Welcome to the 30th edition of the Secjuice Squeeze, a curated selection of interesting security articles and infosec news that you may have missed, lovingly curated for you every week. This week's volume was curated by Secjuice writers Prasanna, Sinwindie, Devesh Chande, ThunderSon and Miguel Calles.
Lazarus APT Stole Credit Card Data From US and EU Stores
North Korea-linked Lazarus APT has been stealing payment card data from customers of large retailers in the U.S. and Europe for at least a year. Sansec researchers reported that North Korea-linked Lazarus APT group has been stealing payment card information from customers of large retailers in the U.S. and Europe for at least a year.
Ex-Yahoo Employee Avoids Jail, Despite Hacking 6000 Accounts and Stealing Explicit Photos and Videos
A former employee of Yahoo has been sentenced and ordered to pay a fine after exploiting his privileged access to hack into the personal accounts of thousands of Yahoo users, in his hunt for naked photographs and videos of young women.
US Secret Service reports an increase in hacked managed service providers (MSPs) | ZDNet
US Secret Service says hackers are breaching MSPs to orchestrate ransomware attacks, point-of-sale intrusions, and business email compromise (BEC) scams.
Hacking Tensions With Iran Surging After Nuclear Site Fire
Following a mysterious outbreak of fire at an Iranian nuclear site, Iran has threatened to retaliate for the possible cyberattack but not officially blamed the U.S. or Israel.
Email Fraud Campaign Aimed at Fortune 500 Linked to Russian Scammers
A group of scammers masquerading as legitimate business executives is behind more than 200 email-based attacks that aim to swindle hundreds of thousands of dollars from companies. Dubbed “Cosmic Lynx” by the email security firm Agari, the group has targeted individuals in 46 countries since July 2019, often victimizing senior leaders in Fortune 500 or Global 2000 firms.
Ransomware Attack On Insurance MSP Affects Clients
Global IT services and solutions provider DXC Technology announced over the weekend a ransomware attack on systems from its Xchanging subsidiary. An undisclosed number of customers was impacted by the cyberattack, denying access to their operating environment.
Home Routers Are Riddled With Known Flaws and Run Ancient, Unpatched Linux Operating Systems
Germany's Fraunhofer Institute for Communication (FKIE) has carried out a study involving 127 home routers from seven brands to check for the presence of known security vulnerabilities in the latest firmware. The results are appalling, there are no routers in the study without known security flaws.
Citrix Bugs Allow Unauthenticated Code Injection & Data Theft
Multiple vulnerabilities in the Citrix Application Delivery Controller (ADC) and Gateway would allow code injection, information disclosure and denial of service, the networking vendor announced Tuesday. Four of the bugs are exploitable by an unauthenticated, remote attacker. The Citrix products are installed in at least 80,000 companies in 158 countries.
Police Are Buying Access to Hacked Website Data
Companies are selling the police and government agencies access to data stolen from websites in the hope that it can generate investigative leads, with the data including passwords, email addresses, IP addresses, and more. One company claimed to "empower investigators from law enforcement agencies and enterprises around the world to more quickly and efficiently bring malicious actors to justice."
Citizen of Kazakhstan Charged With Computer Fraud and Wire Fraud For Hacking Hundreds Of Corporate Networks In More Than 40 Countries Worldwide
An indictment was unsealed today in the Western District of Washington charging a citizen of Kazakhstan with various federal crimes related to a prolific, financially motivated cybercrime group that hacked the computer networks of a broad array of corporate entities, educational institutions, and governments throughout the world.
Whitepaper: From Exposure to Takeover: The 15 billion stolen credentials allowing account takeover
Over the past 2.5 years, the Digital Shadows Photon Research team has been analyzing how cybercriminals conspire to prey upon users of online services by “taking over” the accounts they all use on an everyday basis―for banks, to stream videos or music, for work―the list goes on. For this paper we closely examine this ubiquitous problem, including how attackers approach account takeovers (ATO).