macOS Update Fixes Flaw That Threat Actors Can Exploit to Record Video or Access Files

Bose got hit with ransomware, Lazarus Group stole millions in cryptocurrency from exchanges, Russian man who tried to bribe Tesla employee to install malware will be deported, much more

CISOs face a host of new challenges now that the COVID-19 crisis is winding down in Western nations. Check out my latest CSO column on the new post-pandemic problems CISOs must now tackle.

Cybersecurity company Jamf discovered that malware called XCSSET that secretly takes screenshots exploited a severe weakness in macOS security. Threat actors could exploit this vulnerability to record video or access files on Macs.

Apple fixed the flaw in the latest version of macOS, Big Sur 11.4, released yesterday. (Thomas Brewster / Forbes)

Related:iTnewsReddit - cybersecurityTechCrunchSiliconANGLEArs Technica9to5MacThe Register - SecurityBleeping ComputerAppleInsider, 9to5MaciMoreIT ProCyber KendraTechCentral.ieThe Hacker NewsCult of MacTechNaduMacRumorsThe Register - Security

Net Marketing Co., which runs the Omiai dating app, Japan’s biggest dating app, said that it found evidence of unauthorized access to its servers in April, which likely exposed the personal information of over 1.7 million users.

Among the data likely exposed were photos of IDs used to confirm the age of users, including drivers’ licenses, insurance cards, and passports. (Shoko Oda / Bloomberg)

Related: ETTelecom.comTech XplorePYMNTS.comDAILYSABAH, PYMNTS.com

A Michigan man, Justin Johnson, admitted to stealing sensitive data of more than 65,000 University of Pittsburgh Medical Center employees and selling the data online.

Johnson, who faces a maximum of seven years in prison, will be sentenced by U.S. District Chief Judge Mark Hornak in about four months.  (Paula Reed Ward / Tribune Live)

Related: Infosecurity MagazineCBS Pittsburgh, Associated Press

A joint report authored by Rostelecom-Solar, a cybersecurity division of Russian telecom giant Rostelecom, and the National Coordination Center for Computer Incidents (NKTsKI), a CERT-like organization created by the Russian Federal Security Service (FSB), said that foreign hackers breached and stole information from Russian federal executive bodies.

The report said the attacks were identified in 2020 and were conducted by cyber mercenaries pursuing the interests of a foreign state. (Catalin Cimpanu / The Record)

Related: TASSDataBreachToday.com

In a carefully worded breach notification letter submitted to New Hampshire authorities, audio equipment maker Bose said a ransomware attack hit it on March 7.

Bose said that following a months-long investigation into the intrusion, it also discovered that the ransomware gang also accessed internal files from its human resources department. The company was silent, however, on whether it paid a ransom. (Catalin Cimpanu / The Record)

Related: Cyber KendraEngadgetSecureReadingBleeping ComputerSecurity AffairsTechDator

Give a gift subscription

Israeli cybersecurity firm ClearSky said that suspected North Korean hackers breached cryptocurrency exchanges in Japan, Europe, the U.S., and Israel to steal millions of dollars from the platforms in the last three years.

The report cites as the culprit in these breaches the Lazarus Group, which security experts widely believe to be working on behalf of the North Korean government. (Sean Lyngaas / Cyberscoop)

Related: The Hacker NewsBleeping Computer, ClearSky

In a legal challenge to British spy agency GCHQ’s bulk interception of online communications, the European court of human rights has ruled that GCHQ’s online communications methods violated the right to privacy. The court further ruled that the regime for collecting data was “not in accordance with the law.”

The legal challenge began in 2013 by Big Brother Watch and others shortly after whistleblower Edward Snowden released documents showing the breadth and scope of the agency’s data collection efforts. (Haroon Siddique / The Guardian)

Related: Bloomberg

A joint report by dark web intelligence firm Flashpoint and cryptocurrency-watching software company Chainalysis says that Russian-speaking dark web bazaar Hydra has dominated the illicit marketplace since 2018.

Hydra forces users to transact in difficult-to-track Russian currencies, making it hard for law enforcement to disrupt Hydra’s operations. (Tim Starks / Cyberscoop)

Related: ZDNet Security

A Russian man, Egor Igorevich Kriuchkov, who tried to pay a Tesla employee $500,000 to install computer malware at the company’s Nevada electric battery plant, was sentenced Monday to what amounted to time already served and will be deported after pleading guilty.

Kruichkov was sentenced to 10 months in custody for his guilty plea in March to conspiracy to cause damage to a protected computer intentionally. The court ordered him to pay about $14,825 in restitution for company time investigating the attempted intrusion. Kruichkov planned to steal data from Tesla to hold it for ransom. (Ken Ritter, Scott Sonner / Associated Press

A source who affiliates themselves with the hacking collective Anonymous pointed Motherboard to crime and neighborhood watch app Citizen’s leakage of users' COVID-related data to the public internet. This exposure allows anyone to view specific users' recent self-reported symptoms, test results, and whether their device had recorded any close contacts with other people using the feature.

Citizen said that the data included "share cards," images of a user's COVID information designed to be shared either by the user on social media or with their family and friends. (Joseph Cox / Motherboard)

As first noticed by researcher Rajshekhar Rajaharia, data from pizza delivery service Domino’s 180 million order data breach, reported in April, is now available online in a searchable portal format.

The portal is available through an onion link. (Ivan Mehta / The Next Web)

Related: Economic TimesIB TimesIndian Express

Share Metacurity

The Indonesian government’s Communication and Information Ministry has ordered ISPs to book access to the data-sharing site Raid Forums after a newly registered forum member posted what they claim is a database containing 200 million records of personal information for Indonesian people.

The forum member claims that the database contains Indonesians' KTP NIK number, KK number, full name, place of birth, date of birth, and other sensitive and personal information. (Lawrence Abrams / Bleeping Computer)

Related: The Register - SecurityDataBreaches.netKrASIA

Threat prevention and loss avoidance company Advanced Intel says that developers of Zeppelin ransomware have resumed their activity after a period of relative silence that started last Fall and have begun to advertise new versions of the malware.

Zeppelin ransomware, also known as Buran, is offered as a ransomware-as-a-service in underground forums, letting buyers decide how they want to use the malware. (Ionut Ilascu / Bleeping Computer)

Related: Security Affairs, TechDator

Credit card giant American Express Services Europe has been fined £90,000 ($127,377) by the UK’s Information Commissioner’s Office (ICO) for illegally blasting out 4 million marketing emails to customers who had opted out of receiving them.

An investigation by the ICO found that out of 50 million emails Amex sent and classified as “service” emails over 12 months, 4,098,841 were marketing messages, “designed to encourage customers to make purchases on their cards which would benefit Amex financially. It was a deliberate action for financial gain by the organization.”  (Becky Bracken / Threatpost)

Related: The Register - Security, Bleeping Computer

Solidus Labs, which makes market surveillance tools to flag manipulation across cryptocurrency trading platforms, has raised $20 million in a Series A venture funding round.

The round was led by Evolution Equity Partners and included Hanaco Ventures, which led the startup’s $3.75 million seed round in early 2019. (Ian Allison / Coindesk)

Related: GlobesTechCrunch

Photo by Daniel Romero on Unsplash