News – Page 3 – BU-CERT

Hackers post more stolen Minneapolis Public School data to dark web

Posted on 20 March 2023

From cbsnews.com

MINNEAPOLIS — Minneapolis Public Schools on Friday notified parents that hackers who stole district data in a recent system breach released that information onto the dark web, where users are untraceable.

The latest letter comes nearly three weeks after MPS first sent out an alert about an “encryption event.”

“We are working with cybersecurity specialists to quickly and securely download the data so that we can conduct an in-depth comprehensive review to determine the full scope of what personal information was impacted,” it reads. The district says it will contact people directly if they are impacted.

But cybersecurity experts warn that anyone associated with the district—current and former students, parents, staff and vendors—should assume they have been compromised until they’ve been told otherwise, and take action to protect themselves.

Researchers Shed Light on CatB Ransomware’s Evasion Techniques

Posted on 20 March 2023

From thehackernews.com

The threat actors behind the CatB ransomware operation have been observed using a technique called DLL search order hijacking to evade detection and launch the payload.

CatB, also referred to as CatB99 and Baxtoy, emerged late last year and is said to be an “evolution or direct rebrand” of another ransomware strain known as Pandora based on code-level similarities.

It’s worth noting that the use of Pandora has been attributed to Bronze Starlight (aka DEV-0401 or Emperor Dragonfly), a China-based threat actor that’s known to employ short-lived ransomware families as a ruse to likely conceal its true objectives.

One of the key defining characteristics of CatB is its reliance on DLL hijacking via a legitimate service called Microsoft Distributed Transaction Coordinator (MSDTC) to extract and launch the ransomware payload.

Wawa to pay up to $28.5M in data breach settlement

Posted on 20 March 2023

From cybersecuritydive.com

Dive Brief:

Convenience retailer Wawa has committed to pay up to $28.5 million to settle negligence claims stemming from a data breach that occurred in 2019, according to filings made in the U.S District Court, Eastern District of Pennsylvania.
Most of the settlement made with the three credit unions involved in the lawsuit will reimburse them for money spent canceling and replacing payment cards because of the breach, as well as losses from payment card fraud, according to the filings.
Wawa has been in settlement discussions with the financial institutions since November 2021, and general litigation over the breach has lasted more than three years.

Pompompurin Unmasked: Infamous BreachForums Mastermind Arrested in New York

Posted on 20 March 2023

From thehackernews.com

U.S. law enforcement authorities have arrested a New York man in connection with running the infamous BreachForums hacking forum under the online alias “Pompompurin.”

The development, first reported by Bloomberg Law, comes after News 12 Westchester, earlier this week, said that federal investigators “spent hours inside and outside of a home in Peekskill.”

“At one point, investigators were seen removing several bags of evidence from the house,” the New York-based local news service added.

According to an affidavit filed by the Federal Bureau of Investigation (FBI), the suspect identified himself as Conor Brian Fitzpatrick and admitted to being the owner of the BreachForums website.

How to protect online privacy in the age of pixel trackers

Posted on 20 March 2023

From helpnetsecurity.com

Tracking pixels like the Meta and TikTok pixels are popular tools for online businesses to monitor their website visitors’ behaviors and preferences, but they do come with risks. While pixel technology has been around for years, privacy regulations such as CCPA and GDPR have created new, much stricter rules, making the practice of data harvesting through a tracking pixel highly controversial. Tracking pixels on your website means that website owners are considered data controllers and are held accountable for any data breaches they may cause, making pixel security a top business priority.

Italian agency warns ransomware targets known VMware vulnerability

Posted on 20 March 2023

From cybersecurity.att.com

The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article.

News broke in early February that the ACN, Italy’s National Cybersecurity Agency, issued a warning regarding a VMware vulnerability discovered two years ago. Many organizations hadn’t yet patched the issue and became the victims of a new ransomware called ZCryptor. The malicious software wreaked havoc on Italian and European businesses by encrypting users’ files and demanding payment for the data to be unencrypted.

The ACN urges VMware users to ensure their systems are backed up and updated with the most recent security patches available. With ransomware on the rise, it’s crucial that businesses take the necessary steps to protect their data and applications.

Emotet Rises Again: Evades Macro Security via OneNote Attachments

Posted on 20 March 2023

From thehackernews.com

The notorious Emotet malware, in its return after a short hiatus, is now being distributed via Microsoft OneNote email attachments in an attempt to bypass macro-based security restrictions and compromise systems.

Emotet, linked to a threat actor tracked as Gold Crestwood, Mummy Spider, or TA542, continues to be a potent and resilient threat despite attempts by law enforcement to take it down.

A derivative of the Cridex banking worm – which was subsequently replaced by Dridex around the same time GameOver Zeus was disrupted in 2014 – Emotet has evolved into a “monetized platform for other threat actors to run malicious campaigns on a pay-per-install (PPI) model, allowing theft of sensitive data and ransom extortion.”