News

Weekly News Recap 11

As always, plenty of things happened this week, but no worries if you had no time to go through all the news. Our weekly news recap will keep you up to date on APTs, Cryptocurrencies, Darknet, General Security, Privacy and Ransomware news.

Additionally, you might have heard of I2P, a network similar to Tor. It has some interesting characteristics but the official documentation is a bit hard to get through. This week, I wrote an article offering a simple introduction to how it works.

APT

Twitter suspends two accounts used by DPRK hackers to catfish security researchers (The Record)

Earlier this year, Google identified a campaign carried out by North Korea where hackers would create accounts claiming to be security researchers, and try to redirect actual security researchers to malicious websites to try and infect their computer with malware. On October 15th, Twitter suspended two accounts that were involved in this scheme.

Russian cybercrime gang targets finance firms with stealthy macros (Bleeping Computer)

Researchers discovered a new phishing campaign named MirrorBlast. It takes advantage of malicious Excel macros which are not detected by VirusTotal, but only impacts the 32-bit version of Office. If an attack succeeds, a malicious MSI package is downloaded and installed. It then contacts a C2 command to retrieve further instruction, whose effects are unknown as of now. The culprit appears to be TA505, a Russia related group.

Chinese tech minister says he's 'dealt with' 73,000 sites that breached the law (The Register)

China's Minister of Industry and Information technology announced that China investigated 1.83 million apps to make sure they "don't infringe users' rights and interests" and required "rectification" from 4,200 of them since 2020. In addition, 73,000 websites were "investigated and dealt with in accordance with the law".

State-backed hackers breach telcos with custom malware (Bleeping Computer)

Symantec discovered a new APT targeting IT, telecoms, and government entities in South Asia, and named it Harvester. The group uses new malware and is believed to be active since June 2021.

Cryptocurrencies

France tests crypto assets in series of government bond deals (Financial Times)

A group made of some of France's biggest financial market participants used a digital currency issued by the Banque de France as part of a 10-month test in the country's debt market to test the usefulness of a central bank currency. A deputy chief executive at Euroclear concluded that "[they] have together successfully been able to measure the inherent benefits of this technology, concluding that the central bank digital currencies can settle central bank money safely and securely.”

Darknet

Two Individuals Sentenced for Providing “Bulletproof Hosting” for Cybercriminals (US Department of Justice)

Two Eastern European men were sentenced to 24 and 48 months of prison by a Michigan court for proving "bulletproof hosting" used to disseminate malware (including Zeus, and SpyEye) used to attack US companies and financial institutions between 2009  and 2015.

General Security

Windows 10, iOS 15, Ubuntu, Chrome fall at China’s Tianfu hacking contest (The Record)

The fourth edition of the Tianfu hacking contest took place this month and was featuring 16 targets (including Chrome, Safari, Docker, VMware, Domestic Vehicles, ...) that researchers could target to find vulnerabilities. 11 of these targets ended up with found vulnerabilities.

Not just deprecated, but deleted: Google finally strips File Transfer Protocol code from Chrome browser (The Register)

The Chromium team removed the support for FTP from Chrome. The change will take effect from the version 95.

Hacker steals government ID database for Argentina’s entire population (The Record)

A hacker has broken into the Argentinian's National Registry of Persons (RENAPER) and published ID card photos and personal details of 44 Argentinan celebrities. The Ministry of Interior claims that “the [RENAPER] database did not suffer any data breach or leak,” but that the hacker only queried the database for 19 photos. The hacker however claims that he has a copy of the database, and might publish the data of 1 or 2 million people soon.

U.S. Government Bans Sale of Hacking Tools to Authoritarian Regimes (The Hacker News)

The US Department of Commerce announced new rules that will take effect in 90 days, and establish new controls on "cybersecurity items" (e.g. surveillance tools) exports by requiring a license. An exception would allow exporting to most countries "while retaining a license requirement for exports to countries of national security or weapons of mass destruction concern.  In addition, countries subject to a U.S. arms embargo will require a license."

Google unmasks two-year-old phishing & malware campaign targeting YouTube users (The Record)

The Google Threat Analysis Group attributed a two years campaign aiming to take control of YouTube accounts to a group of hackers recruited in a Russian-speaking forum. The hackers would reach to victims via email with business opportunities, ask them to install and test applications, and would them hijack authentication cookies from their browser to access and steal their YouTube accounts. More than 4,000 accounts were reportedly impacted.

Privacy

Doctor is set for possible £100,000 pay-out after judge's landmark ruling that her neighbour's Ring doorbell cameras breached her privacy (Daily Mail)

A resident of Oxfordshire might be eligible to be compensated with more GBP 100,000 after claiming that one of her neighbours was invaliding her privacy by having security cameras recording (including audio) her gate, garden and car parking spaces.

What’s Brave Done For My Privacy Lately? Episode #11: Debouncing (Brave Blog)

Bouncing consists of a website using third parties to redirect you somewhere. For example, a website could - in order to track you - have a link to traker.com/?site=example.com to redirect you to example.com instead of a link to example.com directly. Brave Browser implemented protection against this in its version 1.32, where it is getting rid of the intermediary.

Japanese messaging giant Line admits it mishandled user data, promises to do better (The Register)

Line, a very popular messaging and payment application in Asia where it has more than 700 million users admitted that it had suffered multiple shortcomings and put users' personal information at risk. Earlier this year, it was revealed that some users' data was processed in China (potentially putting it at risk) and/or stored in South Korea, while the company promised its users that all the data was stored in Japan.

7-Eleven breached customer privacy by collecting facial imagery without consent (ZDNet)

Australia's information commissioner found out that 7-Eleven has been collecting without notice the facial images of customers between June 2020 and August 2021 as part of a survey program. 7-Eleven has been ordered to destroy all the collected faceprints and to stop their collection.

Privacy-preserving Brave Search Replaces Google as the Default Search Engine in the Brave Browser (Brave Blog)

Brave announced it would start to use Brave search as a default to help giving users "the privacy and independence of a search/browser alternative to big tech." It replaces Google in the US, UK, and Canada, Qwant in France, and DuckDuckGo in Germany.

Ransomware

US links $5.2 billion worth of Bitcoin transactions to ransomware (Bleeping Computer)

The U.S. Treasury Department's Financial Crimes Enforcement Network (FinCEN) calculated that the top 10 more common ransomware variants received about USD 5.2 billion in Bitcoin between July 2018 and Now.

REvil Disappears Again: ‘Something Is Rotten in the State of Ransomware’ (Flashpoint Intel)

On October 17th a REvil operator announced on the XSS hacking forum that the group was shutting down. This happens after someone used their Tor hidden service's private key to hijack their website (see this article if you need a reminder about Tor hidden services.)

Free BlackByte decryptor released, after researchers say they found flaw in ransomware code (Grahan Cluley)

Researchers at Trustwave released a free decryption tool for BlackByte ransomware taking advantage of an odd encryption design where the malware would use the same AES key to encrypt the files, rather than having a unique key in each session.

Evil Corp demands $40 million in new Macaw ransomware attacks (Bleeping Computer)

Evil Corp started using a new ransomware named Macaw Locker in order to try to bypass sanctions that were decided against the group in 2019 and prevent victims from paying. Olympus and Sinclair Broadcast Group were reportedly hit by this new ransomware that demanded USD 28 and 40 Million.

Interesting Reads

Author image

About Ixonae

You've successfully subscribed to Ixonae on Security
Great! Next, complete checkout for full access to Ixonae on Security
Welcome back! You've successfully signed in.
Unable to sign you in. Please try again.
Success! Your account is fully activated, you now have access to all content.
Error! Stripe checkout failed.
Success! Your billing info is updated.
Error! Billing info update failed.