Author Archives: BankInfoSecurity.com RSS Syndication

Trump Orders IaaS Providers to Track Foreign Users

Under Executive Order, Cloud Providers Must Vet Foreign Customers
In the waning hours of his presidency Tuesday, Donald Trump issued an executive order requiring U.S. infrastructure-as-a-service providers and other cloud service providers to maintain detailed records on foreign clients that could be used to help track down those committing cybercrimes.

Microsoft Taking Additional Steps to Address Zerologon Flaw

Company Will Enforce Domain Controller Settings to Block Connections
Microsoft is alerting customers that starting Feb. 9, it will enforce domain controller settings within Active Directory to block connections that could exploit the unpatched Zerologon vulnerability in Windows Server. Microsoft has been warning about the urgency of patching the flaw for months.

OpenWRT Project Community Investigating Data Breach

Open-Source Development Project Asking Members to Reset Passwords
OpenWRT, an open-source project that develops operating systems, firmware and other software for connected and embedded devices, is investigating a data breach after a hacker gained access to an administrator account and apparently was able to access usernames and email addresses for community members.

Privacy Fines: Total GDPR Sanctions Reach $331 Million

But Across Europe, Total Fines and Breach Reports Continue to Vary Widely by Country
Privacy watchdogs in Europe have imposed fines totaling more than $330 million since the EU's General Data Protection Regulation went into full effect in May 2018, according to law firm DLA Piper. Over the past year, regulations received 121,000 data breach notifications, up 19% from the year before.

NZ Reserve Bank Governor Says He ‘Owns’ Breach

Flaw in Accellion's File Transfer Appliance Likely Led to Incident
The governor of New Zealand's Reserve Bank says he "personally owns" responsibility for a data breach that exposed private and sensitive stakeholder information. The breach came after a serious vulnerability was disclosed in December in Accellion's File Transfer Appliance, which the bank uses.

FBI: Disinformation Campaigns Seek to Exploit Capitol Siege

Domestic Extremists Remain Principal Threat Ahead of Biden Inauguration, FBI Warns
The U.S. Capitol siege and the impeachment of President Trump are being exploited for disinformation purposes ahead of Inauguration Day by Russia, Iran and China, a U.S. joint threat assessment reportedly warns. But in terms of violence, domestic extremists are the principal threat.

Joker’s Stash Reportedly Shutting Down Operations

Researchers: Notorious Underground Marketplace Will 'Retire' in February
Joker's Stash, the notorious underground marketplace that has specialized in the sale of stolen payment card data, is reportedly shutting down in February with its administrator claiming to "retire" at that time, according to Gemini Advisory. Researchers say business will quickly move to other sites.

Magecart Groups Hide Behind ‘Bulletproof’ Hosting Service

Researchers Find Groups Hiding JavaScript Skimmers and Phishing Pages
Several Magecart groups hide their JavaScript skimmers, phishing domains and other malicious tools behind a "bulletproof" hosting service called Media Land, according to researchers with RiskIQ. This particular service is notorious for catering to cybercriminals and hackers.

Capitol Riot Suspects Identify Themselves

Livestreaming, Social Media Posts Lead to Arrests
Many of the insurrectionists who marched on the Capitol on Jan. 6 and violently forced their way into the building livestreamed their activities or boasted about them via social media. Those self-identifying actions have helped law enforcement authorities identify some of the more than 70 individuals charged.

Following FireEye Hack, Ensure These 16 Bugs Are Patched

Hunters Could Become the Hunted After Theft of Cybersecurity Firm's Hacking Tools
Because 2020 wasn't already exciting enough, now we have to worry about being hunted by adversaries wielding FireEye's penetration testing tools, thanks to the company having suffered a big, bad breach. Here's a list of targeted flaws that every organization should ensure they've patched.

Target Selection: SolarWinds’ Orion ‘Big Fish’ Most at Risk

Suspected Cyberespionage Operators Likely Only Hacked the Juiciest of Targets
Following the discovery that attackers Trojanized SolarWinds' Orion software, expect the list of organizations that were running the backdoored network-monitoring tool to keep increasing. But with this being a suspected cyberespionage operation, attackers likely focused on only the juiciest targets.

Ransomware Disrupts Scottish Environment Protection Agency

Conti Gang Claims Credit for Christmas Eve Attack and Data Exfiltration
The Scottish Environment Protection Agency says a ransomware attack last month continues to cause serious outages and warns that ransom-demanding attackers also stole some data. The Conti ransomware-as-a-service operation has claimed credit for the attack and begun to leak the stolen data.

NSA Offers Guidance on Adopting Encrypted DNS

Agency Describes How DoH Can Help Prevent Eavesdropping
The NSA has released guidance on how organizations can adopt encrypted domain name system protocols to prevent eavesdropping and manipulation of DNS traffic. Although the agency's report is geared toward the military and defense contractors, its recommendations can be adopted in all sectors.

‘Scam-as-a-Service’ Scheme Spreads

Researchers: 40 Gangs Uses Phony Classified Ads to Launch Phishing Schemes
A Russian-speaking "scam-as-a-service" operation dubbed "Classiscam" is expanding globally, with 40 interconnected gangs in about a dozen countries using fake product advertisements to launch phishing schemes, the security firm Group-IB reports.