Genesis Market platform seized by police
On Tuesday, an FBI-led operation seized Genesis Market, one of the most significant online platforms where criminals sell stolen credentials along with tools to weaponize that data. The market has been linked to millions of financially motivated cyber incidents globally, from fraud to ransomware attacks. A splash page revealing the takedown, titled Operation Cookie Monster, has replaced the login pages on Genesis Market’s websites on both the dark and regular web. It is believed that a large number of arrests related to the crackdown are being carried out globally.
Rorschach is now the fastest ransomware encryptor
Researchers from Check Point detected a new ransomware strain, dubbed Rorschach, that does not appear to be affiliated with any known ransomware groups. After conducting 5 separate local drive encryption tests, researchers concluded that, “we have a new speed demon in town.” Rorschach’s average approximate encryption time was 4 minutes, 30 seconds compared to the 7 minute average encryption speed of LockBit v.3. Rorschach is able to achieve its high speeds, “by adjusting the number of encryption threads via the command line argument.” Also notable is that Rorschach is highly customizable, has self-replicating capabilities from Domain Controllers, can leverage direct syscalls, and is able to clear system logs.
(Security Affairs and Infosecurity Magazine)
Tax return software caught serving malware
eFile.com, an IRS-authorized online tax filing service, has been observed serving up malicious JavaScript files on its website just in time for tax season. The malicious file in question is called ‘popper.js’ which serves up an error stating “This site can’t be reached” and contains a link which downloads a Windows-based Trojan. On March 17, a Reddit thread surfaced speculating that eFile.com’s site had been hacked because of an SSL error on the site. The malware was active on efile.com until at least this past Saturday, but has been removed from the site as of Tuesday.
(Bleeping Computer and PCMag)
Ransomware exploits Veritas Backup Exec bugs
An ALPHV/BlackCat ransomware affiliate was observed exploiting three vulnerabilities impacting the Veritas Backup product for initial access to target networks. Researchers from Mandiant detailed the high-severity Veritas flaws they first observed being exploited in the wild back in October. The researchers say there are still more than 8,500 IP addresses still advertising the “Symantec/Veritas Backup Exec ndmp” service on the public web.
And now a word from our sponsor, Normalyze
Their cloud-native platform manages data security posture and compliance by automatically tracking risks to sensitive data, visually showing teams who can access what, and quickly block unauthorized access or vulnerable points of attack.
Discover, visualize, and secure your cloud data in minutes with Normalyze Freemium. Go to normalyze.ai.
Canadian privacy commissioner launches ChatGPT investigation
The Office of the Privacy Commissioner of Canada (OPC) has launched an investigation into OpenAI’s ChatGPT chatbot. The OPC said Tuesday that the case was launched in response to “a complaint alleging the collection, use, and disclosure of personal information without consent. The speed at which it’s moving is outpacing our ability to make sense of it, know what risks it poses.” This investigation follows a series of ChatGPT crackdowns including China and Italy recently blocking its use.
(betakit)
Twitter’s algorithm opens platform to manipulation and bot attacks
Just three days after Twitter publicly released a portion of source code behind the app’s recommendation algorithm, a security researcher found that attackers could manipulate it to silence specific accounts on the platform. The researcher flagged the issue on GitHub stating the code, “allows for coordinated hurting of account reputation without recourse.” In response, Mitre Corporation assigned common vulnerabilities and exposure tags (CVEs) to portions of Twitter’s code due to the denial of service (reduction of reputation score) imposed on victim accounts. Elon Musk indicated he anticipated incurring embarrassment as a result of publicly releasing the code but pledged to quickly fix any bugs identified.
Alcohol recovery startups shared patient data with advertisers
Online alcohol recovery startup Monument, which acquired a similar startup called Tempest in 2022, confirmed a years-long leak of patients’ information in a breach notice filed with California’s attorney general last week. Momentum blamed the breach on their use of third-party tracking systems developed by ad giants including Facebook, Google, Microsoft and Pinterest. Patient data shared with advertisers includes names, dates of birth, email and postal addresses, phone numbers, insurance info as well as patient photos. Monument’s own website says their survey answers are “protected” and “used only” by its care team. CEO Mike Russell confirmed more than 100,000 patients have been affected.
Hackers can remotely open smart garage doors worldwide
Hackers can abuse a series of security bugs in wi-fi enabled Nexx garage door openers to take control of the doors and open them at will. The researcher who discovered the bug found a flaw in the smartphone app, which exposes info from devices belonging to other users. This info can be utilized to control those garage doors completely remotely from anywhere in the world. The researcher said that Nexx did not respond to their attempts to responsibly report the vulnerabilities for months.
(VICE)