News – Page 750

People tracker on the Internet: OSINT analysis and research tool by Jose Pino

Posted on 3 November 2020

From github.com

Trape is an OSINT analysis and research tool, which allows people to track and execute intelligent social engineering attacks in real time. It was created with the aim of teaching the world how large Internet companies could obtain confidential information such as the status of sessions of their websites or services and control their users through their browser, without their knowlege, but It evolves with the aim of helping government organizations, companies and researchers to track the cybercriminals.

As a security specialist, you know that there are several ways to get information about your target/client, one of them is running a remote scan and checking for open ports or any exposed vulnerabilities. A second way that is becoming very common is targeted social engineering attacks by verifying online services for OSINT and sending phishing attacks. If you are interested in the second option, Trape is your best choice.

Oracle Issues Emergency Patch for Remote Code Execution Vulnerability in Oracle WebLogic Server

Posted on 3 November 2020

From gbhackers.com

IT giant Oracle, on 1^st November 2020, issued a Security Alert Advisory, CVE-2020-14750, regarding a remote code execution vulnerability on Oracle WebLogic Server. Oracle WebLogic Server is a Java EE application server. The latest version being WebLogic Server 14c(14.1.1) released on March 30, 2020.

Bondy ransomware – file encrypting virus using RSA encoding algorithm

Posted on 3 November 2020

From 2-spyware.com

Bondy ransomware is a malicious file-locking virus that uses the RSA algorithm to encrypt all victim data. After the malware finds its way into a system, it starts its dirty business. In this case – it is encrypting all users’ personal data. Only the system-files are left alone. The virus appends all files with a .bondy extension, hence the name. After successful lockage of files, a ransom note is created within the contaminate folders, with instructions from the cybercriminals.

Russian hacker jailed over botnet data scraping scheme that drained victim bank accounts

Posted on 3 November 2020

From zdnet.com

A Russian cybercriminal has been jailed for eight years for participating in a botnet scheme that caused at least $100 million in financial damage.

According to the US Department of Justice (DoJ), Aleksandr Brovko was an active member of “several elite, online forums designed for Russian-speaking cybercriminals to gather and exchange their criminal tools and services.”

The 36-year-old, formerly of the Czech Republic, worked with other cybercriminals to scrape information gathered by botnets.

Brovko wrote scripts able to parse log data from botnet sources and then searched these data dumps to uncover personally identifiable information (PII) and account credentials.

U.S. Health Care Under Attack

Posted on 3 November 2020

From securityboulevard.com

The U.S. Cybersecurity and Infrastructure Security Agency (CISA), with the Federal Bureau of Investigation (FBI) and the Department of Health and Human Services (DHS), have issued a cybersecurity advisory to the U.S. healthcare sector (Alert: AA20-302A) regarding a concerted effort to compromise and take hostage the computer systems of healthcare providers.

The cybercriminals are targeting the sector with “Trickbot Malware” with the intent of creating a ransomware situation. If successful, their efforts to encrypt the systems and demand a Bitcoin ransom will disrupt the affected healthcare entity.

Maze, a notorious ransomware group, says it’s shutting down

Posted on 3 November 2020

From techcrunch.com

One of the most active and notorious data-stealing ransomware groups, Maze, says it is “officially closed.”

The announcement came as a waffling statement, riddled with spelling mistakes and published on its website on the dark web, which for the past year has published vast troves of stolen internal documents and files from the companies it targeted, including Cognizant, cybersecurity insurance firm Chubb, pharmaceutical giant ExecuPharm, Tesla and SpaceX parts supplier Visser and defense contractor Kimchuk.

Nuclear Regulation Authority shut down email systems after a cyber attack

Posted on 2 November 2020

From securityaffairs.co

Japan’s Nuclear Regulation Authority (NRA) issued a warning of temporary suspension of its email systems, likely caused by a cyber attack.

The Japan’s Nuclear Regulation Authority (NRA) temporarily suspended its email systems, the interruption is likely caused by a cyber attack.

The agency published a warning on its website, it is asking people to contact it via phone or fax because it is unable to receive emails from the outside world.

“From 17:00 on October 27, 2nd year of Reiwa, sending and receiving e-mails with the Nuclear Regulation Authority has been temporarily suspended. As a result, we are unable to accept e-mail registrations for applications for general hearings such as the Nuclear Regulation Authority and review meetings.” reads the message published by the NRA on its website. “If you would like to hear, please register by phone or fax.”