Wait Til You Get to the Part Where Trump Pushes a Woman Through a Meat Grinder…

KrebsOnSecurity has seen some creative yet truly bizarre ads for dodgy services in the cybercrime underground, but the following animated advertisement for a popular credit card fraud shop likely takes the cake.

The name of this particular card shop won’t be mentioned here, and its various domain names featured in the video have been pixelated so as not to further promote the online store in question.

But points for knowing your customers, and understanding how to push emotional buttons among a clientele that mostly views America’s financial system as one giant ATM that never seems to run out of cash.

Brian Krebs on a truly over-the-top advertisement for a Russian credit card shop on the dark web.

8 hours ago

Hacking Group ‘0v1ru$’ Breached a Contractor for Russia’s FSB Stealing 7.5TB of Data and Exposing Top Projects Including Effort to Deanonymize Tor Traffic

On July 13, a group of hackers known as 0v1ru$ breached SyTech, a contractor for Russia’s national intelligence service FSB, stealing information about internal projects the company was working on behalf of the agency. The group hacked into SyTech’s Active Directory server from where they gained access to the company’s entire IT network, including a JIRA instance, stealing 7.5TB of data from the contractor’s network, and defacing the company’s website with a “yoba face,” an emoji popular with Russian users that stands for “trolling.” The group shared the stolen data with Digital Revolution, another hacking group who last year breached Quantum, another FSB contractor. Digital Revolution shared the stolen files in greater detail on their Twitter account and with Russian journalists. Two of the notable projects that were exposed in the breach are Nautilus-S, one for deanonymizing Tor traffic, and Hope, one which analyzed the structure and make-up of the Russian segment of the internet. SyTech has taken down its website since the hack and refused media inquiries. (ZDNet)
1 day ago

ODNI Director Coats Names Experienced Government Official Shelby Pierson to New Election Security Position

In a sign that security vulnerabilities and influence operations are now a permanent fixture of U.S. elections, Director of National Intelligence Dan Coats announced that experienced government official Shelby Pierson will oversee election security intelligence across the government in a newly created senior position. Pierson, who worked on intelligence issues surrounding the 2018 midterm elections, will cover both potential attacks on voting infrastructure and influence campaigns. Coats said that Pierson’s appointment will help intelligence agencies direct resources to election security and “bring the strongest level of support to this critical issue.” Coats also said he was ordering all of the intelligence agencies with a role in election security to appoint a senior official to oversee issues of foreign influence and infrastructure attacks. The officials will form an Election Executive and Leadership Board to ensure intelligence agencies are properly focused on voting security issues. (New York Times)
1 day ago

Cisco Systems in Talks to Buy Web Application Cybersecurity Startup Signal Sciences, Sources

In the latest sign of  Cisco System’s interest in the cybersecurity sector, the tech giant is in talks to buy cybersecurity startup Signal Sciences, which develops software that protects applications running in private data centers and on cloud providers from attacks, according to several people familiar with the talks. The five-year-old Signal Sciences has raised $61.7 million so far and counts among its customers Adobe, WeWork, Etsy, and Yelp. It has raised $61.7 million in four rounds, The deal could help Cisco compete more effectively against rivals Palo Alto Networks and Fortinet while also helping its push into subscription services and recurring revenue streams. (The Information)
1 day ago

Hackers Publish List of Around 2,500 Email Addresses, Passwords Purportedly Phished From Discord Users

Earlier this week a group of hackers published a list of about 2,500 email addresses and passwords they say they phished from users of gaming chat platform Discord. The hackers posted a database of the allegedly phished credentials, split into multiple sections of those that work and those that don’t. Some of the invalid login details were likely from people who were trying to provide the hackers with garbage data. (Motherboard)
1 day ago

Scotland Yard’s Twitter Account, Official Email Address Hacked Via Breach of Outside Press Bureau to Send Series of Bizarre Messages

Scotland Yard’s principal Twitter account, which has more than 1.2 million followers, tweeted a series of bizarre messages on Friday night after becoming “subject to unauthorized access.” Many of the dozen unauthorized tweets, some of which referred to the British rapper Digga D, were also repeated in press releases emailed out to journalists from the force’s official email address.  Scotland Yard said it believed the “security issue” related solely to the external service the Met’s press bureau uses to issue news releases. The Met’s MyNewsDesk service automatically spreads content to the Met’s website and Twitter account once it is published, as well as sending corresponding emails to subscribers. Scotland Yard emphasized that there has been no ‘hack’ of the Met police’s own IT infrastructure. (The Guardian)
1 day ago

Equifax Nearing Deal With FTC, CFPB and State Attorneys Generals to Pay $700 Million to Settle Data Breach Probes, Report

Credit reporting company Equifax is close to a deal with the Federal Trade Commission, the Consumer Financial Protection Bureau and most state attorneys general to pay around $700 million to settle data breach probes with U.S. regulators and states over a 2017 data breach that exposed the sensitive personal and financial details of nearly 150 million people. The settlement, which could be changed depending on the number of claims eventually filed by consumers, could be announced as early as Monday. (Wall Street Journal)
2 days ago

Former Contractor Harold T. Martin III Sentenced to Nine Years for Amassing a Trove of Highly Classified NSA Documents

Troubled former National Security Agency contractor Harold T. Martin III,  has been sentenced to nine years for amassing a trove of highly classified NSA documents at his home in Glen Burnie, Maryland. Reported by his attorney to have autism spectrum disorder which led to a kind of hoarding of the documents, Martin had once been suspected of passing secrets on to foreign countries or being the source of the infamous Shadow Brokers leak of NSA hacking tools, but prosecutors ultimately came to believe he was not behind any malicious leaks. (New York Times)
2 days ago

Kazakhstan Starts Intercepting All HTTPS Internet Traffic By Forcing ISPs and Users to Install Government-Issued Certificates

In a move it claims protects citizens from hackers and cyber threats, the Kazakhstan government has started intercepting all HTTPS internet traffic inside its borders and local ISPs have been instructed to force their respective users into installing a government-issued certificate on all devices, and in every browser. That certificate allows local government agencies to decrypt users’ HTTPS traffic, look at its content, encrypt it again with their certificate, and send it to its destination. Following a statement by the Kazakh Ministry of Digital Development, Innovation and Aerospace, users from all across the country reported being blocked from accessing the internet until they installed the government’s certificate. (ZDNet)
2 days ago

Google Ups Its Chrome Bug Bounty Payments, Doubling Reward for Critical Security Vulnerabilities to $30,000

After nine years and 8,500 security bug reports, Google has increased the value of the rewards for security vulnerabilities submitted through its Chrome Vulnerability Rewards Program, with the maximum baseline reward tripled to $15,000 and the ceiling for high-quality reports for valid security vulnerabilities doubled to $30,000. The rewards are for valid bugs that can escape the built-in isolated containers, vulnerabilities affecting the firmware (processor, embedded controller, and H1), flaws that can defeat the verified boot mechanism and lead to persistence, and issues in the lock screen that can be exploited to circumvent it. (Bleeping Computer)
2 days ago

Spyware Company NSO Group Tells Prospective Clients It Can Scrape Users’ Data from Servers of Apple, Google, Facebook, Amazon, and Microsoft, Report

Notorious Israeli spyware company NSO Group, whose flagship malware Pegasus has been used by authoritarian regimes to spy on smartphones, has told buyers its technology can surreptitiously scrape all of an individual’s data from the servers of Apple, Google, Facebook, Amazon, and Microsoft, according to sources familiar with the company’s sales pitch. Pegasus has evolved to capture ever greater amounts of information, including a target’s location data, archived messages or photos, according to people who shared documents with the Financial Times and described a recent product demonstration for the government of Uganda. The new capabilities are said to copy the authentication keys of services such as Google Drive, Facebook Messenger and iCloud, among others, from an infected phone, allowing a separate server to then impersonate the phone, including its location, giving open-ended access to the cloud storage of those apps without “prompting 2-step verification or warning email on target device,” according to the demonstration. Amazon, Facebook, and Microsoft say they have no evidence of Pegasus access to their cloud files but say they are investigating. Google has not responded. (Financial Times)
2 days ago

BlackBerry Cylance’s Machine-Learning PROTECT Detection System Can Be Subverted to Falsely Tag Malware as ‘Goodware’

In what may be the first proven global attack on the machine learning mechanism of a security company, BlackBerry Cylance’s artificial intelligence engine in its endpoint PROTECT detection system can be subverted to cause it to falsely tag already known malware as “goodware,” researchers at Skylight Cyber report. The researchers developed a “global bypass” method that works with almost any malware to fool the Cylance engine by taking strings from a non-malicious file and appending them to a malicious one, tricking the system into thinking the malicious file is benign. The method works because Cylance’s machine-learning algorithm has a bias toward the benign file that causes it to ignore any malicious code and features in a malicious file if it also sees strings from the benign file attached to a malicious file. (Vice)
2 days ago

CrowdStrike’s Revenues More Than Doubled Year-over-Year According to First Post-IPO Quarterly Earnings Report

Cybersecurity leader CrowdStrike issued its first quarterly earnings report following its IPO posting revenues of $96.1 million on GAAP net losses of $26 million in the first quarter of fiscal year 2020, a strong start that boosted the company’s stock price by 2.5% at the close of trading Thursday, reaching $82 per share in after-hours trading, more than double its IPO price of $35. Year-over-year Crowdstrike’s revenue shot up 103 %, with subscription revenue increasing 116% increase to $86 million. (TechCrunch)
2 days ago

Chinese APT Group Ke3chang Is Targeting Diplomats and Government Offices in Europe, Central and South America With New Backdoor Okrum

An elusive advanced persistent threat (APT) group thought to be operating out of China and known as Ke3chang, but also known as Vixen Panda, Royal APT, Playful Dragon, and APT15, is using a previously unreported backdoor, dubbed Okrum, in a malware campaign targeting diplomats and government departments around the world, researchers at ESET report. The group is using an updated version of their Ketrican malware alongside the backdoor to target diplomatic bodies and other government institutions in countries across Europe and Central and South America. Okrum can provide itself will full administrator privileges and collects information about the infected machine, such as computer name, username, host IP address and what operating system is installed. (ZDNet)
2 days ago

Almost All Porn Sites Send Users’ Data to Third-Party Web Trackers, Google Has Trackers on Three-Quarters of All Porn Sites, Researchers

Trackers from tech companies Google and Facebook are logging users’ most personal browsing details, according to a forthcoming New Media & Society paper by a group of researchers from Microsoft, the University of Pennsylvania and Carnegie Mellon University. The researchers scanned 22,484 pornography websites and found that 93% of them sent data to an average of seven third-party domains, mostly via tracking cookies from outside companies.  Google (or one of its subsidiary companies such as the advertising platform DoubleClick) had trackers on 74 percent of the pornography sites, while Oracle showed up on 24% of the sites and Facebook appeared on 10% of the sites. Only 17 percent of the 22,484 sites scanned were encrypted, suggesting that troves of user data could be vulnerable to hacking or breaches. (New York Times)
3 days ago

Slack Resets Passwords for 100,000 Users Who Were Affected by 2015 Data Breach

Cloud-based team collaboration service Slack said it is resetting passwords for 1% of its 10 million user base, or roughly 100,000 users, in a move that is related to the company’s March 2015 security breach. Back then Slack reset all the users it believed were affected by the breach. Now the company says it has received a batch of user credentials from its bug bounty program that it believes were overlooked in the aftermath of the 2015 breach. Slack says it has no reason to believe these newly discovered credentials had been misused. (ZDNet)