Threat Actor Collective Fin11 Has Shifted to Financial Crimes

Twitter hackers began with tech support scam, FinFisher offices raided, Zoom to offer end-to-end encryption, Google and Intel warn of Bleeding Tooth Flaw in Linux, Trickbot network is still alive

(Check out our special report this morning on the New York Post’s article and the prospect of late-game cyberattacks and disinformation campaigns.)

A financially motivated threat actor collective called Fin11, known for its malware distribution campaigns has shifted focus to financial crimes including ransomware and extortion, researchers at FireEye’s Mandiant report. The gang has been involved in cybercrime activities since 2016 and has a significant overlap in TTPs (tactics, techniques, and procedures) with another threat group that cybersecurity researchers call TA505, which is behind the infamous Dridex banking Trojan and Locky ransomware. (Ravie Lakshmanan / The Hacker News)

Related: The DrumThreat Research BlogCyberscoopThe Hacker NewsCSO Online, ThreatpostSecurityWeekSC Magazine,  Bleeping Computer, ZDNet

Hackers Who Took Over High Profile Twitter Accounts Started Out With Tech Support Scam

The young hackers who took over a number of high-profile Twitter accounts last summer such as those belonging to Barack Obama and Elon Musk began their spree by posing as company IT officials making a support call, according to a report by New York’s Department of Financial Services. The state officials behind the report are calling for addition cybersecurity regulation of major tech platforms, particularly large social media platforms, which they call “systemically important.” (Brian Fung / CNN)

Related: TechCrunch, Wall Street Journal, Infosecurity MagazineProfessional Security Magazine, The Next Web, Twitter Investigation Report

Law Enforcement Raided Around a Dozen Offices Belonging to Spyware Company FinFisher

Public prosecutors have carried out raids in about a dozen offices belonging to the Munich-based spyware manufacturer FinFisher, public broadcasting news Tagesschau revealed early on Wednesday, following criminal charges that RSF Germany (Reporters Without Borders) and other civil society organizations filed against the FinFisher conglomerate in 2019. RSF argued that FinFisher illegally sold FinSpy intrusion software to the repressive government of Turkey. (RSF / Reporters Without Borders)

Related: TechNadu, Tech XploreZDNet SecurityDeutsche Welle

Follow Us on Twitter

Zoom Plans to Launch End-to-End Encryption for All Users Following Testing Period

As part of its Zoomtopia event, meteoric video conferencing company Zoom said that it will roll out end-to-end encryption, following a three-phase testing period. Zoom has stumbled on delivering end-to-end encryption a couple of times. First, it initially claimed it offered end-to-end encryption, which turned out to be inaccurate. Then it promised to deliver the security measure to premium subscribers only but backtracked on that plan. (Paul Sawers / Venture Beat)

Related: ForbesCyberscoopCNET NewsVentureBeatSlashdotBusiness InsiderThe South AfricanGizmodoNatasha Lomas – TechCrunch, CyberscoopBleeping ComputerZDNet Security, Dark ReadingBloombergSlashGear » securitySiliconANGLECyberscoopNeowinMashableDark ReadingCNETForbesThe Mac ObserverZoom

Google and Intel Warn of High-Severity BleedingTooth Flaw in Linux Bluetooth Core Protocols and Layers

Google and Intel are warning of a high-severity Bluetooth flaw called BleedingTooth, a name given by Google engineer Andy Nguyen, that resides in BlueZ, the software stack that by default implements all Bluetooth core protocols and layers for Linux. In addition to Linux laptops, BlueZ is used in many consumer or industrial Internet-of-things devices. It works with Linux versions 2.4.6 and later. Although Nguyen plans to offer more details soon, the bug seemingly provides a reliable way for nearby attackers to execute malicious code of their choice on vulnerable Linux devices that use BlueZ for Bluetooth. (Dan Goodin / Ars Technica)

Related: ZDNet SecurityCERT Recently Published Vulnerability Notes, Security Affairs, SecurityWeek, Threatpost

Other Cybersecurity News

  • The number of ads on hacking forums selling access to compromised IT networks tripled in September 2020 compared to the previous month, according to a report by cybersecurity firm KELA. KELA said it indexed 108 "network access" listings posted on popular hacking forums last month, collectively valued at a total asking price of around $505,000. (Catalin Cimpanu / ZDNet)

  • State chief information security officers have grappled with a range of new and old cybersecurity issues since the pandemic began, according to a report by the National Association of State Chief Information Officers. The state CISOs expanded the use of VPNs, firewalls, and multi-factor authentication and responded to widespread financial fraud targeting overworked unemployment benefits systems, in addition to grappling with ransomware and other threats that predate the pandemic. (Benjamin Freed / StateScoop)


  • Free graphics design website Canva is being abused by threat actors to create and host intricate phishing landing pages, according to a report by cybersecurity firm Cofense. Cofense says that hosted HTML landing pages that are used to redirect phishing victims to fake login forms. (Lawrence Abrams / Bleeping Computer)

    Related: Cofense

  • Cyber warriors based in Estonia say that the growing number of people working from home globally due to the COVID-19 crisis are increasingly vulnerable to cyber-attacks. “Large scale use of remote work has attracted spies, thieves and thugs,” Jaak Tarien, head of NATO’s Cooperative Cyber Defence Centre of Excellence (CCDCOE) said. (AFP)

    Related: SecurityWeekTech Xplore

    Share Metacurity

Podcast of the Day

The great Darknet Diaries podcast by Jack Rhysider talks about hackers, “better known as knaves,” hacked into JP Morgan Chase, one of the biggest financial institutions in the world. Take a listen. (Photo by Matt Botsford on Unsplash)

Today in Secret Thumb Drive News

Photo by Dmitry Demidko on Unsplash