US DOJ unseals charges against malware money laundering ring

The DOJ unsealed 14 charges against the group known as QQAAZZ. The group has reportedly operated since 2016 and advertised its services on Russian hacking forums, with ties to malware botnets like Dridex, Trickbot, and GozNym. The DOJ alleges the group operates a huge network of bank accounts around the world using fake identities and shell companies with a business-like hierarchy. The group would take funds received in malware attacks, convert them to cryptocurrency, run them through a “tumbling” service to further anonymize them, and return the funds to malware operators after taking a 40-50% cut. The investigation saw coordinated prosecutions across the US, Portugal, and Spain, with participant countries carrying out over 40 house seachers in Latvia, Bulgaria, the United Kingdom, Spain and Italy.

(ZDNet)

Microsoft launches the  Zero Trust Deployment Center

The company envisions this as a repository of information to improve Zero Trust readiness and provide implementation guidance for organizations looking to adopt a “never trust, always verify” security posture. The center also includes a Zero Trust assessment tool to measure where organizations are in terms of adoption and help them plan future priorities and security milestones along the way. The site includes specific guidance for implentation across identities, endpoints, data, applications, networks, and infrastructure.

(Microsoft)

Hack disrupts Barnes & Noble brick and mortar 

The company confirmed it experienced “unauthorized and unlawful access to certain Barnes & Noble corporate systems” October 10th, causing outages in Nook service and cash registers. Outages continued through Wednesday when Barnes and Noble acknowledged a “system failure” and added Thursday that it has no evidence customer data was exposed but cannot rule out the possibility yet. No financial data was exposed. 

(ZDNet)

Online platforms restrict the reach of New York Post story

Online platforms restrict the reach of New York Post story

Facebook temporaily reduced the reach of a story from the New York Post about Vice President Joe Biden’s son Hunter that sources email and video from a laptop said to have belonged to Hunter Biden. Journalists outside the New York Post have questioned whether the information is framed accurately, whether the computer was owned by Hunter Biden and whether the information is from a reputable source. Facebook will work with its fact checkers to make a final decision on the story.

Twitter announced that it was blocking links to or images to the stories in line with its policy on hacked materials. The company said the piece also violated its personal information policy as it included personal and private information like phone numbers and email addresses. Twitter introduced its hacked materials policy in 2018.

(Buzzfeed News)

Thanks to this week’s sponsor, Trusona

Trusona enables enterprises to secure and simplify user access by removing passwords from the Windows 10 login experience. With a single desktop sign-in using Trusona’s passwordless MFA, employees are automatically authenticated into Office 365 or their SSO, giving them secure access to all of their corporate applications. Give your workforce a solution they don’t have to work around.

TikTok announces global bug bounty program

The program is being run in conjunction with Hacker One and builds off of a more limited vulnerability disclosure program the platform previously offered. TikTok will pay between $50 and $14,800 for bugs depending on the severity. The company is still awaitng US and Chinese approval on Oracle’s and Walmart purchase of a stake in the business, with a broader proposed US ban on transactions with TikTok still set for November 12th. 

(CyberScoop)

Broadvoice data leak exposes 350 million records

The leak impacts those using Broadvoice’s cloud-based communications suite that provides VOIP service to SMBs. Data leaked includes over 200,000 call transcripts, millions of call logs with full caller name, caller ID, phone number, and city and state, as well as customer ID numbers. Researchers at Comparitech found that Broadvoice had left an Elasticsearch database online completely unsecured for four days, and the researchers confirmed that call transcripts included sensitive information like financial transactions and medical information. Broadvoice believes about 10,000 customers were impacted and that it had no reason to believe there was any misuse of data. 

(Threatpost)

Robinhood hack compromises customer accounts

Last week the online stock trading app acknowledged that a “limited number” of customers had personal email accounts breached, resulting in the attackers getting access to Robinhood accounts. However Bloomberg reports almost 2000 accounts were compromised, according to sources with access to the company’s internal review. Robinhood doesn’t have a customer support number, and some affected users found the companies online support unresponsive. 

(Bloomberg)

Iranian hackers launch new phishing campaigns against universities

Malwarebytes reports the attacks come from the group code named Silent Librarian, which sends phishing emails posing as a university portal, often the school library. These direct victims to lookalike domains to steal login credentials, and then steal intellectual property or limited-release academic work. Members of the group were indicted by the US in 2018, on charges stretching back to 2013, but the attackers have remained at large in Iran. Unlike past attacks, this year Silent Librarian is hosting its attack servers directly in Iran, which will be harder to takedown based on the lack of law enforcement cooperation with Iranian authorities. (ZDNet)