Cyber Security News — Past 24 hours | 29.04.2021
FBI shares with HIBP 4 million email addresses involved in Emotet attacks
The FBI has shared with Have I Been Pwned service 4 million email addresses collected by Emotet botnet and employed in malware campaigns.
Last week, European law enforcement has conducted an operation aimed at performing a mass-sanitization of computers infected with the infamous Emotet Windows malware. The authorities automatically wiped the infamous Emotet malware from infected systems across the world as part of a mass sanitization operation.
Early this year, law enforcement and judicial authorities worldwide conducted a joint operation, named Operation Ladybird, which disrupted the EMOTET botnet.
39% of the email addresses provided by law enforcement had already been indexed by the services because they were part of other data breaches.
Subscribers to the HIBP service were already informed if their email addresses were involved in Emotet campaigns.
“I’ve flagged this incident as sensitive in HIBP which means it’s not publicly searchable, rather individuals will either need to verify control of the address via the notification service or perform a domain search to see if they’re impacted. I’ve taken this approach to avoid anyone being targeted as a result of their inclusion in Emotet. All impacted HIBP subscribers have been sent notifications already.»”concludes Hunt.
Linux Kernel Bug Opens Door to Wider Cyberattacks
The information-disclosure flaw allows KASLR bypass and the discovery of additional, unpatched vulnerabilities in ARM devices.
An information-disclosure security vulnerability has been discovered in the Linux kernel, which can be exploited to expose information in the kernel stack memory of vulnerable devices.
Specifically, the bug exists in the /proc/pid/syscall functionality of 32-bit ARM devices running Linux, according to Cisco Talos, which discovered the vulnerability. It arises from an improper conversion of numeric values when reading the file.
With a few commands, attackers can output 24 bytes of uninitialized stack memory, which can be used to bypass kernel address space layout randomization . KASLR is an anti-exploit technique that places various objects at random to prevent predictable patterns that are guessable by adversaries.
Attacks also would be “impossible to detect on a network remotely,” the firm explained. And, “if utilized correctly, an attacker could leverage this information leak to successfully exploit additional unpatched Linux vulnerabilities.”
Hackers Threaten to Leak D.C. Police Informants’ Info If Ransom Is Not Paid
The Metropolitan Police Department of the District of Columbia has become the latest high-profile government agency to fall victim to a ransomware attack.
The Babuk Locker gang claimed in a post on the dark web that they had compromised the DC Police’s networks and stolen 250 GB of unencrypted files. Also called the DC Police, the MPD is the primary law enforcement agency for the District of Columbia in the U.S.
The ransomware gang has given the department three days to heed to their ransom demand or risk leaking sensitive files that could expose police informants to criminal gangs.
Babuk Locker is a relative newcomer in the ransomware landscape, with the group targeting transportation, healthcare, plastic, electronics, and agricultural sectors across the U.S., U.K., U.A.E., China, India, South Africa, Spain, Germany, and Italy at least since the beginning of 2021. The syndicate is also known for attacking Linux-based systems such as VMware ESXi.
More than one hundred Russian companies were subjected to a cyber attack
In April, Kaspersky Lab uncovered a series of cyber attacks on system administrators of sites in Russia. By April 23, the company detected about 4 thousand emails containing fraudulent messages sent to more than 2 thousand e-mail addresses. If successful, hackers will be able to create pages, post any information and download files.
Under the guise of a regulatory authority, intruders are sending fraudulent notifications about the need to confirm the fact of domain name management.
“To confirm that you have the actual ability to manage the domain name, create a file in the root directory of the site”, says the text of the fraud letter.
“In order not to give the recipient time to suspect something wrong, he was required to execute the instruction in a short time — within three days”, said Alexander Liskin, head of Kaspersky Lab’s antivirus research laboratory.
Stay Focused. Stay Vigilant.
Cyber Threat Incident Management Team — Cyber Security Commiunity @ SLIIT