Today’s a great day to gain access to our archives and special content by becoming a premium subscriber to Metacurity!

The oppressive military regime that has now taken over Myanmar, Tatmadaw, uses so-called dual-use technologies provided by notorious spyware makers and other software to spy on its citizens, despite many Westerners' ban nations on the sale of such technologies for domestic repression.

For example, MSAB, a Swedish company that supplies forensic data tools for military purposes, and Cellebrite of Israel, which purchased American company BlackBag Technologies, are both implicated in selling their technologies to Myanmar. Both companies argue they’ve stopped the sale of their systems in the country. (Hannah Beech / The New York Times)

Related: Lawfare

Patrick Howell O'Neill @HowellONeill

Cellebrite, MSAB, Elbit and other western surveillance and hacking tools are being used in Myanmar by the military dictatorship: Myanmar’s Military Deploys Digital Arsenal of Repression in CrackdownThe generals who staged a coup last month use surveillance drones, iPhone cracking devices and hacking software, some of it from Western countries that bar sales of such technology to Myanmar.nytimes.com

March 2nd 2021

2 Retweets2 Likes

French security researcher Julien Voisin discovered that a fully weaponized exploit for the side-channel Spectre CPU vulnerability was uploaded on the malware-scanning website VirusTotal, marking the first time this kind of exploit has made its way into the public domain.

The Spectre bug enabled a branch target injection attack that allowed bad apps to break into CPU communications and steal sensitive data. Of particular note, Voisin said he found a Linux Spectre exploit capable of dumping the contents of /etc/shadow, a Linux file that stores details on OS user accounts. (Catalin Cimpanu / Recorded Future)

Related: Reddit - cybersecurity, Slashdot

Cyber intelligence firm Cyfirma says that a Chinese state-backed hacking group APT10, also known as Stone Panda, has targeted the IT systems of two Indian vaccine makers, Bharat Biotech and the Serum Institute of India (SII), whose coronavirus shots are being used in the country’s immunization campaign.

In the case of SII, the hackers were targeting fragile public servers that contained vulnerabilities that Cyfirma Chief Executive Kumar Ritesh called “quite alarming.” (Krishna Das / Reuters)

Related: DealStreetAsia, CISO MAG, EurAsian Times, Tech Insider, TechNode, Washington Free Beacon, SC Magazine, The Quint, ThePrint, ibtimes.sg : Top News, The Asian Age | Home, India.com, Inforisk.com, DataBreachToday.com

Follow Us on Twitter

Security company Sophos says the Gootkit information stealer's delivery system, now named Gootloader, has evolved into a complex and stealthy framework that is pushing a wider variety of malware via hacked WordPress sites and malicious SEO techniques for Google results.

After experiencing a data leak in 2019, the group behind Gootkit formed a network of hacked WordPress sites. It used SEO poisoning to show in Google forum posts fake forums with malicious links. It now controls around 400 servers that host hacked, legitimate websites, Sophos says. (Ionut Ilascu / Bleeping Computer)

Related: Help Net Security, Security Affairs, Threatpost, Sophos, Reddit - cybersecurity, The Register

Microsoft Security Intelligence @MsftSecIntel

We're seeing numerous extensive hands-on-keyboard attacks emanating from the Gootkit malware, which is distributed via drive-by downloads as a JavaScript within a ZIP file. The JavaScript is launched via WScript and establishes C2, enabling attackers to take control of devices.

March 2nd 2021

178 Retweets396 Likes

US dollar-tied stablecoin Tether says it refuses to pay a 500 bitcoin ransom worth around $23.8 million that ransomware hackers have demanded to avoid a leak of the organization’s data.

Tether has also warned customers that forged documents were circulating on the internet that allege to be genuine communications between Tether and representatives of Deltec Bank and Trust. (Greg Thomson / Cointelegraph)

Related: HackRead, ZDNet, Coindesk, Yahoo, Bitcoin News, Bleeping Computer, Decrypt

Tether @Tether_to

Today we also received a ransom demand for 500 BTC to be sent to bc1qa9f60pved3w3w0p7snpxlnh5t4uj95vxn797a7. The sender said that, unless they receive the BTC by tomorrow, they will leak documents to the public in an effort to “harm the bitcoin ecosystem.” We are not paying. 2/5

February 28th 2021

168 Retweets542 Likes

A September ransomware attack at U.S. healthcare provider Universal Health Services (UHS) caused $67 million in pre-tax losses for the company, UHS said in its recent earnings statement.

The breach's cost includes lost revenue because ambulances were diverted to competitor facilities, delayed billing procedures, and increased labor costs. (Sean Lyngaas / Cyberscoop)

Related: Dark Reading, UHS

Dutch e-Ticketing platform Ticketcounter has suffered a data breach after a user database containing 1.9 million unique email addresses was stolen from an unsecured staging server.

The threat actor, who created a topic on a hacker forum to sell the stolen Ticketcounter database but quickly took the post down, told Bleeping Computer they have no fear of law enforcement. (Lawrence Abrams / Bleeping Computer)

Troy Hunt @troyhunt

I've spent a bunch of time talking to Ticketcounter over the last week, and this is a really tough situation for them. The exposed database was human error; one bad mistake made in August last year that's now come back to bite them nearly 7 months on.

Have I Been Pwned @haveibeenpwned

New breach: Dutch ticketing service Ticketcounter had 1.9M addresses breach in Feb. Data included names, physical & IP address, gender, DoB, payment history and some cases, bank account number. 60% of addresses were already in @haveibeenpwned. Read more: https://t.co/Oog9CHpeyX

March 1st 2021

9 Retweets45 Likes

Share Metacurity

A new Atlantic Council report states that the rise of offensive cyber capabilities (OCC) “presents an expanding set of risks to states and challenges commitments to protect openness, security, and stability in cyberspace,” while regulation through international norms is ineffective.

The report offers “several policy recommendations for states to better understand this proliferation of OCC, shape the behavior of these companies, and limit their activities where it conflicts with national security priorities.” (Winnona DeSombre, James Shires, JD Work, Robert Morgus, Patrick Howell O’Neill, Luca Allodi, and Trey Herr / Atlantic Council)

Related: Atlantic Council

Patrick Howell O'Neill @HowellONeill

I’m happy to have contributed to this report on offensive cyber capabilities and access-as-a-service operations. This is the most in-depth report on the hacking industry I’ve ever seen and, even better, it offers strong policy solutions.

Winnona ✨ @__winn

New paper on Offensive Cyber Capabilities & Access-as-a-Service orgs from myself, @jamessshires, @HostileSpectrum, @HowellONeill, @alpha_centauri3, Rob Morgus, Luca Allodi and Trey Herr from @CyberStatecraft! The cliff notes: . . . https://t.co/79R1ytf3f3

March 1st 2021

3 Retweets21 Likes

A major wholesaler and distributor of Asian food products in the U.S., JFC International, announced it had been hit with a ransomware attack.

The attack reportedly affected only JFC International’s Europe Group, which said it had notified authorities, employees, and business partners about the incident. (Eduard Kovacs / Security Week)

Related: Security Affairs

Qomplx, a risk analytics provider helping companies protect against cybersecurity threats and more, has agreed to merge with Casper CEO's so-called “blank check company” SPAC to go public in a deal worth $1.4 billion.

As part of the deal, Qomplx will buy two other private companies: risk analytics company Sentar and insurance modeling platform Tyche. (Katie Roof / Bloomberg)

Related: Business Wire Technology News

Image by သူထွန်း, CC BY-SA 4.0 <https://creativecommons.org/licenses/by-sa/4.0>, via Wikimedia Commons