$3 will get you private webcam feeds sold as home video tapes

Thieves are selling private videos stolen from people’s home security cameras or from cameras secretly installed in public places. According to an undercover report carried out by Henan Television, in China, the clips are being sold as “home video packages” on social media. They’re prices depend on how titillating they are, with the cheapest being $3. With nudity or sex, they go for $8. $11 will get you logins for 10 households’ cameras, while $39 will get you feeds from 20 hotels and 20 households. One seller said he has a dozen people travelling around the country to install cameras. “Even if the hotel finds out, what we will lose is just a camera which is a few hundred yuan,” he said: a cost that he can easily recoup.

(South China Morning Post)

Ubiquiti attacker tried to extort us, company confirms

As we reported earlier this week, a whistleblower told security reporter Brian Krebs that Ubiquiti had downplayed a January security breach that was in reality “catastrophic.” On Wednesday, the company confirmed that the attackers had targeted the company with an extortion attempt following the breach, threatening to release stolen source code and specific IT credentials. Ubiquiti, a vendor of cloud-enabled devices such as routers, did not confirm the whistleblower’s claims that user data was accessed during the incident or that the attackers stole source code.

(Bleeping Computer)

Crooks offer $500 for work logins, $25/month if they stay valid

Kevin Beaumont, a senior threat intelligence analyst at Microsoft, came across sites including workplaceunite/.com and workplaceunited/.com that were looking to buy logins for work accounts at people’s current or past employers. They promised to pay $500 via PayPal for valid credentials. They also promised to pay $25 monthly while the logins still work. It’s not exactly phishing, given that the crooks ask for a PayPal email address but not a password. Nonetheless, it sure doesn’t sound legal. At least one of the sites was quite professional: it had a wizard to select where you work, how you access your account and more. The sites were down as of Wednesday. 

(Kevin Beaumont)

Federal agencies get 5 days to find compromised Exchange servers

The Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to scan their networks again for signs of compromised on-premises servers and to report their findings within five days. Agencies have until 12:00 PM EDT on Monday, April 5, to download and run the current version of Microsoft Safety Scanner (MSERT) in Full Scan mode and report results to CISA using its reporting template. That deadline also holds for downloading and running a script as an administrator to analyze Exchange and IIS logs and discover potential attacker activity. Bleeping Computer has links to get the scanner, script and reporting template. 

(Bleeping Computer)

Thanks to our episode sponsor, Remediant

Former Incident Response practitioners Tim Keeler and Paul Lanzi founded Remediant, a leader in Privileged Access Management. They did it to solve the one problem they saw repeatedly – standing administrator privileges. Repeatedly, they saw these rights weaponized by adversaries to deploy ransomware and move laterally across a network. Remediant uniquely addresses the challenge of standing privilege and be a force multiplier to Security programs worldwide.

To learn more about Tim & Paul’s story, watch the video at remediant.com.

Kansas man indicted over water utility attack

A 22-year-old Kansas man was indicted for allegedly attacking the computer system of a rural water utility in Kansas and shutting down processes that affect procedures for cleaning and disinfecting water. Prosecutors allege that Wyatt Travnichek logged into Ellsworth County Rural Water District’s computer system in 2019 without authorization: an intrusion that led to the shut-down of the facility’s processes. Drinking water quality wasn’t affected, but that doesn’t make the charges less severe. Those charges, including tampering with a water system and causing “reckless damage to a protected computer,” carry maximum prison sentences of 20 years and five years, respectively.

(CyberScoop)

Fake Call of Duty ‘cheats’ are spraying gamers’ systems with malware

Denizens of the dark web are deploying fake game “cheats” for Call of Duty: Warzone. The fake cheats don’t help you win games: all they do is spray your system with malware. Game publisher Activision reports that it’s recently seen criminals on forums discussing the ploy, which entails offering free cheats such as infinite ammunition “for all weapons,” “extra speed” and a “1hit1kill” feature. It’s all bunk: they’re just after gamers’ financial data. They’ve got a good chance of getting that valuable data, too, given that cheats typically require a user to disable key security features that would otherwise keep malware off their system. 

(Gizmodo)

Amazon locks man out after he suffers identity theft

It was bad enough that Tom Strauss was victimized by an identity thief who stole his credit card information and used it to buy six Xbox consoles for $2,200, among other things. To add insult to injury, Amazon is the only retailer who refused to accept that bogus charges were the work of a criminal and instead refused to waive the charges. Strauss and his wife lost use of hundreds of dollars worth of voice-activated Echos and Dots: that’s five Alexa accounts, plus all of the couple’s Prime Video content. Anyone who sees suspicious activity on their account is supposed to report it to Amazon, but Strauss only got his access back when WTVR contacted Amazon.

(WTVR)

DeepDotWeb admin pleads guilty, faces up to 20 years 

An Israeli national pleaded guilty to being the admin of a portal called DeepDotWeb (DDW), a purported “news” website that the DOJ says actually “served as a gateway to numerous dark web marketplaces.” Tal Prihar, 37, operated DDW alongside Michael Phan, 34, starting in 2013. They received a total of about $8.4 million worth of bitcoin from the underground marketplaces, which included AlphaBay, Agora, Abraxas, Dream, and Valhalla. Those marketplaces traded in illegal firearms, malware and hacking tools, stolen financial data, heroin, fentanyl, and other contraband. Prihar pleaded guilty to conspiracy to commit money laundering and faces up to 20 years in prison.

(Hacker News)