• Metacurity
  • Posts
  • BEC Scam Steals $2.3 Million From Wisconsin GOP

BEC Scam Steals $2.3 Million From Wisconsin GOP

Hall County, GA ransomware attackers release 1GB+ of data, Hackers are exploiting unpatched Oracle WebLogic servers, Threat actors are still exploiting Zerologon flaw, Montreal hospital by a cyberattack

This is a free email subscriber issue of Metacurity. This week paid subscribers received access to our first premium content offering, a comprehensive list of cybersecurity podcasts. They also gained access to the full set of Metacurity’s archives.

And we’re just warming up with special content for our premium subscribers. Consider joining your peers to gain access to the full range of content we offer, consider upgrading your subscription if you haven’t already done so.

We are also offering bulk subscriptions to organizations. Have your purchasing office or subscription specialists contact us at [email protected].

Someone or multiple people who conducted a business email compromise scheme stole $2.3 million from the Wisconsin Republican Party’s account that was used to help reelect Donald Trump in the critical battleground state. The thief or thieves manipulated invoices from four vendors who were being paid for direct mail for Trump’s reelection efforts as well as for pro-Trump material such as hats. The invoices were altered so that the funds paid would go to the hackers instead of the legitimate businesses. (Scott Bauer / Associated Press)

Hall County Georgia Ransomware Attackers Release More Than 1GB of Unencrypted Files Stolen During the Attack

The DoppelPaymer ransomware gang that attacked government computer systems in Hall County, Georgia, including a voter signature database, has released unencrypted data it stole during the cyberattack. The attackers published slightly more than 1 GB of unencrypted files stolen from Hall County computers and claim to have encrypted 2,464 devices during the attack. The leaked data includes 911 spreadsheets, election documents, lobby comment cards, and accounting and financial records. (Lawrence Abrams / Bleeping Computer)

Hackers Are Actively Looking to Exploit Oracle WebLogic Servers That Haven’t Been Patched for Severe Flaw

Hackers are actively scanning the Internet for machines that still haven’t patched a recently disclosed flaw that forces Oracle’s WebLogic server to execute malicious code, according to Johannes Ullrich, dean of research at the SANS Technology Institute. Ullrich said that honeypots had detected Internet-wide scans that probe for servers that had not patched the flaw, CVE-2020-14882, which has a severity rating of 9.8 out of 10. The exploit attempts seem to be based on the technical details in a blog post written in Vietnamese and published yesterday by security researcher Jang. (Dan Goodin / Ars Technica)

Micron Settles Industrial Espionage Lawsuit for $60 Million

Ending a two-year legal dispute that involved American memory chip giant Micron Technology and Beijing-backed Chinese chip manufacturer Fujian Jinhua Integrated Circuit Co., Taiwan's second-largest contract chipmaker United Microelectronics Corp. (UMC) settled the espionage lawsuit with the U.S. Justice Department by paying a $60 million fine. According to the Justice Department, one defendant in the case approved the issuance of two “off-network” laptop computers that allowed UMC employees to access Micron confidential information without further detection by UMC’s IT department. In particular, this defendant used one file containing Micron’s trade secrets to adjust UMC’s design rules for the memory in question. (CHENG TING-FANG and LAULY LI / Nikkei Asia)

Microsoft Warns That Threat Actors Are Still Exploiting Zerologon Vulnerability

Microsoft warned that threat actors are still exploiting the so-called Zerologon vulnerability affecting the Netlogon protocol (CVE-2020-1472), The patch or the flaw was issued in security updates on August 11, 2020. Zerologon is a critical flaw that enables attackers to elevate privileges to a domain admin, giving attackers full control to execute any command. Microsoft is urging all admins to apply the patch as soon as possible. (Sergiu Gatlan / Bleeping Computer)

Related: Microsoft

Maze Ransomware Gang is Shutting Down

Maze, one of the most prolific ransomware gangs which began operations in May 2019, is shutting down. Maze kicked into high gear in November 2019 after it stole unencrypted data from Allied Universal and threatened to release it unless the ransom was paid. The gang published a “Maze News” site that is used to make public non-paying victims' data and issue "press releases" for journalists who follow their activities. As part of the shut-down, Maze stopped encrypting new victims in September 2020 but is still trying to squeeze the last payments from victims. (Lawrence Abrams / Bleeping Computer)

Related: TechNadu

NVIDIA Issues Nine Patches, Including One for a Critical Bug That Could Give Attackers Remote Control

Chip and graphics processor unit maker NVIDIA issued nine patches, each fixing flaws in firmware used by DGX high-performance computing (HPC) systems. One patch is for a critical bug that could allow a remote attacker to take control of and access sensitive data on systems typically operated by governments and Fortune-100 companies. (Tom Spring / Threatpost)

Related: SecurityWeek, Nvidia

REvil Ransomware Gang Claims it Made More Than $100 Million in One Year

The REvil ransomware gang claims it made more than $100 million in one year by extorting large businesses across the world from various sectors, according to one REvil representative that uses the aliases “UNKN” and “Unknown” on cybercriminal forums. REvil runs a ransomware-as-a-service (RaaS) operation, with the developers taking 20% to 30% and the “affiliates” who launch the attacks keeping the rest. The operators of the service say they want to make $2 billion in total from their endeavor. (Ionut Ilascu / Bleeping Computer)

Related: Intel471

Jewish General Hosptial in Montreal Hit by Ransomless Cyberattack

The Jewish General Hospital and its sister institutions in Montreal are fighting a computer virus that the organizations say is not ransomware because no ransom has been demanded. This attack is taking place at a time when 400 hospitals in the U.S. are grappling with ransomware attacks. Separately, Montreal’s public transit authority and some police officers of the Sûreté du Québec were also targets of ransomware attacks. (Aaron Derfel / Montreal Gazette)

Social Networking App True Exposed User Data to the Internet in Secured Database

Privacy-oriented social networking app True, launched by Hello Mobile in 2017, left one of its databases exposed to the Internet without a password, leaving private user data accessible to anyone on the Internet. Data provided by BinaryEdge, a search engine for exposed databases and devices, suggest the data was exposed since at least early September. True has since taken the database offline (Zack Whittaker / TechCrunch)

Google One Customers Who Purchase $10 Per Month Service Get Virtual Private Network Functionality

Google is giving its $10 per month, 2TB Google One customers built-in virtual private network (VPN) functionality to the Google One app. Google One is a subscription service developed by Google that offers expanded cloud storage. Although built into Google One, the VPN can provide protection while using any other app on the users’ Android phone to protect online privacy. (Igor Bonifacic / Engadget)

Podcast of the Day

Although we rarely recommend podcasts produced solely by cybersecurity vendors, don’t miss out on the first part of this election hacking podcast produced by Malicious Life. It breaks down how a hack of Georgia’s election system could be a critical factor in swinging the election toward one candidate or the other. Photo by Jennifer Griffin on Unsplash