Pro-Russian hacker group KillNet plans to attack Italy today
The pro-Russian hacktivist group is one of the most active non-state actors operating within the Russia-Ukraine war theater. It started its operation on February 25, 2022, and prior it had been selling a cyber technologies. The group declared war on Anonymous and on Western countries, it has its own Telegram channel with tens of thousands of members. The group announced a massive attack against Italy, planned for today, Monday, May 30 at 05:00 a.m. Italian time. So this, of course will be a developing story.
Microsoft warns that hackers are using more advanced techniques to steal credit card data
Microsoft researchers state that credit card skimmers are on the rise, and threat actors are employing even more sophisticated methods hide their malicious code that steals information from consumers. To avoid detection, they are hiding their code snippets in image files, which they inject into web applications that are popular, and disguise them as white-hat sites. One additional trend is that of script spoofing, where scammers manufacture fake Google Analytics or Meta Pixel tracking pages to make skimmers appear legitimate. For now, the only way customers can minimize the damage caused by skimmers is to use one-time private cards, set strict payment limits, or use electronic payment methods, rather than using paper checks.
China makes offer to ten nations to help run their cyber-defenses
China has begun talking to ten nations in the South Pacific with an offer to help them improve their network infrastructure, cyber security, digital forensics and other capabilities – all with the help of Chinese tech vendors. Reuters broke the news of China’s ambitions after seeing a draft agreement that China’s foreign minister Wang Yi is reportedly tabling on a tour of Pacific nations this week and next. The draft agreement proposes assistance with data governance, training local police, mapping the marine environment, supplying customs management applications, possible funding of data links to island nations, and cyber-security assistance. The nations which may include Kiribati, Samoa, Fiji, Tonga, Vanuatu, Papua New Guinea and East Timor, are all very small and heavily reliant in internet, but are also highly strategic for communications, shipping, and a range of other international priorities.
(The Register And CNN)
Patch now: Zoom chat messages can infect PCs, Macs, phones with malware
Zoom has fixed a security flaw in its video-conferencing software that a miscreant could exploit with chat messages to potentially execute malicious code on a victim’s device. Tracked as CVE-2022-22787, the bug is a medium-severity vulnerability and affects Zoom Client for Meetings running on Android, iOS, Linux, macOS and Windows systems before version 5.10.0. Someone who can send you chat messages could cause your vulnerable Zoom client app to install malicious code, such as malware and spyware, from an arbitrary server. As Zoom explained in a security bulletin, these earlier software versions fail “to properly validate the hostname during a server switch request.”
Thanks to today’s episode sponsor, Feroot
Learn more at www.feroot.com.
Ransomware demands acts of kindness to get your files back
GoodWill ransomware, which security firm CloudSEK described this week, isn’t interested in extorting money from you. It wants you to do something good for the world. Like most other ransomware, GoodWill encrypts the usual file types – documents, databases, photographs, and videos – locking away your content. But rather than demand thousands of pounds worth of cryptocurrency in exchange for the decryption key, the GoodWill ransomware wants you to do something good for the world – three things, actually: The first request is for you to donate new clothes and blankets to the homeless. The second involves taking five poor children (under the age of 13) to Dominos, Pizza Hut, or KFC, and allow them to order any food that they wish, and the third, involves providing financial assistance to those who need urgent medical assistance, but cannot afford to pay for it themselves. Video proof of each is required.
(Tripwire)
Cybersecurity breach at the city of Portland led to fraudulent $1.4M transaction
Officials said the incident happened in late April and was discovered after the city flagged another fraudulent financial transaction attempt from the same account on May 17. According to the city, preliminary evidence indicates that an unauthorized, outside entity gained access to a city of Portland email account.
Mobile trojan detections rise as malware distribution level declines
Kaspersky’s quarterly report on mobile malware distribution notes a downward trend that started in late 2020. Despite the overall demise in malware volumes, the security company reports a spike in trojan distribution, including generic trojans, banking trojans, and spyware. This development underlines an increasing focus on more sophisticated and damaging operations to gradually replace the low-yielding adware and “risk-tools”. Detections for mobile banking trojans have increased by about 40% compared to the previous quarter, and the number doubled compared to Q1 2021 data. This type of malware typically overlays login screens on top of legitimate banking or cryptocurrency management apps to steal people’s account credentials.
The week in ransomware
A new extortion group called RansomHouse claimed to have attacked the Saskatchewan Liquor and Gaming Authority back in December. The latest annual Verizon Data Breach Investigation Report was released, and it found that ransomware incidents were up 13 per cent last year over 2020, with mistakes by employees, partners and others responsible for 14 per cent of all data breaches in 2021. And hundreds of Indian air travelers were stranded inside their planes after the low-cost airline SpiceJet canceled or delayed flights due to an attempted ransomware attack.