Cyber Security Headlines – March 8, 2021

REvil ransomware gang uses extended voice calls to pressure victims

The group recently posted a notice on a hacker forum offering to their network of affiliates some new options to put pressure on victims, by contacting the victims’ business partners and the news media. This tactic demonstrates an improvement in the double-extortion tactic, since it is no longer limited to threatening the victims themselves,but focuses on those who might feel indirectly threatened by an infected supplier, or who at least would perceive them negatively. According to Bleeping Computer this is yet one more innovation in the business of ransomware.

(Bleeping Computer)

New Microsoft tool checks Exchange Servers for ProxyLogon hacks

Microsoft has released a PowerShell script that admins can use to check whether the recently disclosed ProxyLogon vulnerabilities have hacked a Microsoft Exchange server. As we reported last week, Microsoft released emergency security updates to fix four zero-day vulnerabilities used in attacks against Microsoft Exchange, which together were given the name ProxyLogon. and which allow threat actors to perform remote code execution on publicly exposed Microsoft Exchange servers utilizing Outlook on the web. These attacks have been attributed to a China state-sponsored hacking group known as HAFNIUM. The ProxyLogon PowerShell script was released on Saturday on the Microsoft Exchange support engineer’s GitHub repository. Its filename is Test-ProxyLogon.ps1.

(Cyber-Reports.com)

Ongoing phishing attacks target US brokers with fake FINRA audits

The US Financial Industry Regulatory Authority (FINRA) has issued a regulatory notice warning US brokerage firms and brokers of an ongoing phishing campaign using fake compliance audit alerts to harvest information. The phishing messages are being sent from finra-online[.]com, a recently registered web domain spoofing a legitimate FINRA website. While FINRA rarely issues such regulatory notices, the regulator has published four of them last year, with two of them informing of phishing attacks targeting brokers’ information.

(Bleeping Computer)

US indicts John McAfee for pump-and-dump cryptocurrency scheme

The US has indicted antivirus software creator John McAfee for using his Twitter account to allegedly “pump-and-dump” several cryptocurrencies. Federal officials claim he secretly bought the currencies for cheap, and then sold them off at inflated prices to his Twitter followers. This took place between December 2017 and October 2018. The cryptocurrencies and tokens he endorsed included Verge, Electroneum, Burstcoin, Dogecoin, and Tron, and further allegations point to an initial coin offering (ICO) that failed to disclose his direct financial relationship to the the securities being released. The charges are similar to a civil lawsuit the SEC filed against McAfee in October, however, this indictment includes criminal charges, which means McAfee could face jail time if convicted.

(PCMag)

Thanks to our episode sponsor, Trend Micro

With organizations rapidly migrating to the cloud, CISOs have new challenges to address. Trend Micro Cloud One™ is a connected SaaS platform comprised of six solutions that address all your cybersecurity needs from workloads, to file storage, containers and more. Empower your IT teams to do more with less with Trend Micro Cloud One. Visit us at Trendmicro.com for more info.

Hog ransomware only decrypts victims who join its Discord server

This new strain of ransomware encrypts victims’ files and appends a “.hog” extension. It then launches a decryptor program from the Windows Startup folder that prompts users to enter their Discord user token. A Discord token allows the ransomware to authenticate to Discord’s APIs as the user and check if they joined their server. Discord is a chat and digital distribution service and is increasingly being used by threat actors to distribute malware or harvest stolen data.

(reddit)

Millions of travelers of several airlines impacted by SITA data breach

SITA provides IT and telecommunication services to the air transport industry. It has 2,800 customers worldwide, which it claims represents 90% of the world’s airline business. Essentially every passenger flight relies on SITA technology. This past week it announced it had suffered a highly sophisticated hack affecting passenger data stored on its Passenger Service System (PSS). The cyberattack impacted multiple airlines, including Singapore Airlines, Lufthansa, Malaysia Airlines, Cathay Pacific, SAS-Scandinavian Airlines, Finland’s Finnair, and Air New Zealand. The total number of travelers impacted in the security breach is still unknown.

(Security Affairs)

Object-recognition software can be fooled by pen and paper

OpenAI researchers are discovering that object recognition technology can be tricked by in what’s described as a “typographical attack.” This means that if an apple – an actual, edible apple, has a paper label with the word iPod written on it, the software’s neural network gets distracted by the words and will identify the object as a product from the Apple corporation and not as a fruit. These discoveries are part of OpenAI’s development of its neural network technology called CLIP, but casts light on a possible route of exploitation for people wishing to use AI-based graphic recognition technology for their own ends.

(The Register

Chrome extension turns on YouTube captions when eating noisy chips

A new AI-powered Google Chrome extension will automatically turn on YouTube extensions if it detects you are eating noisy chips. The creative agency Happiness Saigon partnered with Frito-Lay to create the ‘Lay’s Crispy Subtitles’ browser extension that automatically enables YouTube captions when it detects you are eating chips. Happiness Saigon trained an AI algorithm using 178 hours of recording people eating chips from all over the world.

(Bleeping Computer)

Steve Prentice
Author, speaker, expert in the area where people and technology crash into each other, viewed from the organizational psychology perspective. Host of many podcasts, voice actor and narrator for corporate media and audiobooks. Ghost-writer for busy executives.