It has been reported that Japanese media company Nikkei Inc. is the latest organization to be hit by BEC scammers, costing the enterprise $29 million. The company confirmed last week that, in late September, an employee of its US subsidiary,”had transferred approximately 29 million United States dollars (approximately 3.2 billion Japanese Yen) of Nikkei America funds based on fraudulent instructions by a malicious third party who purported to be a management executive of Nikkei.” https://twitter.com/InfoSecHotSpot/status/1191759418024767490 Commenting on the news are the following cybersecurity professionals:
ISBuzz Team
Banking industry giant NCR Corp. [NYSE: NCR] late last month took the unusual step of temporarily blocking third-party financial data aggregators Mint and QuickBooks Online from accessing Digital Insight, an online banking platform used by hundreds of financial institutions. That ban, which came in response to a series of bank account takeovers in which cybercriminals used aggregation sites to surveil and drain consumer accounts, has since been rescinded. But the incident raises fresh questions about the proper role of digital banking platforms in fighting password abuse, Brian Krebs reported.
A number of popular “camgirl” sites have exposed millions of sex workers and users after the company running the sites left the back-end database unprotected. The sites, run by Barcelona-based VTS Media, include amateur.tv, webcampornoxxx.net, and placercams.com. Most of the sites’ users are based in Spain and Europe, but we found evidence of users across the world, including the United States. The database, containing months-worth of daily logs of the site activities, was left without a password for weeks. Those logs included detailed records of when users logged in — including usernames and sometimes their user-agents and IP addresses. https://twitter.com/zackwhittaker/status/1190992807865061376
Several online gambling sites in Europe including France’s Winamax and Italy’s Lottomatica were taken offline by a distributed denial of service attacks that were reported to have begun on 31st October 2019. These service outages, which lasted into at least Friday for many customers, follow a similar recent attack on Eurobet.
In the new year, Firefox will be hiding notification pop-ups by default with their new Firefox 72 release in an effort to fight spam.
LendingCrowd has reported the data security incident to authorities and is communicating with the affected customers. While LendingCrowd has instructed customers to enable two-factor authentication in the wake of this breach, the incident raises the important question of why the financial services firm doesn’t already have 2FA and other strong authentication measures enabled for its customers by default.
Research from Databarracks has found that over half (55 per cent) of UK businesses have seen their IT security budgets either stay the same or decrease in the last 12 months, with just a third (33 percent) seeing an increase. This is down on last year when 36 percent reported growth in budget, and bucks a trend of continuous growth over the previous four years. The findings were taken from Databarracks’ annual Data Health Check survey.
On November 2, security researchers Kevin Beaumont (@GossiTheDog) and Marcus Hutchins (@MalwareTechBlog) confirmed the first in-the-wild exploitation of CVE-2019-0708, also known as BlueKeep. CVE-2019-0708, a critical remote code execution vulnerability in Microsoft’s Remote Desktop Services, was patched back in May 2019. This weekend, Beaumont observed blue screens of death (BSODs) for his BlueKeep honeypots on November 2. Beaumont shared a kernel crash dump from his honeypots with Hutchins, who confirmed this as the first exploitation of BlueKeep in the wild. Hutchins shared his analysis in a blog post, where he identified the attackers were utilising a recently released exploit module to distribute a cryptocurrency (or “coin”)…
Trafficon, the Finnish Transport and Communciation agency & National Cybersecurity Center is reporting that new malware known as QSnatch is infecting Network Attached Storage devices. https://twitter.com/BleepinComputer/status/1189910138817261570
It has recently been reported that a renewable energy provider in Utah was hit by a cyber attack. This is the first instance of power grid operator in the US to have lost connection with its power generation installations as a result of a cyber attack. The root of the problem was traced to an unpatched firewall and the attacker used a vulnerability in a Cisco firewall to crash the device and break the connection between sPower’s wind and solar power generation installations and the company’s main command centre. sPower said it mitigated the intrusion by patching outdated devices. https://twitter.com/ForGoodSolar/status/1190428359735554049…