Cyber Bites

Data center provider CyrusOne was reportedly hit with a combination ransomware/data breach involving the REvil (aka Sodinokibi) ransomware. Details are scarce, but ZDNet reported the attack took place on December 4. A screenshot of the ransom note indicated all the files were locked and that the threat actors would allow one file to be decrypted for free as an act of good faith that a payment would result in all the files being unlocked. Source: SC Magazine

NEW YORK – The email looked legitimate, so Danielle Radin clicked on the link it contained, expecting to have her products included in a holiday gift guide. “I instantly regretted it,” says Radin, owner of Mantra Magnets, a website that sells wellness products. “It took me to some random website that looked like those pop-ups telling you that you’ve won the lottery.” Source: Japan Times

The investigation of a major Android banking botnet yields insights about how cybercriminals structure and run an illicit business. Researchers who discovered one of the largest Android banking botnets to date also found its attackers' chat log, which they have been watching for nearly a year to learn the inner workings of this cybercrime operation, how its illicit business is structured, and how members interact. Source: Dark Reading

Magecart threat actors have been spotted this week while starting to abuse Salesforce's Heroku cloud application platform to host their card skimming scripts and to store stolen payment card info. Source: Bleeping Computer

There is a new tool offensive security teams can use for their password cracking needs. CrackQ is open-source and can provide metrics on the current jobs, queuing and re-queuing tasks. Source: Bleeping Computer

Cybercriminals are reportedly attempting to trick users of the Steam video game digital distribution service into visiting a phishing site that pretends to give away new game skins, but actually steals login credentials. Source: SC Magazine

Researchers estimate the gun manufacturer's website was compromised sometime before Black Friday. A Magecart group has compromised the website of American gun manufacturer Smith & Wesson by injecting malicious code designed to lift customers' payment data at checkout. The incident was found by Sanguine Security's Willem de Groot, who was investigating payment skimmers impersonating Sanguine Security's anti-skimming service. He found attackers were registering malicious domains named after Sanguine and using his name as the registrant....

Google has announced that as of October 2019, 80% of all Android apps are now using Transport Layer Security (TLS) to encrypt their network traffic. Since 2017, Google has been pushing Android developers to integrate encrypted traffic into their apps in order to provide better security and privacy as apps communicate over the Internet or on a network. Source: Bleeping Computer

While doing some open-source intelligence (OSINT), a security researcher discovered that a provider of end-to-end solutions for emergency care facilities in the U.S. fell victim to Ryuk ransomware. The company hit by the malware is T-System based in Dallas, Texas, and it is currently working to recover from the attack. At the moment of writing, company systems are offline. The attack occurred at the end of November, a month that has seen multiple incidents related...

A new remote access trojan whose name reminds one of a fairytale and not the potential nightmare it could bring to its victim has been disclosed by Cylance. PyXie Python RAT has been flitting about since 2018 helping deliver ransomware and other malware to the healthcare and education industries. The RAT has been tracked being delivered through malicious TETRIS apps to load and execute the pen testing tool Cobalt Strike and a custom shellcode loader....