As always, plenty of things happened this week, but no worries if you had no time to go through all the news. Our weekly news recap will keep you up to date on APTs, Cryptocurrencies, Darknet, General Security, Privacy and Ransomware news.
Additionally, if you own any digital currencies, you might be interested in our new weekly article suggesting various ways to keep your funds safe.
APT#
Microsoft: Iran-linked hackers breached Office 365 customer accounts (The Record)
Microsoft announced that 250 Office 365 customers were the target of a new Iran-related hacking group who managed to compromise 20 accounts using password spraying. Microsoft named this group DeV-0343 and assessed that the attack was still ongoing.
Cryptocurrencies#
Bank of America insider charged with money laundering for BEC scams (Bleeping Computer)
A US court charged three men with money laundering and aggravated identity theft through business email compromise. The suspects are believed to have stolen USD 1.1 million from at least five victims. One of the alleged perpetrators was employed by Bank of America and was opening bank accounts for his co-conspirators and falsifying bank entries.
OpenSea NFT platform bugs let hackers steal crypto wallets (Bleeping Computer)
OpenSea, one of the largest marketplaces for trading non-fungible tokens was found to have a flaw allowing an attacker to steal all the balance of account owners by having them click on a malicious NFT art. The attack can then be carried on through SVG images including malicious JavaScript code.
Darknet#
White House Market Completed its Shut-Down
On October 1st, Mr White, the White House Market administrator announced that the market would close down. This is now done after the market came offline on October 14th.
V2 Onion Services to be Totally Depreciated From Today
According to the v2 services depreciation timeline provided by the Tor Project, the first version of the Tor client not supporting v2 services is set to be released today. Such services stopped being supported on the server-side starting the version 0.4.6 released on July 2021.
General Security#
Apple quietly patches yet another iPhone 0-day - check you have 15.0.2 (Naked Security)
Apple released (again) an update for iPad and iPhone devices to address 0-day vulnerabilities. One of them was a Kernel memory corruption allowing the execution of arbitrary code with kernel privileges.
Hacker arrested in France for theft of COVID-19 tests for 1.4 million Parisians (The Record)
The French police arrested a man suspected of breaching a Hospital’s system in Paris on September 12th and leaking covid-19 test results of more than 1.4 million patients. He shared links to the leaked information through his Twitter profile and a forum (which might be why he was caught this fast).
Business as usual for Azure customers despite 2.4 Tbps DDoS attack (Microsoft Azure)
Microsoft announced that they mitigated a DDoS attack of 2.4 TB/sec at the end of August. This attack that targeted Microsoft Azure was 140% stronger than the highest DDoS Microsoft experienced in 2020, and came from about 70,000 sources, mostly in the Asia-Pacific region.
Dutch police send warning letters to DDoS booter customers (Bleeping Computer)
Earlier last month, 29 Dutch nationals that were customers of minesearch.zip, a DDoS as a Service, received a warning from the Dutch police stating that their activity had been registered and that further mischiefs would lead them to be prosecuted.
OVH hosting provider goes down during planned maintenance (Bleeping Computer)
The French hosting provider OVH, one of the largest in Europe, suffered an outage due to a human error during the planned maintenance of routers aimed at improving OVH’s resilience against DDoS attacks. This is not the first big problem for the company this year, as they suffered a major fire at one of their data centres in March. The company is due to IPO on Euronext Paris on October 15th.
Apple says Android has up to 47x more malware than iPhone in continued pushback against sideloading (9to5Mac)
Following a legislation proposal in Europe and the US that would force Apple to allow sideloading applications on iOS, the company published a 31 pages security report arguing that it believes this is a harmful idea.
Google gives away 10,000 free security keys to high-risk users (BitDefender Blog)
Following last week’s announcement that 14,000 Gmail users were targeted by the Russian APT Fancy Bear (APT28), Google decided to give away 10,000 Titan security keys to high-risk users.
Google sent 50,000 warnings of state-sponsored attacks in 2021 (Bleeping Computer)
Google announced that it sent about 50,000 alerts related to state-sponsored phishing this year. A nearly 33% increase compared to 2020. The company claimed to be tracking more than 270 state-sponsored hacking groups in more than 50 countries.
Missouri Refers Responsible Bug Report to Prosecutors (Info Risk Today)
A newspaper employee discovered that a government website used to verify teachers certifications was exposing 100,000 social security numbers in the HTML source code. Governor Mike Parson (ridiculously) announced that he considers this to be a hack and will seek prosecution while claiming that the incident could cost Missouri taxpayers as much as USD 50 Million.
WhatsApp’s got your back(ups) with encryption for stored messages (The Register)
WhatsApp began rolling out a feature allowing messages backups to be stored end-to-end encrypted into iCloud and Google Drive. The messages were previously stored unencrypted.
The King is Dead, Long Live MyKings! (Avast)
A new report published by Avast found out that MyKing, a botnet active since at least 2016 appears to have stolen more than USD 24 million in Bitcoin, Ethereum, and Dogecoin, thanks to a clipboard stealer module.
Privacy#
EU legislation introduced to ban anonymous domain registration (Bleeping Computer)
The European Union is drafting legislation stating that “registrants of new domains will be required to provide a valid telephone number belonging to them, while their full name, email, and physical address will have to be verified too.”
Firefox Suggest to display sponsored ads but users can disable them (HackRead)
Firefox introduced a feature named “Firefox Suggest” in Firefox 93. It will display suggestions from trusted partners (which allegedly meet Mozilla’s standard of privacy) when a user types things into the search bar. It can be disabled in the settings.
Study reveals Android phones constantly snoop on their users (Bleeping Computer)
A study conducted by researchers at the Univesity of Edinburg, in the UK, concluded that “Vendor-customized Android variants transmit substantial amounts of information to the OS developer and also to third parties (Google, Microsoft, Linked In, Facebook, etc.) that have pre-installed system apps.” What is even more worrying is that there is no possibility to turn this tracking off.
Belarus: Joining banned Telegram channels will land you in prison (Bleeping Computer)
Belarus law enforcement published a list of over 100 Telegram channels that they consider to be extremism, and that the simple fact of joining them could land you in prison for up to seven years.
Ransomware#
New Australian ransomware plan could freeze or seize cryptocurrencies (The Record)
The Australian government is building a new strategy to fight against ransomware and is considering various measures such as changing the law to allow law enforcement to track and freeze ransomware gains, require ransomware incidents to be reported, new criminal status, and joining international efforts. The full plan is available here.
Ongoing Cyber Threats to U.S. Water and Wastewater Systems (Cybersecurity & Infrastructure Security Agency)
The FBI, CISA, EPA, and NSA released a joint advisory regarding the threats to the US water systems. In this report, we can learn that three facilities have been infected by ransomware this year: in Nevada (March), Maine (July), and California (August).
Cyber assurance : le parlement Français prévoit de sanctionner les entreprises qui payent leurs rançons (Under News - in French)
A French parliamentary report suggests forbidding insurers to cover ransomware ransom payments, arguing that paying ransom only encourages criminals and does not provide any guarantee that the data will be recovered.
U.S. convenes 30 countries on ransomware threat — without Russia or China (The Record)
The US gathered 30 countries on the 13 and 14 of October to discuss global efforts to fight cybercrime by various means such as strengthen law enforcement cooperation. Russia and China weren’t invited this time, but Russia might have the opportunity to participate later, if further sessions are held.