https://cybersecuritynews.com/bbtok-banking-malware/
My article is about the new BBTok Banking Malware that generates victim-specific payloads. The malware is used to steal login information and banking details. It was found that the people who are using BBTok shifted their delivery process from email attachments to phishing links for their initial infections. It simulates interfaces for 40+ banks and then scans the victim’s browser tabs for any information that is being shared. It can not only simulate the interfaces that match the victim’s screens but bank forms as well. BBTok can also seek related Bitcoin data on the victim’s infected machine and begins by clicking a malicious link that triggers a payload download. An active BBTok banker campaign was found in Latin America that is targeting people in Brazil and Mexico. The banking malware is coded in Delphi and uses VCL for its fake interfaces as well as its bank forms. BBTok users are active in Mexico and Brazil but they remain elusive with their creative techniques by using different delivery methods such as LNK files, SMB, and MSBuild.
The Cybersecurity and Infrastructure Security Agency (CISA), the National Football League (NFL), Allegiant Stadium and Super Bowl LVIII partners held a tabletop exercise this week to explore, assess and enhance cybersecurity response capabilities, plans and procedures ahead of Super Bowl planned to hold on Sun, Feb 11, 2024.
A tabletop exercise is a practical, simulation scenario-based activity as part of an incident response plan and provides hands-on training for participants that can then highlight flaws in incident response planning. This forms both security training and awareness for members of the security team and all members of an organisation of activity.
During the exercise, participants discussed a hypothetical scenario that included phishing, ransomware, a data breach, and a potential insider threat — all with cascading impacts on physical systems.
This will mark the 10th anniversary of the tabletop exercise done as a partnership between CISA, NFL, and the Superbowl.
Every Network Is Now an OT Network. Can Your Security Keep Up?
https://www.securityweek.com/every-network-is-now-an-ot-network-can-your-security-keep-up/
Every network today is now an OT network. Or it will be soon. Of course, part of this transformation is due to the ongoing convergence of OT and IT networks. As many of us have experienced, previously isolated OT networks, like manufacturing, processing, distribution, and inventory management, have now been woven into our larger IT networks.
This integration enables better controls, more responsiveness, broad interconnectivity for better communication, and seamless resource expansion, distribution, and redistribution. It also introduces new security risks.
Regards the article ,the statement “Every Network Is Now an OT Network” highlights the growing convergence of Information Technology (IT) and Operational Technology (OT) in today’s interconnected world. While this convergence can bring numerous benefits in terms of efficiency, automation, and data analysis, it also introduces significant cybersecurity challenges that organizations must address.
T-Mobile users reported that after logging into the company’s official mobile app, they could see other users’ account and billing details. Exposed data included names, phone numbers, addresses, account balances, and certain credit card details. Some customers even saw multiple users’ sensitive information while logged into their own accounts. Some customers claimed they had been noticing this problem for the past two weeks. One user mentioned reporting the issue to T-Mobile’s security team with no response, while another expressed previous issues with T-Mobile. The company clarified that the incident was not the result of a cyberattack or system breach.
T-Mobile acknowledged the issue but said it affected less than 100 individuals.
The glitch was attributed to a “temporary system glitch” due to an overnight technology update. The issue was resolved quickly. T-Mobile has experienced two data breaches since the start of 2023. The first incident was when attackers hacked the carrier’s systems, exposing hundreds of customers’ personal data. The second incident, in January, involved the compromise of sensitive data of 37 million customers via an API. Since 2018, T-Mobile has faced seven other data breaches affecting various areas of their systems and diverse customer groups.
https://www.infosecurity-magazine.com/news/web3-platform-mixin-200m-dollars/
Mixin Network, a Hong Kong-based decentralized finance (DeFi) project, has suffered a serious hack that resulted in the loss of approximately $200 million in cryptocurrency assets.
The attack took place in the early hours of September 23, 2023, when the database of Mixin Network’s cloud service provider was compromised by attackers, resulting in the transfer of some assets on the mainnet.
Mixin Network suspended deposit and withdrawal services and contacted Google and blockchain security firm Slow Mist to investigate and fix it.
Feng Xiaodong, founder of Mixin Network, made a public live broadcast in Mandarin in Hong Kong, explaining to platform users how to deal with the lost assets, and said a summary would be released in English shortly.
According to DeFi Llama, a DeFi dashboard, Mixin Network lost about $300,000 in total lock-up value (TVL), a measure of the total value of digital assets locked or pledged on the platform.
Mixin Network is a protocol that provides support for cross-chain transactions, allowing users to easily send and receive assets between different blockchains without having to worry about exchange rates or fees. They are used by approximately 10,000 decentralized applications (DApps) worldwide.
The hack is the fifth largest cyberattack targeting cryptocurrency assets outside of crypto exchanges, with the top four occurring in the past two years and involving platforms such as Ronin Network, Poly Network, BNB Bridge, and Wormhole.
Ransomed.vc, a relatively new ransomware group, has reportedly conducted a potentially devastating ransomware attack on Sony, a global entertainment giant. Despite operating for only a short time, the group claims to have compromised Sony’s systems and intends to sell the stolen data since Sony refused to pay a ransom. The group has posted some proof-of-hack data, including screenshots, internal files, and a file tree with around 6,000 files. It can be noted, however, that it’s not overly compelling proof-of-hack data and a relatively small amount of it. In any case, the data is being offered for sale with contact details provided. The group has set a “post date” of September 28, 2023, for publishing the data if no one purchases it. Sony has not officially confirmed the cyber incident at the time of this writing.
Ransomed.vc operates both as a ransomware operator and a ransomware-as-a-service organization, seeking affiliates. Interestingly, the group claims to be a “secure solution for addressing data security vulnerabilities” and states compliance with GDPR and Data Privacy Laws, promising to report violations in cases where payment is not received.
https://www.securityweek.com/900-us-schools-impacted-by-moveit-hack-at-national-student-clearinghouse/
The National Student Clearinghouse has disclosed that nearly 900 educational institutions have been affected by the MOVEit hack, which occurred due to a vulnerability in MOVEit file transfer software. This cybersecurity breach impacted over 2,053 organizations and more than 57 million individuals. Among the compromised data are personal details like names, birthdates, contact information, social security numbers, student IDs, and school records. Several other large organizations, including the US Department of Energy, Siemens Energy, and Shell, were also affected, potentially exposing the personal information of millions of individuals.
Reading about the missing laptop case, it appears that if someone has a piece of their work left at home, they will be less careful with cybersecurity protocols. However, a study that was done through this article says otherwise. The study found that on average, remote workers were more mindful of cybersecurity threats and were better at recognizing cybersecurity practices and protection measures when compared to those who work in the office. The article states that when a person works in the office, they expect their organization to deal with potential threats, which in turn has made in office workers complacent with safety. Whereas with a remote employee, because they aren’t in the office, they are more mindful of risks they may potentially come across.
In 2017, Merck & Co. was severely impacted by the Not Petya ransomware, which targeted unpatched Microsoft systems. The attack encrypted user data, demanding a deceptive ransom. Merck, the sole pharmaceutical firm to admit the breach, faced disruptions in manufacturing, R&D, and other operations, costing them an estimated $915 million. The production of their top-selling product, Gardasil, was also affected. Investigations traced the attack back to the Russian military, initially aimed at Ukraine. Merck has since bolstered its cybersecurity measures to prevent future attacks.
https://cybersecuritynews.com/bbtok-banking-malware/
My article is about the new BBTok Banking Malware that generates victim-specific payloads. The malware is used to steal login information and banking details. It was found that the people who are using BBTok shifted their delivery process from email attachments to phishing links for their initial infections. It simulates interfaces for 40+ banks and then scans the victim’s browser tabs for any information that is being shared. It can not only simulate the interfaces that match the victim’s screens but bank forms as well. BBTok can also seek related Bitcoin data on the victim’s infected machine and begins by clicking a malicious link that triggers a payload download. An active BBTok banker campaign was found in Latin America that is targeting people in Brazil and Mexico. The banking malware is coded in Delphi and uses VCL for its fake interfaces as well as its bank forms. BBTok users are active in Mexico and Brazil but they remain elusive with their creative techniques by using different delivery methods such as LNK files, SMB, and MSBuild.
CISA holds cybersecurity exercise in preparation for Super Bowl LVIII
https://www.securitymagazine.com/articles/99929-cisa-holds-cybersecurity-exercise-in-preparation-for-super-bowl-lviii
The Cybersecurity and Infrastructure Security Agency (CISA), the National Football League (NFL), Allegiant Stadium and Super Bowl LVIII partners held a tabletop exercise this week to explore, assess and enhance cybersecurity response capabilities, plans and procedures ahead of Super Bowl planned to hold on Sun, Feb 11, 2024.
A tabletop exercise is a practical, simulation scenario-based activity as part of an incident response plan and provides hands-on training for participants that can then highlight flaws in incident response planning. This forms both security training and awareness for members of the security team and all members of an organisation of activity.
During the exercise, participants discussed a hypothetical scenario that included phishing, ransomware, a data breach, and a potential insider threat — all with cascading impacts on physical systems.
This will mark the 10th anniversary of the tabletop exercise done as a partnership between CISA, NFL, and the Superbowl.
Every Network Is Now an OT Network. Can Your Security Keep Up?
https://www.securityweek.com/every-network-is-now-an-ot-network-can-your-security-keep-up/
Every network today is now an OT network. Or it will be soon. Of course, part of this transformation is due to the ongoing convergence of OT and IT networks. As many of us have experienced, previously isolated OT networks, like manufacturing, processing, distribution, and inventory management, have now been woven into our larger IT networks.
This integration enables better controls, more responsiveness, broad interconnectivity for better communication, and seamless resource expansion, distribution, and redistribution. It also introduces new security risks.
Regards the article ,the statement “Every Network Is Now an OT Network” highlights the growing convergence of Information Technology (IT) and Operational Technology (OT) in today’s interconnected world. While this convergence can bring numerous benefits in terms of efficiency, automation, and data analysis, it also introduces significant cybersecurity challenges that organizations must address.
T-Mobile App Glitch Exposes User Data
T-Mobile users reported that after logging into the company’s official mobile app, they could see other users’ account and billing details. Exposed data included names, phone numbers, addresses, account balances, and certain credit card details. Some customers even saw multiple users’ sensitive information while logged into their own accounts. Some customers claimed they had been noticing this problem for the past two weeks. One user mentioned reporting the issue to T-Mobile’s security team with no response, while another expressed previous issues with T-Mobile. The company clarified that the incident was not the result of a cyberattack or system breach.
T-Mobile acknowledged the issue but said it affected less than 100 individuals.
The glitch was attributed to a “temporary system glitch” due to an overnight technology update. The issue was resolved quickly. T-Mobile has experienced two data breaches since the start of 2023. The first incident was when attackers hacked the carrier’s systems, exposing hundreds of customers’ personal data. The second incident, in January, involved the compromise of sensitive data of 37 million customers via an API. Since 2018, T-Mobile has faced seven other data breaches affecting various areas of their systems and diverse customer groups.
https://www.bleepingcomputer.com/news/security/t-mobile-app-glitch-let-users-see-other-peoples-account-info/
https://www.infosecurity-magazine.com/news/web3-platform-mixin-200m-dollars/
Mixin Network, a Hong Kong-based decentralized finance (DeFi) project, has suffered a serious hack that resulted in the loss of approximately $200 million in cryptocurrency assets.
The attack took place in the early hours of September 23, 2023, when the database of Mixin Network’s cloud service provider was compromised by attackers, resulting in the transfer of some assets on the mainnet.
Mixin Network suspended deposit and withdrawal services and contacted Google and blockchain security firm Slow Mist to investigate and fix it.
Feng Xiaodong, founder of Mixin Network, made a public live broadcast in Mandarin in Hong Kong, explaining to platform users how to deal with the lost assets, and said a summary would be released in English shortly.
According to DeFi Llama, a DeFi dashboard, Mixin Network lost about $300,000 in total lock-up value (TVL), a measure of the total value of digital assets locked or pledged on the platform.
Mixin Network is a protocol that provides support for cross-chain transactions, allowing users to easily send and receive assets between different blockchains without having to worry about exchange rates or fees. They are used by approximately 10,000 decentralized applications (DApps) worldwide.
The hack is the fifth largest cyberattack targeting cryptocurrency assets outside of crypto exchanges, with the top four occurring in the past two years and involving platforms such as Ronin Network, Poly Network, BNB Bridge, and Wormhole.
Ransomed.vc group claims hack on ‘all of Sony systems’, URL: https://www.cybersecurityconnect.com.au/commercial/9600-ransomed-vc-group-claims-hack-on-all-of-sony-systems
Ransomed.vc, a relatively new ransomware group, has reportedly conducted a potentially devastating ransomware attack on Sony, a global entertainment giant. Despite operating for only a short time, the group claims to have compromised Sony’s systems and intends to sell the stolen data since Sony refused to pay a ransom. The group has posted some proof-of-hack data, including screenshots, internal files, and a file tree with around 6,000 files. It can be noted, however, that it’s not overly compelling proof-of-hack data and a relatively small amount of it. In any case, the data is being offered for sale with contact details provided. The group has set a “post date” of September 28, 2023, for publishing the data if no one purchases it. Sony has not officially confirmed the cyber incident at the time of this writing.
Ransomed.vc operates both as a ransomware operator and a ransomware-as-a-service organization, seeking affiliates. Interestingly, the group claims to be a “secure solution for addressing data security vulnerabilities” and states compliance with GDPR and Data Privacy Laws, promising to report violations in cases where payment is not received.
https://www.securityweek.com/900-us-schools-impacted-by-moveit-hack-at-national-student-clearinghouse/
The National Student Clearinghouse has disclosed that nearly 900 educational institutions have been affected by the MOVEit hack, which occurred due to a vulnerability in MOVEit file transfer software. This cybersecurity breach impacted over 2,053 organizations and more than 57 million individuals. Among the compromised data are personal details like names, birthdates, contact information, social security numbers, student IDs, and school records. Several other large organizations, including the US Department of Energy, Siemens Energy, and Shell, were also affected, potentially exposing the personal information of millions of individuals.
https://theconversation.com/remote-workers-are-more-aware-of-cybersecurity-risks-than-in-office-employees-new-study-207801
Reading about the missing laptop case, it appears that if someone has a piece of their work left at home, they will be less careful with cybersecurity protocols. However, a study that was done through this article says otherwise. The study found that on average, remote workers were more mindful of cybersecurity threats and were better at recognizing cybersecurity practices and protection measures when compared to those who work in the office. The article states that when a person works in the office, they expect their organization to deal with potential threats, which in turn has made in office workers complacent with safety. Whereas with a remote employee, because they aren’t in the office, they are more mindful of risks they may potentially come across.
Not Petya Cyberattack on Merck & Co.
https://www.fiercepharma.com/manufacturing/merck-has-hardened-its-defenses-against-cyber-attacks-like-one-last-year-cost-it
In 2017, Merck & Co. was severely impacted by the Not Petya ransomware, which targeted unpatched Microsoft systems. The attack encrypted user data, demanding a deceptive ransom. Merck, the sole pharmaceutical firm to admit the breach, faced disruptions in manufacturing, R&D, and other operations, costing them an estimated $915 million. The production of their top-selling product, Gardasil, was also affected. Investigations traced the attack back to the Russian military, initially aimed at Ukraine. Merck has since bolstered its cybersecurity measures to prevent future attacks.