The Week in Ransomware - December 13th 2019 - Data Extortion

This has been a busy week with large scale attacks targeting local governments, new variants released, and another ransomware stating that they will use stolen data as leverage to get victims to pay.

New Orleans Suffers Ransomware Attack, Emergency Services Intact

The City of New Orleans, Louisiana has suffered a ransomware attack that has led to the shut down of the city's servers and computer, but the city states emergency services remain intact.

Attackers Terrify Homeowners After Hacking Ring Devices

In a series of hacks targeting Ring camera devices, attackers are terrifying homeowners and making them feel violated in their own homes after taunting them or speaking to their children over the device's speakers.

Ring hackers are reportedly watching and talking to strangers via in-home cameras

Hackers are using two-way talk function to wake people up in the middle of the night and watch unsuspecting children

Attackers Steal Credit Cards in Rooster Teeth Data Breach

Rooster Teeth Productions have suffered a data breach that allowed attackers to steal credit card and other payment information from shoppers on the company's online store.

Google Now Bans Some Linux Web Browsers From Their Services

Google is now banning the popular Linux browsers named Konqueror, Falkon, and Qutebrowser from logging into Google services because they may not be secure.

Apple to Fix Bug That Bypasses Communication Controls for Kids

Apple rolled out the Communication Limits feature in iOS 13.3 on Tuesday with a bug that allows kids to bypass parental controls that prevent them from talking to anyone that is not in the contacts list.

VISA Warns of Ongoing Cyber Attacks on Gas Pump PoS Systems

The point-of-sale (POS) systems of North American fuel dispenser merchants are under an increased and ongoing threat of being targeted by an attack coordinated by cybercrime groups according to a security alert published by VISA.

New Echobot Variant Exploits 77 Remote Code Execution Flaws

The Echobot botnet is still after the low hanging fruit as a new variant has been spotted with an increased number of exploits that target unpatched devices, IoT for the most part.

Another Ransomware Will Now Publish Victims' Data If Not Paid

The operators of the REvil Ransomware, otherwise known as Sodinokibi, have announced that they will use stolen files and data as as leverage to get victims to pay ransoms.

Microsoft Office 365 to Add Message Recall in Exchange Online

Microsoft is planning to add the highly popular Message Recall feature among Outlook for Windows users to the Exchange Online hosted cloud email service for businesses.

Google Achieves Its Goal of Erasing the WWW Subdomain From Chrome

With the release of Chrome 79, Google completes its goal of erasing www from browser by no longer allowing Chrome users to automatically show the www trivial subdomain in the address bar.

Microsoft Warns of GALLIUM Threat Group Attacking Global Telcos

The Microsoft Threat Intelligence Center (MSTIC) today published an alert about ongoing attacks directed at telecommunication providers from around the world and operated by a threat group tracked by Microsoft as GALLIUM.

Hundreds of Counterfeit Sneaker Sites Hacked to Steal Credit Cards

As the craze for the latest Off-White, Nike, and Adidas sneakers heats up, sites selling counterfeit kicks have popped up to capitalize on sneakerheads searching for the best deal. To make a bad deal even worse, hackers are now targeting these sites to install malicious Magecart scripts that also steal your credit card information.

Maze Ransomware Demands $6 Million Ransom From Southwire

Maze Ransomware operators claim responsibility for another cyber attack, this time against leading wire and cable manufacturer Southwire Company, LLC (Southwire) from Carrollton, Georgia.

Microsoft Office 365 to Add Reply-All Mail Storm Protection

Microsoft is planning to add protection against Reply-All email storms to Office 365, an issue affecting customers that are members of improperly locked down mail distribution lists.

Ransomware Hits Florida PRIDE On Saturday, Systems Still Down

Prison Rehabilitative Industries and Diversified Enterprises Inc (PRIDE) was hit by a ransomware attack on Saturday, December 7. The nonprofit organization's website and affected systems are still down.

Gmail Now Lets You Forward Emails as Attachments

Google has added a new feature to Gmail that allows you to forward an existing email, or multiple emails, as attachments. This lets the recipient open the attached email and see it in its original form with full mail headers.

Maze Ransomware Behind Pensacola Cyberattack, $1M Ransom Demand

The operators behind the Maze Ransomware have claimed responsibility for the cyberattack affecting the City of Pensacola, Florida, but state that they are not affiliated with the recent shooting at NAS Pensacola.

squeet.me | Golem (inoffiziell) @ squeet.me

Microsoft Threat Protection Released in Public Preview

Microsoft says that the integrated Microsoft Threat Protection is now available in public preview, adding automated threat response to stop attacks in their tracks, as well as self-healing for compromised devices, user identities, and mailboxes.

“Aw Snap!” Crash Makes a Comeback in Chrome 79

Google Chrome users are complaining once more of "Aw Snap!" crashes as the Code Integrity feature got re-enabled in the latest version of the browser, released yesterday.

“Aw Snap!” Crash Makes a Comeback in Chrome 79

Google Chrome users are complaining once more of "Aw Snap!" crashes as the Code Integrity feature got re-enabled in the latest version of the browser, released yesterday.

Microsoft Pulls December 10 Office 365 Client Updates From Catalog

Microsoft pulled multiple Office 365 client updates released on December 10 from the Update Catalog after customers weren't able to download them through the Microsoft System Center Configuration Manager.

Domain Takeover at Gunpoint Gets Influencer 14 Years in Jail

Social media influencer Rossi Lorathio Adams II was sentenced to 14 years in federal prison for plotting an Internet domain hijacking at gunpoint and an armed home invasion with his cousin Sherman Hopkins, Jr.

Lazarus Hackers Use TrickBot to Infect High-End Victims

Security researchers analyzing infections from TrickBot trojan found an interesting artifact that points to a connection to the Lazarus group of hackers associated with North Korea.

Batch of 460,000+ Payment Cards Sold on Black Market Forum

Researchers monitoring activity on underground markets found that more than 460,000 payment card records were offered for sale in two days on a popular forum where such data is being traded.

Microsoft Office December Security Updates Fix Remote Execution Bugs

Microsoft released the December 2019 Office security updates, bundling a total of 16 security updates and five cumulative updates for five different products, three of them patching flaws allowing remote code execution.

Senators threaten Apple, Facebook with mandated encryption backdoors

Tech companies including Apple and Facebook should provide encrypted user data to members of law enforcement, U.S. Senators said on Tuesday, with the added threat of imposing regulatory measures over the technology if they fail to do so.

The Justice Department will reportedly investigate Google’s Fitbit acquisition

It’s already leading a larger antitrust probe

Windows 7 to Show Full-Screen Windows 10 Upgrade Alerts

When Windows 7 reaches end of support, the operating system will display a full screen warning stating that Windows is more vulnerable to viruses and that you should upgrade to Windows 10.

Chrome 79 Released With Security Improvements, Proactive Tab Freeze, and More

Google has released Chrome 79 today, December 10th, 2019, to the Stable desktop channel and it comes with bug fixes, new features, and 51 security fixes. Included are new features such as Tab Freeze, back-forward cache, and security enhancements such as improved phishing protection and compromised password alerts.

Windows, Chrome Zero-Days Chained in Operation WizardOpium Attacks

Zero-day vulnerabilities in Google Chrome and Microsoft Windows were used last month to download and install malware onto Windows computers when visiting a Korean-language news portal.

Intel Patches Plundervolt, High Severity Issues in Platform Update

Intel addressed 14 security vulnerabilities during the December 2019 Patch Tuesday, with seven of them being high and medium severity security flaws impacting multiple platforms.

Windows 10 KB4530684 & KB4530715 Cumulative Updates Released

Microsoft is rolling out a new cumulative update for all supported version of Windows 10. The cumulative update comes with security fixes and minor bug fixes for Windows 10 November 2019 Update, May 2019 Update and October 2018 Update.

Microsoft's December 2019 Patch Tuesday Fixes Win32k Zero-day, 36 Flaws

Today is Microsoft's December 2019 Patch Tuesday, which means it is your job to be nice to Windows administrators everywhere and not to take it personal if they are a bit grouchy today.

Google Chrome Uses Safe Browsing to Improve Phishing Protection

The Google Chrome browser will get new real-time and improved predictive phishing protection capabilities with release 79, protecting users against such attacks with the help of the Safe Browsing blacklist service.

Phishing Attack Hijacks Office 365 Accounts Using OAuth Apps

A phishing campaign has been discovered that doesn't target a recipient's username and password, but rather uses the novel approach of gaining access to a recipient's Office 365 account and its data through the Microsoft OAuth API.

FTC Advises Checking Smart Toy Features Before Buying

With internet-connected toys in high demand this time of the year, the Federal Trade Commission (FTC) is making some recommendations that can help you choose one that is less detrimental to your kids' data.

Pensacola, Florida Hit by Cyber Attack, City Services Impacted

The city of Pensacola is struggling to recover from a cyber attack that hit its computer network over the weekend. Some services are still affected but no critical ones.

Snatch Ransomware Reboots to Windows Safe Mode to Bypass AV Tools

Researchers discovered a new Snatch ransomware strain that will reboot computers it infects into Safe Mode to disable any resident security solutions and immediately starts encrypting files once the system loads.

Snatch Ransomware Disables Security Tools With Reboot to Safe Mode

Researchers discovered a new Snatch ransomware strain that will reboot computers it infects into Safe Mode to disable any resident security solutions and immediately starts encrypting files once the system loads.

Ryuk Ransomware Decryptor Is Broken, Could Lead to Data Loss

Due to recent changes in the Ryuk Ransomware encryption process, a bug in the decryptor could lead to data loss in large files.

'Government Imposter' Scammers Pay $1.2 Million in FTC Settlement

A settlement with the Federal Trade Commission (FTC) requires the operators of a government imposter scheme to pay $1.2 million and also comes with a ban on sending any further unsolicited direct mail to businesses across the U.S.

Cybercriminals Lend Tactics and Skills to Political Meddlers

Disinformation campaigns for political purposes are deeply rooted in cybercriminal endeavors, with threat actors relying on actions specific to financially-motivated attacks to attain their goals.

Microsoft Office 365 ATP Now Helps Analyze Phishing Attacks

Microsoft announced the rollout of the Office 365 Advanced Threat Protection (ATP) Campaign Views feature in public preview, a new capability designed to provide security teams with an overview of the attack flow behind phishing attacks against their organization.

Tool Illegally Enables Windows 7 Extended Security Updates

A method has been discovered that allows Windows 7 users to bypass eligibility checks and receive Extended Security Updates even if they have not paid for a license.

TrickBot Trojan Abuses Google Suite, Baits With Annual Bonuses

A recently active malicious campaign baited targets with phishing messages promising annual bonuses, abusing Google Suite cloud services to infect them with Trickbot banking Trojan payloads.