Hackers target Japanese politicians with new MirrorStealer malware
Analysts from ESET are reporting on a cybercrime group known as MirrorFace, which had been observed targeting Japanese politicians in the weeks prior to the July House of Councilors election. The group was using a previously undocumented credentials stealer named ‘MirrorStealer.’ The ESET analysts said they were able to “piece together evidence thanks to operational mistakes made by the hackers that left traces behind.” The criminals used a new information-stealing malware in combination with its “signature backdoor,” LODEINFO, which communicated with a C2 server known to belong to APT10 infrastructure.
Crooks use HTML smuggling to spread QBot malware via SVG files
Researchers at Talos have uncovered a phishing campaign that distributes QBot malware using a technique that “leverages Scalable Vector Graphics (SVG) images embedded in HTML email attachments.” According to Security Affairs, HTML smuggling as it is known, is a malware delivery technique that uses legitimate HTML5 and JavaScript features. Payloads are delivered via encoded strings in an HTML attachment or webpage, and the malicious HTML code is generated within the browser on the target device which is already inside the security perimeter of the victim’s network.
FBI charges 6, seizes domains linked to DDoS-for-hire service platforms
The U.S. Department of Justice (DoJ) has announced the seizure of 48 domains offering to perform distributed denial-of-service (DDoS) attacks for other threat actors – a technique that significantly powers the barrier to entry for cybercrime. The six defendants have been charged with running various booter (or stresser) services, as well as violating the computer fraud and abuse act. These websites, although claimed to provide testing services to assess the resilience of a paying customer’s web infrastructure, and are believed to have targeted several victims in the U.S. and elsewhere, such as educational institutions, government agencies, and gaming platforms.
LEGO BrickLink bugs let hackers hijack accounts, breach servers
Analysts at Salt Security have discovered two API security vulnerabilities in BrickLink.com, which is the official second-hand and vintage marketplace for LEGO bricks, and is the world’s largest online community of LEGO fans, with over a million registered members. The two API issues could have allowed an attacker to take over members’ accounts, access and steal personally identifiable information (PII) stored on the platform, or even gain access to internal production data and compromise internal servers.” The first vulnerability is a cross-site scripting (XSS) flaw in the “Find Username” dialog box loctated in the coupon search section, while the second flaw was located on the “Upload to Wanted List” page, in whihc users upload XML lists containing LEGO parts they are in search of.
Thanks to this week’s episode sponsor, Fortra
Microsoft’s EU data boundary plan to take effect January 1
Following up on a story we brought you yesterday, Microsoft stated on Thursday that it will “begin rolling out the first phase of its European Union data boundary plan from January 1, 2023 that’ll allow customers to store and process their customer data within the EU.” This development comes shortly after the EU commission had officially started approving the EU-US Data Privacy Framework. According to ComputerWorld, “under the first phase of the plan, companies that use Microsoft products and services will be able to store and process their customer data within the EU. Microsoft has included Azure, Power BI, Dynamics 365 and Office 365 under the first phase.”
NSA says Chinese hackers are actively attacking Citrix flaw
Following up on a story we brought you in Wednesday’s “You Should Probably Patch That” feature, the NSA said on Tuesday that it believes a Chinese hacking crew known as APT5 “has demonstrated capabilities” against an application delivery controller made by Citrix. According to Cyberscoop, “Citrix released an emergency patch to fix the vulnerability on Monday and said that ‘“’exploits of this issue on unmitigated appliances in the wild have been reported.’”’ The NSA has historically preferred to monitor such attacks rather than publicizing them, but in recent years it has grown more proactive in sharing intelligence on attackers such as APT5. Of special note in this story, Allan Liska, an intelligence analyst at Recorded Future said, “Combined with the recent Fortinet vulnerability it could make for a lousy Christmas. The two are equally bad in terms of being remote code execution and pre-auth. They are also both devices that tend to be publicly accessible from the internet, which means bad guys are likely already scanning for potential victims.”
ChatGPT owner OpenAI projects $1 billion in revenue by 2024
ChatGPT is a new and versatile chatbot developed by OpenAI, a research organization co-founded by Elon Musk and investor Sam Altman and backed by $1 billion in funding from Microsoft Corp. It is expecting its business to surge in the new year. According to Reuters, “three sources briefed on OpenAI’s recent pitch to investors said the organization expects $200 million in revenue next year and $1 billion by 2024.” The article states that OpenAI charges developers licensing its technology about a penny or a little more to generate 20,000 words of text, and about 2 cents to create an image from a written prompt, according to its website.
(Reuters)
UK arrests five for selling ‘dodgy’ point of sale software
According to The Register, “tax authorities from Australia, Canada, France, the UK and the US have conducted a joint probe into “electronic sales suppression software” – applications that falsify point of sale data to help merchants avoid paying tax on their true revenue.” An announcement last Friday from the Joint Chiefs of Global Tax Enforcement (known as the J5), states that the probe resulted in the arrest of five individuals in the UK. The software allows retailers to keep a separate set of books and launder money in one transaction. 5 chief and Australian Taxation Office deputy commissioner John Ford described as an example how a customer might order a $60 steak and a $100 bottle of wine,at which point the software changes the transaction, recording it in the point of sale system as “a $10 bowl of chips and a $4 bottle of soft drink.”