Security news weekly round-up - 22nd October 2021

#security

Introduction

Hello and welcome to this week's review. I am your host Habdul Hazeez.

This week's review is mostly about computer security in general with a story about money linked to ransomware and another about a fake "security company"

Let's begin.

US links $5.2 billion worth of Bitcoin transactions to ransomware

What a time to be alive.

The interesting thing about this story? It's all computer code.

Excerpt from the article:

FinCEN identified 177 CVC (convertible virtual currency) wallet addresses used for ransomware-related payments after analyzing 2,184 SARs (Suspicious Activity Reports) filed between January 1, 2011, and June 30, 2021, and reflecting $1.56 billion in suspicious activity

Based on blockchain analysis of transactions tied to the 177 CVC wallets, FinCEN identified roughly $5.2 billion in outgoing BTC transactions potentially tied to ransomware payments

Researchers Disclose New Side-Channel Attacks Affecting All AMD CPUs

All AMD CPUs? Oh my.

Excerpt from the article:

The new attacks demonstrated by Lipp, Gruss and Schwarz leverage time and power measurements of prefetch instructions. “In contrast to previous work on prefetch attacks on Intel, we show that the prefetch instruction on AMD leaks even more information

A recipe for failure: Predictably poor passwords

Are you using pass1234 or its like for your password because it's easy to remember?

Guess what? It's also easy to guess.

You feel my rhymes 😊?

Jokes apart, the article is an interesting read

Excerpt from the article:

Unlike biometrics, there is no limit to how many you can have, plus you can store your passwords in a password manager and have it generate one for you.

Furthermore, when used with multi-factor authentication such as an authenticator app or security key, the entry to an account is seamless and extremely easy for even the most entry-level user

Acer hacked twice in a week by the same threat actor

I don't know what to say 🤐.

Excerpt from the article:

Last week, threat actors known as 'Desorden' emailed journalists to say they hacked Acer India's servers and stole data, including customer information

Less than a week later, Desorden emailed BleepingComputer to say they breached Acer Taiwan's servers on October 15th and stole employee and product information

How hackers hijacked thousands of high-profile YouTube accounts

It all starts with a phishing email.

Excerpt from the article:

It all starts with a phish. Attackers send YouTube creators an email that appears to be from a real service—like a VPN, photo editing app, or antivirus offering—and offer to collaborate.

They propose a standard promotional arrangement: Show our product to your viewers and we’ll pay you a fee. It’s the kind of transaction that happens every day for YouTube’s luminaries, a bustling industry of influencer payouts

Clicking the link to download the product, though, takes the creator to a malware landing site instead of the real deal

Hacking gang creates fake firm to hire pentesters for ransomware attacks

You should be careful of the kind of jobs you apply to 🤓.

Excerpt from the article:

The thin veil of legitimacy around this new corporate entity was lifted by researchers at Gemini Advisory, who found out that the website for a fake cybersecurity company known as Bastion Security comprised of stolen and re-compiled content from other websites

Even more revealing is that the company states that they are based out of England, but the site serves Russian-language 404 error pages

Problems with Multifactor Authentication

Lesson from the article: Do not authorize a sign-in that you did not initiate.

Excerpt from the article:

It turns out that the VP had approved over 10 different push-based messages for logins that he was not involved in. When the VP was asked why he approved logins for logins he was not actually doing, his response was, “They (IT) told me that I needed to click on Approve when the message appeared!”