Security News
At least 30,000 organizations across the United States - including a significant number of small businesses, towns, cities and local governments - have over the past few days been hacked by an unusually aggressive Chinese cyber espionage unit that's focused on stealing email from victim organizations, multiple sources tell KrebsOnSecurity. The espionage group is exploiting four newly-discovered flaws in Microsoft Exchange Server email software, and has seeded hundreds of thousands of victim organizations worldwide with tools that give the attackers total, remote control over affected systems.
In what's a case of hackers getting hacked, a prominent underground online criminal forum by the name of Maza has been compromised by unknown attackers, making it the fourth forum to have been breached since the start of the year. The intrusion is said to have occurred on March 3, with information about the forum members - including usernames, email addresses, and hashed passwords - publicly disclosed on a breach notification page put up by the attackers, stating "Your data has been leaked" and "This forum has been hacked."
The Maza cybercrime forum was hacked and member data leaked in the latest of a series of attacks targeting mostly Russian-speaking hacker forums. Last night, BleepingComputer was contacted by a newly registered Twitter user who stated that the Maza forum was hacked and member data was leaked.
A phishing campaign targeting users of Outlook Web Access and Office 365 services collected thousands of credentials relying on trusted domains such as SendGrid. Using Zoom invites as a lure and an extensive list of email addresses, the operators of the phishing campaign delivered messages from hacked accounts on the SendGrid cloud-based email delivery platform.
Over the past few weeks, three of the longest running and most venerated Russian-language online forums serving thousands of experienced cybercriminals have been hacked. Members of all three forums are worried the incidents could serve as a virtual Rosetta Stone for connecting the real-life identities of the same users across multiple crime forums.
The CEO of Gab, a social network favored by the US political right, said the platform had been attacked by "Demon hackers" after an activist group released user data described as an important resource for research on the far right. The activist group called DDoSecrets Collective released the data over the weekend to Wired magazine, claiming it offered "a record of the culture" related to the violent siege of the US Capitol on January 6.
The UK's National Cyber Security Centre is now helping IoT gadget firm FootfallCam Ltd secure product lines following the recent digital burglary of its nursery webcam operation. Company director Melissa Kao confirmed to The Register that the NCSC, a sibling of UK spy agency GCHQ, was helping the company shore up security after its NurseryCam product was hacked last week.
The private sector should be legally obliged to disclose any major hacks of their systems, says Microsoft's president and top lawyer Brad Smith. While only Smith was willing to say categorically that it was Russia, FireEye's CEO Kevin Mandia noted that following an intensive investigation by his team, which included looking for clues in reams of decompiled code, they had concluded that the hack was "Not consistent with China, North Korea or Iran, and was most consistent with Russia."
The private sector should be legally obliged to disclose any major hacks of their systems, says Microsoft's president and top lawyer Brad Smith. While only Smith was willing to say categorically that it was Russia, FireEye's CEO Kevin Mandia noted that following an intensive investigation by his team, which included looking for clues in reams of decompiled code, they had concluded that the hack was "Not consistent with China, North Korea or Iran, and was most consistent with Russia."
Daycare camera product NurseryCam was hacked late last week with the person behind the digital break-in coming forward to tip us off. News of NurseryCam's compromise was conveyed to the company by The Register just after 5pm on Friday, leading the firm to tell parents: "On 17:18 Friday 19th February 2021, it has come to our attention of a cyber incident detected in our NurseryCam system."