Myanmar's Military Regime Uses Banned Spyware Against Citizens

Spectre CPU vulnerability was uploaded to VirusTotal, China's APT10 targeted two Indian vaccine makers, Gootkit malware is now complex and stealthy, Tether refuses to pay $23.8M ransom, more

Today’s a great day to gain access to our archives and special content by becoming a premium subscriber to Metacurity!

The oppressive military regime that has now taken over Myanmar, Tatmadaw, uses so-called dual-use technologies provided by notorious spyware makers and other software to spy on its citizens, despite many Westerners' ban nations on the sale of such technologies for domestic repression.

For example, MSAB, a Swedish company that supplies forensic data tools for military purposes, and Cellebrite of Israel, which purchased American company BlackBag Technologies, are both implicated in selling their technologies to Myanmar. Both companies argue they’ve stopped the sale of their systems in the country. (Hannah Beech / The New York Times)

Related: Lawfare

French security researcher Julien Voisin discovered that a fully weaponized exploit for the side-channel Spectre CPU vulnerability was uploaded on the malware-scanning website VirusTotal, marking the first time this kind of exploit has made its way into the public domain.

The Spectre bug enabled a branch target injection attack that allowed bad apps to break into CPU communications and steal sensitive data. Of particular note, Voisin said he found a Linux Spectre exploit capable of dumping the contents of /etc/shadow, a Linux file that stores details on OS user accounts. (Catalin Cimpanu / Recorded Future)

Related: Reddit - cybersecuritySlashdot

Cyber intelligence firm Cyfirma says that a Chinese state-backed hacking group APT10, also known as Stone Panda, has targeted the IT systems of two Indian vaccine makers, Bharat Biotech and the Serum Institute of India (SII), whose coronavirus shots are being used in the country’s immunization campaign.

In the case of SII, the hackers were targeting fragile public servers that contained vulnerabilities that Cyfirma Chief Executive Kumar Ritesh called “quite alarming.” (Krishna Das / Reuters)

Related: DealStreetAsiaCISO MAGEurAsian TimesTech InsiderTechNodeWashington Free BeaconSC Magazine, The Quint, ThePrintibtimes.sg : Top NewsThe Asian Age | HomeIndia.comInforisk.comDataBreachToday.com

Follow Us on Twitter

Security company Sophos says the Gootkit information stealer's delivery system, now named Gootloader, has evolved into a complex and stealthy framework that is pushing a wider variety of malware via hacked WordPress sites and malicious SEO techniques for Google results.

After experiencing a data leak in 2019, the group behind Gootkit formed a network of hacked WordPress sites. It used SEO poisoning to show in Google forum posts fake forums with malicious links. It now controls around 400 servers that host hacked, legitimate websites, Sophos says. (Ionut Ilascu / Bleeping Computer)

Related: Help Net SecuritySecurity Affairs, Threatpost, Sophos, Reddit - cybersecurityThe Register

US dollar-tied stablecoin Tether says it refuses to pay a 500 bitcoin ransom worth around $23.8 million that ransomware hackers have demanded to avoid a leak of the organization’s data.

Tether has also warned customers that forged documents were circulating on the internet that allege to be genuine communications between Tether and representatives of Deltec Bank and Trust. (Greg Thomson / Cointelegraph)

Related: HackRead, ZDNet, Coindesk, Yahoo, Bitcoin News, Bleeping Computer, Decrypt

A September ransomware attack at U.S. healthcare provider Universal Health Services (UHS) caused $67 million in pre-tax losses for the company, UHS said in its recent earnings statement.

The breach's cost includes lost revenue because ambulances were diverted to competitor facilities, delayed billing procedures, and increased labor costs. (Sean Lyngaas / Cyberscoop)

Related: Dark Reading, UHS

Dutch e-Ticketing platform Ticketcounter has suffered a data breach after a user database containing 1.9 million unique email addresses was stolen from an unsecured staging server.

The threat actor, who created a topic on a hacker forum to sell the stolen Ticketcounter database but quickly took the post down, told Bleeping Computer they have no fear of law enforcement. (Lawrence Abrams / Bleeping Computer)

Share Metacurity

A new Atlantic Council report states that the rise of offensive cyber capabilities (OCC) “presents an expanding set of risks to states and challenges commitments to protect openness, security, and stability in cyberspace,” while regulation through international norms is ineffective.

The report offers “several policy recommendations for states to better understand this proliferation of OCC, shape the behavior of these companies, and limit their activities where it conflicts with national security priorities.” (Winnona DeSombre, James Shires, JD Work, Robert Morgus, Patrick Howell O’Neill, Luca Allodi, and Trey Herr / Atlantic Council)

Related: Atlantic Council

A major wholesaler and distributor of Asian food products in the U.S., JFC International, announced it had been hit with a ransomware attack.

The attack reportedly affected only JFC International’s Europe Group, which said it had notified authorities, employees, and business partners about the incident. (Eduard Kovacs / Security Week)

Related: Security Affairs

Qomplx, a risk analytics provider helping companies protect against cybersecurity threats and more, has agreed to merge with Casper CEO's so-called “blank check company” SPAC to go public in a deal worth $1.4 billion.

As part of the deal, Qomplx will buy two other private companies: risk analytics company Sentar and insurance modeling platform Tyche. (Katie Roof / Bloomberg)

Related: Business Wire Technology News

Image by သူထွန်း, CC BY-SA 4.0 <https://creativecommons.org/licenses/by-sa/4.0>, via Wikimedia Commons