Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - Antus67

Pages: [1] 2 3 ... 255
1
By Eduard Kovacs on July 17, 2019

Clinical Pathology Laboratories (CPL) is the latest organization to inform customers that their personal information may have been compromised as a result of a data breach suffered by healthcare billing services provider American Medical Collection Agency (AMCA).

CPL, a laboratory services provider with 1,900 employees, said it learned of the incident in May. The company determined that the breach impacted roughly 34,500 patients who may have had information such as name, address, phone number, date of birth, payment card or banking information, balance information, and treatment provider details stolen.

Another 2.2 million individuals may have had their name, phone number, address, date of birth, dates of service, balance information, and treatment provider information compromised. Financial information was not exposed in the case of these patients, CPL said.

full article here:https://www.securityweek.com/amca-breach-impacts-22-million-patients-clinical-pathology-laboratories

2
Security & Technology News / Party Like a Russian, Carder’s Edition
« on: July 18, 2019, 03:29:51 am »
Author: Brian Krebs

“It takes a certain kind of man with a certain reputation
To alleviate the cash from a whole entire nation…”

KrebsOnSecurity has seen some creative yet truly bizarre ads for dodgy services in the cybercrime underground, but the following animated advertisement for a popular credit card fraud shop likely takes the cake.

The name of this particular card shop won’t be mentioned here, and its various domain names featured in the video have been pixelated so as not to further promote the online store in question.

But points for knowing your customers, and understanding how to push emotional buttons among a clientele that mostly views America’s financial system as one giant ATM that never seems to run out of cash.

WARNING: Some viewers may find this video disturbing. Also, it is almost certainly Not Safe for Work.

full article here:https://krebsonsecurity.com/2019/07/party-like-a-russian-carders-edition/

3
Author: Curtis Franklin Jr.

The last-June breach exposed data including names, phone numbers, and account numbers.

Sprint has been informing customers of a data breach discovered on June 22 that came by way of their account credentials via Samsung's "add a line" website. The number of customers impacted has not been disclosed.

Information exposed in the breach includes phone number, device type, device ID, monthly recurring charges, subscriber ID, account number, account creation date, upgrade eligibility, first and last name, billing address, and add-on services, according to Sprint's notification. The notification also stresses information that might be used in financial fraud was not affected.

full article here:https://www.darkreading.com/attacks-breaches/sprint-reveals-account-breach-via-samsung-website/d/d-id/1335285

4
By Ionut Ilascu



Stalkerware for mobile is easy to get by these days and you don't have to look further than Android's official store. While Google is quick to boot such apps when reported, some linger on adding thousands of installations.

Yesterday, researchers from Avast reported to Google four stalkerware apps believed to be the work of a Russian developer. They were promptly booted from the official Android store, but new ones have been discovered.

The functionality of these apps allowed someone to spy on people without leaving a trail on the device. This types of apps is often used to secretly monitor employee or life partners.

full article here:https://www.bleepingcomputer.com/news/security/stalkerware-apps-on-google-play-installed-over-130-000-times/

5
By Sergiu Gatlan



The Drupal CMS team has released a security update to address a critical severity access bypass vulnerability in the CMS' core component that could allow attackers to take control of impacted sites.

Only a limited set of websites running on the Drupal CMS are affected according to the security advisory given that the security issue only affects the Drupal 8.7.4 version, with Drupal 8.7.3 and earlier, Drupal 8.6.x and earlier, and Drupal 7.x not being affected.

"In Drupal 8.7.4, when the experimental Workspaces module is enabled, an access bypass condition is created," says the Drupal team.

full article here:https://www.bleepingcomputer.com/news/security/drupal-patches-critical-bug-that-lets-hackers-take-over-sites/

6
By Lawrence Abrams


Microsoft has added a new bug to the list of known issues in Windows 10 1903 about Remote Desktop connections displaying a black screen when connecting to devices using older graphic drivers.

According to the bug report, when a user connects via Remote Desktop to device with certain older GPU drivers, including drivers the Intel 4 series of integrated GPUs, a black screen will be shown.

Quote
"When initiating a Remote Desktop connection to devices with some older GPU drivers, you may receive a black screen. Any version of Windows may encounter this issue when initiating a Remote Desktop connection to a Windows 10, version 1903 device which is running an affected display driver, including the drivers for the Intel 4 series chipset integrated GPU (iGPU)."

full article here:https://www.bleepingcomputer.com/news/microsoft/windows-10-1903-bug-may-show-black-screen-in-remote-desktop/

7
 Author: Tara Seals





A dropper called “Topinambour” is the first-stage implant, which in turn fetches a spy trojan built in several coding languages.

The Turla APT has revamped its arsenal in 2019, creating new weapons and tools for targeting government entities. It’s now using booby-trapped anti-internet censorship software as an initial infection vector, suggesting Turla is going after dissident or other civil-society targets.

The Russian-speaking actors believed behind Turla named the dropper “Topinambour,” which is another word for the Jerusalem artichoke (a.k.a. the sunchoke). Since January, Topinambour has become the first-stage implantation for Turla campaigns. Once installed, it fetches all the other malware that the group uses to gain access to target networks and exfiltrate information.

full article here:https://threatpost.com/turla-apt-malware-anti-censorship/146472/

8
By Ionut Arghire on July 15, 2019

Members of the cybercriminal group behind the infamous Dridex Trojan have split from the gang and released a forked version of the BitPaymer ransomware, CrowdStrike reports.

Referred to as TA505 and best known for the Dridex Trojan and the Locky ransomware, the threat actor has been releasing various new malware families lately, including the tRat backdoor and the AndroMut downloader.

After the release of ransomware variants Bart in 2016 and Jaff in May 2017, the cybercriminals released BitPaymer (also known as FriedEx) in mid-2017. This piece of ransomware focused on high profile targets and companies rather than end users and was being distributed through Remote Desktop Protocol (RDP) brute force attacks.

full article here:https://www.securityweek.com/forked-version-bitpaymer-ransomware-emerges

9
Author: Brian Krebs

The cybercriminals behind the GandCrab ransomware-as-a-service (RaaS) offering recently announced they were closing up shop and retiring after having allegedly earned more than $2 billion in extortion payments from victims. But a growing body of evidence suggests the GandCrab team have instead quietly regrouped behind a more exclusive and advanced ransomware program known variously as “REvil,” “Sodin,” and “Sodinokibi.”

“We are getting a well-deserved retirement,” the GandCrab administrator(s) wrote in their farewell message on May 31. “We are a living proof that you can do evil and get off scot-free.”

However, it now appears the GandCrab team had already begun preparations to re-brand under a far more private ransomware-as-a-service offering months before their official “retirement.”

In late April, researchers at Cisco Talos spotted a new ransomware strain dubbed Sodinokibi that was used to deploy GandCrab, which encrypts files on infected systems unless and until the victim pays the demanded sum. A month later, GandCrab would announce its closure.

full article here:https://krebsonsecurity.com/2019/07/is-revil-the-new-gandcrab-ransomware/

10
Author: Kelly Sheridan

New ransomware variant DoppelPaymer was leveraged in campaigns against the City of Edcouch, Texas, and the Chilean Ministry of Agriculture.

Researchers have identified a new ransomware variant dubbed DoppelPaymer, named for code similarities it shares with BitPaymer ransomware operated by the Indrik Spider attack group.

The new variant was spotted in a series of ransomware campaigns starting in June 2019, including attacks against the City of Edcouch, Texas, as well as the Chilean Ministry of Agriculture, CrowdStrike researchers report in a blog post on the malware discovery.

full article here:https://www.darkreading.com/risk/meet-doppelpaymer-bitpaymers-ransomware-lookalike/d/d-id/1335251

11
Author: Help Net SecurityJuly 15, 2019

IT managers are inundated with cyberattacks coming from all directions and are struggling to keep up due to a lack of security expertise, budget and up to date technology, according to Sophos.



The survey polled 3,100 IT decision makers from mid-sized businesses in the US, Canada, Mexico, Colombia, Brazil, UK, France, Germany, Australia, Japan, India, and South Africa.

full article here:https://www.helpnetsecurity.com/2019/07/15/multi-stage-attack-techniques/

12

Author: Lindsey O'Donnell
July 15, 2019 9:00 am



Threatpost about lessons learned from helping Atlanta remediate and recover from its massive ransomware attack.

Ransomware attacks against local governments and cities are repeatedly making headlines, with crippling results on city operations and budgets.

Last month, the Florida city of Riviera Beach paid hackers $600,000 after being hit by a ransomware attack that downed its computer systems for three weeks. In 2018, several Atlanta city systems were crippled after a ransomware attack extorted the municipality for $51,000. And The city of Baltimore is another recent victim of ransomware, which hit in May and halted some city services like water bills, permits and more, demanding a $76,000 ransom.

Why do cities appear to be a low hanging fruit when it comes to ransomware attacks? What hurdles do state and local governments face when securing their systems and responding to attacks?

full article here:https://threatpost.com/why-cities-are-a-low-hanging-fruit-for-ransomware/146368/

13

By Eduard Kovacs on July 15, 2019

Hackers can manipulate media files transferred by users through the WhatsApp and Telegram messaging applications due to the way the Android operating system allows apps to access files in external storage, Symantec warned on Monday.

Android applications can store files and data on a device’s internal storage or external storage. Files in the internal storage are accessible only to their respective apps, which is why Google advises developers to use it for data that should not be accessible to the user or other apps. On the other hand, files in the external storage can be viewed and modified by the user and other apps as well.

Researchers at Symantec have detailed an attack method, dubbed “Media File Jacking,” that allows a malicious Android application with “write-to-external storage” permissions to quickly modify files sent or received via WhatsApp and Telegram between the time they are written to the disk and the moment they are loaded in the app’s user interface.

The attack works against WhatsApp in its default configuration and against Telegram if the user has enabled the “Save to gallery” option.

full article here:]https://www.securityweek.com/hackers-can-manipulate-media-files-transferred-whatsapp-telegram[url][/url]

14

Author: Tara Seals
July 12, 2019 12:09 pm

A rare instance of ransomware targeting Linux-based file storage systems (network-attached storage servers, specifically) has been spotted, spreading via 15 separate but related campaigns. The adversaries behind the effort are continuing their depredations on an ongoing basis, according to researchers, so targets are expected to proliferate.

Researchers at Intezer Labs dubbed the malware “QNAPCrypt,” after QNAP, one of the larger NAS server vendors out there.

“NAS servers normally store large amounts of important data and files, which make them a valuable target for attackers and especially a viable target for ransomware campaigns,” Intezer researcher Ignacio Sanmillan said in an analysis of the malware, posted this week. However, he noted that “It is rare to see ransomware being used to target the Linux operating system.”

full article here:https://threatpost.com/linux-ransomware-nas-servers/146441/

15
By Eduard Kovacs on July 12, 2019

The Forum of Incident Response and Security Teams (FIRST) on Friday announced version 3.1 of the Common Vulnerability Scoring System (CVSS).

CVSS is a widely adopted standard for rating the severity of software vulnerabilities, and it provides a framework for communicating the characteristics and impact of security flaws.

CVSS 3.1When it released CVSS v3 in June 2015, FIRST said the new version was adapted for more modern concerns, it promoted consistency in scoring, and included scoring tips meant to provide better guidance to users.

CVSS v3.1 aims to simplify and improve upon the previous version in an effort to make it even easier to adopt by the security community.

Full Article Here:https://www.securityweek.com/first-announces-cvss-version-31

Pages: [1] 2 3 ... 255