(Check out our special report this morning on the New York Post’s article and the prospect of late-game cyberattacks and disinformation campaigns.)

A financially motivated threat actor collective called Fin11, known for its malware distribution campaigns has shifted focus to financial crimes including ransomware and extortion, researchers at FireEye’s Mandiant report. The gang has been involved in cybercrime activities since 2016 and has a significant overlap in TTPs (tactics, techniques, and procedures) with another threat group that cybersecurity researchers call TA505, which is behind the infamous Dridex banking Trojan and Locky ransomware. (Ravie Lakshmanan / The Hacker News)

Related: The Drum, Threat Research Blog, Cyberscoop, The Hacker News, CSO Online, Threatpost, SecurityWeek, SC Magazine,  Bleeping Computer, ZDNet

Mandiant @Mandiant

Agile campaigns from the newly graduated FIN11 threat group have reached as much as $10 million USD. Get briefed now: feye.io/34PAd4U

October 14th 2020

6 Retweets8 Likes

Hackers Who Took Over High Profile Twitter Accounts Started Out With Tech Support Scam

The young hackers who took over a number of high-profile Twitter accounts last summer such as those belonging to Barack Obama and Elon Musk began their spree by posing as company IT officials making a support call, according to a report by New York’s Department of Financial Services. The state officials behind the report are calling for addition cybersecurity regulation of major tech platforms, particularly large social media platforms, which they call “systemically important.” (Brian Fung / CNN)

Related: TechCrunch, Wall Street Journal, Infosecurity Magazine, Professional Security Magazine, The Next Web, Twitter Investigation Report

Law Enforcement Raided Around a Dozen Offices Belonging to Spyware Company FinFisher

Public prosecutors have carried out raids in about a dozen offices belonging to the Munich-based spyware manufacturer FinFisher, public broadcasting news Tagesschau revealed early on Wednesday, following criminal charges that RSF Germany (Reporters Without Borders) and other civil society organizations filed against the FinFisher conglomerate in 2019. RSF argued that FinFisher illegally sold FinSpy intrusion software to the repressive government of Turkey. (RSF / Reporters Without Borders)

Related: TechNadu, Tech Xplore, ZDNet Security, Deutsche Welle

John Scott-Railton @jsrailton

BIG NEWS: German police raided the offices of spyware developer FinFisher. Comes after investigation into export violations triggered by civil society complaint. German spyware company FinFisher searched by public prosecutors | Reporters without bordersReporters Without Borders (RSF) welcomes news of significant progress in the criminal investigation of illegal exports of surveillance technology by German spyware company FinFisher. Public prosecutors have searched about a dozen offices belonging to the Munich-based spyware manufacturer, public bro…rsf.org

October 14th 2020

38 Retweets54 Likes

hakan @hatr

Repost for the U.S. crowd: In connection with the #Finfisher investigation police have carried out raids against 15 residential and business premises in Germany and abroad last week, we (BR/NDR) found out. Main question is how and if FF exported Finspy without proper licenses.

hakan @hatr

Neu: Im Zuge der Ermittlungen gegen #Finfisher haben Ermittler des Zollkriminalamts in der vergangenen Woche Wohn- und Geschäftsräume durchsuchen lassen. Verdacht: Verstoß gegen das Außenwirtschaftsgesetz https://t.co/FXpZM3QswO Story mit @B_Strunz und @jlstro

October 14th 2020

21 Retweets25 Likes

Follow Us on Twitter

Zoom Plans to Launch End-to-End Encryption for All Users Following Testing Period

As part of its Zoomtopia event, meteoric video conferencing company Zoom said that it will roll out end-to-end encryption, following a three-phase testing period. Zoom has stumbled on delivering end-to-end encryption a couple of times. First, it initially claimed it offered end-to-end encryption, which turned out to be inaccurate. Then it promised to deliver the security measure to premium subscribers only but backtracked on that plan. (Paul Sawers / Venture Beat)

Related: Forbes, Cyberscoop, CNET News, VentureBeat, Slashdot, Business Insider, The South African, Gizmodo, Natasha Lomas – TechCrunch, Cyberscoop, Bleeping Computer, ZDNet Security, Dark Reading, Bloomberg, SlashGear » security, SiliconANGLE, Cyberscoop, Neowin, Mashable, Dark Reading, CNET, Forbes, The Mac Observer, Zoom

Google and Intel Warn of High-Severity BleedingTooth Flaw in Linux Bluetooth Core Protocols and Layers

Google and Intel are warning of a high-severity Bluetooth flaw called BleedingTooth, a name given by Google engineer Andy Nguyen, that resides in BlueZ, the software stack that by default implements all Bluetooth core protocols and layers for Linux. In addition to Linux laptops, BlueZ is used in many consumer or industrial Internet-of-things devices. It works with Linux versions 2.4.6 and later. Although Nguyen plans to offer more details soon, the bug seemingly provides a reliable way for nearby attackers to execute malicious code of their choice on vulnerable Linux devices that use BlueZ for Bluetooth. (Dan Goodin / Ars Technica)

Related: ZDNet Security, CERT Recently Published Vulnerability Notes, Security Affairs, SecurityWeek, Threatpost

Andy Nguyen @theflow0

BleedingTooth: Linux Bluetooth Zero-Click Remote Code Execution Blog post available soon on: security.googleblog.com Google Security Research Repository: github.com/google/securit… Intel Security Advisory: intel.com/content/www/us… Video: BleedingTooth: Linux Bluetooth Zero-Click Remote Code ExecutionMore information: Blog post available soon on: https://security.googleblog.com/ Google Security Research Repository: https://github.com/google/security-resea...youtu.be

October 13th 2020

235 Retweets511 Likes

Other Cybersecurity News

• The number of ads on hacking forums selling access to compromised IT networks tripled in September 2020 compared to the previous month, according to a report by cybersecurity firm KELA. KELA said it indexed 108 "network access" listings posted on popular hacking forums last month, collectively valued at a total asking price of around $505,000. (Catalin Cimpanu / ZDNet)

• Despite the best efforts of U.S. CyberCommand and a team of organizations headed by Microsoft to cripple the TrickBot botnet ahead of the U.S. elections, TrickBot is still continuing to cause new infections, according to Alex Holden, chief information security officer of Hold Security, a Milwaukee-based company that tracks TrickBot. Even so, the number of infections appears to have dropped into the hundreds, as opposed to the thousands prior to the two efforts to dismantle it. (Sean Lyngaas / Cyberscoop)

  MalwareTech @MalwareTechBlog

  Had a feeling this would happen. Emotet often drops TrickBot, and a few month ago TrickBot was dropping Emotet. As a result they are able to recover some old bots, as well as infect new systems via Emotet.

  Cofense Labs @CofenseLabs

  We are currently seeing #emotet dropping #trickbot on all 3 Epochs. Spam is active again.

  October 14th 2020

  17 Retweets84 Likes

• State chief information security officers have grappled with a range of new and old cybersecurity issues since the pandemic began, according to a report by the National Association of State Chief Information Officers. The state CISOs expanded the use of VPNs, firewalls, and multi-factor authentication and responded to widespread financial fraud targeting overworked unemployment benefits systems, in addition to grappling with ransomware and other threats that predate the pandemic. (Benjamin Freed / StateScoop)

  Related: InsideCyberSecurity.com

• Free graphics design website Canva is being abused by threat actors to create and host intricate phishing landing pages, according to a report by cybersecurity firm Cofense. Cofense says that hosted HTML landing pages that are used to redirect phishing victims to fake login forms. (Lawrence Abrams / Bleeping Computer)

  Related: Cofense

• Cyber warriors based in Estonia say that the growing number of people working from home globally due to the COVID-19 crisis are increasingly vulnerable to cyber-attacks. “Large scale use of remote work has attracted spies, thieves and thugs,” Jaak Tarien, head of NATO’s Cooperative Cyber Defence Centre of Excellence (CCDCOE) said. (AFP)

  Related: SecurityWeek, Tech Xplore

  Share Metacurity

Podcast of the Day

The great Darknet Diaries podcast by Jack Rhysider talks about hackers, “better known as knaves,” hacked into JP Morgan Chase, one of the biggest financial institutions in the world. Take a listen. (Photo by Matt Botsford on Unsplash)

Today in Secret Thumb Drive News

Boo!oraaa!! @H0tdish

Data Dentata.

October 14th 2020

2 Likes

Photo by Dmitry Demidko on Unsplash