Cybersecurity researchers have discovered a large-scale ongoing fraud scheme that lures unsuspecting Russian Internet users with promises of financial rewards to steal their payment card information.

According to researchers at Group-IB, the multi-stage phishing attack exploited the credibility of Russian Internet portal Rambler to trick users into participating in a fictitious “Like of the Year 2020” contest.

The development is a reminder that rewards-based social engineering campaigns continue to be an effective means to scam users, not to mention the leveraging the collected data to their financial advantage.

Under the “Like of the Year” scheme, users were invited to win a large cash prize, telling them they’ve been randomly selected after liking a post on social media platforms such as VKontakte.

The invites were sent via an email blast by hacking the mail servers of a fiscal data operator, which refers to a legal entity created to aggregate, store and process fiscal data to serve the Federal Tax Service of Russia.

images from Hacker News

Adobe today released out-of-band software updates for After Effects and Media Encoder applications that patch a total of two new critical vulnerabilities.

Both critical vulnerabilities exist due to out-of-bounds write memory corruption issues and can be exploited to execute arbitrary code on targeted systems by tricking victims into opening a specially crafted file using the affected software.

The bug (CVE-2020-3765) in Adobe After Effects, an application for creating motion graphics and special effects used in the video, was discovered by security researcher Matt Powell and reported to Adobe via Trend Micro Zero Day Initiative project.

Whereas, the second issue (CVE-2020-3764) affecting Adobe Media Encoder, software for encoding and compressing audio or video files, was discovered by Canadian security researcher Francis Provencher.

None of the security vulnerabilities fixed in this batch of Adobe updates were publicly disclosed or found being exploited in the wild, as the company found no such evidence.

However, Windows and macOS users are still highly recommended to download and install the latest versions of the affected software to safeguard their systems before hackers start to exploit them.

In case you missed it, Adobe last week on Patch Tuesday released patches for a total of 42 newly discovered vulnerabilities, 35 of which are critical in severity, affecting Adobe Framemaker, Acrobat and Reader, Flash Player, Digital Edition and Adobe Experience Manager applications.

images from Hacker News

Smart doorbells and cameras bring a great sense of security to your home, especially when you’re away, but even a thought that someone could be spying on you through the same surveillance system would shiver up your spine.

Following several recent reports of hackers gaining access to people’s internet-connected Ring doorbell and security cameras, Amazon yesterday announced to make two-factor authentication security feature mandatory for all Ring users.

Until now, enabling the two-factor authentication in Ring devices was optional, which definitely would have prevented most Ring hacks, but of course, many never bothered to enable it.

That means, from now onwards, at the time of login after entering the account’s username and password, every user needs to input a secret six-digit authentication code sent to them via their phone or email.

Two-factor authentication is an effective defense because it acts as a deterrent, preventing unauthorized users from gaining access to your account even when they have your username and password.

“The same goes for any Shared Users that you have on your account. You can choose to receive this one-time passcode via the email address you have listed on your Ring account or on your phone as a text message (SMS),” Ring said in a blog post.

Well, better late than never. Ring’s announcement comes a week after Google announced it will require two-factor authentication for all Nest accounts that aren’t connected to a Google account.

images from Hacker News

The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) earlier today issued a warning to all industries operating critical infrastructures about a new ransomware threat that if left unaddressed could have severe consequences.

The advisory comes in response to a cyberattack targeting an unnamed natural gas compression facility that employed spear-phishing to deliver ransomware to the company’s internal network, encrypting critical data and knocking servers out of operation for almost two days.

“A cyber threat actor used a spear-phishing link to obtain initial access to the organization’s information technology network before pivoting to its operational technology network. The threat actor then deployed commodity ransomware to encrypt data for impact on both networks,” CISA noted in its alert.

As ransomware attacks continue to escalate in frequency and scale, the new development is yet another indication that phishing attacks continue to be an effective means to bypass security barriers and that hackers don’t always need to exploit security vulnerabilities to breach organizations.

CISA highlighted that the attack did not impact any programmable logic controllers (PLCs) and that the victim did not lose control of its operations. But in the aftermath of the incident, the company is reported to have initiated a deliberate operational shutdown, resulting in a loss of productivity and revenue.

Noting that the impact was limited to Windows-based systems and assets located in a single geographic locality, it said the company was able to recover from the attack by getting hold of replacement equipment and loading last-known-good configurations.

Although the notification is lean on the specifics of the attack, this is not the first time phishing links have been employed to deliver ransomware. Lake City’s I.T. network was crippled last June after an employee inadvertently opened a suspicious email that downloaded the Emotet Trojan, which in turn downloaded TrickBot Trojan and Ryuk ransomware.

images from Hacker News

A new report published by cybersecurity researchers has unveiled evidence of Iranian state-sponsored hackers targeting dozens of companies and organisations in Israel and around the world over the past three years.

Dubbed “Fox Kitten,” the cyber-espionage campaign is said to have been directed at companies from the IT, telecommunication, oil and gas, aviation, government, and security sectors.

“We estimate the campaign revealed in this report to be among Iran’s most continuous and comprehensive campaigns revealed until now,” ClearSky researchers said.

“The revealed campaign was used as a reconnaissance infrastructure; however, it can also be used as a platform for spreading and activating destructive malware such as ZeroCleare and Dustman.”

Tying the activities to threat groups APT33, APT34, and APT39, the offensive — conducted using a mix of open source and self-developed tools — also facilitated the groups to steal sensitive information and employ supply-chain attacks to target additional organisations, the researchers said.

images from Hacker News