Security News
The notorious information-stealer known as Vidar is continuing to leverage popular social media services such as TikTok, Telegram, Steam, and Mastodon as an intermediate command-and-control server. What's new in the latest version of the malware is that the gathered data is encoded prior to exfiltration, a change from the previous variants that have been known to send the compressed file data in plaintext format.
Since July 22nd, 2022, threat actors and data breach collectors have been selling and circulating large data sets of scraped Twitter user profiles containing both private and public data on various online hacker forums and cybercrime marketplaces. These data sets were created in 2021 by exploiting a Twitter API vulnerability that allowed users to input email addresses and phone numbers to confirm whether they were associated with a Twitter ID. The threat actors then used another API to scrape the public Twitter data for the ID and combined this public data with private email addresses/phone numbers to create profiles of Twitter users.
In brief Business email compromise continues to be a multibillion-dollar threat, but it's evolving, with the FBI and other federal agencies warning that cybercriminals have started using spoofed emails to steal shipments of physical goods - in this case, food. Along with the Food and Drug Administration's Office of Criminal Investigations and the US Department of Agriculture, the FBI said several US food manufacturers have already fallen victim to scams, many of which involved fake orders for hundreds of thousands of dollars worth of a single item: powdered milk.
A new phishing campaign uses Facebook posts as part of its attack chain to trick users into giving away their account credentials and personally identifiable information. The link to appeal the account deletion is an actual Facebook post on facebook.com, helping threat actors bypass email security solutions and ensure their phishing messages land in the target's inbox.
There's no end - or restored data - in sight for some Rackspace customers now on day 12 of the company's ransomware-induced hosted Exchange email outage. Rackspace did not say if or when it expects to recover people's data that was lost or scrambled when ransomware hit its systems - an attack that took down some of Rackspace's hosted Microsoft Exchange services on December 2.
A business email compromise attack is a type of scam aimed at an organization's employees in which the attacker impersonates a top executive or other trusted person associated with the business. While BEC attacks usually occur via email, they're now using SMS text messages to hit recipients.
MuddyWater hackers, a group associated with Iran's Ministry of Intelligence and Security (MOIS), used compromised corporate email accounts to deliver phishing messages to their targets. [...]
Cybercrime marketplaces are increasingly selling stolen corporate email addresses for as low as $2 to fill a growing demand by hackers who use them for business email compromise and phishing attacks or initial access to networks. Analysts at Israeli cyber-intelligence firm KELA have closely followed this trend, reporting at least 225,000 email accounts for sale on underground markets.
Rackspace has admitted a ransomware infection was to blame for the days-long email outage that disrupted services for customers. In its most recent update, posted at 0826 Eastern Time on Tuesday, Rackspace said it has now "Determined this suspicious activity was the result of a ransomware incident," and has hired a "Leading cyber defense firm to investigate."
Rackspace has not offered any explanation of the "Security incident" that has taken out its hosted Exchange environment and led the company to predict multiple days of downtime before restoration. The Register has conversed with customers who profess to having little technical expertise - which is fair enough given Rackspace promotes its hosted Exchange service as suitable for "Any business size or need" and that an "Award-winning team of support experts is available to solve your technical problems 24x7x365."