Top News

Grid List

The information technology office supporting the Texas judicial system was hit by a ransomware attack that took down websites and interrupted legal proceedings. 

The Office of Court Administration (OCA), which provides IT support to the appellate courts and state judicial agencies within the Texas Judicial Branch, announced Monday that it had tracked and stopped a ransomware attack from spreading that locked up websites for key Texas judicial organizations. 

All Texas courts' websites were taken offline by the attack, including the website of the Texas Supreme Court, which was forced to issue opinions through Dropbox on Friday. The attack did not impact emails for the court system. 

The OCA said in a statement that, as of Monday, there was no evidence that any sensitive information was compromised by the hack and that online networks used by trial courts during the COVID-19 pandemic were unaffected. 

The agency said it was working with law enforcement, including the Texas Department of Information Resources, to investigate the attack and vowed not to pay the ransom demanded by the attackers. The OCA’s website was knocked offline, and the agency has established a separate temporary site. 

“Work continues to bring all judicial branch resources and entities back online,” the OCA wrote in its statement. The OCA credited the movement of many judicial branch resources to the cloud in recent years for limiting the impact of the ransomware attack.

Ransomware attacks involve hackers accessing a system, encrypting it and then demanding funds from the victim to  access their systems again. These types of cyberattacks have been increasingly widespread over the last year. The city governments of Atlanta, Baltimore and New Orleans have been crippled in the past, along with school districts, libraries and other government entities. 

Almost two dozen small towns and other entities in Texas were hit by a coordinated ransomware attack in August. According to the mayor of one of the towns, the hackers demanded $2.5 million to unlock the systems.

 

 

KnowBe4 partners with the Center for Cyber Safety and Education to bolster women in cybersecurity. KnowBe4 to Offer $10,000 Women in Cybersecurity Scholarship and Summer 2020 Internship.

  • BEC scammers impersonate CEOs of targeted companies and request an aging report and clients’ email addresses from employees.
  • In this way, the scammers will obtain a company’s customer names, outstanding balances, and contact information.

Facebook must pay a record-breaking $5 billion fine as part of a settlement with the Federal Trade Commission, by far the largest penalty ever imposed on a company for violating consumers' privacy rights.

  • The vulnerability tracked as CVE-2019-1579 impacts all companies that use the GlobalProtect software, including the ride-sharing platform Uber.
  • The impacted versions include PAN-OS 7.1.18, PAN-OS 8.0.11, and PAN-OS 8.1.2.

FireEye researchers identified a phishing campaign conducted by the cyberespionage group APT34 masquerading as a member of Cambridge University to gain their victim’s trust to open malicious documents. 

Ad injection and other "man-in-the-middle" techniques will have a tougher time installing themselves onto PCs.

44 per cent of Internet users admit having shared their passwords or stored them in visible places.

Frankly, I'm surprised. Is it the revelation that Juniper had "unauthorized code" in their Netscreen product? Is it that a third party could reportedly remotely access these systems? Is it that VPN traffic could be decrypted?

I'm seeing in the news today that a subset of Twitter users have been receiving notifications that they may well be the targets of surveillance by nation state actors. Step one, let's all take a deep breath.

A group of computer scientists at the Massachusetts Institute of Technology has developed the most secure SMS text messaging system.

Tens of millions of users would be unable to access HTTPS websites that only use SHA-2-signed certificates, Facebook and Cloudflare have warned
Millions of Web users could be left unable to access websites over the HTTPS protocol if those websites only use digital certificates signed with the SHA-2 hashing algorithm.

A security researcher collected in a span of a few weeks over 1,000 domains infected with payment card skimmers, showing that the MageCart continues to be a prevalent threat that preys on insecure webshops.

MageCart was first spotted over a decade ago by cybersecurity company RiskIQ but attacks have grown rampant over the past two years when big-name companies were hit - British Airways, Ticketmaster, OXONewegg.

Since then, automated systems tuned specifically to detect this type of threat found hundreds of thousands of websites that on checkout pages malicious JavaScript designed to steal card data from shoppers.

200 alerts sent, no reply

Using freely available tools and some elbow grease, security researcher Max Kersten was able to compile a list of 1,236 domains that were hit by a web skimmer hosted on an external domain.

He started with one domain that hosted a skimmer and the Urlscan.io website scanning service. This allowed searching for a time when the skimmer domain changed in the infection chain.

Most of the domains included in the research are already available from other sources, since this one-man effort took some time to reach a conclusion.

Kersten says that his goal is to add to those publicly available resources from companies (RiskIQ, Sansec, Group-IB, Malwarebytes, Trustwave) and other researchers (Willem de Groot, Jérôme Segura, Affable Kraut, Jacob Pimental, and Mikhail Kasimov) on domains hosting JavaScript code for stealing payment card info.

Although the data is about two to three weeks old, the researcher believes the results should be roughly the same at this time. The fact that he received no reply to the 200 notifications he sent to website owners or administrators adds to this speculation.

In the list he provides, the latest detection date for some domains is from 2018. This could mean that they are no longer infected or were no longer checked through URLio.

The endeavor to email all 1,236 companies was stopped by Google’s spam detection since Kersten’s messages were exactly the same, save for the affected domain name and the skimmer detection timestamp.

Main suspect: MageCart Group 12

The methodology used for this research is in no way tracking all MageCart infections but shows that independent work can uncover a pretty large number of affected online stores.

Kersten found affected domains by using a scanner he made to parse and store results from Urlscan.io’s API and several rules that detected the malicious JavaScript. He then removed incorrect and double entries and subdomains that would have affected the final set of unique domains.

For the most part, the results from this effort track partial activity from MageCart Group 12, which is considered a more advanced threat actor in the web skimming business.

Kersten told BleepingComputer that the confidence level in attributing infections to this group increases proportionally to the freshness of the detection date.

In a report published on his blog, the researcher says that 70% of the online stores compromised in a MageCart attack could be pinged when he checked if they were reachable.

This only indicates that they’re no longer feeding cybercriminals with credit card info but shoppers were affected at one point.

Also, some of them were still under development, as indicated by the generic Lorem Ipsum placeholder text in “about” pages. Despite this, they did engage in commercial activity.

Most affected shops are in the U.S.

As for the categories of products sold on compromised websites and geographical regions, the researcher spent five evenings to check them manually.

Food-related shops, services, adult items, and miscellaneous products are the main categories, along with an “unknown” segment that stands for shops that were not accessible or found in other sources.

Based on Kersten’s research, the country with the most shops impacted by MageCart is the U.S., while individual countries in Europe seem to be the least affected, as the U.K. is in the lead with just 68 shops:

  1. US (303)
  2. Unknown (280)
  3. IN (79)
  4. UK (68)
  5. DE (50)
  6. AU (47)
  7. BR (46)
  8. FR (34)
  9. IT (31)
  10. NL (28)
  11. CA (23)
  12. ES (19)

The researcher provides in his post the full list of domains where a credit card skimmer was detected. Payment info of those that shopped on those sites between the provided time interval is likely compromised. If the card has not expired, it would be a good idea to check for account balance inconsistencies and ask the issuing bank for a new one.

 

 

A vital part of the Commodity Futures Trading Commission’s Data Protection Initiative has been completed, CFTC Commissioner Dawn Stump announced this week.

Cryptographic key reuse is rampart in European payment terminals, allowing attackers to compromise them en masse.

Security firm Zscaler discovered a malicious campaign based on a new strain of the Spy Banker banking malware.

FireEye says it has discovered a type of malware designed to steal payment card data that can be very difficult to detect and remove.
The cybercriminal group behind the malware, which FireEye nicknamed "FIN1," is suspected of being in Russia and has been known to target financial institutions.

The malware, which FIN1 calls Nemesis, infected an organization that processes financial transactions, which FireEye did not identify.

A criminal named Hacker Buba after asking UAE bank for $3 million ransom started leaking customer data online.

Like us on Facebook

Free CISSP Practice Exams

 

Post your events Free

post your security events at cissp.com free