Security News
Australia's Federal Police force has revealed more about how it distributed a backdoored chat app to criminals. The app, named An0m, was revealed in June 2021 when Australia's Feds, the FBI and European authorities revealed they'd combined to convince crims the software allowed secure communications.
The US Federal Bureau of Investigation says 49 organisations, including some in government, were hit by Cuba ransomware as of early November this year. The ransomware gang's loader of choice, Hancitor, was the culprit, distributed via phishing emails, or via exploit of Microsoft Exchange vulnerabilities, compromised credentials, or Remote Desktop Protocol tools.
The US Attorney's Office of Arizona on Wednesday announced the indictment of two men on charges that they defrauded musicians and associated companies by claiming more than $20m in royalty payments for songs played on YouTube. "In short, Batista and Teran, as individuals and through various entities that they operate and control, fraudulently claimed to have the legal rights to monetize a music library of more than 50,000 songs," the indictment [PDF] alleges.
The federal government has upped the ante in its fight against ransomware by offering a $10 million reward for information leading to the identification or location of leaders of the DarkSide ransomware group. The U.S. Department of State unveiled the reward on Thursday, adding a $5 million reward for for information that leads to the arrest and conviction of individuals participating in a DarkSide attack.
The US Department of Justice claims it's arrested a member of a gang that deployed the Trickbot ransomware. A heavily-redacted indictment names Vladimir Dunaev as a developer of the malware, and alleges he was "a Malware Developer for the Trickbot Group, overseeing the creation of internet browser injection, machine identification, and data harvesting codes used by the Trickbot malware".
The US Federal Communications Commission has terminated China Telecom's authority to provide communications services in the USA. In its announcement of the termination, the government agency explained the decision is necessary because the national security environment has changed in the years since 2002. That was when China Telecom was first allowed to operate in the USA. The FCC now believes - partly based on classified advice from national security agencies - that China Telecom can "Access, store, disrupt, and/or misroute U.S. communications, which in turn allow them to engage in espionage and other harmful activities against the United States".
The Russian-led REvil ransomware gang was felled by an active multi-country law enforcement operation that resulted in its infrastructure being hacked and taken offline for a second time earlier this week, in what's the latest action taken by governments to disrupt the lucrative ecosystem. Coinciding with the development, blockchain analytics firm Elliptic disclosed that $7 million in bitcoin held by the DarkSide ransomware group were moved through a series of new wallets, with a small fraction of the amount being transferred with each transfer to make the laundered money more difficult to track and convert the funds into fiat currency through exchanges.
The advisory urges businesses to bolster defenses tied to user credentials and implement strong passwords and multi-factor authentication to better thwart an anticipated uptick in BlackMatter criminal activity. "Using embedded, previously compromised credentials, BlackMatter leverages the Lightweight Directory Access Protocol and Server Message Block protocol to access the Active Directory to discover all hosts on the network," according to the advisory.
Unsecured VPNs can be a hot mess: Just ask Colonial Pipeline or the 87,000 Fortinet customers whose credentials for unpatched SSL-VPNs were posted online earlier this month. As the advisory from the NSA and CISA explained, exploiting CVEs associated with VPNs can enable a malicious actor "To steal credentials, remotely execute code, weaken encrypted traffic's cryptography, hijack encrypted traffic sessions, and read sensitive data from the device."
Unsecured VPNs can be a hot mess: Just ask Colonial Pipeline or the 87,000 Fortinet customers whose credentials for unpatched SSL-VPNs were posted online earlier this month. As the advisory from the NSA and CISA explained, exploiting CVEs associated with VPNs can enable a malicious actor "To steal credentials, remotely execute code, weaken encrypted traffic's cryptography, hijack encrypted traffic sessions, and read sensitive data from the device."