Here is the rundown of news and events that happened this week in the world of cybersecurity.
FBI Detains Owner Of Notorious Cybercrime Forum, BreachForums
BreachForums founder Conor Brian Fitzpatrick, 26, of New York, was arrested by the FBI. This prominent cybercrime forum sells hackers’ stolen data and confidential information. Fitzpatrick was arrested for identity theft, access device fraud, and computer criminality.
Hacking, data breaches, and other cybercrimes are often discussed on BreachForums, a dark website. It’s where cybercriminals trade tools, techniques, and stolen data. Since 2011, the forum has been linked to cyberattacks and data leaks. At Fitzpatrick’s arrest, BreachForums had over 30,000 subscribers, according to the FBI. Read more here. Read more here
Royal Dirkzwager Attacked By Play Ransomware Group
The Play ransomware group’s campaign, the most recent in a succession of strikes on the shipping sector, was proven to have affected the Dutch marine transport company Royal Dirkzwager. The company’s CEO, Joan Blaas, who acquired it in October after it declared bankruptcy the previous month, told The Record that the ransomware attack did not affect business operations. But it resulted in data theft from servers that housed various contracts and individual data.
The effect on our personnel has been significant. Due to the company’s insolvency over the past year, we were forced to let go of certain employees; nonetheless, only some were able to stay. First this, then we had to shift offices. A really terrible time has been experienced, he remarked. Read more here
Mandiant Zero-Day Exploitation Report 2022
This report summarizes the 2022 Mandiant zero-day exploitation investigation. Mandiant defines a zero-day vulnerability as one that was exploited before a fix was released. This paper examines Mandiant’s original research, breach investigation findings, and open-source reporting on named groups’ zero-day exploits.
This investigation uses reliable sources but cannot independently verify some of their findings. Instead of technical details, we discuss threat actor behavior, vulnerability trends, and targeted suppliers and goods. Due to digital forensic investigations, this research will continue to evolve and be expanded. Read more here
Ferrari Reveals Data Breach After Getting Ransom Demand
Once hackers demanded payment, Ferrari confessed to a data leak. The corporation is helping police examine last month’s incident. The Italian automaker said the attackers took a tiny number of workers’ personal data. The firm says it has secured its systems and stopped additional intrusions, and its business operations were unaffected.
The ransom demand is attributed to REvil, a cybercriminal gang responsible for numerous recent high-profile hacks. The company is infamous for encrypting victims’ files with ransomware and demanding a decryption key. Read more here
NBA Alerts Fans After Hack Of The Third-Party Service Provider
The NBA informed fans of a data breach that stole personal information. An email labeled “Notice of Cybersecurity Incident” to unnamed admirers telling them that an unauthorized third party had obtained their identity and email address. A third-party service provider helps the NBA communicate with fans who freely submit their information.
Handling WNBA, NBA, Basketball Africa League, NBA G League, and NBA 2K League. Almost 215 countries and territories and 50 languages broadcast these games and programming. Read more here
BreachForums Admin Baphomet Closes The Hacking Forum
BreachForums was officially closed. On March 21, 2023, BreachForums administrator Baphomet said, “it’s not the end,” in a sudden shift of events. “You are entitled to despise me,” Baphomet wrote on BreachForums Telegram. If you disagree with my choice, the future will be better for everyone.
The shutdown followed suspicions that law enforcement had accessed the site’s configurations, source code, and user data. Conor Brian Fitzpatrick, the administrator, was detained on one count of conspiring to commit access device fraud. Read more here
Google Bans Chinese App Pinduoduo Over Security Concerns
Google suspended Pinduoduo from its Play Store due to data security concerns. US tech giants are concerned about Chinese apps’ user data security.
Pinduoduo, a fast-growing Chinese social e-commerce company, allows group purchases for lower costs. The program has gained popularity, with over 800 million users as of 2021. Pinduoduo has grown swiftly by relying on customers to share their purchases on social media. Read more here
Windows 11 Snipping Tool Vulnerability Exposes Sensitive Data
The Windows Snipping Tool is also prone to “acropalypse,” a major privacy issue that lets users partially restore cut-out content. Last week, security researchers David Buchanan and Simon Aarons discovered a bug in Google Pixel’s Markup Tool that retained image data after cropping or altering it.
Privacy is at stake here. If a person posts a picture of a credit card with a redacted number or a face-cropped image, some of the original images can be recovered. To demonstrate this issue, the researchers created acropalypse screenshot recovery, an online tool to restore changed Google Pixel photos. Read more here
Malicious ChatGPT Chrome Extension Targets Facebook Accounts
A trojanized version of the ChatGPT plugin for Chrome has been downloaded from the Chrome Web Store by 9,000 people, stealing Facebook accounts. The extension mimics the “ChatGPT for Google” Chrome add-on, which blends ChatGPT with search results. Nevertheless, the malicious version includes code to gather Facebook session cookies.
On March 14, 2023, the extension’s creator started advertising it on Google Search. Since then, 1,000 installations have occurred daily. Nati Tal of Guardio Labs found a similar Chrome add-on that had 4,000 installations before Google removed it from the Chrome Web Store earlier this month connected to the same infrastructure. Read more here
German and South Korean Agencies Alerts of Kimsuky’s Attacks
German and South Korean intelligence agencies warned against Kimsuky’s growing cyberattacks. The North Korean-backed gang has launched sophisticated phishing and malware attacks on organizations in both countries. Cyberattacks continue to threaten businesses and governments worldwide.
Kimsuky is targeting other organizations in Germany and South Korea, according to the BSI and NIS. The group previously targeted government agencies, research institutes, and think tanks but increasingly targets technology and defense companies. Read more here
New Government Cyber Security Strategy Vital For Healthcare
On March 30, 2022, the Senate Homeland Security Committee approved healthcare cybersecurity legislation. S. 3904, the “Healthcare Cybersecurity Act,” requires U.S. CISA to promote healthcare, public health, and HHS cybersecurity.
Cybersecurity advocates have long advocated for healthcare professionals to be recognized as critical infrastructure providers (CIPs), making this legislative action timely and appropriate. During the COVID-19 pandemic, ransomware assaults on hospitals have raised this issue to a life-and-death level, resonating with cybersecurity specialists, lawmakers, and regular people. Read more here.
City Of Toronto Admits Data Theft; Clop Takes Blame
Today, Toronto confessed that a third-party vendor unlawfully accessed municipal data. Only insecure files are accessible. “The City is actively studying the specifics of the discovered files,” Alex Burke said. After discovering the city used GoAnywhere file transfer during the ransomware attack. The city’s analysis found no exfiltration of internal or resident data.
Numerous firms that used GoAnywhere file transfer software during the hack have been discovered, suggesting more victims will come forward. The dark web leak site that the Russia-linked Clop gang uses to blackmail corporations by threatening to release stolen files unless a ransom is paid has lately added dozens of firms. Read more here
WooCommerce Payments Plugin Patches Critical Vulnerability
Developers of the popular WooCommerce payments plugin recently identified a critical security flaw that could have affected over 500,000 WordPress sites. The plugin, developed by Automattic, offers a fully integrated payment solution for WooCommerce, making it a highly attractive target for cybercriminals seeking to exploit its vulnerabilities.
“We investigated the reported vulnerability to check for any data compromise or exploitation, and found no evidence of misuse beyond our internal security testing. We created a solution and worked with the WordPress.org Plugins Team to automatically update WooCommerce Payments versions 4.8.0 through 5.6.1 to the patched versions.” Says the platform. Read more here:
GitHub Replaces Exposed RSA SSH Key To Keep Git Operations
After unintentionally publishing its private SSH key, GitHub.com rotated it. The software development and version control provider took action out of “an excess of caution” after the private RSA key was briefly exposed. GitHub acknowledged this week that a public GitHub project exposed GitHub.com’s RSA SSH private key in a brief blog post.
“We immediately responded to contain the exposure and began researching to determine the fundamental cause and impact,” writes Mike Hanley, GitHub’s Chief Security Officer and SVP of Engineering. “After 30 minutes, consumers will notice the key replacement. The new key appeared shortly about 02:30 UTC amid preparations for this shift.” Read more here.