See Tickets customer data compromised in years-long credit card data breach
See Tickets, a global ticketing giant, has revealed it has suffered what appears to be a skimmer attack that saw customer personal details and credit card data stolen.
The breach came to light in April 2021, when the company discovered unauthorized access by a third party to certain event checkout pages on the See Tickets website. The malicious activity was fully shutdown only in January 2022, and it took See Tickets another eight months to determine that the customer data was compromised. According to the vendor, impacted data may include personal and financial data (name, address, zip code, payment card number, card expiration date, and CVV number) of customers who purchased event tickets on the See Tickets website between June 25, 2019, and January 8, 2022.
XSS cyber crime forum adds a section for “white hats”
XSS, a well-known hacker forum, has introduced a new “scraper” section for cybersecurity companies, which allows “white hats” to collect data from the forum without being blocked. The new option is available for the price of $2000 for 1 year.
Germany's largest energy provider Enercity hit with a cyberattack
Enercity, one of Germany’s largest energy suppliers, said it was targeted in a hacker attack on October 26. The provider said that its security systems “reacted immediately” and that “greater damage to the company” has been averted. The attack had no impact on critical infrastructure, grids, or plants, the company said.
De-Fi platform Team Finance lost $14.5 million in a hack
De-Fi platform Team Finance said that hackers exploited a platform migration feature and made off with $14.5 million worth in cryptocurrency. The company said that “all funds currently on Team Finance are not at further risk of this exploit.”
Thomson Reuters leaked at least 3TB of sensitive data
A research team at The Cybernews discovered an unprotected ElasticSearch database that contained at least 3GB of data collected by multinational media conglomerate Thomson Reuters. The exposed data included access credentials to third-party servers, login and password reset logs, SQL logs, documents with corporate and legal information about specific businesses or individuals, an internal screening of other platforms such as YouTube, Thomson Reuters clients’ access logs, and connection strings to other databases, as well as other data. The researchers contacted Thomson Reuters about the issue, and the database was promptly secured.
The LockBit ransomware remains the #1 threat for industrial orgs
ICS security firm Dragos released an analizis of the ransomware attacks that have targeted the industrial sector worldwide. According to the report, LockBit 3.0 and Black Basta accounted for the majority of ransomware incidents in the industrial sector observed in Q3 2022.
Microsoft links Raspberry Robin malware to Cl0p ransomware attacks
Microsoft says it discovered recent activity indicating that the Raspberry Robin worm is part of a complex and interconnected malware ecosystem. The company found that in some cases systems infected with Raspberry Robin were used as an entry point for ransomware, more specifically, Cl0p ransomware attacks. Microsoft also confirmed that the worm was developed by Evil Corp, a US sanctioned cyber crime syndicate behind the Dridex trojan and and Locky, BitPaymer, and WastedLocker ransomware strains.
Report identifies “remote control killers” that aim Russian missiles at Ukraine
A six-month-long investigation conducted by Bellingcat, The Insider and Der Spiegel discovered a hidden group of 33 Russian Federation (RF) military service members working within the “Main Computation Centre of the General Staff” of the Russian armed forces allegedly responsible for the terrorist state’s coordinated missile strikes on Ukraine.
The investigation revealed that contacts between these individuals and their superiors spiked shortly before many of the high-precision Russian cruise missile strikes that have killed hundreds and deprived millions in Ukraine of access to electricity and heating. Most members of the team are young men and women, many with IT and even computer-gaming backgrounds. Some of them also worked at Russia’s military command center in Damascus in the period between 2016 and 2021, a timeframe during which Russia deployed cruise missiles in Syria, the reports says.
Kiss-a-Dog cryptojacking campaign targets Docker and Kubernetes
Cybersecurity firm CrowdStrike released a report detailing a new cryptojacking campaign dubbed “Kiss-a-Dog” that targets Docker and Kubernetes using several command-and-control (C2) servers, as well as user and kernel mode rootkits to hide the activity. Kiss-a-Dog relies on tools and techniques previously associated with cryptojacking groups like TeamTNT, which targeted vulnerable Docker and Kubernetes infrastructure
Dormant Colors malvertizing campaign steals browsing and search data
Researchers at Guardio Labs published a report detailing a new malvertizing campaign delivering malicious Google Chrome and Microsoft Edge extensions that steal searchers and browser data and embed affiliate links into web pages. The infection chain begins with advertisements designed to trick a user into installing a seemingly harmless extension. Once the victim installs the extension, they are redirected to yet another advertisement, at the same time, malicious scripts are side-loaded that modify the browser behavior.
Apple fixes iOS zero-day flaw actively exploited in the wild
American tech giant Apple rolled out updates for its iOS and iPadOS operating systems to address 20 security vulnerabilities, including a zero-day flaw said to have been actively exploited by hackers. The bug in question (CVE-2022-42827) is an out-of-bounds write issue that could have been used by a local application to execute arbitrary code with kernel privileges. The tech giant also released security updates to backport patches to older iPhones and iPads.
Google has also released security updates for its Chrome browser that address a zero-day bug (CVE-2022-3723) in the V8 engine said to have been exploited in the wild.
Notorious British hacker accused of running The Real Deal dark web market
A British hacker was charged in the US for allegedly running the now-defunct The Real Deal dark web marketplace that sold illicit goods ranging from hacking tools, botnets and stolen account credentials to drugs and weapons. The defendant, Daniel Kaye, allegedly sold on The Real Deal login credentials for computers belonging to multiple US government institutions, and trafficked in stolen social security numbers.
Daniel Kaye is best known as a developer of and seller of the GovRAT malware used in attacks against US government and military agencies. He was also the culprit behind the 2016 Deutsche Telekom attack, which involved a variant of Mirai malware used to hijack 900,000 of telecom provider’s routers. In 2019 Kaye plead guilty in a London court for launching a series of cyberattacks against Lonestar, a Liberian telecommunications company, that crippled the country’s internet for several days.
In related news, a 26-year-old Ukrainian man was accused in the US for his alleged role in the Raccoon Stealer malware-as-a-service (MaaS) operation.
Hacktivists breach Iran’s atomic energy agency, release data on Iran’s nuclear program
A hacktivists group that calls itself “Black Reward” claimed the responsibility for the breach of the internal email system of Iran’s Nuclear Power Production and Development Company and released at least 50GB of data from Iran's atomic energy organization (AEOI).
Thousands of GitHub repos offer malicious PoCs
Thousands repositories on GitHub distribute fake proof-of-concept (PoC) exploits laced with malware, according to a study. The researchers examined 47,313 GitHub repositories containing PoC code for known vulnerabilities discovered between 2017 and 2021 and found that 4,893 out of them were malicious, with most concerning vulnerabilities from 2020.
Ukrainian government orgs targeted in spear-phishing campaign delivering RomCom RAT
The Computer Emergency Response Team of Ukraine (CERT-UA) discovered a new spear-phishing campaign aimed at Ukrainian government organizations distributing a version of the RomCom remote access trojan (RAT). CERT-UA attributed this campaign to a threat actor named UNC2596 (Tropical Scorpius), a group believed to be operating the Cuba ransomware.