windows operating systems and other software. One of the bugs is already being actively exploited, and six of them were publicized prior to today, potentially giving attackers a head start in figuring out how to exploit the flaws. Nine of the 56 vulnerabilities earned Microsoft’s most urgent “critical” rating, meaning malware or miscreants could use them to seize remote control over unpatched systems with little or no help from users. The flaw being exploited in the wild already — […]
February 8, 2021

Arrest, Raids Tied to ‘U-Admin’ Phishing Kit

This post was originally published on this siteCyber cops in Ukraine carried out an arrest and several raids last week in connection with the author of a U-Admin, a software package used to administer what’s being called “one of the world’s largest phishing services.” The operation was carried out in coordination with the FBI and authorities in Australia, which was particularly hard hit by phishing scams perpetrated by U-Admin customers. The U-Admin phishing panel interface. Image: fr3d.hk/blog The Ukrainian attorney general’s office said it worked with the nation’s police force to identify a 39-year-old man from the Ternopil region who […]
February 4, 2021

Facebook, Instagram, TikTok and Twitter Target Resellers of Hacked Accounts

This post was originally published on this siteFacebook, Instagram, TikTok, and Twitter this week all took steps to crack down on users involved in trafficking hijacked user accounts across their platforms. The coordinated action seized hundreds of accounts the companies say have played a major role in facilitating the trade and often lucrative resale of compromised, highly sought-after usernames. At the center of the account ban wave are some of the most active members of OGUsers, a forum that caters to thousands of people selling access to hijacked social media and other online accounts. Particularly prized by this community are […]
February 2, 2021

‘ValidCC,’ a Major Payment Card Bazaar and Looter of E-Commerce Sites, Shuttered

This post was originally published on this siteValidCC, a dark web bazaar run by a cybercrime group that for more than six years hacked online merchants and sold stolen payment card data, abruptly closed up shop last week. The proprietors of the popular store said their servers were seized as part of a coordinated law enforcement operation designed to disconnect and confiscate its infrastructure. ValidCC, circa 2017. There are dozens of online shops that sell so-called “card not present” (CNP) payment card data stolen from e-commerce stores, but most source the data from other criminals. In contrast, researchers say ValidCC […]
February 1, 2021

U.K. Arrest in ‘SMS Bandits’ Phishing Service

This post was originally published on this siteAuthorities in the United Kingdom have arrested a 20-year-old man for allegedly operating an online service for sending high-volume phishing campaigns via mobile text messages. The service, marketed in the underground under the name “SMS Bandits,” has been responsible for blasting out huge volumes of phishing lures spoofing everything from COVID-19 pandemic relief efforts to PayPal, telecommunications providers and tax revenue agencies. The U.K.’s National Crime Agency (NCA) declined to name the suspect, but confirmed that the Metropolitan Police Service’s cyber crime unit had detained an individual from Birmingham in connection to a […]
January 29, 2021

The Taxman Cometh for ID Theft Victims

This post was originally published on this siteThe unprecedented volume of unemployment insurance fraud witnessed in 2020 hasn’t abated, although news coverage of the issue has largely been pushed off the front pages by other events. But the ID theft problem is coming to the fore once again: Countless Americans will soon be receiving notices from state regulators saying they owe thousands of dollars in taxes on benefits they never received last year. One state’s experience offers a window into the potential scope of the problem. Hackers, identity thieves and overseas criminal rings stole over $11 billion in unemployment benefits […]
January 27, 2021

Arrest, Seizures Tied to Netwalker Ransomware

This post was originally published on this siteU.S. and Bulgarian authorities this week seized the darkweb site used by the NetWalker ransomware cybercrime group to publish data stolen from its victims. In connection with the seizure, a Canadian national suspected of extorting more than $27 million through the spreading of NetWalker was charged in a Florida court. The victim shaming site maintained by the NetWalker ransomware group, after being seized by authorities this week. NetWalker is a ransomware-as-a-service crimeware product in which affiliates rent access to the continuously updated malware code in exchange for a percentage of any funds extorted […]
January 27, 2021

International Action Targets Emotet Crimeware

This post was originally published on this siteAuthorities across Europe on Tuesday said they’d seized control over Emotet, a prolific malware strain and cybercrime-as-service operation. Investigators say the action could help quarantine more than a million Microsoft Windows systems currently compromised with malware tied to Emotet infections. First surfacing in 2014, Emotet began as a banking trojan, but over the years it has evolved into one of the more aggressive platforms for spreading malware that lays the groundwork for ransomware attacks. In a statement published Wednesday morning on an action dubbed “Operation Ladybird,” the European police agency Europol said the […]
January 21, 2021

DDoS-Guard To Forfeit Internet Space Occupied by Parler

This post was originally published on this siteParler, the beleaguered social network advertised as a “free speech” alternative to Facebook and Twitter, has had a tough month. Apple and Google removed the Parler app from its stores, and Amazon blocked the platform from using its hosting services. Parler has since found a home in DDoS-Guard, a Russian digital infrastructure company. But now it appears DDoS-Guard is about to be relieved of more than two-thirds of the Internet address space the company leases to clients — including the Internet addresses currently occupied by Parler. The pending disruption for DDoS-Guard and Parler […]
January 19, 2021

New Charges Derail COVID Release for Hacker Who Aided ISIS

This post was originally published on this siteA hacker serving a 20-year sentence for stealing personal data on 1,300 U.S. military and government employees and giving it to an Islamic State hacker group in 2015 has been charged once again with fraud and identity theft. The new charges have derailed plans to deport him under compassionate release because of the COVID-19 pandemic. Ardit Ferizi, a 25-year-old citizen of Kosovo, was slated to be sent home earlier this month after a federal judge signed an order commuting his sentence to time served. The release was granted in part due to Ferizi’s […]
January 18, 2021

Joker’s Stash Carding Market to Call it Quits

This post was originally published on this siteJoker’s Stash, by some accounts the largest underground shop for selling stolen credit card and identity data, says it’s closing up shop effective mid-February 2021. The announcement came on the heels of a turbulent year for the major cybercrime store, and just weeks after U.S. and European authorities seized a number of its servers. A farewell message posted by Joker’s Stash admin on Jan. 15, 2021. The Russian and English language carding store first opened in October 2014, and quickly became a major source of “dumps” — information stolen from compromised payment cards […]
January 12, 2021

Microsoft Patch Tuesday, January 2021 Edition

This post was originally published on this siteMicrosoft today released updates to plug more than 80 security holes in its Windows operating systems and other software, including one that is actively being exploited and another which was disclosed prior to today. Ten of the flaws earned Microsoft’s most-dire “critical” rating, meaning they could be exploited by malware or miscreants to seize remote control over unpatched systems with little or no interaction from Windows users. Most concerning of this month’s batch is probably a critical bug (CVE-2021-1647) in Microsoft’s default anti-malware suite — Windows Defender — that is seeing active exploitation. […]
January 12, 2021

SolarWinds: What Hit Us Could Hit Others

This post was originally published on this siteNew research into the malware that set the stage for the megabreach at IT vendor SolarWinds shows the perpetrators spent months inside the company’s software development labs honing their attack before inserting malicious code into updates that SolarWinds then shipped to thousands of customers. More worrisome, the research suggests the insidious methods used by the intruders to subvert the company’s software development pipeline could be repurposed against many other major software providers. In a blog post published Jan. 11, SolarWinds said the attackers first compromised its development environment on Sept. 4, 2019. Soon […]
January 11, 2021

Ubiquiti: Change Your Password, Enable 2FA

This post was originally published on this siteUbiquiti, a major vendor of cloud-enabled Internet of Things (IoT) devices such as routers, network video recorders, security cameras and access control systems, is urging customers to change their passwords and enable multi-factor authentication. The company says an incident at a third-party cloud provider may have exposed customer account information and credentials used to remotely manage Ubiquiti gear. In an email sent to customers today, Ubiquiti Inc. [NYSE: UI] said it recently became aware of “unauthorized access to certain of our information technology systems hosted by a third party cloud provider,” although it […]
January 7, 2021

Sealed U.S. Court Records Exposed in SolarWinds Breach

This post was originally published on this siteThe ongoing breach affecting thousands of organizations that relied on backdoored products by network software firm SolarWinds may have jeopardized the privacy of countless sealed court documents on file with the U.S. federal court system, according to a memo released Wednesday by the Administrative Office (AO) of the U.S. Courts. The judicial branch agency said it will be deploying more stringent controls for receiving and storing sensitive documents filed with the federal courts, following a discovery that its own systems were compromised as part of the SolarWinds supply chain attack. That intrusion involved […]
January 7, 2021

All Aboard the Pequod!

This post was originally published on this siteLike countless others, I frittered away the better part of Jan. 6 doomscrolling and watching television coverage of the horrifying events unfolding in our nation’s capital, where a mob of President Trump supporters and QAnon conspiracy theorists was incited to lay siege to the U.S. Capitol. For those trying to draw meaning from the experience, might I suggest consulting the literary classic Moby Dick, which simultaneously holds clues about QAnon’s origins and offers an apt allegory about a modern-day Captain Ahab and his ill-fated obsessions. Many have speculated that Jim Watkins, the administrator […]
January 5, 2021

Hamas May Be Threat to 8chan, QAnon Online

This post was originally published on this siteIn October 2020, KrebsOnSecurity looked at how a web of sites connected to conspiracy theory movements QAnon and 8chan were being kept online by DDoS-Guard, a dodgy Russian firm that also hosts the official site for the terrorist group Hamas. New research shows DDoS-Guard relies on data centers provided by a U.S.-based publicly traded company, which experts say could be exposed to civil and criminal liabilities as a result of DDoS-Guard’s business with Hamas. Many of the IP address ranges in in this map of QAnon and 8Chan-related sites — are assigned to […]
December 29, 2020

Happy 11th Birthday, KrebsOnSecurity!

This post was originally published on this siteToday marks the 11th anniversary of KrebsOnSecurity! Thank you, Dear Readers, for your continued encouragement and support! With the ongoing disruption to life and livelihood wrought by the Covid-19 pandemic, 2020 has been a fairly horrid year by most accounts. And it’s perhaps fitting that this was also a leap year, piling on an extra day to a solar rotation that most of us probably can’t wait to see in the rearview mirror. But it was hardly a dull one for computer security news junkies. In almost every category — from epic breaches […]
December 18, 2020

VMware Flaw a Vector in SolarWinds Breach?

This post was originally published on this siteU.S. government cybersecurity agencies warned this week that the attackers behind the widespread hacking spree stemming from the compromise at network software firm SolarWinds used weaknesses in other, non-SolarWinds products to attack high-value targets. According to sources, among those was a flaw in software virtualization platform VMware, which the U.S. National Security Agency (NSA) warned on Dec. 7 was being used by Russian hackers to impersonate authorized users on victim networks. On Dec. 7, 2020, the NSA said “Russian state-sponsored malicious cyber actors are exploiting a vulnerability in VMware Access and VMware Identity […]
December 16, 2020

Malicious Domain in SolarWinds Hack Turned into ‘Killswitch’

This post was originally published on this siteA key malicious domain name used to control potentially thousands of computer systems compromised via the months-long breach at network monitoring software vendor SolarWinds was commandeered by security experts and used as a “killswitch” designed to turn the sprawling cybercrime operation against itself, KrebsOnSecurity has learned. Austin, Texas-based SolarWinds disclosed this week that a compromise of its software update servers earlier this year may have resulted in malicious code being pushed to nearly 18,000 customers of its Orion platform. Many U.S. federal agencies and Fortune 500 firms use(d) Orion to monitor the health […]
December 15, 2020

SolarWinds Hack Could Affect 18K Customers

This post was originally published on this siteThe still-unfolding breach at network management software firm SolarWinds may have resulted in malicious code being pushed to nearly 18,000 customers, the company said in a legal filing on Monday. Meanwhile, Microsoft should soon have some idea which and how many SolarWinds customers were affected, as it recently took possession of a key domain name used by the intruders to control infected systems. On Dec. 13, SolarWinds acknowledged that hackers had inserted malware into a service that provided software updates for its Orion platform, a suite of products broadly used across the U.S. […]
December 14, 2020

U.S. Treasury, Commerce Depts. Hacked Through SolarWinds Compromise

This post was originally published on this siteCommunications at the U.S. Treasury and Commerce Departments were reportedly compromised by a supply chain attack on SolarWinds, a security vendor that helps the federal government and a range of Fortune 500 companies monitor the health of their IT networks. Given the breadth of the company’s customer base, experts say the incident may be just the first of many such disclosures. Some of SolarWinds’ customers. Source: solarwinds.com According to a Reuters story, hackers believed to be working for Russia have been monitoring internal email traffic at the U.S. Treasury and Commerce departments. Reuters […]
December 10, 2020

Payment Processing Giant TSYS: Ransomware Incident “Immaterial” to Company

This post was originally published on this sitePayment card processing giant TSYS suffered a ransomware attack earlier this month. Since then reams of data stolen from the company have been posted online, with the attackers promising to publish more in the coming days. But the company says the malware did not jeopardize card data, and that the incident was limited to administrative areas of its business. Headquartered in Columbus, Ga., Total System Services Inc. (TSYS) is the third-largest third-party payment processor for financial institutions in North America, and a major processor in Europe. TSYS provides payment processing services, merchant services […]
December 8, 2020

Patch Tuesday, Good Riddance 2020 Edition

This post was originally published on this siteMicrosoft today issued its final batch of security updates for Windows PCs in 2020, ending the year with a relatively light patch load. Nine of the 58 security vulnerabilities addressed this month earned Microsoft’s most-dire “critical” label, meaning they can be abused by malware or miscreants to seize remote control over PCs without any help from users. Mercifully, it does not appear that any of the flaws fixed this month are being actively exploited, nor have any them been detailed publicly prior to today. The critical bits reside in updates for Microsoft Exchange […]