Transnational fraud ring stole millions from Army members, veterans

Fredrick Brown, a former U.S. Army contractor, was sentenced yesterday to 151 months in prison after admitting to his role in a conspiracy that targeted thousands of U.S. service members and veterans and caused millions of dollars in losses. He harvested PII by taking photos of his screen while being logged into his Armed Forces Health Longitudinal Technology Application account. This allowed Brown and his accomplices to access U.S. military community benefits information via the Department of Defense portal and steal millions of dollars from veterans’ pension and disability benefits payments and U.S. military members’ bank accounts. Besides the 151-month prison term, Brown was also ordered to pay $2,331,639.85 in restitution and will be placed on supervised release for three years after being released from prison.

(Bleeping Computer)

Canadian vaccine passport app exposes data

According to a report by CBC News, the PORTPass app’s operators left data, including names, driver’s licenses, blood types, and email addresses, on an unsecured website. The personal information was allegedly stored in plain text and could be accessed by the public. The company behind the app is based in Calgary. It has denied that PORTpass was experiencing any verification or security issues, however the app’s website has been taken offline, and visitors to the site are currently met with the message, “We are updating. Stay tuned.”

(InfoSecurity)

Business leaders admit willingness to pay five-figure ransoms

Forty percent of business executives would be willing to pay at least a five-figure ransom to restore operations following an attack, this according to research conducted by security firm Arctic Wolf that polled 500 decision-makers from UK firms with over 1000 employees. The research also found that 20% of UK execs have previously concealed a cyber-attack to preserve their reputation, 67% of respondents believe their company is more vulnerable to attacks if staff work remotely or in a hybrid environment, and 62% are unsure whether IT teams can identify and detect some threats accurately.

(InfoSecurity Magazine)

Infant fatality could be first recorded ransomware death

According to papers filed in June 2020, Teiranni Kidd of Mobile, Alabama, is accusing Springhill Memorial Hospital and its owners of failing to mitigate a crippling cyber-attack and then conspiring to hide its impact on patient care. Kidd’s daughter Nicko was born with her umbilical cord wrapped around her neck, that purportedly led to brain damage and the infant’s death several months later. Fetal heart rate monitors would have usually picked up the issue. Yet, according to the Wall Street Journal, medical staff could not access these from the usual location as a display had been locked by threat actors seeking a ransom payment. The hospital denies any wrongdoing.

(InfoSecurity Magazine)

Thanks to our episode sponsor, Votiro

Your users need to accept and open files to do their jobs. Keep them safe and productive with Votiro. With Votiro, your users can download and use any file instantly, from PDF to Autodesk CAD, with malicious code already removed—and full file usability intact. The signatureless, agentless file sanitization process happens in milliseconds without user friction. Visit Votiro.com and learn why millions of users trust Votiro to disarm billions of files each year.

Hybrid workplaces need to update emergency communications

The Workplace Safety and Preparedness Report from Rave Mobile Safety found that 33% of workers were unaware or unsure of their company’s emergency response plans (ERMs) in March 2021. These plans cover incidents such as active shooters, workplace violence, medical emergencies, fire, hazmat incidents, weather events or cyberattacks/system outages. The report showed that forty-three percent of remote workers prefer mass text messages as their emergency notification method, followed by 22% preferring email. The survey found that over half of businesses used email as an emergency communication method in 2020, 47% used in-person announcements and 42% used a mass text messaging system.

(Security Magazine)

Facebook’s Android, Java bug hunting tool Mariana Trench goes open source

Mariana Trench was originally an internal tool for Facebook’s security engineers but has now been released to the public “to help scale security through building automation.” It is a tool for finding vulnerabilities in Android and Java, with a particular focus on examining code in Android applications. According to Facebook, it is able to scan “large mobile codebases” and will alert users to potential security problems found in the code by analyzing data flows prior to production. Facebook warns that this tool is only one addition to a security engineer’s arsenal, and false positives prior to production need to be considered.

(ZDNet)

Hackers rob thousands of Coinbase customers using MFA flaw

Coinbase, the world’s second-largest cryptocurrency exchange, with approximately 68 million users from over 100 countries, has disclosed that a threat actor stole cryptocurrency from 6,000 customers after using a vulnerability to bypass the company’s SMS multi-factor authentication security feature. The thefts happened between March and May 20th, 2021. To conduct the attack, Coinbase says the attackers needed to know the customer’s email address, password, and phone number associated with their Coinbase account and have access to the victim’s email account, which it believes was done through phishing campaigns.

(Bleeping Computer)

Ransomware gangs are complaining that other crooks are stealing their ransoms

Cyber criminals using a ransomware-as-a-service scheme have been complaining that the group they rent the malware from could be using a hidden backdoor to grab ransom payments for themselves. A LinkedIn post by Security expert Yelisey Boguslavskiy describes how REvil uses a secret backdoor coded into their product, which allows them to restore the encrypted files without the involvement of the affiliate. This could allow REvil to takeover negotiations with victims, hijack the so-called “customer support” chats – and steal the ransom payments for themselves.

(ZDNet and LinkedIn)