Denial of service attack sites shut, a Twitter spy is sentenced, and more.
Welcome to Cyber Security Today. It’s Friday, December 16, 2022.
Forty-eight criminal internet domains selling denial-of service-for-hire tools have been seized by the U.S. Justice Department. In addition, criminal charges have been laid against six people who allegedly oversaw what are called “booter” or “stressor” services. The FBI is in the process of seizing the websites. Denial of service attacks are aimed at shutting the internet sites of victim firms or governments. Sometimes it’s for blackmail and other times to distract IT departments from a hack going on elsewhere on the network.
A California judge has sentenced a former Twitter employee to three and a half years in prison for acting as an unregistered agent spying for Saudi Arabia. Prosecutors alleged the man was paid to get information on Twitter users who were dissidents and critics of the kingdom. One of the bribes: A Hublot watch, which the man valued at US$42,000 when offering it for sale on Craigslist. He also got another US$200,000, prosecutors said.
Social Blade, a data analytics tool used by companies to track social media activities, has been hacked. According to the Cybernews, the company says the attacker took advantage of a website vulnerability to get the user database. The data includes uses names, email addresses and hashed passwords.
Another big Australian firm has been hacked in the last couple of months. The latest is communications provider TPG Telecom, whose hosted Microsoft Exchange service was compromised. The service hosts email accounts of around 15,000 business users. Other recent targets Down Under were the Optus telecom service and the Medibank private healthcare service.
IT security teams who want to know more about a suspected Iranian-based cyber attack group can find it in a new column from Proofpoint. It calls the group TA453, although other researchers call it Charming Kitten, Phosphorous or APT42. Usually this group goes after academics, researchers, diplomats, dissidents, journalists and human rights workers with expertise in the Middle East. Attempts can start with weeks of benign email conversations before the victim is sent a message with a malicious link or document. One target was the press secretary of an American government official. This person was sent a suspicious message from the hacked email account of a reporter. Another target, an American-based academic, was emailed a complaint by a supposed woman alleging the academic was involved in an accident with her car and demanded she be contacted by email.
Attention Windows administrators and home users: If, for some reason, you haven’t installed the Windows security patches released in September, do it fast. Microsoft now says a vulnerability that was fixed then has been upgraded to critical after some new research by IBM. The problem is in an authentication protocol. If the hole isn’t closed an attacker could do nasty things.
Finally, another email or text phishing scam for stealing Facebook users’ passwords and personal information is going around. It starts with a familiar lure: An email message claiming your Facebook account features have been deactivated because the some posts allegedly have objectionable content. If you don’t log in using the supplied link and file an appeal your account will be terminated. According to researchers at Trustwave, the new twist is that the link goes to an actual Facebook post that looks like a Facebook support page. It’s a fake. So is the page to file your appeal. So is the page requesting your two-factor authentication code. Any information the victim fills in the appeal page — your name, email address, phone number, Facebook page name — goes to crooks. Never click on a link in any email or text message you get that takes you to a login page. If you’re worried about any warning message, go to the website of the service the way you normally do — either by typing the name yourself or using your password manager. One tip: Beware of messages that start, “Dear user.”
That’s it for now. However, later today the Week in Review edition will be out. Guest commentator David Shipley and I will talk about the hack of an FBI database of contacts, cyber war and problems with session cookies.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.