Category: News

From techtalk.gfi.com

In May, a debilitating ransomware attack crippled the U.S. oil production company Colonial Pipeline. The attack paralyzed their operations and forced the company to shut down its 5,500-mile pipeline. As a result, half of the gasoline supply normally distributed to the East Coast couldn’t be delivered. The attack caused panic as people scrambled to find gasoline, resulting in a rise in gas prices throughout the United States. The attackers were DarkSide, a Russian criminal group. Colonial Pipeline ultimately paid a reported $5 million ransom in bitcoin to DarkSide in return for a decryption key. (Some of that ransom was eventually recovered by the U.S. Department of Justice.) The gasoline shortage remained for three weeks even after the ransom was paid. In addition to performing its own attacks, DarkSide operates as a ransomware-as-a-service (RaaS) gang, leasing its malware to others for a cut of the profits from any successful attack. This has opened the door for an exponential increase in attacks. Just what is ransomware-as-a-service, and why has this threat grown so much recently. We’re going to give readers an overview of how ransomware-as-a-service works — and why it’s become such a threat.

Read more…

From ehackingnews.com

A terrorist watchlist comprising 1.9 million data remained open and unsecured on the internet for three weeks between July 19th and August 9th. The Terrorist Screening Center (TSC), a multi-agency centre run by the Federal Bureau of Investigation, is believed to have compiled the watchlist. The list was left accessible to the public on an Elasticsearch cluster with no password. 
In July this year, Security Discovery researcher Bob Diachenko discovered various JSON documents in an unsecured Elasticsearch cluster, which grabbed his interest. 
The 1.9 million-strong record set includes sensitive information about people, such as their names, nation citizenship, gender, date of birth, passport data, and no-fly status. 

Read more…

From malware.news

US telecommunications giant T-Mobile has confirmed today that hackers breached some of its internal servers but said that it is still investigating if “any personal customer data” was stolen in the breach.

The company’s conflicting statement comes after a threat actor put up for sale the personal details of millions of T-Mobile customers on a cybercrime forum on Saturday, August 14.

While the hacker’s ad referenced 30 million T-Mobile customers, in a subsequent interview with news site Motherboard, the individual claimed the data was part of a larger package containing details for 100 million T-Mobile customers.

Read more…

From malware.news

A copy of the FBI’s terrorist watchlist was exposed online for three weeks between July 19 and August 9, 2021, a security researcher revealed today.

Known as the FBI Terrorist Screening Center (TSC) 1, the database was created in 2003 as a response to the 9/11 terrorist attacks. Managed by the FBI, the database contains the names and personal details of individuals who are “known or reasonably suspected of being involved in terrorist activities.”

While the database is managed by the FBI, the agency also provides access to it to several other US government agencies, including the Department of State, Department of Defense, the Transportation Security Authority, the Customs and Border Protection, and even some international law enforcement partners.

Read more…

From helpnetsecurity.com

Network-attached storage (NAS) devices are a helpful solution for storing, managing, and sharing files and backups and, as such, they are an attractive target for cyber criminals.

They are most often used by consumers (on home networks) and small-to-medium businesses (on business networks).

Palo Alto Networks researchers recently found some 240,000 QNAP and approximately 3,500 Synology NAS devices exposed to the public internet.

Other vendors offering NAS solutions include Zyxel, Western Digital, Seagate, LenovoEMC, and others.

Read more…

From malware.news

CryptBot malware is the one that is usually distributed from such malicious websites, but other types are occasionally distributed as well. This post will discuss other malware programs of the same type besides CryptBot.

As mentioned in previous posts, the malware is distributed from malicious webpages exposed on the top search page when users search illegal keywords such as crack, serial, keygen, and license of commercial software.

The following shows examples of such malicious websites. It looks like the users can download normal tools, but what they actually download are compressed files that have malware. Check the post below for more details.

Read more…

From theregister.com

Switzerland’s University of Applied Sciences Graubünden has claimed the world record for calculating Pi, which it says it has computed to 62.8 trillion digits.

The university yesterday claimed the record, asserting that it beat previous attempts by 12.8 trillion digits, and did it 3.5 times faster than previous attempts at calculating the irrational ratio.

Helpfully, the uni has also published details of the hardware used for its feat.

A pair of 32-core AMD Epyc 7542 processors powered the uni’s rig. AMD states the CPU cores spend most of their time at 2.9GHz, can burst to 3.4GHz, have 128MB L3 cache and happily run 64 threads apiece. A server with 1TB of RAM was also employed, with Ubuntu Linux 20.04 installed on a pair of solid-state disks of unspecified size.

Read more…