Article preview (bot search)
(Original link: theregister.co.uk)
Alleged SIM swapping crypto-crooks cuffed, iOS app snooping, ad-fraud botnets, and more All your extra bits and bytes of this week's infosec news in less than 5 minutes SHARE ▼
Roundup Here's a summary of more infosec news beyond what we've already reported this week – enjoy.
Beware of pretend Italian plumbers bearing gifts: Mario, the beloved video game plumber with a porn-star mustache, should be treated with caution, according to security shop Bromium. Well, at least images of him.
Engineer Matthew Rowen was investigating a Windows Trojan that has an unusual pattern of behavior. The malware's PowerShell commands are hidden in a picture of Nintendo's Mario, which is odd. What's more interesting is that the code is programmed to only run when the infected machine is in Italy. Who’s writing this software nasty – Wario?
Panda pops… How China’s hacker spies apparently ransacked US, Euro biz: Chinese government hackers, dubbed APT10 aka Stone Panda, broke into at least three businesses in the US and Europe to steal valuable confidential information, infosec outfits Recorded Future and Rapid7 claimed this week.
We’re told these compromised organizations include IT and business cloud provider Visma; a billion-dollar Norwegian company with more than 850,000 clients worldwide; an international clothing firm; and US intellectual property lawyers with high-tech clients in sectors from pharmaceutical and biomedical to electronics and automotive.
The miscreants, according to researchers, were able to break in using stolen login details for Citrix and LogMeIn remote-desktop software, and then exploited elevation-of-privilege vulnerabilities to compromise Windows networks as administrators. Against Visma, the alleged Beijing spies used the Trochilus malware to infect computers and remote-control them from command servers. Technical details, and advice on how to stay safe, over here .
Crypto-hungry SIM swap suspects cuffed: Two men have been collared by the Feds on allegations they tricked mobile network staff into transfering strangers’ phone numbers to their SIM cards so they could hijack and drain the victims’ online crypto-coin wallets.
Ahmad Wagaafe Hared, 21, of Tucson, Arizona, and Matthew Gene Ditman, 23, of Las Vegas, Nevada, were charged in the US with conspiracy to commit computer fraud and abuse, conspiracy to commit access device fraud, extortion, and aggravated identity theft. According to prosecutors:
The conspirators allegedly convinced the representatives of cellphone service providers to transfer or port cellphone numbers from SIM cards in the devices possessed by victims to SIM cards in devices possessed by the conspirators, a practice known as SIM swapping. The indictment further alleges that after Hared, Ditman, and others gained control of victims’ cellphone numbers, they used additional deceptive techniques to gain access to email, electronic storage, and other accounts of victims and ultimately to cryptocurrency accounts of victims. Hared, Ditman, and their co-conspirators also extorted victims of the SIM swapping scheme.
The pair are among of a number of alleged, or convicted, SIM swappers that have been popping up in the news lately .
Chinese bank IT admin jailed for $1m theft: An IT administrator at China’s Huaxia Bank is facing more than ten years in the clink after admitting stealing a hefty amount of cash.
Qin Qisheng, 43, found a number of flaws in the bank's core operating system that could be exploited to withdraw cash from ATMs for free. He siphoned off amounts ranging from $740 to $2,965 with each withdrawal, and put the dosh in his own account, investing some of it in the stock exchange.
When his bosses uncovered the caper, he agreed to give all the money back, claiming it had just been "resting" in his account. The authorities were less forgiving, however, and he'll now be spending the next 10 and a half years behind bars.
Google, New York City cops clash over Waze police checkpoint alerts: Cops in the Big Apple sent a cease-and-desist letter to Google, demanding it remove alerts from its Waze app that warn drivers of nearby drink-driving checks. These so-called driving-while-intoxicated (DWI) checkpoints are set up by the plod to test motorists aren’t over the booze limit, though Waze tips off citizens. Google has refused to comply, arguing that alerting folks to checkpoints preemptively makes them drive safer.
Cisco emits wad of security fixes: There are a bunch of product updates from Cisco this week that address security vulnerabilities in its gear. Some are updates to much earlier advisories. Of the new ones, we’ve got cross-site scripting holes in Cisco Identity Services Engine (CVE-2018-15440, CVE-2018-15463), a bug that can anyone can use to crash a Cisco Meeting Server (CVE-2019-1676), a content injection vulnerability in Cisco WebEx Business Suite (CVE-2019-1680), and various other issues that need patching, where support contracts allow, to keep the bad people out.