Your weekly top 5 technical and security issues Nerds should pay attention to:
Emotet Returns After Five Month Hiatus.
Known as a versatile and widely disruptive threat, early versions of Emotet had a module that was used to commit banking fraud, and for years, the malware was widely classified as a banking Trojan. Just another reminder that defending against this threat requires defense in depth.
More than 160 days after the last observed Emotet delivery via email, Proofpoint researchers have confirmed its return. Known as a versatile and widely disruptive threat, early versions of Emotet had a module that was used to commit banking fraud, and for years, the malware was widely classified as a banking Trojan. However, later versions of Emotet no longer loaded its own banking module, and instead loaded third party banking malware. More recently, we have observed Emotet delivering third-party payloads such as Qbot, The Trick, IcedID, and Gootkit. Additionally, Emotet loads its modules for spamming, credential stealing, email harvesting, and spreading on local networks.
VPN firm that claims zero logs policy leaks 20 million user logs.
They “don’t keep any logs”, just accidentally leak them? This is just one more reason to consider running your own company VPN server.
Perhaps, the most ironic moments in the cybersecurity world occur when those who promise to protect your online privacy cannot guard their own turf. We’ve seen this happen from time to time with security firms getting hacked themselves.
Another similar case has emerged recently when the database of a Hong Kong-based VPN provider called UFO VPN was exposed with more than 20 million users logs.
Discovered by researchers from Comparitech on July 1st, 2020; the exposure occurred due to the database hosted on an Elasticsearch cluster being left without any password.
Mozilla suspends Firefox Send service while it addresses malware abuse.
In hindsight it makes sense that cyber criminals would utilize such an elegant free service in a malicious way.
Mozilla has temporarily suspended the Firefox Send file-sharing service as the organization investigates reports of abuse from malware operators and while it adds a “Report abuse” button.
The browser maker took down the service today after ZDNet reached out to inquire about Firefox Send’s increasing prevalence in current malware operations.
How to steal USD$120,000 in 30 minutes.
Don’t do this at home. Socially-engineered Twitter staff gave hackers access to internal systems. That’s how Bitcoin scams were posted on popular twitter accounts and some followers of the compromised accounts fell for it.
Hackers gained access to the Twitter accounts of Bill Gates, Elon Musk, Jeff Bezos and many others Wednesday afternoon in an apparent cryptocurrency giveaway scam. Other accounts including Barack Obama, Joe Biden, Apple, Uber, and Square’s CashApp were also hacked.
Inside America’s secretive $2B research hub, collecting fingerprints from Facebook, hacking smartwatches, and fighting COVID-19.
From the top of the CVE (Common Vulnerabilities and Exposures) authority to collection of fingerprints from social media, this is worth the full read about Mitre.
Whether it’s an invisible Aston Martin or an exploding pen, whenever James Bond needs a high-tech edge, he heads right for Q and his secretive MI6 lab. In the real world, American agents often rely on a less clandestine, but far better-funded group. Armed with 8,000 employees and an annual budget of between $1 billion and $2 billion of taxpayers’ money, Mitre Corp., a government-linked Skunk Works, has been making bleeding-edge breakthroughs for U.S. agencies for more than six decades. With its HQ housed in four towers atop a hill in McLean, Virginia, Mitre’s research centers employ some of the nation’s leading computer scientists and engineers to build digital tools for America’s top military, security and intelligence organizations.