Cyber Bites

Widespread violent protests across the US over the past week have been followed by attempted DDoS attacks on several rights groups, according to Cloudflare. The web security firm analyzed malicious HTTP requests it blocked across the weekend of April 25/26 versus a month later (May 30/31). Minneapolis resident George Floyd was killed on May 25, sparking a wave of violence and protests across the US over the succeeding days. Cloudflare claimed to have blocked 135.5 billion...

Attackers have been pounding employee inboxes at companies that still use private branch eXchange (PBX) telephone systems for communication, delivering phishing that bypasses email defences. The messages pretended to be voicemail notifications from PBX integrations and featured custom subject lines to pass a superficial legitimacy test. Businesses around the world use PBX systems for internal communication. Integration with the company’s email client allows employees to access voice messages from their inbox. A fairly sophisticated phishing...

Cybercriminals have been keen to exploit COVID-19 to create coronavirus-related malicious apps, phoney websites, and phishing emails. As the pandemic has triggered a huge shift toward remote working, so, too, have criminals been trying to target business employees working at home. In a blog post published Wednesday, Abnormal Security describes a new phishing campaign that exploits the need for VPNs. The initial phishing email arrives with a notification ostensibly from IT support at the recipient's...

The Netwalker Ransomware operators claim to have successfully attacked the University of California San Francisco (UCSF), stolen unencrypted data, and encrypted their computers. UCSF is a research university located in San Francisco, California, and is entirely focused on health sciences.  According to the U.S. News & World Report's college rankings, UCSF ranks #2 in medical schools for research and #6 in best medical schools for primary care. Over the past week, the Netwalker Ransomware operation has...

Chinese telecoms equipment giant Huawei is under pressure again after a report revealed new documents which apparently show a concerted attempt to cover-up its links with a ‘partner’ business in Iran which tried to break US sanctions. The firm in question, Skycom, is at the centre of a US case against Huawei in which it accuses it and CFO Meng Wanzhou, daughter of the owner, of fraudulently obtaining US goods for its Iran business via...

The San Francisco Employees’ Retirement System (SFERS) has suffered a data breach after an unauthorised person gained access to a database hosted in a test environment. SFERS manages the benefits program for active and retired employees of San Francisco, California. In a data breach notification filed today, SFERS stated that one of their vendors had set up a test environment that included a database containing the information for approximately 74,000 SFERS members. Source: Bleeping Computer

Ransomware gangs are teaming up to extort victims through a shared data leak platform, and the exchange of tactics and intelligence. In November 2019, the Maze Ransomware operators transformed ransomware attacks into data breaches after they released unencrypted data of a victim who refused to pay. Soon after, they launched a dedicated "Maze News" site used to shame their unpaid victims by publicly releasing stolen data. Source: Bleeping Computer

Security experts are warning of growing dark web demand for access to users’ YouTube accounts. Etay Maor, CSO at cyber-intelligence firm IntSights, explained that in recent weeks his team has noticed an uptick in demand for stolen credentials for prominent accounts on the video site. While account access can be used to spread malware and launch fraud scams against viewers, it is also used to blackmail the account owner. “YouTube accounts from compromised computers or from...

The operators of the DopplePaymer ransomware have congratulated SpaceX and NASA for their first human-operated rocket launch and then immediately announced that they infected the network of one of NASA's IT contractors. In a blog post published today, the DopplePaymer ransomware gang said it successfully breached the network of Digital Management Inc. (DMI), a Maryland-based company that provides managed IT and cyber-security services on demand. According to the company's press releases, DMI's customer list includes...

The operators of the REvil ransomware have launched a new auction site used to sell victim's stolen data to the highest bidder. REvil, otherwise known as Sodinokibi, is a ransomware operation that breaches corporate networks using exposed remote desktop services, spam, exploits, and hacked Managed Service Providers. Once established on a network, they quietly spread laterally through the company while stealing unencrypted data from workstations and exposed servers. Source: Bleeping Computer