A TOR server operator called @Nusenu reports on Medium.com that a threat actor has added servers to the TOR network to conduct SSL stripping attacks on users entering cryptocurrency sites using the TOR Browser, and was so successful that a malicious actor was running more than 23% of the entire Tor network’s exit capacity, and an estimated quarter of all connections leaving the network were going through exit relays controlled by a single attacker conducting person-in-the-middle attacks. The blog post notes: “It appears that they are primarily after cryptocurrency related websites — namely multiple bitcoin mixer services. They replaced bitcoin addresses…
ISBuzz Team
In response the SANS cybersecurity training organization’s disclosure of a data breach in which approximately 28,000 records of PII were forwarded to an unknown external email address as a result of a phishing attack, a cybersecurity expert offers perspective and recommendations.
The DoppelPaymer gang deployed a ransomware attack against ventilator manufacturer Boyce Technologies amid the COVID-19 pandemic. The FDA-approved Coronavirus ventilator manufacturer Boyce Technologies has been targeted by ransomware launched by the DoppelPaymer gang, who are threatening to leak data from the company. Cointelegraph has viewed the DoppelPaymer blog, where the gang lists example files of the data stolen during the attack, including sales and purchase orders, assignment forms, among others. The cybercriminals have threatened that more information will be disclosed next week through the site if an undisclosed crypto ransom is not paid by the firm.
A security researcher has published details and proof-of-concept exploit code for a zero-day vulnerability in vBulletin. The zero-day is a bypass for a patch from a previous vBulletin zero-day — namely CVE-2019-16759, disclosed in September 2019. This previous zero-day allowed attackers to exploit a bug in the vBulletin template system to run malicious code and take over forums without needing to authenticate on the victim sites (a type of bug called a pre-auth RCE). But a researcher has said that CVE-2019-16759 is inadequate in blocking exploitation and that he had found a simple way to bypass the patch to continue exploiting…
Some TSB customers couldn’t access online banking services on Monday, with users on both the app and the website receiving error messages when trying to access their accounts, according to BBC News. Many of the affected customers were unable to get past the security questions, some for several hours. A number of users even reported their accounts had been blocked while trying to log in with the correct details. The bank said it was working to fix the issue as quickly as possible, and that only a “very small number” of people were affected.
New variants of Agent Tesla remote access Trojan now come with modules dedicated to stealing credentials from applications including popular web browsers, VPN software, as well as FTP and email clients. Agent Tesla is a commercially available .Net-based info stealer with both remote access Trojan (RAT) and with keylogging capabilities active since at least 2014. This malware is currently very popular with business email compromise (BEC) scammers who use it to infect their victims for recording keystrokes and taking screenshots of compromised machines. It can also be used for stealing victims’ clipboard contents data, for collecting system information, and for killing anti-malware…
Privacy campaigners have expressed alarm after the government revealed it had hired an artificial intelligence firm to analyse UK citizens’ tweets as part of a coronavirus-related contract, according to the Guardian. Faculty, which was hired by Dominic Cummings to work for the Vote Leave campaign, was paid £400,000 by the Ministry of Housing, Communities and Local Government for the work, according to a copy of the contract published online. In response to questions about the contract in the House of Lords, the government published an unredacted version of the contract, which describes the company’s work as “topic analysis of social media…
Today, ethical security researcher Bob Diachenko published a write-up on his discovery of medical software company Adit’s insecure database containing more than 3.1M patients’ information. In his write-up, Diachenko notes how he discovered the exposed database on July 13 and proceeded to disclose the issue to the company, but did not receive a response. As a result, the data was destroyed and potentially stolen over a week later by a malicious bot.
Phishing emails with subject lines related to vaccines now being used to trick recipients into downloading malicious Windows, Word and Excel files designed to steal a person’s credentials Number of new, vaccine-related coronavirus domains double in June and July 2020 1 out of every 25 malicious coronavirus-related websites’ landing pages is vaccine-related Email (82%) dominates web (18%) as the attack-vector of choice for malicious files in the last 30 days Researchers at Check Point have observed a new trend of phishing emails exploiting interest in coronavirus vaccines. The primary attack method is email, which constituted 82% of all attack vectors…
Reddit Inc. is the latest company to be hacked, with some 70 groups on the site defaced with pro-Donald Trump messages. The hack occurred on Friday and involved those behind the attack accessing accounts belonging to moderators of popular subreddits with millions of subscribers, including r/space, r/food, r/Japan, r/nfl, r/cfb and r/podcasts. The messages posted by the hackers were pro-Trump in both English and simplified Chinese text. The Chinese text in one case asked whether former President Barack Obama was a Kenyan, a reference to so-called “birther” conspiracy theories, along with a shout-out to YouTuber David Pakman. How the accounts…