Weekly News Digest #11

Industry news and insights,

The Feds Seized $1 Billion in Stolen Silk Road Bitcoins

Seven years ago, Ross Ulbricht was arrested in the science fiction section of a San Francisco library and charged with running the sprawling, dark web drug bazaar known as the Silk Road. When the FBI laid hands-on Ulbricht’s laptop that day, they found keys to unlock only a fraction of the bitcoins that he had accumulated over the Silk Road’s years of the bustling black market drug trade. Today the Justice Department finally announced where a billion-dollar transaction of the Silk Road’s treasure ended up: stolen by a secret hacker and now seized by the US Treasury.

Link here

Gaming Giant Capcom Hit By Ragnar Locker Ransomware: Report

Gaming company Capcom reported that they have been attacked by ransomware that affected access to specific systems – including email and file servers – and encrypted 1 terabyte (TB) of sensitive data. Currently, the organization is discussing with law enforcement and taking measures to restore its systems. There are no further details on how the attack began at this time. The episode is not the first time threat actors have been observed targeting video game development organizations.

Link here

Israeli companies targeted with new Pay2Key ransomware

Several companies and large corporations from Israel have been hacked and had their systems encrypted using a new strain of ransomware named Pay2Key, in what appears to be a targeted attack against Israeli companies. The entry point for all intrusions is currently considered to be weakly secured RDP (Remote Desktop Protocol) services. To avoid detection of their activities, the Pay2Key operators usually set up a pivot point on the local network, through which they proxy all their communications to reduce their detectable network footprint. Once the encryption ends, ransom notes are left on the hacked systems, with the Pay2Key gang usually asking for payments up to 9 bitcoins.

Link here

Toymaker Mattel Hit by Ransomware Attack

Top toymaker Mattel is the victim of a ransomware attack that strongly encrypted some data and temporarily disabled a limited number of business functions. It’s unclear how the attack occurred, the malware used threat actors behind the attack, and the ransomware strain used by adversaries.

“A forensic investigation of the incident has concluded, and no exfiltration of any sensitive business data or retail customer, supplier, consumer, or employee data was identified. There has been no material impact on Mattel’s operations or financial condition as a result of the incident,” the company message.

Link here

Apple fixes three iOS zero-days exploited in the wild

Apple has published security updates today for iOS to patch three zero-day vulnerabilities that were discovered doing abuse in attacks upon its users. According to Google Project Zero they discovered and reported the attacks to Apple, the three iOS zero-days are:

  • CVE-2020-27930 — a remote code execution issue in the iOS FontParser component that lets attackers run code remotely on iOS devices.
  • CVE-2020-27932 — a privilege escalation vulnerability in the iOS kernel that lets attackers run malicious code with kernel-level privileges.
  • CVE-2020-27950 — a memory leak in the iOS kernel that allows attackers to retrieve content from an iOS device’s kernel memory.

All three bugs are considered to have been used collectively, as a part of an exploit chain, allowing attackers to compromise iPhone devices remotely.

Link here

Search:

Generic selectors
Exact matches only
Search in title
Search in content
Search in posts
Search in pages

Tags:

FEEL FREE TO CONTACT US