Fake (right-wing) news does better than real news on Facebook

Fake news gets more engagement than real news on Facebook, but only if it’s coming from the right-wing. Researchers at the Cybersecurity for Democracy project at New York University found that Facebook users don’t engage much with misinformation if it’s coming from left-wing and centrist publications, but the equation is flipped on the other end of the political spectrum: far-right news outlets that regularly publish fake news get up to 65% more engagement than those that don’t. Lead researcher Laura Edelson said that many  people suspected this might be the case, and research has now confirmed and quantified it. 

(Wired)

Security firm Qualys says it was victimized in Accelion zero-day

Within hours of the Clop ransomware gang having published data allegedly stolen from cloud security and compliance firm Qualys, the company confirmed it. Qualys says that a “limited” number of customers may have been affected by a data breach connected to an Accellion zero-day vulnerability. What looks like Qualys customer invoices have been posted to the gang’s Tor blog. In December, FireEye’s Mandiant discovered that Clop was exploiting zero days in Accellion’s legacy, enterprise-grade, file-transfer software in order to extort organizations by leaking sensitive data stolen from vulnerable servers. 

(Security Week)

CISA issues emergency ‘fix Exchange zero-days NOW!’ directive

As we reported earlier this week, zero-days in Exchange Server that are actively being exploited by what appear to be a Chinese-sponsored attackers forced Microsoft to issue emergency patches. On Wednesday, the US Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive instructing US government bodies to apply the patches immediately. CISA said that successful exploitation allows attackers “to access on-premises Exchange Servers, enabling them to gain persistent system access and control of an enterprise network.” 

(ZDNet)

3 Russian cybercrook forums hacked, users exposed

Three of the longest-running, most exclusive forums for Russian cyberthieves have been attacked. On Tuesday, somebody dumped thousands of  usernames, email addresses and obfuscated passwords on the dark web. They were apparently stolen from Mazafaka, a criminal forum that’s been around for more than a decade. Understandably enough, forum members are worried that the doxxing of their details could lead to the unmasking or their real-life personas. Also this week, another popular Russian forum, called Exploit, was compromised. Before that,  the Russian language forum Verified was hacked through a domain registrar. Some forum members suspect that the attacks are coming from a government spy agency. 

(Krebs on Security)

Thanks to our episode sponsor, TrustMAPP

The last audit firm that assessed your security compliance did the interviews, wrote a report, and then left. That’s just half the job. Now you have to identify maturity gaps, cost out and prioritize remediations, and track improvement over time. That’s where TrustMAPP comes in.

Dark-web dwellers are sharing ways to foil 3D Secure for payment cards

Hackers are sharing ways to get around the 3D Secure (3DS) security protocol, used to secure online payments. The latest versions of 3DS rely on over 100 key data points to prevent fraud, including a merchant’s contextual data, device ID, MAC address, and geo-location. As one hacker described, they start with full cardholder information. The crooks download a phone number-spoofing app and a voice changer and then enter the payment card information into a shopping site. They call a target from what looks like the bank’s phone number and pretend to be a bank employee.  By offering some personally identifiable information, the cybercrooks gain the victim’s trust and request their password or code to complete a fraudulent transaction.

(Bleeping Computer)

ObliqueRAT malware is hiding in image files

There’s a new malware campaign that delivers a remote access Trojan (RAT) named ObliqueRAT that’s tucked into Microsoft Office documents. The malware hides in innocent-looking bitmap image files. Cisco Talos research shows that the malware campaign is targeting organizations in South Asia and has been linked to a threat actor tracked as Transparent Tribe, a highly prolific group allegedly of Pakistani origin that’s known for its attacks against human rights activists in the country as well as military and government personnel in India.

(The Hacker News)

Microsoft says SolarWinds attackers got at Azure and Exchange code

When the tech giant completed its Solorigate investigation this week, it concluded that SolarWinds threat actors had downloaded some Microsoft Exchange and Azure code repositories during the sprawling supply-chain attack, but that they hadn’t used the company’s internal systems or products to attack other victims. “We have now completed our internal investigation into the activity of the actor … which confirms that we found no evidence of access to production services or customer data,” the company said on its Microsoft Security Response Center on Thursday.

(Threatpost)

Wall Street firms targeted by new, bigger-bucks BEC scams

Business email compromise (BEC) scammers have a new trick up their sleeves—one that promises to swindle far more money out of businesses than ever before. According to a new report from Agari, the new attack is called a “capital call” scam, where the fraudsters pose as an investment or insurance firm seeking a portion of money previously promised by an investor for a particular investment vehicle. Agari says that on average, these funds are seven times higher than what crooks go after in most wire transfer scams, which average $809,000 per incident.(Tripwire: The State of Security)