Another Hacker Arrested for 2020 Twitter Hack and Massive Bitcoin Scam
A U.K. citizen has been arrested in the Spanish town of Estepona over his alleged involvement in the July 2020 hack of Twitter, resulting in the compromise of 130 high-profile accounts.
Joseph O’Connor, 22, has been charged with intentionally accessing a computer without authorization and obtaining information from a protected computer, as well as for making extortive communications.
Stack Overflow Teams
Besides his role in the Twitter hack, O’Connor is also charged with computer intrusions related to takeovers of TikTok and Snapchat user accounts and cyberstalking an unnamed juvenile victim.The great Twitter hack of July 15, 2020, emerged as one of the biggest security lapses in the social media platform’s history after O’Connor, along with Mason Sheppard, Nima Fazeli, and Graham Ivan Clark, managed to gain access to Twitter’s internal tools, abusing it to breach the accounts of politicians, celebrities and companies for promoting a cryptocurrency scam.
Graham Ivan Clark
The verified account scam raked in more than $100,000 in bitcoin.
In an interview with the New York Times last July, O’Connor, who identified himself as «PlugWalkJoe», said the Twitter credentials were obtained after finding a way into the company’s internal Slack messaging channel, where they had been posted.
«I don’t care,» O’Connor told The Times. «They can come arrest me. I would laugh at them. I haven’t done anything».
News of the arrest comes four months after Clark landed a three-year prison sentence after he pled guilty to fraud charges related to the incident.
Source — https://thehackernews.com/2021/07/another-hacker-arrested-for-2020.html
Oracle Warns of Critical Remotely Exploitable Weblogic Server Flaws
Oracle on Tuesday released its quarterly Critical Patch Update for July 2021 with 342 fixes spanning across multiple products, some of which could be exploited by a remote attacker to take control of an affected system.
Chief among them is CVE-2019–2729, a critical deserialization vulnerability via XMLDecoder in Oracle WebLogic Server Web Services that’s remotely exploitable without authentication.
Stack Overflow Teams
Oracle WebLogic Server is an application server that functions as a platform for developing, deploying, and running enterprise Java-based applications.
The flaw, which is rated 9.8 out of a maximum of 10 on the CVSS severity scale, affects WebLogic Server versions 11.1.2.4 and 11.2.5.0 and exists within the Oracle Hyperion Infrastructure Technology.
Also fixed in WebLogic Server are six other flaws, three of which have been assigned a CVSS score of 9.8 out of 10 — This is far from the first time critical issues have been discovered in WebLogic Server. Earlier this year, Oracle shipped the April 2021 patch with fixes for two bugs , among others that could be abused to execute arbitrary code.
Source — https://thehackernews.com/2021/07/oracle-warns-of-critical-remotely.html
Reduce End-User Password Change Frustrations
Organizations today must give attention to their cybersecurity posture, including policies, procedures, and technical solutions for cybersecurity challenges.
Most organizations today have a password policy in place.
While password policies are significantly crucial to the overall cybersecurity posture of your organization, they can certainly lead to an increased burden on the IT service desk.
Out of all the issues that service desk agents triage, the end-user password change can be among the most time-consuming and costly to the business.
Businesses cannot simply ignore security best practices simply for the convenience of end-users, no matter the seniority of the user calling the service desk.
The Specops Authentication Client tool works with the above-configured setting to allow Specops to display the password policy rules when a user fails to meet the policy criteria when changing their password.
Final Thoughts
Password security and policies are required to maintain an effective cybersecurity posture for organizations today.
Source — https://thehackernews.com/2021/07/reduce-end-user-password-change.html
APT Hackers Distributed Android Trojan via Syrian e-Government Portal
An advanced persistent threat actor has been tracked in a new campaign deploying Android malware via the Syrian e-Government Web Portal, indicating an upgraded arsenal designed to compromise victims.
«To the best of our knowledge, this is the first time that the group has been publicly observed using malicious Android applications as part of its attacks,» Trend Micro researchers Zhengyu Dong, Fyodor Yarochkin, and Steven Du said in a technical write-up published Wednesday.
Stack Overflow Teams
«Promethium has been resilient over the years,» Cisco Talos disclosed last year. «Its campaigns have been exposed several times, but that was not enough to make the actors behind it to make them stop. The fact that the group does not refrain from launching new campaigns even after being exposed shows their resolve to accomplish their mission».
Android Spyware
Additionally, the malicious app is designed to perform long-running tasks in the background and trigger a request to a remote command-and-control server, which responds back with an encrypted payload containing a settings file that allows the «malware to change its behavior according to the configuration» and update its C2 server address.
Prevent Data Breaches
Despite no known public reports of StrongPity using malicious Android applications in their attacks, Trend Micro’s attribution to the adversary stems from the use of a C2 server that has previously been used in intrusions linked to the hacking group, notably a malware campaign documented by AT&T’s Alien Labs in July 2019 that leveraged tainted versions of the WinBox router management software, WinRAR, and other trusted utilities to breach targets.
Source — https://thehackernews.com/2021/07/apt-hackers-distributed-android-trojan.html
Stay Focused. Stay Vigilant.
Cyber Threat Incident Management Team — Cyber Security Community @ SLIIT