BreachForums to shut down amidst law enforcement concerns
The new administrator of BreachForums said they plan to shut down the popular cybercriminal platform after the FBI arrested 21-year-old Conor Brian Fitzpatrick last week. Fitzpatrick is alleged to be the hacker known as pompompurin, the leading administrator of BreachForums. The new administrator, who uses the account name “Baphomet”, said that someone accessed the platform’s backend using pompompurin’s account on Sunday afternoon. Baphomet expressed concerns that law enforcement may have access to the site’s source code and information belonging to forum users.
Hackers use zero-day to drain $1.6 million from Bitcoin ATMs
Over St. Patrick’s Day weekend, unidentified hackers stole more than $1.6 million in cryptocurrency from Bitcoin ATMs owned by General Bytes. Threat actors were able to exploit a zero-day flaw after remotely uploading a java application via the master service interface which terminals use to upload videos. The attacker then compromised API keys used to access and transfer funds, downloaded usernames and password hashes and disabled two-factor authentication (2FA).
DC Health Link hacker motivated by Russian patriotism
On March 7th, D.C. Health Link reported a data breach that exposed sensitive health care information of nearly two dozen members of Congress and their families along with tens of thousands of Washington area residents. The hacker, who goes by the handle “Denfur,” said online that the breach “was an idea born out of Russian patriotism.” Denfur posted a sample of the data to BreachForums along with a message that read “Glory to Russia!”. The breach has already sparked three law enforcement and congressional investigations and a civil lawsuit.
Defender update causes Windows LSA protection warnings
On Tuesday, Microsoft said that its Defender Antivirus updates are triggering security warnings that indicate Local Security Authority (LSA) Protection is turned off. LSA Protection is a security feature that defends sensitive information like credentials from theft by blocking code injection and process memory dumping attacks. The issue only impacts Defender Antivirus build KB5007651 (Version 1.0.2302.21002) on Windows 11 systems. Microsoft said that users who have LSA enabled and have restarted at least once since the update can ignore the warnings until a bug fix is released.
And now a word from our sponsor, Conveyor
Then you might want to check out Conveyor: the end-to-end trust platform helping infosec teams reduce incoming questionnaires and fly through the ones they do have to complete.
Give customers access to a self-serve trust portal to download docs and FAQs. For any remaining questionnaires that do come in, use our GPT-Questionnaire response tool or white-glove questionnaire completion service to knock them completely off your to-do list. Learn more at www.conveyor.com.
.NET devs targeted with malicious NuGet packages
Thirteen packages hosted on the NuGet repository for .NET software developers are actually malicious components that will infect systems to download crypto-stealing malware with backdoor functionality. Researchers say the malicious packages impersonate legitimate software, such as Coinbase and Microsoft ASP.NET, and have been downloaded more than 166,000 times. Researchers say the attack on the .NET software ecosystem is the first time that malicious packages have targeted NuGet.
Antisemitism more than doubled on Twitter since Musk takeover
Days after Elon Musk took over Twitter in October 2022, the social media platform saw a surge in hateful content which the company down-played as a, “focused, short-term trolling campaign.” However, new research reveals that from October 27 until February 9, 2023, tweets deemed “plausibly antisemitic” averaged nearly 13,000 per week. This represented an increase of 105% from the weekly average observed just prior to Musk’s acquisition of the platform. While the researchers acknowledge that their AI algorithm is not perfect, they estimate that their model makes correct decisions roughly 75% of the time.
(Techdirt)
Report finds businesses conflicted about cyber security’s role as a business enabler
A new report released by Trend Micro on Tuesday revealed that while nearly two-thirds (64%) global organizations plan to increase cybersecurity budgets in 2023, business leaders hold conflicting views about the function. Over half (51%) of business decision makers (BSDs) claim cybersecurity is a necessary cost but not a revenue contributor, while a similar share (48%) argue that its value is limited to attack/threat prevention. Nearly two fifths (38%) even view security as a barrier rather than a business enabler. Nonetheless, 81% worry that a lack of cybersecurity credentials could impact their ability to win new business, with about a fifth (19%) admitting it already has.
Renowned researcher Kelly Lum passes away
The cybersecurity community is mourning the passing of security expert Kelly Lum, also widely known by her Twitter handle, @aloria. Lum was the director of information security at Service Channel, a position she held since 2019. Prior to that Lum served an adjunct professor at New York University’s Tandon School of Engineering and regularly lent her expertise at cybersecurity organizations and conferences, including Dark Reading, SummerCon, and Black Hat. Lum served as a member of the Black Hat Advisory Board and as the Defense Track lead.