Cyber Security Headlines: Uber hacker arrested, Microsoft SQL hacked, CircleCI GitHub hack

London Police arrest 17-year-old hacker suspected of Uber and GTA 6 breaches

Police in London Police have announced the arrest of a 17-year-old as part of an investigation in partnership with the U.K. National Crime Agency’s cybercrime unit. Although no further details about the investigation were mentioned, suspicions run high that the arrest may be related to a recent string of high-profile hacks aimed at Uber and Rockstar Games, both of which are alleged to have been committed by the same threat actor, known as Tea Pot (aka teapotuberhacker). Uber, believes the attacker is associated with the LAPSUS$ extortion gang, two of whom are facing fraud charges.

(The Hacker News)

Microsoft SQL servers hacked in TargetCompany ransomware attacks

Microsoft SQL servers are being targeted with FARGO ransomware, according to researchers at AhnLab Security Emergency Response Center (ASEC). This follows similar attacks in February, in which attackers dropped Cobalt Strike beacons, and then in July when MS-SQL servers were hacked to steal bandwidth for proxy services. This latest attack aims for quick and easy profit through blackmailing database owners. According to AhnLab, “FARGO is one of the most prominent ransomware strains that focus on MS-SQL servers, along with GlobeImposter. This malware family has been referred to as “Mallox” in the past because it used to append the “.mallox” extension to the files it encrypts.”

(Bleeping Computer)

Attackers impersonate CircleCI platform to compromise GitHub accounts

According to Security Affairs, “GitHub is warning of an ongoing phishing campaign targeting its users to steal credentials and two-factor authentication (2FA) codes by impersonating the CircleCI DevOps platform.” They learned about the attacks September 16, pointing out that “the phishing campaign has impacted many victim organizations except GitHub.” This was being done to trick victims into logging in, using GitHub credentials, under the misapprehension that their CircleCI session had expired. The company pointed out that the accounts protected by hardware security keys are not vulnerable to this attack.

(Security Affairs)

Agencies don’t know what sensitive data new IT systems collect on Americans, GAO report finds

A new Government Accountability Office has reported that more than twenty years after being made responsible for establishing privacy programs, 14 federal agencies have “failed to address key practices for protecting the sensitive personal data of Americans.” These agencies include the Office of Personnel Management, which was the target of a data breach in 2015 that exposed the sensitive personal information of more than 20 million government employees. Other agencies that lack a full privacy strategy include the Departments of Agriculture, Defense, Justice, Homeland Security, Housing and Urban Development, Veterans’ Affairs, State, Treasury, Environmental Protection Agency and OPM. In addition, the U.S. agency that maintains and modernizes the country’s nuclear stockpile was criticized in the same report for lackluster cybersecurity policies that “endangered both IT and operational technology networks.”

(Cyberscoop and The Record)

Thanks to today’s episode sponsor, Votiro

“Can you trust that your content and data is free of malware and ransomware? With Votiro you can. Votiro removes evasive and unknown malware from content in milliseconds, without impacting file fidelity or usability. It even works on password-protected and zipped files. Plus, it’s an API, so it integrates with everything – including Microsoft 365. Learn more at Votiro.com.”

VPN providers flee India as a new data law takes hold

As of yesterday, India’s Computer Emergency Response Team aka CERT—a body appointed by the Indian government to deal with cybersecurity and threats, “will require VPN operators to collect and maintain customer information including names, email addresses, and IP addresses for at least five years, even after they have canceled their subscription or account.” This according to WIRED magazine. India had the highest rate of growth in the use of VPN services worldwide last year, with 348.7 million VPNs installed last year, showing a 671 percent jump in growth when compared to the same period in 2020, according to a 2021 analysis by Atlas VPN. The reason for the increase is associated with continuous internet shutdowns in the country, along with a rise in digital scams. VPN companies from across the globe have pulled their servers out of the country in a bid to protect their users’ privacy.

(Wired)

Microsoft’s new security chief looks to AI to fight hackers

In a Q&A interview with Bloomberg, newly installed ex-Amazon.com cloud-computing executive Charlie Bell shares his plan to use AI to fight hackers. He states that people in cybercrime are “innovating to break everything you build … every time we take a step forward in security, there’s somebody out there scratching their head saying, well, what do I do to get around that, how do I break that?” Analogizing the situation to a soccer game where the other side is cheating, it’s time to “shrink the goal down to just about the size of the soccer ball, stretch the field out to be 20 miles long.” The full interview is available at Bloomberg.

(Bloomberg)

American Airlines learned it was breached from phishing targets

Following up on a story we brought you last week, American Airlines now says its Cyber Security Response Team learned about a recently disclosed data breach from the targets of a phishing campaign that was using an employee’s hacked Microsoft 365 account. The investigation also revealed the attacker accessed multiple employees’ accounts (also compromised via phishing attacks) and used them to send more phishing emails to targets American has not yet disclosed. The company added that the team members’ accounts also provided access to employee files stored on the Sharepoint cloud-based service. Through its investigation, American was able to determine that the unauthorized actor used an IMAP protocol to access the mailboxes.”

(Bleeping Computer)

Steve Prentice
Author, speaker, expert in the area where people and technology crash into each other, viewed from the organizational psychology perspective. Host of many podcasts, voice actor and narrator for corporate media and audiobooks. Ghost-writer for busy executives.