The arrest of a teen in the U.K. may be tied to Uber and other hacks, a huge credit card scam revealed, and more.
Welcome to Cyber Security Today. It’s Monday, September 26th, 2022. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.
News reports are linking the arrest in England of a 17-year-old on suspicion of hacking to the recent data breaches at Uber and Rockstar Games. The Hacker News says both attacks are alleged to have been committed by the same threat actor. It quotes researchers at Flashpoint saying a threat actor using the name ‘teapotuberhacker’ claimed on a forum to have hacked and stolen code from Rockstar, creator of the game Grand Theft Auto. That person’s real name was outed on an online illicit forum, claiming the person hacked Rockstar and Uber, and is a member of the Lapsus$ extortion gang. It isn’t clear what the truth is. As Flashpoint notes, dark web communities often make false claims against each other.
Holes in a firewall from Sophos and in ManageEngine products from Zoho have been added to the U.S. government’s list of known exploited vulnerabilities that need to be patched. Sophos Firewall has a code injection vulnerability in the user portal and Webadmin sections. The problems with Zoho products are in Manage Engine PAM360, Password Manager Pro and Access Manager Plus. Maintained by the U.S. Cybersecurity and Infrastructure Security Agency, the list tells U.S. federal departments what bugs have to be patched quickly. Busineses can also take a cue from what’s listed.
The Internet Systems Consortium is urging developers and network administrators with products that use the BIND DNS software to install the latest updates. This comes after the discovery of four high-severity vulnerabilities in BIND 9. A remote attacker could exploit these vulnerabilities to potentially cause denial-of-service conditions. BIND is an open source component for managing DNS servers
Servers running Microsoft SQL databases continue to face attacks. The latest campaign is spreading the Fargo strain of ransomware, according to researchers at South Korea’s AhnLab. Their report doesn’t specify how the servers are compromised. But it does say SQL Server is typically hit through poor passwords, poor password management and servers that aren’t fully patched.
A criminal gang has been using stolen credit card information on some 200 fake dating and adult websites they created since 2019 to steal tens of millions of dollars, says a new report. As part of the scam the crooks also create associated support sites for cashing in. The revelation comes from researchers at ReasonLabs. The victims are mostly Americans who get charged for services they didn’t order such as website memberships. One big problem is payment card processors are giving the sites the ability to process credit and debit cards. If enough victims dispute their charge the ability of a site to process transactions may be revoked. But the gang apparently can either drop that website or find another payment processor. Payment processors apparently can’t figure out that dozens of websites are run by the same gang. It’s another reason why consumers have to always check their monthly credit and debit card statements for unexpected charges, no matter how small.
Finally, two U.S. Senators have introduced bipartisan legislation aimed at strengthening the security of open source software used by the federal government. The law would direct the U.S. Cybersecurity and Infrastructure Security Agency to develop a framework to evaluate how open source code is used in government projects. This comes in the wake of the discovery of the log4j2 vulnerability in a wide range of applications. The proposed legislation has sparked debate the IT community. On one forum the proposal has been denounced as an attempt to discourage government departments from using open-source software. Others say open source components also are common in proprietary software, so some sort of oversight is needed. Others argue the issue is the ease of buying support from commercial application developers compared to open source creators. The issue may be moot: Congress will dissolve at the end of the year after the mid-term election so unless it’s passed before the bill will have to be re-introduced next year.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.