A Closer Look at the Snatch Data Ransom Group (Krebs on Security)

Actualités, Sécurité
Earlier this week, KrebsOnSecurity revealed that the darknet website for the Snatch ransomware group was leaking data about its users and the crime gang’s internal operations. Today, we’ll take a closer look at the history of Snatch, its alleged founder, and their claims that everyone has confused them with a different, older ransomware group by the same name. According to a September 20, 2023 joint advisory from the FBI and the U.S. Cybersecurity and Infrastructure Security Administration (CISA), Snatch was originally named Team Truniger, based on the nickname of the group’s founder and organizer — Truniger. The FBI/CISA report says Truniger previously operated as an affiliate of GandCrab, an early ransomware-as-a-service offering that closed up shop after several years and claims to have extorted more than $2 billion from victims.…
Read More

SMS Security & Privacy Gaps Make It Clear Users Need a Messaging Upgrade (Google Online Security Blog)

Actualités, Sécurité
Posted by Eugene Liderman and Roger Piqueras Jover SMS texting is frozen in time. People still use and rely on trillions of SMS texts each year to exchange messages with friends, share family photos, and copy two-factor authentication codes to access sensitive data in their bank accounts. It’s hard to believe that at a time where technologies like AI are transforming our world, a forty-year old mobile messaging standard is still so prevalent. Like any forty-year-old technology, SMS is antiquated compared to its modern counterparts. That’s especially concerning when it comes to security. The World Has Changed, But SMS Hasn’t Changed With It According to a recent whitepaper from Dekra, a safety certifications and testing lab, the security shortcomings of SMS can notably lead to: SMS Interception: Attackers can intercept…
Read More

‘Snatch’ Ransom Group Exposes Visitor IP Addresses (Krebs on Security)

Actualités, Sécurité
The victim shaming site operated by the Snatch ransomware group is leaking data about its true online location and internal operations, as well as the Internet addresses of its visitors, KrebsOnSecurity has found. The leaked data suggest that Snatch is one of several ransomware groups using paid ads on Google.com to trick people into installing malware disguised as popular free software, such as Microsoft Teams, Adobe Reader, Mozilla Thunderbird, and Discord. First spotted in 2018, the Snatch ransomware group has published data stolen from hundreds of organizations that refused to pay a ransom demand. Snatch publishes its stolen data at a website on the open Internet, and that content is mirrored on the Snatch team’s darknet site, which is only reachable using the global anonymity network Tor. The victim shaming…
Read More

LastPass: ‘Horse Gone Barn Bolted’ is Strong Password (Krebs on Security)

Actualités, Sécurité
The password manager service LastPass is now forcing some of its users to pick longer master passwords. LastPass says the changes are needed to ensure all customers are protected by their latest security improvements. But critics say the move is little more than a public relations stunt that will do nothing to help countless early adopters whose password vaults were exposed in a 2022 breach at LastPass. LastPass sent this notification to users earlier this week. LastPass told customers this week they would be forced to update their master password if it was less than 12 characters. LastPass officially instituted this change back in 2018, but some undisclosed number of the company’s earlier customers were never required to increase the length of their master passwords. This is significant because in…
Read More

Scaling Rust Adoption Through Training (Google Online Security Blog)

Actualités, Sécurité
Posted by Martin Geisler, Android team Android 14 is the third major Android release with Rust support. We are already seeing a number of benefits: Productivity: Developers quickly feel productive writing Rust. They report important indicators of development velocity, such as confidence in the code quality and ease of code review. Security: There has been a reduction in memory safety vulnerabilities as we shift more development to memory safe languages. These positive early results provided an enticing motivation to increase the speed and scope of Rust adoption. We hoped to accomplish this by investing heavily in training to expand from the early adopters. Scaling up from Early Adopters Early adopters are often willing to accept more risk to try out a new technology. They know there will be some inconveniences…
Read More

Who’s Behind the 8Base Ransomware Website? (Krebs on Security)

Actualités, Sécurité
The victim shaming website operated by the cybercriminals behind 8Base — currently one of the more active ransomware groups — was until earlier today leaking quite a bit of information that the crime group probably did not intend to be made public. The leaked data suggests that at least some of website’s code was written by a 36-year-old programmer residing in the capital city of Moldova. The 8Base ransomware group’s victim shaming website on the darknet. 8Base maintains a darknet website that is only reachable via Tor, a freely available global anonymity network. The site lists hundreds of victim organizations and companies — all allegedly hacking victims that refused to pay a ransom to keep their stolen data from being published. The 8Base darknet site also has a built-in chat…
Read More

Capslock: What is your code really capable of? (Google Online Security Blog)

Actualités, Sécurité
Jess McClintock and John Dethridge, Google Open Source Security Team, and Damien Miller, Enterprise Infrastructure Protection Team When you import a third party library, do you review every line of code? Most software packages depend on external libraries, trusting that those packages aren’t doing anything unexpected. If that trust is violated, the consequences can be huge—regardless of whether the package is malicious, or well-intended but using overly broad permissions, such as with Log4j in 2021. Supply chain security is a growing issue, and we hope that greater transparency into package capabilities will help make secure coding easier for everyone. Avoiding bad dependencies can be hard without appropriate information on what the dependency’s code actually does, and reviewing every line of that code is an immense task.  Every dependency also brings…
Read More

FBI Hacker Dropped Stolen Airbus Data on 9/11 (Krebs on Security)

Actualités, Sécurité
In December 2022, KrebsOnSecurity broke the news that a cybercriminal using the handle “USDoD” had infiltrated the FBI‘s vetted information sharing network InfraGard, and was selling the contact information for all 80,000 members. The FBI responded by reverifying InfraGard members and by seizing the cybercrime forum where the data was being sold. But on Sept. 11, 2023, USDoD resurfaced after a lengthy absence to leak sensitive employee data stolen from the aerospace giant Airbus, while promising to visit the same treatment on top U.S. defense contractors. USDoD’s avatar used to be the seal of the U.S. Department of Defense. Now it’s a charming kitten. In a post on the English language cybercrime forum BreachForums, USDoD leaked information on roughly 3,200 Airbus vendors, including names, addresses, phone numbers, and email addresses.…
Read More

Adobe, Apple, Google & Microsoft Patch 0-Day Bugs (Krebs on Security)

Actualités, Sécurité
Microsoft today issued software updates to fix at least five dozen security holes in Windows and supported software, including patches for two zero-day vulnerabilities that are already being exploited. Also, Adobe, Google Chrome and Apple iOS users may have their own zero-day patching to do. On Sept. 7, researchers at Citizen Lab warned they were seeing active exploitation of a “zero-click,” zero-day flaw to install spyware on iOS devices without any interaction from the victim. “The exploit chain was capable of compromising iPhones running the latest version of iOS (16.6) without any interaction from the victim,” the researchers wrote. According to Citizen Lab, the exploit uses malicious images sent via iMessage, an embedded component of Apple’s iOS that has been the source of previous zero-click flaws in iPhones and iPads.…
Read More

Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach (Krebs on Security)

Actualités, Sécurité
In November 2022, the password manager service LastPass disclosed a breach in which hackers stole password vaults containing both encrypted and plaintext data for more than 25 million users. Since then, a steady trickle of six-figure cryptocurrency heists targeting security-conscious people throughout the tech industry has led some security experts to conclude that crooks likely have succeeded at cracking open some of the stolen LastPass vaults. Taylor Monahan is founder and CEO of MetaMask, a popular software cryptocurrency wallet used to interact with the Ethereum blockchain. Since late December 2022, Monahan and other researchers have identified a highly reliable set of clues that they say connect recent thefts targeting more than 150 people, Collectively, these individuals have been robbed of more than $35 million worth of crypto. Monahan said virtually…
Read More