Author Archives: Patrick Howell O'Neill

Twitter API bug leaked private data to other accounts

Posted on by

A bug in Twitter’s account activity API inadvertently leaked sensitive data to other developers, including direct messages and protected tweets, Twitter announced on Friday. “If you interacted with an account or business on Twitter that relied on a developer using the AAAPI to provide their services, the bug may have caused some of these interactions to be unintentionally sent to another registered developer,” the company said in a statement. The bug, which ran from May 2017 until September 10, 2018, required a “complex series of technical circumstances to occur” and impacted less than one percent of Twitter users. Twitter counts over 335 million active users as of July. Affected users are being directly contacted by Twitter. Those users have taken to the platform to complain about the bug. I just got this from Twitter, so I asked:”I received notice that Twitter employees had access to some of my DMs. Which […]

The post Twitter API bug leaked private data to other accounts appeared first on Cyberscoop.

Continue reading Twitter API bug leaked private data to other accounts

Operator of ‘VirusTotal for criminals’ gets 14-year prison sentence

Posted on by

A Latvian hacker convicted of crimes relating to running the for-profit malware scanning site “Scan4You” was sentenced to 14 years in prison on Friday. Ruslan Bondars, 37, was convicted earlier this year on three charges, including violation of the Computer Fraud and Abuse Act, conspiracy to commit wire fraud and computer intrusion with intent to cause damage. The court found a loss amount of $20.5 billion. “Ruslan Bondars helped malware developers attack American businesses,” said Assistant Attorney General Brian Benczkowski. “The Department of Justice and its law enforcement partners make no distinction between service providers like Scan4You and the hackers they assist: we will hold them accountable for all of the significant harm they cause and work tirelessly to bring them to justice, wherever they may be located.” Operated from 2009 to 2016, Scan4You is similar to VirusTotal — a long-running repository favored by the cybersecurity industry — but was intentionally […]

The post Operator of ‘VirusTotal for criminals’ gets 14-year prison sentence appeared first on Cyberscoop.

Continue reading Operator of ‘VirusTotal for criminals’ gets 14-year prison sentence

Chinese-speaking cybercrime group launches destructive malware family

Posted on by

A prolific cybercrime group known as Iron Group is actively developing a new family of destructive malware that pretends to ask for ransom, but in fact steals and deletes victims’ data as it self-propagates itself on a quest for the next target. Iron, also known as Rocke, is a Chinese-speaking hacking group that has grown in notoriety this year for its use of cryptojacking malware that leverages a backdoor from HackingTeam’s leaked code. Researchers from numerous cybersecurity firms have pointed to Iron as a threat that has to be followed because they’re continuously updating and adding new featuring to malware that’s regularly exploring new attack vectors. Palo Alto Networks researchers announced a new finding on Monday: Iron developed a new malware family, Xbash, that self-propagates and appears to destroy a victim’s data. Ransomware and cryptojacking, Iron’s previous methods of attack, are much more obvious ways to regular profits. It’s not […]

The post Chinese-speaking cybercrime group launches destructive malware family appeared first on Cyberscoop.

Continue reading Chinese-speaking cybercrime group launches destructive malware family

Zero day in popular video surveillance technology goes public, unpatched

Posted on by

Sharp-eyed researchers have spotted a critical vulnerability in numerous surveillance devices from the video management company NUUO. We’ve seen this before: In 2016, multiple critical vulnerabilities in NUUO devices were publicized in an excruciatingly public way. The latest — a buffer overflow issue — was spotted by researchers at the U.S. cybersecurity firm Tenable, which has named the bug Peekaboo. The bug allows remote code execution on video surveillance systems. That means a hacker could watch or tamper with surveillance feeds. Tenable publicly detailed the bug on its blog after having privately notified NUUO more than 90 days ago. The Maryland-based cybersecurity company’s vulnerability disclosure policy states that after 90 days, researchers will go public. NUUO, which is based in Taiwan and has offices worldwide, says a patch is in development. NUUO’s products can be found in government buildings as well as in industries including banking, retail and transportation. The company’s software works with cameras from over 100 different […]

The post Zero day in popular video surveillance technology goes public, unpatched appeared first on Cyberscoop.

Continue reading Zero day in popular video surveillance technology goes public, unpatched

Cryptojacking campaign targets add-ons for popular streaming app Kodi

Posted on by

The criminal act of secretly stealing a target’s computing power to mine cryptocurrency isn’t quite as en vogue today as it was a year ago — due in part to cryptocurrency’s conspicuous downward turn in price, the practice isn’t wildly profitable — but the illegal practice carries on. Researchers at Slovakian cybersecurity firm ESET discovered that add-ons for the popular open source media player Kodi were part of a cryptojacking campaign extending back to at least December 2017. The malware was also added to the popular Bubbles and Gaia add-on repositories. As users updated their repositories, the malware continued to spread across the ecosystem. “It is the second publicly known case of malware being distributed at scale via Kodi add-ons, and the first publicly known cryptomining campaign launched via the Kodi platform,” researcher Kaspars Osis wrote. The Kodi platform also people to connect to different repositories, which offer app-like “add-ons” where […]

The post Cryptojacking campaign targets add-ons for popular streaming app Kodi appeared first on Cyberscoop.

Continue reading Cryptojacking campaign targets add-ons for popular streaming app Kodi

Well-known Middle Eastern hacking group keeps updating its arsenal

Posted on by

A highly-active hacking group known for targeting Middle Eastern governments is updating its tools. OilRig, a hacking group that has been linked by researchers to Iran, has been observed using an updated version of the BONDUPDATER malware to target a Middle Eastern government in spearphishing attacks, according to new research from the U.S. cybersecurity firm Palo Alto Networks. Researchers offered up a spearphishing message sent to an official from an unspecified government. The email came with a malicious document containing a new version of the BONDUPDATER Trojan. The new version opens up new options for the malware to communicate with command-and-control servers and thereby new ways for the hackers to carry out attacks against targets. In particular, this update “tunnels” through the Domain Name System (DNS) so that the malware and hacker can communicate through TXT records normally used by the DNS system so that computers can more easily find one another over the internet. “This […]

The post Well-known Middle Eastern hacking group keeps updating its arsenal appeared first on Cyberscoop.

Continue reading Well-known Middle Eastern hacking group keeps updating its arsenal

Latvian hacker sentenced to 33 months in prison for scareware scheme

Posted on by

A Latvian hacker was sentenced to 33 months in prison on Wednesday after earning over $150,000 in a “scareware” scheme that infected computers after visiting the Minneapolis Star Tribune’s website in 2010. Peteris Sahurovs, 29, received the sentence for conspiracy to commit wire fraud. He will be deported to Latvia following the sentence. At one time, Sahurovs was among the FBI’s most wanted criminals.  From 2009 to 2011, he operated a “bullet-proof” web hosting service in Latvia. The hacker sold server space to criminals who needed a host willing to ignore illegal activity on their servers. “The defendant admitted that he knew his customers were using his servers to perpetrate criminal schemes, including the transmission of malware, fake anti-virus software, spam, and botnets to unwitting victims, and he received notices from Internet governance entities (such as Spamhaus) that his servers were hosting malicious activity,” according to a Department of Justice […]

The post Latvian hacker sentenced to 33 months in prison for scareware scheme appeared first on Cyberscoop.

Continue reading Latvian hacker sentenced to 33 months in prison for scareware scheme

Russian hacker pleads guilty for role in massive botnet schemes

Posted on by

The Russian national Peter Levashov pleaded guilty in a U.S. court to controlling one of the world’s largest-ever botnets, known as Kelihos. First indicted more than a decade ago under different cybercrime allegations, Levashov was known as the “Spam King” before his arrest in Spain in 2017. Levashov’s detainment punctuated the expanding American interest in arresting indicted Russian cybercriminals when they leave their home country — which notably does not extradite its own citizens. The battle to extradite Levashov mirrored others that have taken place around the world in the last several years between Moscow and Washington, D.C. “For over two decades, Peter Levashov operated botnets which enabled him to harvest personal information from infected computers, disseminate spam, and distribute malware used to facilitate multiple scams,” Assistant Attorney General Brian Benczkowski said in a statement Wednesday. “We are grateful to Spanish authorities for his previous arrest and extradition.” Levashov’s network operated since 2010 and […]

The post Russian hacker pleads guilty for role in massive botnet schemes appeared first on Cyberscoop.

Continue reading Russian hacker pleads guilty for role in massive botnet schemes

Executive order creates system for ‘automatic’ sanctions on foreigners interfering with U.S. elections

Posted on by

President Donald Trump has signed an executive order authorizing sanctions against foreign individual, entity or country attempting to interfere in U.S. elections, the White House announced Wednesday. The order is not public yet, so the exact details remain unknown. The text was outlined by the White House in a phone call with reporters on Wednesday morning. Some sanctions would be “automatic” in cases where federal investigators identify meddling, White House officials said. “It’s a further effort among several that the administration has made,” national security adviser John Bolton said. “It includes not just interference against election or campaign infrastructure, but it also covers the distribution of propaganda and disinformation.” The executive order requires the Office of the Director of National Intelligence (ODNI) to make regular assessments about potential foreign interference in the election. It also asks for reports by the Department of Justice and the Department of Homeland Security in cases interference with election […]

The post Executive order creates system for ‘automatic’ sanctions on foreigners interfering with U.S. elections appeared first on Cyberscoop.

Continue reading Executive order creates system for ‘automatic’ sanctions on foreigners interfering with U.S. elections

U.S. extradites Russian accused in hack of JPMorgan Chase

Posted on by

The U.S. has announced the extradition of accused Russian hacker Andrei Tyurin from the nation of Georgia for his alleged role in a hacking campaign against American financial institutions, according to the Department of Justice. “Tyurin’s alleged hacking activities were so prolific, they lay claim to the largest theft of U.S. customer data from a single financial institution in history, accounting for a staggering 80 million-plus victims,” Manhattan U.S. Attorney Geoffrey S. Berman said Friday. “As Americans increasingly turn to online banking, theft of online personal information can cause devastating effects on their financial wellbeing, sometimes taking years to recover.” The indictment against Tyurin does not mention the hacking targets by name, but details — the number of victims, the time of the breach, the co-conspirators, the location of the victim, etc — line up with those related to the 2014 hack of JPMorgan Chase, which led to the theft of names […]

The post U.S. extradites Russian accused in hack of JPMorgan Chase appeared first on Cyberscoop.

Continue reading U.S. extradites Russian accused in hack of JPMorgan Chase