Rook ransomware is yet another spawn of the leaked Babuk code
BleepingComputer is reporting on a new ransomware operation named Rook which has declared their need to “make a lot of money” by breaching corporate networks and encrypting devices. Rook’s ransomware payload is usually delivered via Cobalt Strike, with phishing emails and torrent downloads as key infection vectors. SentinelLabs has identified code similarities between Rook and Babuk, which is a now defunct Ransomware as a Service that had its source code leaked onto a Russian-speaking forum in September 2021.
Russia fines Google $100m over “illegal” content
A Russian court issued the penalty on Friday “in response to Google’s alleged systematic failure to remove banned content.” The penalty is the largest of its kind to be issued by a Russian court, but it reportedly represents just 6.7% of Google’s Russian revenues last year. Russian journalist Alexander Plushev suggested that the fine “may indicate that the political decision to expel Western services from Russia has been made.” Google has been given ten days to appeal, and its press service said Google would decide whether to appeal after studying the court documents.
Fake Christmas Eve termination notices used as phishing lures
A phishing campaign created to deliver the Dridex malware sent fake termination notices and Omicron-variant COVID exposure warnings to employees of an unnamed comapny. The email informed its recipients that their employment would cease as of Dec. 24, and that the decision was not reversible. An attached password-protected Excel file promised additional details. The attachment once downloaded The deployed Dridex malware from a Discord server in order to start stealing credentials.
BLISTER malware slips in unnoticed on Windows systems
Security researchers at Elastic Search have uncovered a malicious campaign that “relies on a valid code-signing certificate to disguise malicious code as legitimate executables.” A payload called Blister acts as a loader for other malware. It seems to be new, and has a low detection rate. The threat actor behind Blister is using code-signing certificates and other techniques, and has been doing so since at least September 15. The code-signing certificates were issued by digital identity provider Sectigo for a company called Blist LLC with an email address from a Russian provider Mail.Ru.
(Bleeping Computer and Elastic Security)
Thanks to our episode sponsor, Lookout
Ubisoft reveals player data breach came from user error
Ubisoft has announced that data about some of its players may have been stolen following a breach of its IT systems. The breach itself has been blamed on human error. The gaming company, which is headquartered in France, explained in a brief post that “the misconfiguration of its IT infrastructure was quickly identified, but not before unauthorized individuals were able to access and perform a “possible copy” of the information.” Data stolen related to players of the wildly popular Just Dance game.
Bluetooth-using home COVID test was cracked to fake results
Security vendor F-Secure has managed to fake a COVID test result on a Bluetooth-equipped home COVID Test. The Ellume COVID-19 Home Test, a device had been selected because it uses a Bluetooth connected analyzer that connects to a phone app. The fake data was sent to a company named Azova that “certifies the results of COVID tests so that travelers can enter the USA.” F-Secure’s post details a test “in which one of its staff used the Ellume device to test for COVID, produced a negative result, but used the methods above to falsify the results.” According to The Register, the vendor has since fixed the device.
Capital One to pay $190M settlement in data breach
Capital One Financial has agreed to pay $190 million to settle a class-action lawsuit brought by its customers after a hacker broke into its cloud-computing systems and stole customer PII. In July 2019, Capital One made the announcement that data from about 100 million people in the U.S. had been illegally accessed. “Federal authorities ultimately arrested Paige A. Thompson, a former Amazon cloud employee living in Seattle, for breaking into the bank’s server.”A filing with the U.S. District Court for the Eastern District of Virginia states, “while Capital One and AWS deny all liability, they chose to resolve the claims the interest of avoiding the time, expense and uncertainty of continued litigation.”
Jack Dorsey blocked on Twitter by Marc Andreessen
The block comes after Dorsey “criticized certain corners of the venture capital industry and made several specific remarks about the firm Andreessen co-founded, Andreessen Horowitz.” Dorsey had been expressing multiple views on “Web3,” which is intended to be a new decentralized version of the internet based on blockchain. Dorsey added “Web3 would be owned by rich VCs like Andreessen instead of the people”. Andreessen was the co-inventor of the first widely used, point-and-click web browser, which eventually became Netscape.
(CNBC)