Joe Warminsky – Page 11 – WindowsTechs.com

Monero scam was at the center of Trump campaign website defacement

Posted on October 28, 2020 by Joe Warminsky

The brief defacement of President Trump’s campaign website Tuesday night serves as another reminder that when cybercriminals want to cast a wide net for a scam, U.S. politics present plenty of opportunities — especially in the final days of a highly fraught election season. The front page of the site was replaced with a message claiming that hackers had compromised “multiple devices” and stolen “strictly classified information” — claims that the Trump campaign rejected. There was a call to action, too: Visitors had the choice to “vote” on whether the material should be made public, by sending the cryptocurrency Monero to online wallets marked “yes” or “no.” Any payments to those accounts would be irreversible. It’s hardly the first time this year that scammers have used Trump’s name to reel people in. Most recently, the Republican president’s COVID-19 diagnosis was a lure; other schemes have involved naming fake ransomware after Trump. Democratic presidential nominee Joe Biden and […]

The post Monero scam was at the center of Trump campaign website defacement appeared first on CyberScoop.

Continue reading Monero scam was at the center of Trump campaign website defacement→

Zoom credits Keybase acquisition with quick turnaround on end-to-end encryption

Posted on October 27, 2020 by Joe Warminsky

Zoom says a key deal earlier this year helped it globally implement an important security feature at a time when the videoconferencing app became a household word. The company said Monday that it was officially rolling out end-to-end encryption (E2EE) for all free and paid users, and it credited the acquisition of messaging and file-sharing service Keybase as a crucial decision toward that milestone. “This has been a highly requested feature from our customers, and we’re excited to make this a reality,” Jason Lee, Zoom’s chief information security officer, said in a statement. “Kudos to our encryption team who joined us from Keybase in May and developed this impressive security feature within just six months.” Zoom announced the upgrade a couple of weeks ago, but said it was live as of Monday for Windows, macOS and Android users. Approval for the feature on iOS was awaiting approval from Apple’s App […]

The post Zoom credits Keybase acquisition with quick turnaround on end-to-end encryption appeared first on CyberScoop.

Continue reading Zoom credits Keybase acquisition with quick turnaround on end-to-end encryption→

Data breach at Finnish psychotherapy center takes a darker turn with extortion attempts

Posted on October 26, 2020 by Joe Warminsky

The response to a data breach at a prominent Finnish psychotherapy practice intensified over the weekend after cybercriminals reportedly posted batches of patient information on the dark web and claimed that individual people could protect their data by directly paying a ransom. The breach at Vastaamo, which has locations throughout Finland, prompted an emergency meeting of the country’s Cabinet on Sunday. The company said the incident happened as early as November 2018. Local news reports say the attackers didn’t contact Vastaamo with any demands until September of this year. Neither the company nor Finnish investigators have released many details about the nature of the breach, but reports say the attackers initially sought a payment of about 450,000 euros to protect about 40,000 patient records. The company reportedly did not pay up. Given the scale of the attack and the sensitive nature of the stolen data, the case has become a […]

The post Data breach at Finnish psychotherapy center takes a darker turn with extortion attempts appeared first on CyberScoop.

Continue reading Data breach at Finnish psychotherapy center takes a darker turn with extortion attempts→

Operator of bitcoin ‘mixers’ that served dark web markets faces $60 million FinCEN penalty

Posted on October 20, 2020 by Joe Warminsky

The operator of two “mixer” or “tumbler” services that exchanged cryptocurrency for users on “the darkest spaces of the internet” is facing $60 million in civil penalties from the U.S. Treasury’s Financial Crimes Enforcement Network (FinCEN). The decision against Larry Dean Harmon, who operated the services known as Helix from 2014-17 and Coin Ninja from 2017-20, is the first of its kind from FinCEN against a bitcoin mixer. The agency said he failed to register both as money services businesses and violated federal obligations “to develop, implement, and maintain an anti-money laundering compliance program; and to meet all applicable reporting and recordkeeping requirements.” More specifically, Harmon failed to file suspicious activity reports for transactions within dark web markets, as required by the Bank Secrecy Act. “Mr. Harmon operated Helix as a bitcoin mixer, or tumbler, and advertised its services in the darkest spaces of the internet as a way for […]

The post Operator of bitcoin ‘mixers’ that served dark web markets faces $60 million FinCEN penalty appeared first on CyberScoop.

Continue reading Operator of bitcoin ‘mixers’ that served dark web markets faces $60 million FinCEN penalty→

Alexander Vinnik heads to trial in France on ransomware, money laundering charges

Posted on October 19, 2020 by Joe Warminsky

Accused Russian cybercriminal Alexander Vinnik’s legal odyssey continues Monday in Paris, where he faces trial on charges of extortion, money laundering and involvement in organized crime. It’s the latest milestone in a case that spans multiple countries: Vinnik was arrested in 2017 in Greece, which extradited him to France this year with the understanding that he was also wanted in the U.S. and Russia. French and U.S. prosecutors allege Vinnik helped create the infamous Locky ransomware and then launder the resulting bitcoin ransom payments through the BTC-e cryptocurrency exchange. French prosecutors are focusing on $157 million that the alleged scheme captured from French organizations. The U.S. Department of Justice says he laundered about $4 billion while running BTC-e, which also allegedly provided services to other scams. In Russia, he faces smaller-scale charges of fraud. Vinnik’s arrival in France in January followed a nearly two-year battle over where Greek authorities would send the 41-year-old, who […]

The post Alexander Vinnik heads to trial in France on ransomware, money laundering charges appeared first on CyberScoop.

Continue reading Alexander Vinnik heads to trial in France on ransomware, money laundering charges→

Negligent data center shutdowns bring $60 million fine for Morgan Stanley

Posted on October 9, 2020 by Joe Warminsky

Investment bank Morgan Stanley is paying a $60 million fine to the U.S. government for mishandling the decommissioning of two data centers in 2016, and potentially exposing customer information. The bank reported the problem to wealth management customers this summer, saying that pieces of hardware from the facilities still had some customer data on them after they reached a recycler. In 2019, a similar situation arose during the decommissioning of network devices that stored customer data, according to Office of the Comptroller of the Currency, the Treasury Department agency that announced the fine Thursday. The case is a reminder that potential data breaches come in many forms beyond the usual concepts of cybercriminals hacking into networks to or using business email compromise to trick employees. In both cases at Morgan Stanley, the bank “failed to adequately assess the risk of subcontracting the decommissioning work, including exercising adequate due diligence in […]

The post Negligent data center shutdowns bring $60 million fine for Morgan Stanley appeared first on CyberScoop.

Continue reading Negligent data center shutdowns bring $60 million fine for Morgan Stanley→

Takedown of 92 Iran-owned domains includes 4 used for disinformation in US, feds say

Posted on October 8, 2020 by Joe Warminsky

The U.S. government says it seized 92 internet domains used “to spread pro-Iranian disinformation around the globe,” including four that directly targeted U.S. audiences. Iran’s Islamic Revolutionary Guard Corps operated the domains in violation of U.S. sanctions, according to a Justice Department announcement Wednesday. The department said the operation was based on intelligence provide by Google, and was a collaborative effort between the FBI and Google, Facebook and Twitter. The other 88 domains “targeted audiences in Western Europe, the Middle East, and South East Asia and masqueraded as genuine news outlets,” the department said. The feds claimed jurisdiction over all 92 domains because the government of Iran and the IRGC ran them through “website and domain services in the United States without a license from OFAC,” the Treasury’s Office of Foreign Assets Control. The announcement is the latest in a steady stream of news about attempts by U.S. agencies or Silicon Valley giants to monitor […]

The post Takedown of 92 Iran-owned domains includes 4 used for disinformation in US, feds say appeared first on CyberScoop.

Continue reading Takedown of 92 Iran-owned domains includes 4 used for disinformation in US, feds say→

Dark web markets continue to evolve after big takedowns, Europol says

Posted on October 6, 2020 by Joe Warminsky

The past year has been a transition period for dark web markets, as the illicit e-commerce hubs have been forced to adapt after big takedowns in 2019, according to a new report by Europol. The lifecycles of individual marketplaces have shortened, and “no clear dominant market has risen over the past year,” according to European police agency’s annual Internet Organised Crime Threat Assessment for 2020. The marketplaces still represent a “growing threat,” though, as a source for crime-oriented malicious software, drugs and other goods, the report says. After the 2019 takedown of Deep Dot Web — a site that helped users navigate online markets for illegal drugs — dark web users began setting up other information hubs, including dark.fail and darknetlive.com, Europol says. Dread, a forum that has been around for about three years, also continues to operate. While criminals try to keep dark web markets as user-friendly as possible, they also […]

The post Dark web markets continue to evolve after big takedowns, Europol says appeared first on CyberScoop.

Continue reading Dark web markets continue to evolve after big takedowns, Europol says→

US arrests suspected hackers accused of video game piracy

Posted on October 5, 2020 by Joe Warminsky

The alleged leaders of an international video game piracy group apparently didn’t do enough to protect their scheme from the prying eyes of the feds. The Department of Justice says two men have been arrested on felony charges of helping run Team Xecuter, which sold modification kits and other tools that allowed users of the Nintendo Switch and other gaming devices to play pirated versions of games. The federal indictment charges Canadian national Gary Bowser, French national Max Louarn and Chinese national Yuanning Chen with 11 counts of wire fraud, conspiracy to commit wire fraud and money laundering in connection with Team Xecuter. The indictment does not link the three men to any other hacking groups. In many ways, though, the Justice Department’s approach to charging them mirrors other recent efforts to accuse and apprehend foreigners in cybercrime cases involving financial fraud or cyber-espionage. Team Xecuter, which claims to have been […]

The post US arrests suspected hackers accused of video game piracy appeared first on CyberScoop.

Continue reading US arrests suspected hackers accused of video game piracy→

Emotet hackers are using Democratic Party content in email scam

Posted on October 2, 2020 by Joe Warminsky

A global spike in the spread of Emotet malware now includes phishing messages geared toward potential Democratic Party volunteers at hundreds of U.S. organizations, according to security researchers. Attackers behind the Emotet hacking tool have referred to current events in their email lures before, but “historically they have not directly leveraged political themes in their messaging,” reports email security company Proofpoint. The body of this particular email is taken directly from a page on the Democratic National Committee’s website, the researchers say, and attached is a malicious Word document titled “Team Blue Take Action.” The thousands of emails sent to U.S. targets came in the same week that interest spiked in the U.S. presidential campaign as President Donald Trump and Democratic challenger Joe Biden met in their first debate. (Trump’s announcement early Friday of a positive coronavirus test probably will not dampen Democrats’ interest in the race.) Proofpoint stresses that despite the political content of […]

The post Emotet hackers are using Democratic Party content in email scam appeared first on CyberScoop.

Continue reading Emotet hackers are using Democratic Party content in email scam→