aafrn - Slashdot User

Submission + - FSB Arrests 14 Members of REvil Ransomware Gang (therecord.media)

Submitted by Anonymous Coward on Friday January 14, 2022 @10:49AM

An anonymous reader writes: The Russian Federal Security Service (FSB) said today that it has raided and shut down the operations of the REvil ransomware gang. Raids were conducted today at 25 residents owned by 14 members suspected to be part of the REvil team across Moscow, St. Petersburg, Leningrad, and the Lipetsk regions. Authorities said they seized more than 426 million rubles, $600,000, and €500,000 in cash, along with cryptocurrency wallets, computers, and 20 expensive cars.

The REvil gang is responsible for ransomware attacks against Apple supplier Quanta, Kaseya, and JBS Foods.

Submission + - Salesforce to require MFA for all users starting next month (therecord.media)

Submitted by Anonymous Coward on Saturday January 08, 2022 @10:43AM

An anonymous reader writes: Salesforce, the world’s largest customer relationship management (CRM) platform, said that customers must have a form of multi-factor authentication (MFA) turned on starting next month, or they won’t be able to access their accounts. “Beginning February 1, 2022, Salesforce will require customers to use MFA in order to access Salesforce products,” the company said last year.

Salesforce said that users will be able to choose from using security keys, an authenticator app, or an OS biometrics systems to secure accounts. MFA solutions that rely on sending one-time passcodes via email, phone, or SMS messages won’t be allowed “because these methods are inherently vulnerable to interception, spoofing, and other attacks,” Salesforce explained.

Submission + - Firewalls and middleboxes can be weaponized for gigantic DDoS attacks (therecord.media)

Submitted by Anonymous Coward on Monday August 16, 2021 @05:38PM

An anonymous reader writes: In an award-winning paper today, academics said they discovered a way to abuse the TCP protocol, firewalls, and other network middleboxes to launch giant distributed denial of service (DDoS) attacks against any target on the internet.

Authored by computer scientists from the University of Maryland and the University of Colorado Boulder, the research is the first of its kind to describe a method to carry out DDoS reflective amplification attacks via the TCP protocol, previously thought to be unusable for such operations.

Making matters worse, researchers said the amplification factor for these TCP-based attacks is also far larger than UDP protocols, making TCP protocol abuse one of the most dangerous forms of carrying out a DDoS attack known to date and very likely to be abused in the future.

Submission + - Chinese Hackers Use Mesh of Home Routers to Disguise Attacks (therecord.media)

Submitted by Anonymous Coward on Wednesday July 28, 2021 @06:07PM

An anonymous reader writes: A Chinese cyber-espionage group known as APT31 (or Zirconium) has been seen hijacking home routers to form a proxy mesh around its server infrastructure in order to relay and disguise the origins of their attacks.

In a security alert published today, the French National Cybersecurity Agency, also known as ANSSI (Agence Nationale de la Sécurité des Systèmes d’Information), published a list of 161 IP addresses that have been hijacked by APT31 in recent attacks against French organizations. French officials said that APT31’s proxy botnet was used to perform both reconnaissance operations against their targets, but also to carry out the attacks themselves. The attacks started at the beginning of 2021 and are still ongoing.

Submission + - Wikimedia bans admin of Wikipedia Croatia for pushing radical right agendas (therecord.media) 1

Submitted by Anonymous Coward on Monday June 21, 2021 @06:10PM

An anonymous reader writes: The Wikimedia Foundation has banned the administrator of the Croatian version of Wikipedia after an investigation revealed that together with other admins, they edited and distorted content on the site with radical right views. This group had de-facto control of the website between 2011 and 2020, the Wikimedia Foundation said in a report published earlier this month.

“It appears that this group consisted of real-life friends, ideological sympathisers, and political allies,” the organization said. any articles created and edited by the members of this group present the views that match political and socio-cultural positions advocated by a loosely connected group of Croatian radical right political parties and ultra-conservative populist movements."

Submission + - Ransomware gang tries to extort Apple hours ahead of Spring Loaded event (therecord.media)

Submitted by Anonymous Coward on Tuesday April 20, 2021 @02:53PM

An anonymous reader writes: The operators of the REvil ransomware are demanding that Apple pay a ransom demand to avoid having confidential information leaked on the dark web. The REvil crew claims it came into possession of Apple product data after breaching Quanta Computer, a Taiwanese company that is the biggest laptop manufacturer in the world and which is also one of the companies that assemble official Apple products based on pre-supplied product designs and schematics.

The REvil gang posted 21 screenshots depicting Macbook schematics and threatened to publish new data every day until May 1, or until Apple or Quanta pay the ransom demand. The extortion attempt was also perfectly timed for maximum visibility to coincide with the Spring Loaded event, where Apple announced new products and software updates.

Submission + - Billions of devices vulnerable to new 'BLESA' Bluetooth spoofing attack (zdnet.com)

Submitted by Anonymous Coward on Wednesday September 16, 2020 @01:28PM

An anonymous reader writes: Billions of smartphones, tablets, laptops, and IoT devices are using Bluetooth software stacks that are vulnerable to a new security flaw disclosed over the summer. Named BLESA (Bluetooth Low Energy Spoofing Attack), the vulnerability impacts devices running the Bluetooth Low Energy (BLE) protocol, and affects the reconnection process that occurs when a device moves back into range after losing or dropping its pairing.

A successful BLESA attack allows bad actors to connect with a device (by getting around reconnection authentication requirements) and send spoofed data to it. In the case of IoT devices, those malicious packets can convince machines to carry out different or new behavior. For humans, attackers could feed a device deceptive information.

BLESA impacts billions of devices that run vulnerable BLE software stacks. Vulnerable are BLE software libraries like BlueZ (Linux-based IoT devices), Fluoride (Android), and the iOS BLE stack. Windows' BLE stack is not impacted.

Submission + - Tens of suspects arrested for cashing-out Santander ATMs using software glitch (zdnet.com)

Submitted by Anonymous Coward on Friday August 21, 2020 @06:08AM

An anonymous reader writes: The FBI and local police have made tens of arrests across the tri-state area this week as part of a crackdown against multiple criminal gangs who exploited a glitch in the software of Santander ATMs to cash-out more money than was stored on cards. The bug allowed members of criminal groups to use fake debit cards or valid preloaded debit cards to withdraw more funds from ATMs than the cards were storing.

Sources in the threat intel community have told ZDNet that details about this particular software glitch had been initially kept private and shared or sold among members of ATM and banking fraud groups for days. Glitch details, however, did not remain secret for long, and, eventually, leaked online this week, being broadly shared in Telegram chat rooms, Instagram, and other social networks. As a result of details leaking uncontrolled, multiple criminal groups began exploiting the software bug, resulting in a sudden spike of ATM cash-outs at Santander banks, and prompting bank employees to investigate.

A video of the glitch in action is here.

Submission + - Vigilante Sabotages Malware Botnet by Replacing Payloads with Animated GIFs (zdnet.com)

Submitted by Anonymous Coward on Sunday July 26, 2020 @07:29AM

An anonymous reader writes: An unknown vigilante hacker has been sabotaging the operations of the recently-revived Emotet botnet by replacing Emotet payloads with animated GIFs, effectively preventing victims from getting infected. The sabotage, which started on July 21, has grown from a simple joke to a serious issue impacting a large portion of the Emotet operation, reducing the biggest malware botnet today to a quarter of its daily capabilities.

Since the attack started, the vigilante has replaced Emotet payloads with this Blink 182 "WTF" GIF, a James Franco GIF, and the Hackerman GIF from the Kung Fury movie.

Submission + - Mozilla to launch VPN product 'in the next few weeks' (zdnet.com)

Submitted by Anonymous Coward on Thursday June 18, 2020 @06:08PM

An anonymous reader writes: Mozilla has announced today that its highly anticipated VPN (virtual private network) service will launch later this summer, 'in the next few weeks.' The product has also been renamed from its original name of Firefox Private Network to its new brand of the "Mozilla VPN." The name change came after Mozilla expanded the VPN product from the initial Firefox extension to a full-device VPN, capable of routing traffic for the entire OS, including other browsers.

Currently, the Mozilla VPN offers clients for Windows 10, Chromebooks, Android, and iOS devices. Mozilla said beta testers also requested a Mac client, which they plan to provide, along with a Linux app.

Submission + - Supercomputers Hacked Across Europe to Mine Cryptocurrency (zdnet.com)

Submitted by Anonymous Coward on Saturday May 16, 2020 @08:17PM

An anonymous reader writes: Multiple supercomputers across Europe have been infected this week with cryptocurrency mining malware and have shut down to investigate the intrusions. Security incidents have been reported in the UK, Germany, and Switzerland, while a similar intrusion is rumored to have also happened at a high-performance computing center located in Spain.

Hackers appear to have gained access to the supercomputer clusters via compromised SSH credentials. They then used an exploit for the CVE-2019-15666 vulnerability to gain root access and then deployed an application that mined the Monero (XMR) cryptocurrency.

Submission + - FBI Says Nation-State Hackers Breached Two US Municipalities (zdnet.com)

Submitted by Anonymous Coward on Friday January 17, 2020 @11:10AM

An anonymous reader writes: Nation-state hackers breached the networks of two US municipalities last year, the FBI said in a security alert sent to private industry partners last week. The hacks took place after attackers used the CVE-2019-0604 vulnerability in Microsoft SharePoint servers to breach the two municipalities' networks.

The FBI says that once attackers got a foothold on these networks, "malicious activities included exfiltration of user information, escalation of administrative privileges, and the dropping of webshells for remote/backdoor persistent access."

"Due to the sophistication of the compromise and Tactics, Techniques, and Procedures (TTPs) utilized, the FBI believes unidentified nation-state actors are involved in the compromise," the agency said in its security alert. The FBI could not say if both intrusions were carried out by the same group. The agency also did not name the two hacked municipalities.

Submission + - Facebook sues Chinese malware operator for abusing its ad platform (zdnet.com)

Submitted by Anonymous Coward on Thursday December 05, 2019 @04:15PM

An anonymous reader writes: Facebook filed a lawsuit today against a Chinese company and two Chinese nationals for abusing the Facebook ad platform to run a malware scheme. The accused are ILikeAd Media International Company Ltd., a Hong Kong-based company founded in 2016, and Chen Xiao Cong and Huang Tao, the two men behind it.

Facebook said today that ILikeAd used Facebook ads to lure victims into downloading and installing malware. Once installed, the malware would compromise victims' Facebook accounts and use access to these accounts to place new ads, on behalf of the infected users.

Submission + - Thousands of hacked Disney+ accounts are already for sale on hacking forums (zdnet.com)

Submitted by Anonymous Coward on Saturday November 16, 2019 @01:13PM

An anonymous reader writes: Hackers didn't waste any time and have started hijacking Disney+ user accounts hours after the service launched. Many of these accounts are now being offered for free on hacking forums, or available for sale for prices varying from $3 to $11, a ZDNet investigation has discovered. Many users reported that hackers were accessing their accounts, logging them out of all devices, and then changing the account's email and password, effectively taking over the account and locking the previous owner out.

Two users who spoke with ZDNet on the condition we do not share their names admitted that they reused passwords. However, other users said online that they did not, and had used passwords unique for their Disney+ accounts. This suggests that in some cases hackers gained access to accounts by using email and password combos leaked at other sites, while in other cases the Disney+ credentials might have been obtained from users infected with keylogging or info-stealing malware.

Submission + - Massive wave of account hijacks hits YouTube creators (zdnet.com)

Submitted by Anonymous Coward on Monday September 23, 2019 @04:12PM

An anonymous reader writes: Over the past few days, a massive wave of account hijacks has hit YouTube users, and especially creators in the auto-tuning and car review community, a ZDNet investigation discovered following a tip from one of our readers.

Several high-profile accounts from the YouTube creators car community have fallen victim to these attacks already. The list includes channels such as Built [Instagram post, YouTube channel], Troy Sowers [Instagram post, YouTube channel], MaxtChekVids [YouTube channel], PURE Function [Instagram post, YouTube Support post, YouTube channel], and Musafir [Instagram post, YouTube channel].

The account hacks are the result of a coordinated campaign that consisted of messages luring users to phishing sites, where hackers logged account credentials. Some of these phishing attacks also bypassed 2FA.

Slashdot Top Deals