DoJ seizes PopeyeTools, IGT suffers cyberattack, Windows update blocked
Subscribe to Cyber Security Headlines podcast
Spotify, Apple Podcasts, RSS link, add as an Alexa Skill, or search "Cyber Security Headlines" on your favorite podcast app.
In today’s cybersecurity news…
DoJ seizes credit card marketplace PopeyeTools
The dark web marketplace that specialized in selling stolen credit cards long with cybercrime tools, and which has been in business 2016 was taken down by agents of the Department of Justice last week with three of its key operators now facing fraud-related charges, and the websites and hosting services seized. According to court documents, the PopeyeTools marketplace offered services such as “unauthorized payment card data and PII for cards that were marketed as ‘live’ as well as logs of stolen bank account information, email spam lists, scam pages, and guides and tutorials.”
Gambling giant IGT suffers cyberattack
The London-headquartered manufacturer of slot machines and other gambling technologies for casinos and other gambling enterprises worldwide, detected the attack on Sunday, November 17, and took some systems off line in response. The full scope of the attack has not yet been determined, however observers say their response is indicative of a ransomware attack.
Windows update blocked on PCs that have Assassin’s Creed or Star Wars Outlaws
This block of the Windows 11 24H2 update relates to the aforementioned games as well as Avatar: Frontiers of Pandora, all of which are developed by Ubisoft, and which are suffering crashes, freezing, or audio issues after receiving the Windows update. Gamers are advised to end the frozen process through the Task Manager, but to not manually update the operating system until the issue is resolved.
领英推荐
Microsoft seizes websites tied to Egypt-based DIY phishing kit-maker
Another illicit website seizure last week: Microsoft obtained a court order that allowed it to seize 240 websites allegedly belonging to an Egypt-based seller of do-it-yourself phishing kits, which included tools for bypassing multifactor authentication. The kit-maker is known online as MRxC0DER and sold the kits under the brand name ONNX. ONNX is a trademarked name owned by the Linux Foundation, and Linux acted as a co-plaintiff in the civil court order that led to the seizure.
Thanks to today’s episode sponsor, ThreatLocker
North Korean front companies impersonate U.S. IT firms for military funding
According to researchers at SentinelOne, as well as a report form Palo Alto Networks, threat actors connected to North Korea continue to impersonate U.S.-based software and technology consulting businesses. In a global campaign, which Palo Alto Networks Unit 42 is tracking as Wagemole, the actors use forged identities to get hired obtain employment at companies in the U.S. and elsewhere, sending most of their salary back to their home country. This most recent chapter in this ongoing story identifies some front companies by name, analyzed by SentinelOne, which were “all registered through NameCheap and claimed to be development outsourcing, consulting, and software businesses, while copying their content from legitimate companies.” The list is available in the show notes to this episode.
UK drinking water supplies disrupted by record number of undisclosed cyber incidents
Following up on our discussion on last Friday’s Week In Review show, dealing with the vulnerability of drinking water facilities and infrastructure in general, two stories of interest: first, according to Recorded Future News, there have been more incidents reported this year than ever before, with transport and drinking water sectors the most impacted. This includes “at least six incidents affecting drinking water infrastructure, according to data collected by Recorded Future News using the Freedom of Information (FOI) Act. In previous years there were no more than two.” These six incidents were reported to the UK government’s Department for Environment, Food, and Rural Affairs between January 1 and October 21 of this year, and they refer to either a cyberattack or operational failure that “directly impacts on the production and delivery of wholesome water, irrespective of whether or not customers are directly affected.”
Volunteer DEFCON hackers take on U.S. water infrastructure concerns
The Franklin project, launched at this year’s DEFCON, is intended to employ the skills of top hackers to “not only … strengthen U.S. resilience to online attacks, but also to chronicle what is being done in a yearly Hacker’s Almanack so that others can learn essential skills. The program is partnered with the Harris School of Public Policy’s Cyber Policy Initiative at the University of Chicago, as well as the National Rural Water Association (NRWA). Together they are using the coders’ talents to investigate water companies in Utah, Vermont, Indiana, and Oregon, to fix any issues they find, and then pass the knowledge on.