Security news 10

Stay safe. We bring you our regular overview of security news.

PrintNightmare: Fails to Fix Vulnerability

This is the first case of seizure of funds paid during a ransomware attack. The US Department of Justice managed to recover 63.7 Bitcoins out of a total A vulnerability that allows any source code to run on Windows with SYSTEM privileges has been removed by Microsoft. However, it turned out that it was very careless and did not eliminate the vulnerability itself, just one of the ways of misusing it. Since the patch was released, the researchers published information on how to misuse it. After finding out that it was still relatively easy to use the vulnerability in the default settings (Remote code execution), they tried to cease their procedures, but in the meantime, they began to spread further. So far, one of the defense options is to turn the Printer spooler off.

Europol Has Targeted the VPN Network Used By Ransomware Gangs

The FBI, Europol and the Australian Federal Police (AFP), in collaboration with law enforcement agencies from several countries, have reached a high The VPN service used by cybercriminals to hide their activities (ransomware attacks, phishing campaigns, etc.) was disconnected and the servers were seized by law enforcement agency. Europol, the FBI and several law enforcement agencies were part of the operation. The network, promoted in English or Russian-speaking dark web, has been offering its cheapest services for $ 25.

Website of Mongolian Certificate Authority Has Been Compromised

The Mongolian Certificate Authority (CA) website was found to have become a source of malware, allowing backdoor clients to be downloaded. Due to the number of different backdoors and web shells, it is estimated that the website was breached up to eight times. Interestingly, steganography was used to unpack and decrypt hidden code containing the Cobalt Strike beacon (normally a legitimate software used by penetration testers).

1500 Companies Compromised After Another Attack on the Supply Chain

Kaseya announced that it had become the victim of a cyberattack on July 2. By exploiting the vulnerability in their VSA product, several of the company’s customers have been compromised. Only about 0.1% of customers are affected, otherwise the damage would be much greater. Thanks to zero-day vulnerabilities, attackers were able to bypass authentication and run a code that allowed them to install ransomware on endpoints. The attackers used the REvil ransomware service. After demanding $ 70 million in ransom, an investigation was launched in the United States. Unlike other ransomware attacks, it still looks like the attackers failed to copy the data before its encryption. In connection with the attack, the White House issued information that if Russia does not deal with the ransomware gangs involved in these activities, the United States will respond. They refer to the Biden-Putin presidents’ meeting, where President Biden made it clear that attacks on critical infrastructure are unacceptable and will not be tolerated. There is ongoing communication between the US and Russian authorities regarding this topic. Even if the attacks were not supported by Russia, they are still perceived as responsible for solving this problem on their territory.

600 Million LinkedIn Profiles for Sale on Darknet

For the third time in past few months, data on LinkedIn users are offered for sale. The social network denies any information leakage. The data was more likely collected from publicly available information in the profiles of individual users. Depending on your privacy level, this includes: LinkedIn ID, LinkedIn profile URL, full name, email address, date of birth, sex, phone number, location, links to other social networks, professional degrees, and other work-related information. It is recommended to tighten the settings and hide at least the phone number or e-mail. It is also necessary to be more vigilant, since the leaked profiles can become the target of attackers.

Stolen Credit Card Data Found in Images

Magecart hackers focus on stealing credit card data. Sucuri researchers were able to uncover their latest tactic of masking stolen data. Stolen credit card details were dumped into file images on servers. Using this trick, they manage to hide their presence and obtain data by a simple GET request. Pieces of text encoded with based64 encoding, which included the credit card number, CVV, expiration date, billing address, and others, were gradually added to the image data.