FBI Officials Arrest Another Alleged FIN7 Gang Member

According to newly released court documents, Ukrainian national Denys Iarmak has been arrested for alleged involvement in the malicious cyber campaigns run by the infamous hacking group FIN7.

Among others, Iarmak has been charged with conspiracy to commit computer hacking, fraud, intentional damage to a protected computer, access device fraud, conspiracy to commit wire and bank fraud, wire fraud, and aggravated identity theft.

The objectives of the conspiracy included surveillance of victim computer networks and installing additional malware “for the sole purpose of stealing payment card track data, financial information and private data that would later be sold for financial gain.” The report also alleges that Iarmak was hired as a FIN7 “pen-tester” and “tasked with breaching the security of victims’ computers.”

“Like other members of the group, IARMAK provided his true name in order to receive payment for his work in furtherance of the group,” the complaint alleges. “For example, in a December 26, 2026 Jabber chat with one of the leaders of the hacking group, IARMAK sent his PrivateBank account number to receive salary payment.”

Throughout the investigation, authorities say they were also able to identify the accused through his email address. According to his email account records that held a copy of his resume, Iarmak previously worked as a system administrator for multiple companies.

Since 2014, the highly active gang is notorious for stealing nearly $1 billion from US victims by targeting credit card and financial data using the Carbanak exploit.

Their sophisticated malware campaigns are known to have targeted the systems of an array of organizations from the restaurant, gaming and hospitality industry such as Whole Foods, Trump Hotels, Arby’s and Hudson’s Bay.

The prolific hacking group is also known for its polished skills and organizational sophistication. Members often communicate through private HipChat servers allowing instant messaging and file-sharing features that facilitate internal collaboration. The application was also used for interviewing potential recruits that could help distribute their malware and exfiltrate stolen data including credit card details. The bad actors also use project management software, such as JIRA, to further aid their highly coordinated activity.

Airbonne International Discloses Data Breach Affecting Thousands of Californians

Earlier this month, Arbonne, a multi-level marketing company advertising vegan skincare, cosmetics, and nutrition products, disclosed a data breach affecting 3,527 California residents.

However, the total number of impacted individuals remains unknown, as other states may be affected as well. Residents of Maryland, New York, New Mexico, North Carolina and Rhode Island residents are encouraged to get in touch with their Attorney General for additional information.

According to a Notice of Data Breach on April 20, the California-based company became aware of unusual activity within some of its internal systems. The company started an investigation and determined that certain information may have been accessed without authorization.

On April 23, the security team discovered a data table containing some personal information that may have been accessible to the attacker.
“To date, we are not aware of any actual or attempted misuse of your personal information in relation to this incident,” the company said.

What information could the unauthorized party access?

According to the company, personal identifiable information present included name, email and mailing addresses, order purchase history, phone number, and Arbonne account password.

“To date, our investigation has not determined that payment card information or government ID information, such as Social Security numbers, were accessed,” Arbonne said.

What is the company doing?

Even with the ongoing investigation, the organization has forced a password reset for all impacted user accounts, and is taking steps to enhance network protection by implementing additional security measures and employee training. Arbonne has also committed to provide affected users with a 12-month identity monitoring service, free of charge, and advises affected members to remain vigilant.

What should affected users do?

Besides placing a fraud alert on their accounts, Arbonne members should also monitor their Inboxes for unsolicited emails and phishing attacks, and make sure to review their account statements, and contact the Federal Trade Commission and law enforcement in case of any suspicious activity or fraud.

White House Press Secretary Accidentally Reveals Trump’s Private Banking Info

The White House press secretary, Kayleigh McEnany, showed
a bank statement during a briefing trying to demonstrate that President Donald
Trump is donating his salary to a worthy cause, only to reveal way too much
private banking information.

Companies in the financial sector invest considerable
resources in efforts to keep consumer information private and safe from
intrusions. Financial information is a prized commodity on the dark web, and it
usually requires compromising secure networks to get them.

But McEnany, the recently appointed White House press
secretary, revealed Trump’s banking information during a briefing. She held a
small piece of paper, a bank statement from Capital One that showed how the
presidential salary was going to the Department of Health and Human Services,
to help combat the COVID-19 pandemic.

“Today, his salary went to help advance new therapies to
treat this virus, but leave it to the media to find a shameful reason not to
simply report the facts, focusing instead on whether the check is real or not,”
said White House spokesman Judd Deere, according
to The Guardian.

The problem is that the bank statement was indeed real, showing the address from the Mar-a-Lago resort, along with accounting and routing numbers. While these alone would not be enough to compromise the bank account of the president of the United States, which presumably has a number of other security measures in place, it sets a bad example.

This is not the first time that the president has donated his salary, but officials used enlarged checks, which are more or less a prop for the cameras. McEnany, however, used the real deal. One thing is certain; people should not reveal their banking information under any circumstance, even if only in the form of a bank statement.

Extortion Campaign Targeting Online Shops Threatens to Sell Customer Database Unless Ransom is Paid

Cyber thieves are putting up for sale on a public website more than two dozen SQL databases of e-commerce platforms from across the globe.

The unnamed hackers breached unsecure servers of multiple online shops, copied their content and left a ransom note:

“To recover your lost Database and avoid leaking it: Send us 0.06 Bitcoin (BTC) to our Bitcoin address xxxxxxxYHxxxxxxx and contact us by Email with your Server UP or Domain name and a Proof of Payment. If you are unsure if we have your data, contact us and we will send you a proof. Your Database is downloaded and backed up on our servers. Backups that we have right now: xxxx, classic models, xxxx, if we dont receive your payment in the next 10 Days, we will make your database public or use them otherwise”.

According to Bleeping Computer, some of the wallets used by the bad actors have already received a combined total of BTC 5.8 (about $51,000) in about 100 transactions.

In total, 31 databases are listed, and more than half are attributed to German-based online stores. However, multiple e-commerce platforms from the U.S., Brazil, Italy, Spain and India are also listed.

Depending on the retailer, the databases contain various inputs of personal data belonging to customers, including: email addresses, names, hashed passwords, dates of birth, gender and postal code.

While these databases might not stand out in value, the information can be used to conduct targeted phishing attacks on unsuspecting customers, and resold to multiple parties that could further leverage the data for financial gain.

Perhaps, following this extortion campaign, online vendors will start improving their security and server protection to prevent further attacks and keep customer data protected from unauthorized access.

Hackers are resilient in their attempts to capitalize on stolen data, and even if a vendor chooses to pay the ‘ransom’, it does not guarantee that the bad actors will cease their extortion campaign.

Unc0ver Hackers Find New Zero Day Bug to Jailbreak iOS 13.5

The infamous unc0ver hacker group has released the latest jailbreak for Apple’s notoriously hard-to-crack iOS operating system. The hack allows iPhone and iPad users on the latest iOS version to install a mod that eliminates some restrictions associated with Apple hardware and software, including installing unapproved apps.

Unc0ver lead developer Pwn20wnd says “every other jailbreak released since iOS 9 used 1day exploits that were either patched in the next beta version or the hardware.”

Not this one, though. According to the hacker, this jailbreak leverages a zero-day kernel bug in iOS versions 11 through 13.5. Supported hardware includes everything from iPhone 6S to the new iPhone 11 Pro Max models.

“unc0ver is a jailbreak, which means that you can have the freedom to do whatever you would like to do to your iOS device,” reads the promo on unc0ver.dev. “Allowing you to change what you want and operate within your purview, unc0ver unlocks the true power of your iDevice.”

Jailbreaking typically opens the device to security threats, including malware.

This jailbreak, Pwn20nd claims, is safer as it “just adds exceptions to the existing rules,” the hacker told WIRED.”It only enables reading new jailbreak files and parts of the file system that contain no user data.”

The team emphasizes the security aspect of the jailbreak, saying unc0ver preserves security layers designed to protect the user’s personal information and device by simply “adjusting them as necessary instead of removing them.”

“With this security adjusted on your iOS device, you can run your favorite jailbreak apps and tweaks while still being protected from attackers,” the hacking group claims.

Regardless of how safe the creators claim this hack is, we strongly advise against jailbreaking. Software distributed through non-official channels – not vetted by Apple or any official authority for that matter – can bring serious security risks. Stay safe out there!

Apple will likely take a while to find and patch unc0ver’s new zero-day bug, but the fix will nonetheless arrive in a future iOS release.

A partial build of iOS 14 was recently leaked in the wild. While some speculate this leak might have something to do with Pwn20wnd finding his kernel bug, the hacker says that’s not the case.

“Not at all, I don’t operate with leaked iOS builds,” he said.

As UK Data Breach Reports Drop, Britain’s Privacy Watchdog Reveals Surge in Other Cyber Incidents

The latest report from the UK’s Information Commissioner’s Office (ICO), reveals a steady drop in data security incidents between January and March 2020. When comparing the first quarter of 2020 to the same period of 2019, the security incidents received by ICO have fell 19%, from 3,263 to 2,629.

“These figures are based on the number of reports of personal data breaches received by the ICO during Q4 2019-20,” the data regulator said. Additionally, “these figures are based on the number of reports submitted by the data controller, not necessarily the number of incidents.”

Does this call for celebration? Not necessarily. Under the General Data Protection Regulation (GDPR), organizations are required to notify ICO within 72 hours of learning of a data breach. But how many organizations know that their networks have been compromised? On average, it takes a company about 197 days to identify a data breach and an additional 69 days to contain it, according to a study from IBM.

In the first three months of 2020, 35% (419) of recorded data breaches came from the health sector, and 148 were flagged as “other non-cyber incidents.”

What action has ICO taken? In January and March 2020, UK’s data privacy regulator issued two hefty fines:

• DSG Retail Limited was fined £500,000 “after a ‘point of sale’ computer system was compromised,” affecting at least 14 million people.
• Cathay Pacific Airways was fined £500,000 for a 2014-2018 data breach that left the personal details of customers exposed.

While the downturn of reported data breaches is significant, the volume of some cybersecurity incidents has increased considerably.

For example, phishing incidents increased 27%, and were named the root cause of 280 incidents. Hardware and software misconfigurations increased by 85%, causing 33 reported incidents, and, ransomware attacks, responsible for 60 incidents, have seen a 28% spike.

However, the report also shows a steady decline in unauthorized access attempts, which plummeted from 369 incidents to just 175.

New COVID-19-themed Malware Campaign Spreading through Emails

Microsoft warns of a new COVID 19-related malware
campaign spreading by email and using Excel 4.0 macros and NetSupport Manager
to compromise systems.

The email is a favorite method for attackers to
disseminate malware because it can be targeted or sent to many people at once.
The main reason is that the intrusion uses the victim’s credulity as the
primary means of infection.

In the case of the malware campaign identified by
Microsoft, the email contains an Office file that uses the aging Excel 4.0
macros, which in turn deploy, when opened, a remote access tool named
NetSupport Manager. Both are legit tools perverted by attackers to fulfill
different malicious goals.

“The emails purport to come from Johns Hopkins
Center bearing ‘WHO COVID-19 SITUATION REPORT’”, said
Microsoft on Twitter. “The Excel files open w/ security warning & show
a graph of supposed coronavirus cases in the US. If allowed to run, the
malicious Excel 4.0 macro downloads & runs NetSupport Manager RAT.”

Once the NetSupport Manager RAT is deployed, further
files are downloaded, including a few .dll, .ini, and other .exe files, a
VBScript, and an obfuscated PowerSploit-based PowerShell script. When the
procedure is complete, it connects to a Command and Control center to await
further commands.

This type of attack existed before the pandemic, but the
criminals have adjusted their strategy to make their emails more appealing,
increasing the likelihood of someone opening it.

It goes without saying that people should not open emails
and attachments from unknown sources and should always have a security solution
installed on their endpoints. It’s crucial to keep macros set to Off by default
in Microsoft Office.

Also, keep in mind that the government and health
authorities don’t communicate with people through email or use it to send
updates and situation reports. If you receive such an email, it’s likely part
of a malware campaign.

Why should you teach cybersecurity to your kids?

Now more than ever, we understand the importance of safety, both online and in the real world. The coronavirus epidemic has forced millions of families from across the globe to adopt social distancing and rely on their Internet-enabled devices to communicate with the outside world, friends and family.

As schools locked down for the remainder of the school season, students have turned to online classes, and other means of communications with their classmates. It’s not just parents who need to adapt to the new work-from-home environment and threat landscape.

The Internet can provide a wide range of fun activities for children and educational materials but, as kids surpass their parents in tech savviness, their digital profiles can easily become a target for cyber criminals.

Age gap for cyber security?

Learning the basics of good cyber hygiene should not have an age limit. While you monitor what apps and games your toddler accesses, it might be harder to keep an eye on teens and their online activity.

More screen time can come with a price. This is why it’s important to teach your young ones about their digital profile and how they can stay safe while perusing the web – and the sooner the better.

Data shows that three in five children use Internet-based devices in their homes, and it’s estimated that children between 8 and 18 spend about 45 hours per week online – numbers that have most likely increased during stay-at-home orders.

Think twice before you post

We live in the social media era, where both adults and children post their daily activities, their likes and dislikes, opinions, daily selfies and videos.

Posting or sharing something online may seem harmless to your young one. However, you should start explaining how the digital world works. Remember, once a picture is online, it remains online forever. Advise your child or teen to be cautious about sharing on social media, and tweak their profile settings so that only their friends can view their profile.

‘Stranger danger’

Online popularity and an extensive friends’ list have become the new craze, especially for teenagers. However, the digital world can also provide anonymity, which is often abused by cyber criminals who pose as a trustworthy individual or friend.

It’s essential that you teach your child to spot red flags in any online communication with strangers. While the best course of action would be to ignore the message request, it’s easy to overlook this step. Advise them to be cautious about whom they befriend, and lay down some of the risks they expose themselves to.

A study from the Center for Cyber Safety and Education revealed that 40% of children in grades 4-8 have talked to a stranger online. Even more worrying, 53% provided their phone number, 30% texted and 15% tried to meet up with the unknown individual.

Cyberbullying

Cyberbullying can have serious psychological effects on a child. The most common tactics include posting mean comments, spreading rumors, threatening, and even impersonating someone using a fake account to damage online reputation.

Social media bullies wreak havoc, and your child should feel comfortable enough to talk with you about any individual that might be harassing them online. Help your child be mindful of their approach, and immediately report bullies to online platforms or local authorities.

Oversharing and cyber theft

It’s not just online accounts that your child needs to worry about. According to a TransUnion report, around 20% of children aged 13 to 18 have a credit card. Making sure they shop responsibly, only on trusted websites, can save them from becoming a victim of identity theft or fraud.

Advise teenagers not to store credit card information when shopping online or for any in-game purchases. If, by chance, your teen has access to his Social Security number, urge him NEVER to provide this personal identifiable information online.

Child identity theft is no game. According to 2017 study conducted by Javelin Research, more than 1 million children had their identities stolen, and 66% of victims were under the age of 8. A child’s identity is more attractive to cyber-crooks. Why? It can allow criminals to open new lines of credit that could go unchecked for years. By the time your child has grown and wants to apply for a school loan or rent an apartment, he won’t be able to due to a damaged credit score.

Securing online accounts

Most teenagers have an email account already, and no parental guidance was required when signing up. As you should be aware of the dangers of phishing emails and how important it is to protect your personal information, encourage your child not to click on suspicious links or open attachments he receives from unfamiliar email addresses.

You are not just protecting the account owner’s private info, but assuring that no malicious actions affect a device that other family members might be using.

It’s critical for online accounts to have secure passwords. Most children play online games and set up accounts, allowing them to engage in interactions with other players. However, the dangers of data breaches are not limited to financial accounts, and any user database is useful for cyber thieves.

Instruct your young one not to recycle passwords, and to enable a two-factor authentication method where possible.

Protecting your child’s online identity is essential in the digital era, and becoming a digitally-minded family is hard work. However, the long-term benefits are worth the efforts. Keep your devices up to date with the latest security solution, and share your wisdom with friends and family.

Here at Bitdefender we focus on protecting your devices from malicious activity and threats of all kinds. Now more than ever, we need autonomy and safety as we interact with the world through our internet-enabled devices. That’s why we have extended the trial for our best security suite, ensuring that you can take care of your family’s devices for up to 90 days. If you’re already set up, why not make an unexpected gift to your loved ones who might not be aware of emerging cyber threats?

Signal Introduces PINs, Slowly Moves to End Reliance on Phone Numbers as Security Measure

The Signal messaging app is getting a new security feature
called Signal PINs, allowing users to secure their cloud-stored information in
a way not available to anyone else, and that includes the company making the
app.

More and more messaging apps are using true encrypted
communications, so it’s no longer an exotic feature. But what happens with that
data when a user changes the phone or reinstalls the operating system? It
relies on the company building the app to store profile information, and that
means that private data could be available to other parties as well.

The new Signal PIN comes with a couple important features.
First, the new PIN lets users take ownership of their profile data, which means
that if they lose that PIN, they won’t be able to recover their profile from
the server.

The PIN can either be a four-digit number or an alphanumeric
sequence, whichever the user prefers. More importantly, the developers and the
company making the app don’t know the PIN. If the user forgets it, it’s lost
forever.

The second feature is just as important, as Signal moves
away from addressing based on phone numbers. More precisely, users won’t need a
phone number to install Signal. On top of that, it’s a security measure as
well.

“PINs will also help facilitate new features like addressing
that isn’t based exclusively on phone numbers since the system address book
will no longer be a viable way to maintain your network of contacts,” reads the
announcement
from Signal. The rollout for this feature is gradual, along
with the requirement for the phone number, but it shows that, when it comes to
privacy and security, messaging apps still have work to do.

As hackers sell 8 million user records, Home Chef confirms data breach

As hackers sell 8 million user records, Home Chef confirms data breach

Meal kit and food delivery company Home Chef has confirmed that hackers breached its systems, making off with the personal information of customers.

Quite how the hackers breached Home Chef’s systems is unclear. In its own FAQ about the security breach, the business shares no details other than to say that it “recently learned of a data security incident impacting select customer information.”

However, earlier this month – weeks before Home Chef went public about its security breach – Bleeping Computer reported that the company was one of eleven whose breached data was being offered for sale on a dark web marketplace.

According to Lawrence Abrams of Bleeping Computer, the ShinyHunters hacking gang were offering eight million user records from Home Chef for $2,500.

ShinyHunters was offering for sale millions of stolen records from the Zoosk dating app, the photo book-making firm Chatbooks, the online art and design marketplace Minted, and others.

It seems natural to assume that Home Chef was not aware that it had suffered a data breach until cybersecurity journalists started writing about ShinyHunters’ attempt to sell the data on the underground marketplace.

According to Home Chef, information accessed by the hackers included customers’ email addresses, names, gender, phone numbers, the last four digits of credit card numbers, and “encrypted” passwords.

Quite what the Home Chef means by “encrypted” passwords is unclear, as the firm does not specify what encryption algorithm had been used (some are more resistant to cracking than others) and whether the data had been hashed (with a judicious sprinkling of salt) beforehand.

My feeling is, particularly when breached companies seem reticent to share details of how their passwords were being stored is to assume the worst – which means not only changing your password on that particular site, but also ensuring that you are not using that same password anywhere else on the internet.

And, obviously, make sure that any password you choose is not just unique, but also strong and hard to crack. A password manager is typically much better at generating (and indeed remembering!) hard to crack passwords than the human brain.

Home Chef says that it is contacting affected customers, strengthening its security systems, and sensibly is advising customers to change their passwords. In addition if you have ever used Home Chef you would be wise to keep an eye open for suspicious communications, which might be phishing attacks exploiting the breached data.

Posts navigation

1 2 3 4 5 6 7
Scroll to top