Tag Archive for: Uncovered

An Alleged Russian Smuggling Ring Was Uncovered in New Hampshire

/in


As Russia’s invasion of Ukraine drags on, navigation system monitors reported this week that they’ve detected a rise in GPS disruptions in Russian cities, ever since Ukraine began mounting long-range drone attacks. Elsewhere, a lawsuit against Meta alleges that a lack of adequate hate-speech moderation on Facebook led to violence that exacerbated Ethiopia’s civil war. 

New evidence suggests that attackers planted data to frame an Indian priest who died in police custody—and that the hackers may have collaborated with law enforcement as he was investigated. The Russia-based ransomware gang Cuba abused legitimate Microsoft certificates to sign some of their malware, a method of falsely legitimatizing hacking tools that cybercriminals have particularly been relying on lately. And with the one-year anniversary of the Log4Shell vulnerability, researchers and security professionals reflected on the current state of open source supply-chain security, and what must be done to improve patch adoption.

We also explored the confluence of factors and circumstances leading to radicalization and extremism in the United States. And Meta gave WIRED some insight into the difficulty of enabling users to recover their accounts when they get locked out—without allowing attackers to exploit those same mechanisms for account takeovers.

But wait, there’s more! Each week, we highlight the security news we didn’t cover in depth ourselves. Click on the headlines below to read the full stories.

Alexey Brayman, 35, was one of seven people named in a 16-count federal indictment this week in which they were accused of operating an international smuggling ring over the past five years, illegally exported restricted technology to Russia. Brayman was taken into custody on Tuesday and later released on a $150,000 bond, after being ordered to forfeit his passport and abide by a curfew. He is an Israeli citizen who was born in Ukraine. Brayman and his wife, Daria, live in Merrimack, New Hampshire, a small town where the two ran an online craft business out of their home. “They are the nicest family,” a delivery driver who regularly drops off packages at their home told The Boston Globe. “They’ll leave…

Source…

Yanluowang ransomware gang’s inner workings uncovered

/in


The Yanluowang ransomware operation has only been pretending to be of Chinese origin, according to The Record, a news site by cybersecurity firm Recorded Future.

Trellix researchers examined leaked messages from the ransomware group’s discussion channel and discovered communications from “Saint,” also known as “sailormorgan32,” who is believed to be a ranking member of the operation, “coder0,” who seemed to be behind a Windows-based ransomware strain, and “Kilanas,” who is allegedly a Russian Federation Ministry of Defense member.

Suspected Ukraine-based HelloKitty ransomware gang has also been mentioned in the chats, with suspected member Guki complaining in the chats regarding inadequate manpower to exploit dozens of working credentials.

“When people start trusting technology and they trust the encryption to give them safety, they will let their guard down and you get these interesting chats. As a researcher from the sidelines, I’m always very eager to receive these chats because it really ties the Russian cybercriminal ecoclimate together. You can see how Yanluowang is tied to other organizations,” said Trellix Head of Threat Intelligence John Fokker.

Source…

Bot malware uncovered using gaming applications on Microsoft store

/in


Check Point Research has revealed a new malware Electron-bot that is actively being distributed through Microsoft’s official store. 

With more than 5000 machines already affected in 20 countries so far, the malware continually executes attacker commands, such as controlling social media accounts on Facebook, Google and Sound Cloud. The malware can register new accounts, log in, comment on and “like” other posts. 

CPR urges users to immediately delete applications from a number of publishers.

Dubbed Electron-bot by CPR, the malware’s full capabilities include SEO poisoning, an attack method in which cybercriminals create malicious websites and use search engine optimisation tactics to make them show up prominently in search results. This method is also used as a sell as a service to promote other websites ranking.

The malware also utilises Ad Clicker, a computer infection that runs in the background and constantly connects to remote websites to generate ‘clicks’ for advertisement, hence profiting financially by the amount of times an advertisement is clicked.

It can promote social media accounts, such as YouTube and SoundCloud to direct traffic to specific content and increase views and ad clicking to generate profits, as well as promote online products, to generate profits with ad clicking or increase store rating for higher sales.

 

In addition, as Electron-bot’s payload is dynamically loaded, the attackers can use the installed malware as a backdoor in order to gain full control on the victim’s machine.

“This research analysed a new malware called Electron-bot that has attacked more than 5000 victims globally,” says Daniel Alima, Malware Analyst at Check Point Research.

“Electron-bot is downloaded and easily spread from the official Microsoft store platform. The Electron framework provides Electron apps with access to all of the computer resources, including GPU computing. 

“As the bot’s payload is loaded dynamically at every run time, the attackers can modify the code and change the bots behaviour to high risk,” he says. 

“For example, they can initialise another second stage and drop a new malware such as ransomware or a RAT. All of this can…

Source…

Prosecutor won’t charge reporter who uncovered database flaw

/in


Posted:

Prosecutor Wont Charge Reporter Who Uncovered Database Flaw
KOAM Image

ST. LOUIS, Mo. – A Missouri prosecutor will not charge a journalist who exposed a state database flaw. That flaw he discovered allowed public access to thousands of teachers’ Social Security numbers. The Governor had ordered a criminal investigation into the journalist.

(Previous Article: Missouri Governor accuses reporter of hacking DESE website)

The Database Flaw

In October of 2021, the State shut down the Missouri Department of Elementary and Secondary Education webpage. It happened after St. Louis Post-Dispatch reporter uncovered a security flaw that could have potentially exposed teachers’ sensitive information.

State officials say someone took the records of at least three educators, unencrypted the source code from the webpage, and viewed the social security numbers of those specific educators.

The St. Louis Post-Dispatch reported it discovered the vulnerability in a web application that allowed the public to search teacher certifications and credentials.

The newspaper held off publishing a story about the flaw until the state fixed it.

The Investigation into the Database Flaw

Governor Parson announced a criminal investigation in October of 2021. He alleged the newspaper journalist was “acting against a state agency to compromise teachers’ personal information in an attempt to embarrass the state and sell headlines for their news outlet. We will not let this crime against Missouri teachers go unpunished.”

Democratic state Rep. Ashley Aune, of Kansas City, accused Parson of a “smear campaign” against the Post-Dispatch journalist when it was Parson’s administration that stored the private information and left it unprotected.

“This fiasco perfectly illustrates why Missouri needs to get serious about confronting 21st century cyberthreats,” Aune said.

Aune helped write a section of Senate Bill 49 that created the Missouri Cybersecurity Commission.

The Post-Dispatch released a statement in which it said the reporter in question did the right thing by reporting the issue.

“A hacker is someone who…

Source…