Search Results for “Ionut Ilascu”


May 25, 2020
Ionut Ilascu / Bleeping Computer

Ionut Ilascu / Bleeping Computer  
Maze Ransomware Operators Dump Payment Card Data From Customers of Bank of Costa Rica, Bank Still Denies It Has Been Hacked

Maze ransomware operators have published credit card data stolen from the Bank of Costa Rica (BCR) and say they are doing it to invalidate BCR’s repeated denials that they have been hacked. In a post on their “leak” site this week, Maze operators shared a 2GB spreadsheet with payment card numbers from BCR customers. The hackers say they want to draw attention to the bank’s security lapses when it comes to protecting sensitive information. On April 30, Maze ransomware operators claimed to have more than 11 million cards from BCR, with 4 million being unique and 140,000 belonging to “US citizens.” Despite verification of some of the data in the Maze hackers’ dumps, BCR still contends it has not been hacked.

June 3, 2020
Ionut Ilascu / Bleeping Computer

Ionut Ilascu / Bleeping Computer  
Highly Critical Flaws in SAP Adaptive Server Enterprise Detailed, Including Arbitrary Code Execution Vulnerability

Security researchers at Trustwave detailed seven flaws in the SAP Adaptive Server Enterprise (ASE) that were patched in May, noting that several are severe and urging admins to patch their systems now. One of the critical issues is an arbitrary code execution (CVE-2020-6248, 9.1 severity score) flaw that allows corrupting the Backup Server configuration file with a simple command.

March 12, 2020
Ionut Ilascu / Bleeping Computer

Ionut Ilascu / Bleeping Computer  
Russian-Based Threat Group Turla Infected at Least Four Websites With New Malware to Reach Armenian Government Officials, Politicians

Researchers at ESET report that two previously undocumented pieces of malware, a downloader, and a backdoor, were used in a watering hole operation attributed to the Russian-based threat group Turla (a.k.a. Waterbug, WhiteBear, Venomous Bear, Snake). The hackers compromised at least four websites, two of them belonging to the Armenian government, indicting they were targeting government officials and politicians. The tools, a .NET malware dropper called NetFlash and a Python-based backdoor named PyFlash, were delivered via fake Adobe Flash updates.

March 19, 2020
Ionut Ilascu / Bleeping Computer

Ionut Ilascu / Bleeping Computer  
Popular German Food Delivery Service Hit by Crippling DDoS Attack, Attackers Demanded $11,000 in Bitcoin to Stop the Onslaught

During the coronavirus pandemic, which has shuttered restaurant meals throughout Europe and the U.S. except those ordered via takeaway and delivery, popular German food delivery service Takeaway (Lieferando.de) was briefly crippled by a DDoS attack during which the attackers demanded two bitcoins (around $11,000) to stop the siege. The service offers food delivery from more than 15,000 restaurants in Germany, so the impact of the DDoS attack was significantly detrimental. The company’s systems have recovered from the attack, and customers who paid for deliveries during the time of the attack can request a refund by email.

March 24, 2020
Ionut Ilascu / Bleeping Computer

Ionut Ilascu / Bleeping Computer  
New Malware Threat ‘Milum’ Run by a Group Called WildPressure Targets Middle East Victims, Some in the Industrial Sector

A new malware threat dubbed Milum run by an operation called WildPressure is currently used to attack computers in the Middle East, some of them in the industrial sector, researchers at Kaspersky Lab said. There is no indication that WildPressure attackers plan to do more than collecting information from targeted networks, although the campaign is ongoing and could change at any minute.

April 28, 2020
Ionut Ilascu / Bleeping Computer

Ionut Ilascu / Bleeping Computer  
New Black Rose Lucy Ransomware Service Poses as the FBI Pretending to Find Adult Content on Victims’ Mobile Devices

A Russian language threat actor called Lucy Gang that focuses on Android systems has expanded its malware-as-a-service (MaaS) business with file-encrypting capabilities for ransomware operations with what researchers at Check Point are calling the Black Rose Lucy service. The new malware allows customers of the service to encrypt files on infected devices and show a ransom note in the browser window asking for $500. The note purports to be from the FBI and accuses the victim of storing adult content on the mobile device. Adding to the victims’ fear of legal reprisal is the statement by the gang that a picture of the victim’s face had been taken and uploaded to the FBI’s cybercrime data center along with location details. The attacker does not take cryptocurrency but asks for credit card payments instead. More than 80 samples of the new version have been distributed in the wild via instant messaging apps and social media.

May 1, 2020
Ionut Ilascu / Bleeping Computer

Ionut Ilascu / Bleeping Computer  
Multiple Threat Actors Are Running Phishing Attacks on Corporate Targets in ‘PerSwaysion’ Campaign That Tricks Users to Give Up Their Office 365 Logins

Multiple threat actors running phishing attacks on corporate targets in a campaign called PerSwaysion have been counting on Microsoft Sway service to trick victims into giving their Office 365 login credentials, researchers at Group-IB discovered. The campaign relies on a phishing kit offered in a malware-as-a-service (MaaS) operation and is a well-planned endeavor. The hackers gain access to corporate email accounts and get sensitive business data, which they can use later for running scams. PerSwaysion has been running since at least August 2019, and emails of at least 27 adversaries have been found in several variants of the phishing kit. They have tricked at least 156 high-ranking individuals at small and medium financial services companies, law firms, and real estate groups with more than 20 of all harvested Office 365 accounts belong to executives, presidents, and managing directors at organizations in the U.S., Canada, Germany, the U.K., the Netherlands, Hong Kong, and Singapore.

May 8, 2020
Ionut Ilascu / Bleeping Computer

Ionut Ilascu / Bleeping Computer  
Sodinokibi Ransomware Group Threatens to Release 765GB of Files Related to Entertainment Law Firm’s Star Clients

The Sodinokibi (REvil) ransomware group threatens to release hundreds of gigabytes of legal documents from a prominent New York-based entertainment and law firm Grubman Shire Meiselas & Sacks (GSMLaw) that counts dozens of international stars as their clients. Among the firm’s clients are Madonna, Lady Gaga, Elton John, Robert de Niro, Nicki Minaj, Chris Brown, Usher, U2, Timbaland, Rick Ross, and many others. The hackers said they stole contracts, phone numbers, email addresses, personal correspondence, non-disclosure agreements. However, the trove is not limited to these and supposedly is 756GB large.

May 14, 2020
Ionut Ilascu / Bleeping Computer

Ionut Ilascu / Bleeping Computer  
Norfund, Norway’s State Investment Fund, Was Swindled Out of $10 Million by Elaborately Planned Business Email Compromise Scam

Cybercriminals running business email compromise scams were able to defraud Norfund, Norway’s state investment fund, out of $10 million, and took their time accomplishing the theft so that it wouldn’t be discovered until long after it occurred. The fraudsters gained access to the email system and monitored it for several months to figure out who’s responsible for money transfers. They then created a Norfund email address to impersonate an individual authorized to wire large sums of money through DNB, the bank Norfund uses for these operations. They falsified payment information to divert the funds to a different country, Mexico, than where the legitimate recipient was located, Cambodia.

June 27, 2019
Ionut Ilascu / Bleeping Computer

Ionut Ilascu / Bleeping Computer  
Cisco Patches Four Critical Vulnerabilities in Its Data Center Network Manager Software That Allow Attackers to Upload Files, Execute Actions With Root Privileges

Cisco released patches for its Data Center Network Manager (DCNM) software fixing four critical vulnerabilities that allow a remote attacker to upload files and execute actions with root privileges, with two of the bugs close-to-maximum severity score of 9.8 out of 10.  DCNM is Cisco’s solution for maintaining visibility and automating the management of networking gear in data centers. All four of the bugs are in DCNM’s web-management console and can be exploited remotely by a potential adversary without the need to authenticate. The bugs are tracked as CVE-2019-1620, CCVE-2019-1619, CVE-2019-1621, and CVE-2019-1622.

Related: GBHackers,  ZDNet Security, Help Net Security, SecurityWeek, Cisco

Tweets:@Ionut_Ilascu