Phony Instagram ‘support staff’ emails hit insurance company
A phishing campaign disguised as originating from Instagram technical support was used to steal login credentials from employees of a prominent U.S. life insurance company headquartered in New York. According to a report published by Armorblox on Wednesday, the attack bypassed Google’s email security by using a valid domain name. Although the email had grammar, spelling and capitalization errors, including spelling “Instagram Support” with a capital “L,” and the email itself coming from membershipform@outlook.com.tr, which is based in Turkey. The researchers said that despite these misspellings, it clearly demonstrates that people are not seeing anything more than the word ‘membershipform’ before clicking on the link.
Facebook hit with $18.6 million GDPR fine over 12 data breaches in 2018
The Irish Data Protection Commission (DPC) on Tuesday stated that Meta Platforms failed to have in place appropriate technical and organizational measures to protect EU users’ data, in the context of the twelve personal data breaches.” Meta responded by stating, that the fine was in relation to “record keeping practices from 2018 that we have since updated, not a failure to protect people’s information.”
Microsoft Defender tags Office updates as ransomware activity
Microsoft Defender for Endpoint alarms started ringing yesterday when Microsoft Office updates got mistakenly tagged as malicious or even ransomware. Microsoft confirmed the mistake, stating Admins may have seen an alert reading ‘Ransomware behavior detected in the file system.’ These alerts were triggered on OfficeSvcMgr.exe file. Microsoft says it has deployed a code update to correct the problem and to ensure that no new alerts will be sent, and have re-processed a backlog of alerts to completely remediate impact.
FBI Issues a lookout for SIM swapping attacks
The agency recently disclosed an increase in SIM swapping accounts to compromise victims’ virtual currency accounts and steal money from US citizens. From January 2018 to December 2020, the FBI Internet Crime Complaint Center (IC3) received 320 complaints related to SIM swapping incidents with adjusted losses of approximately $12 million. In 2021, IC3 received 1,611 SIM swapping complaints with adjusted losses of more than $68 million.
(CISOMag)
Thanks to our episode sponsor, Varonis
New ransomware LokiLocker bundles destructive wiping component
“This malicious program uses a relatively rare code obfuscation technique and includes a file wiper component that attackers could use against non-compliant victims.” It targets English-speaking victims and Windows PCs, says researchers from BlackBerry’s Research & Intelligence Team. “It should not be confused with an older 2016 ransomware family called Locky, or LokiBot, which is an infostealer, or LockBit ransomware. Its list of activities includes displaying a fake Windows Update screen, disabling the Windows Task Manager, Windows Error Recovery, Windows Defender and Windows Firewall, removing system restore points, collecting information about the infected system, and encrypting user data for ransom.
Hacker breaches key Russian ministry using VNC
The hacker, who goes by the handle Spielerkid89, “did not intend to harm the organization and left its systems intact.” Using Shodan, he was investigating whether he could find Russian IPs with disabled authentication. He soon discovered an open virtual network computing port with disabled authentication. This connected to a computer belonging to the Ministry of Health in the Omsk region of Russia. He did not need any password or authentication, and stated he was able to access people’s names, other IP addresses pointing to other computers on the network, and financial documents. The hack was independently confirmed by Cybernews.com.
New infinite loop bug in OpenSSL could let attackers crash remote servers
OpenSSL is shipping patches to take care of a high-severity security flaw in its software library that “could lead to a denial-of-service (DoS) condition when parsing certificates.” The problem comes from “parsing a malformed certificate with invalid explicit elliptic-curve parameters, resulting in what’s called an “infinite loop.” “Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial-of-service attack,” OpenSSL said in an advisory published on Tuesday.