Phony Instagram ‘support staff’ emails hit insurance company
A phishing campaign disguised as originating from Instagram technical support was used to steal login credentials from employees of a prominent U.S. life insurance company headquartered in New York. According to a report published by Armorblox on Wednesday, the attack bypassed Google’s email security by using a valid domain name. Although the email had grammar, spelling and capitalization errors, including spelling “Instagram Support” with a capital “L,” and the email itself coming from membershipform@outlook.com.tr, which is based in Turkey. The researchers said that despite these misspellings, it clearly demonstrates that people are not seeing anything more than the word ‘membershipform’ before clicking on the link.
Facebook hit with $18.6 million GDPR fine over 12 data breaches in 2018
The Irish Data Protection Commission (DPC) on Tuesday stated that Meta Platforms failed to have in place appropriate technical and organizational measures to protect EU users’ data, in the context of the twelve personal data breaches.” Meta responded by stating, that the fine was in relation to “record keeping practices from 2018 that we have since updated, not a failure to protect people’s information.”
Microsoft Defender tags Office updates as ransomware activity
Windows admins were hit yesterday by a wave of Microsoft Defender for Endpoint false positives where Office updates were tagged as malicious, in alerts pointing to ransomware behavior detected on their systems. Microsoft confirmed the mistake, stating Admins may have seen an alert reading ‘Ransomware behavior detected in the file system.’ These alerts were triggered on OfficeSvcMgr.exe file. Microsoft says it has deployed a code update to correct the problem and to ensure that no new alerts will be sent, and have re-processed a backlog of alerts to completely remediate impact.
FBI Issues a lookout for SIM swapping attacks
The agency recently disclosed an increase in SIM swapping accounts to compromise victims’ virtual currency accounts and steal money from US citizens. From January 2018 to December 2020, the FBI Internet Crime Complaint Center (IC3) received 320 complaints related to SIM swapping incidents with adjusted losses of approximately $12 million. In 2021, IC3 received 1,611 SIM swapping complaints with adjusted losses of more than $68 million.
(CISOMag)
Thanks to our episode sponsor, Varonis
New ransomware LokiLocker bundles destructive wiping component
This malicious program uses a relatively rare code obfuscation technique and includes a file wiper component that attackers could use against non-compliant victims. It targets English-speaking victims and Windows PCs, says researchers from BlackBerry’s Research & Intelligence Team. “It should not be confused with an older 2016 ransomware family called Locky, or LokiBot, which is an infostealer, or LockBit ransomware. Its list of activities includes displaying a fake Windows Update screen, disabling the Windows Task Manager, Windows Error Recovery, Windows Defender and Windows Firewall, removing system restore points, collecting information about the infected system, and encrypting user data for ransom.
Hacker breaches key Russian ministry using VNC
The hacker, who goes by the handle Spielerkid89, did not intend to harm the organization and left its systems intact. However, his experiment is a perfect example of how poor cyber hygiene can leave organizations vulnerable. Using Shodan, he was investigating whether he could find Russian IPs with disabled authentication. He soon discovered an open virtual network computing port with disabled authentication. This connected to a computer belonging to the Ministry of Health in the Omsk region of Russia. He did not need any password or authentication, and stated he was able to access people’s names, other IP addresses pointing to other computers on the network, and financial documents. The hack was independently confirmed by Cybernews.com.
New infinite loop bug in OpenSSL could let attackers crash remote servers
The maintainers of OpenSSL have shipped patches to resolve a high-severity security flaw in its software library that could lead to a denial-of-service (DoS) condition when parsing certificates. Tracked as CVE-2022-0778 (CVSS score: 7.5), the issue stems from parsing a malformed certificate with invalid explicit elliptic-curve parameters, resulting in what’s called an “infinite loop.” “Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial-of-service attack,” OpenSSL said in an advisory published on Tuesday.
Software upgrades help Mars helicopter keep flying
NASA has extended the mission of the Ingenuity Mars helicopter and given it the task of assisting the Perseverance rover. Ingenuity arrived on Mars in February 2021 along with the rover, and was expected to fly just a handful of times as a technology demonstration. The craft exceeded expectations and its mission was moved into an “operational demonstrations” phase. It has already been upgraded to reduce navigation errors during flight, to raise its ceiling above 50 feet, and to change airspeed as it flies. Another past boost imbued Ingenuity with better abilities to understand and adjust to changes in terrain texture during flight. For those curious about its software, NASA states on the helicopter’s website that is does not discuss software specifics for security reasons, but that it does not run Apache or log4j nor is it susceptible to the log4j vulnerability.
(The Register and NASA)