Last work week began with Europol reporting that more than 30 thousand pirated web sites distributing counterfeit and pirated products were disconnected. Resources offered various goods and services, including counterfeit pharmaceuticals and films, illegal streaming services, music, software, electronics, etc.
One of the high-profile events of the past week was the publication of accusations by the US and British authorities against Muscovite Maxim Yakubets and Yoshkar-Ola resident Igor Turashev, the alleged leaders of “one of the largest hacker groups in history” Evil Corp (aka Dridex), which earned more than $ 100 million on fraudulent schemes. In addition to Yakubts and Turashev, 15 accomplices were included in the Specially Designated Nationals (SDN) sanctions list, most of whom live in Moscow. For information that could help in the arrest of Yakubets, the US Treasury announced a reward of $ 5 million.
The IBM X-Force team revealed details about new malware from the viper family that was already used in attacks on organizations in the energy and industrial sectors in the Middle East. A malware called ZeroCleare has some similarities with the infamous Shamoon worm, which crashed many computers of the Saudi state oil company Saudi Aramco in 2012, but does not belong to this family. According to experts, the development of ZeroCleare may be involved in the APT group OilRig, which is linked by information security experts with the Iranian government.
Operators of the ransomware REvil (Sodinokibi) do not slow down. This time, one of the largest providers of data centers in the USA, CyrusOne, became a victim of ransomware. The incident occurred on Wednesday, December 4. Judging by the ransom notice, the attack on the CyrusOne network was targeted. The entry point where the attack started has not yet been established.
HackerOne was forced to pay a reward of $ 20,000 out of its own pocket after accidentally giving an outside researcher the ability to read and modify vulnerability reports of some of its clients. The leak was caused by the carelessness of one of the HackerOne analysts who, in correspondence with one of the platform community members, accidentally passed a valid session cookie as part of the cURL team, allowing anyone to read and partially modify the data. The company did not disclose the number of users affected by the leak.
University of New Mexico specialists disclosed information about a vulnerability affecting Ubuntu, Fedora, Debian, FreeBSD, OpenBSD, macOS, iOS, Android and other Unix-based OSs. The problem allows you to listen and intercept VPN connections, as well as inject arbitrary data into IPv4 and IPv6 TCP streams. Attacks can be carried out on behalf of a malicious access point or router, or by attackers located on the same network as the victim.