Boling Point

via the carzy gang at CimmitS

Permalink

The post Boling Point appeared first on Security Boulevard.

Read More

The post Boling Point appeared first on Malware Devil.

https://malwaredevil.com/2020/11/07/boling-point/?utm_source=rss&utm_medium=rss&utm_campaign=boling-point

DEF CON 28 Safe Mode ICS Village – Demirel Temel’s ‘Playing With Electricity’

Many thanks to DEF CON and Conference Speakers for publishing their outstanding presentations; of which, originally appeared at the organization’s DEFCON 28 SAFE MODE Conference, and on the DEF CON YouTube channel. Enjoy!

Permalink

The post DEF CON 28 Safe Mode ICS Village – Demirel Temel’s ‘Playing With Electricity’ appeared first on Security Boulevard.

Read More

The post DEF CON 28 Safe Mode ICS Village – Demirel Temel’s ‘Playing With Electricity’ appeared first on Malware Devil.

https://malwaredevil.com/2020/11/07/def-con-28-safe-mode-ics-village-demirel-temels-playing-with-electricity/?utm_source=rss&utm_medium=rss&utm_campaign=def-con-28-safe-mode-ics-village-demirel-temels-playing-with-electricity

US Victims of Indian Call Center Scams Send Cash to Money Mules Across the Country

 On November 6, 2020, the US Attorney in the Eastern District of Virginia announced the sentence for a husband and wife, Chirag Choksi and Shachi Majmudar, both 36 years old.  This pair had involved themselves in the money laundering side of an international scam ring that preys on the elderly via call centers located in India.  Chirag will serve 78 months in prison while his wife Shachi will serve 14 months in prison.  

I’ve had the pleasure of presenting my research on Indian Call Centers at a meeting the Federal Trade Commission hosted in Washington DC last year.  The scope of these networks and the absolute impunity with which they operate should be a cause of national shame in India.  In 2019, according to the Consumer Sentinel Network Data Book 2019, assembled by the Federal Trade Commission, reported 647,472 “Imposter Scams” with total losses of $667 Million, primarily to the elders who are most deserving of our protection.  (These scams are increasing rapidly.  In 2017 there were 461,476 Imposter Scam complaints, in 2018 there 549,732 complaints.)

The Scam: Law Enforcement Impersonation

Indian Call Centers placed “robocalls” blasting them primarily to seniors in the United States which played a recorded message indicating that the recipient had been charged with a crime and needed to immediately call a certain number to avoid arrest.  When the number was called, the US-based number was routed via a Voice Over IP (VOIP) gateway to call center workers in India who would fraudulently identify themselves as a law enforcement officer and threaten immediate arrest if the caller did not follow their directions.  The caller was instructed to go to their bank, withdraw as much cash as the fake law enforcement officer was able to determine they could get, and then send the money by Federal Express, UPS, or the US Postal Service to a US-based address.

The Money Mules: Choksi and Shachi

There were actually three defendants in this indictment, but they are only a tiny part of the overall scam.  Chirag Janakbhai Choksi and Shachi Naishadh Mamjudar worked for a money mule recruiter, Shehzadkhan Khandakhan Pathan.  Pathan ran mules that he had recruited in many locations, including at least New Jersey, Minnesota, California, Indiana, Texas, and Illinois, although not all have been identified and charged yet.  The criminal complaint against Pathan remains sealed, which makes it likely more charges are forthcoming.  In each location, money mules of Indian origin were waiting to pick up packages of cash.  Chirag and Shachi were the Minnesota Money Mules.

The Money Mules would pick up the bulk cash shipments from their destinations, presenting counterfeit identification documents that used fictitious names in order to hide their identity.  In order to keep their lucrative position in the mule network, mules were required to quickly respond to pick-up orders.  They were also required to video themselves opening the package and counting the cash to ensure that they weren’t skimming more of the money than they were allowed.  

Shachi was primarily the assistant, which is why she got a lesser sentence.  She would log in to FedEx or USPS to track the delivery of the packages, so that Chirag would know when he was clear to do a pick-up run.  She would also videotape Chirag as he opened the packages and counted the money.  She would also frequently be the person who went to the bank to deposit the cash into accounts belonging to other members of the conspiracy.

9594 Grey Widgeon Place, Eden Prairie, MN

In one example from the indictment, Chirag was instructed to go to 9594 Grey Widgeon Place in Eden Prairie, Minnesota to retrieve a package containing $8,500 in cash that had been sent to “Aldo Ronald.”  The FedEx tracking number confirms the package was signed for by someone at that address, and that the package was shipped from Chesterfield, Virginia, where the victim resided.

Strangley, that 1600 square foot duplex claims to have seven current residents, according to WhitePages.com, including Shachi!

According to their Facebook pages, Shachi moved to Minneapolis, Minnesota in 2013.  (The “moved” actually says 2016, but she says in her comments “I actually moved here in 2013, Facebook is just acting weird.”)  Sadly for the family, the parents who are now headed to prison, posted photos of their newborn baby in January 2019. 

The Mule Recruiter: Shehzadkan Pathan

The co-conspirator, Shehzadkhan Khandakhan Pathan, goes by the name Shehzad Khan on Facebook and, like his Facebook friend Chirag, is from Ahmedabad, India. He was arrested by the FBI in Houston, Texas on January 16, 2020 and taken into custody by the US Marshall’s Service.

Shehzadkhan Khan Pathan

This structure was VERY familiar to me, as it works in exactly the same way as the case we documented in 2016 in our blog post Major Call Center Scam Network Revealed – 56 Indicted.

In fact the similarities are extreme.  In that case, the primary call centers involved included a major group in Ahmedabad India, but had money mule “runners” all over the United States, who not only handled financial transactions, but also sought out victim candidates!  

Not only are the cases STRUCTURALLY  similar, but Pathan SEEMS to be linked to one of the key players in that network on Facebook.  Pathan’s Facebook friend “Hardik Dave” who is likely Hardik Patel, also from Ahmedabad, from the previous case.  Although Hardik’s friends marked as private, but has several interactions on his Facebook page from “Hitesh Patel” who was at the core of the 2016 case.  In that case, Ahmedabad call center companies including Call Mantra, Sharma BPO, Worldwide Solutions, and Zoriion Communications were involved in the scams.

A superseding indictment relating to Pathan was announced June 17, 2020, and names several additional co-conspirators. 

In addition to Chirag and Shachi, the new indictment includes: 

• Pradipsinh Dharmendrasinh Parmar
• Sumer Kantilal Patel 
• Jayeshkumar Prabhudas Deliwala

In the new indictment we learn that the  “conspirators regularly communicated using WhatsApp Messenger.” We also learn additional details about the scam calls:

“The messages told the recipients that they had some sort of serious legal problem. Often the purported problem related to potential criminal charges for the victim, tax problems, or THE RISK OF LOSING A FEDERAL BENEFITS PROGRAM SUCH AS SOCIAL SECURITY PAYMENTS.” (emphasis added)

We also learn that a number of the victims had recently applied for a loan, making them aware that the victim now had cash available!  

Pathan, the recruiter, provided the counterfeit identity documents, including fake drivers licenses, and alerted his mule network where the package was being delivered and which identity they should use to retrieve the package.  After they had the cash, Pathan would let them know how much they could keep and give them details of what bank account they should deposit the additional funds into. In some cases the funds were sent via wire transfer, and Pathan would alert his money mules via WhatsApp where the money had been wired and which identity documents they would need to present in order to pick up the money from the bank account where they had been deposited.

More Mules: Parmar, Patel

Both Pradipsinh Dharmendrasinh Parmar and Sumer Kantilal Patel were money mules like Chirag.  They are charged with retrieving and signing for packages of cash, photographing or videoing themselves opening the packages and counting the cash, receiving and using counterfeit identification bearing their likeness but the name of another person, and picking up money transfers via Western Union, MoneyGram, and Walmart to Walmart, and resending portions of that amount to other locations. 

Pradispsinh Parmar is also Facebook friends with Pathan, and also from Ahmedabad, India.  His Facebook page says he lives in Spotswood, New Jersey.  HIS Facebook friend Sumer Patel is not friends with any of the other co-conspirators and may be a name coincidence as he seems to be in Brisbane, Australia.

Pradispsinh Parmar

Parmar, for example, picked up a package containing $20,000 cash sent to the name of “Neon Fredo” at 55 Stratford Village, Lancaster, Pennsylvania.  

Parmar also picked up a MoneyGram of $820 sent from a victim to the name of Larry A Lauzon, in North Carolina.  (Because he had the reference number, it was not necessarily picked up in that location.)

Patel similarly received Walmart-to-Walmart funds, including funds sent from Texas to “Caleb N Cranstone” in Virginia. 

Deliwala received and distributed a set of 20 counterfeit identification documents.

Charges in the case include: 

18 U.S. Code § 1341 – Mail fraud

18 U.S. Code § 1343 – Wire fraud

18 U.S. Code § 1349 – Attempt and conspiracy

18 U.S. Code § 982 – Criminal forfeiture

The post US Victims of Indian Call Center Scams Send Cash to Money Mules Across the Country appeared first on Security Boulevard.

Read More

The post US Victims of Indian Call Center Scams Send Cash to Money Mules Across the Country appeared first on Malware Devil.

https://malwaredevil.com/2020/11/07/us-victims-of-indian-call-center-scams-send-cash-to-money-mules-across-the-country/?utm_source=rss&utm_medium=rss&utm_campaign=us-victims-of-indian-call-center-scams-send-cash-to-money-mules-across-the-country

Notification To Update Microsoft Word Could Be Hidden Malware

If you’ve spent any time at all surveying the threat landscape, then you’re almost certainly familiar with the name Emotet.

As one of the largest malware botnets on the planet, it’s dangerous and then some, and its tentacles extend to every corner of the globe.

There’s nowhere on earth you can go that Emotet can’t reach.

Although Emotet doesn’t deviate from their playbook that often, recently, security researchers around the globe have observed a change. Emotet is now using a different email template. This time, it’s masquerading as Microsoft sending out an email telling you that you need to update your copy of Microsoft Word to gain access to an exciting new feature.

The email looks enough like the real thing to be convincing. There are no glaring spelling or other errors in the body of the message, and given that, a disheartening percentage of recipients are clicking on the attached document to open it.

Naturally, that’s when the trouble starts, because the document is poisoned, and if you also enable macros, you’re doomed. That’s what triggers the download and install of the malware.

Make no mistake, the initial Emotet infection usually isn’t fatal or crippling. It allows the hackers who control the botnet to send spam mail messages and install other forms of malware on your system, and that’s the real danger. Once the door has been pried open, the hackers can hit you with whatever they want, and sooner or later, they will.

All that to say, you definitely don’t want to tangle with Emotet if you can avoid it, so it pays to be aware that they’ve switched things up a bit and are now pretending to be Microsoft offering you instructions in the form of a poisoned Word document. Be mindful of that, and be aware that that’s simply not the method Microsoft uses to update their software. Don’t fall for it.

Used with permission from Article Aggregator

Read More

The post Notification To Update Microsoft Word Could Be Hidden Malware appeared first on Malware Devil.

https://malwaredevil.com/2020/11/07/notification-to-update-microsoft-word-could-be-hidden-malware/?utm_source=rss&utm_medium=rss&utm_campaign=notification-to-update-microsoft-word-could-be-hidden-malware

Why Manual Certificate Management Doesn’t Scale

Why Manual Certificate Management Doesn’t Scale

Enterprises that offer any of their services online (either to customers, or internally), have a significant stake in ensuring constant uptime for all the applications they control. Customer-facing applications are especially critical, given that security breaches or outages could result in a loss of credibility and business for the vendor. Digital certificates are a component […]

The post Why Manual Certificate Management Doesn’t Scale appeared first on AppViewX.

The post Why Manual Certificate Management Doesn’t Scale appeared first on Security Boulevard.

Read More

The post Why Manual Certificate Management Doesn’t Scale appeared first on Malware Devil.

https://malwaredevil.com/2020/11/07/why-manual-certificate-management-doesnt-scale/?utm_source=rss&utm_medium=rss&utm_campaign=why-manual-certificate-management-doesnt-scale

2020-11-06 – Possible Agent Tesla (AgentTesla)

Read More

The post 2020-11-06 – Possible Agent Tesla (AgentTesla) appeared first on Malware Devil.

https://malwaredevil.com/2020/11/07/2020-11-06-possible-agent-tesla-agenttesla/?utm_source=rss&utm_medium=rss&utm_campaign=2020-11-06-possible-agent-tesla-agenttesla

New Gitpaste-12 Botnet Exploits 12 Known Vulnerabilities

Researchers discover a new worm and botnet dubbed Gitpaste-12 for its ability to spread via GitHub and Pastebin.

The post New Gitpaste-12 Botnet Exploits 12 Known Vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2020/11/06/new-gitpaste-12-botnet-exploits-12-known-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=new-gitpaste-12-botnet-exploits-12-known-vulnerabilities

Survey Sees AI, Automation Cast Shadow Over Security Careers

A survey of 350 security professionals in the U.S., Singapore, Germany, Australia and the United Kingdom suggests younger cybersecurity professionals tend to be more conflicted about advances in artificial intelligence (AI) than their older colleagues. Conducted by the research firm Censuswide on behalf of Exabeam, a provider of a security information event management platform, the..

The post Survey Sees AI, Automation Cast Shadow Over Security Careers appeared first on Security Boulevard.

Read More

The post Survey Sees AI, Automation Cast Shadow Over Security Careers appeared first on Malware Devil.

https://malwaredevil.com/2020/11/06/survey-sees-ai-automation-cast-shadow-over-security-careers/?utm_source=rss&utm_medium=rss&utm_campaign=survey-sees-ai-automation-cast-shadow-over-security-careers

Commandant’s 245th Marine Corps Birthday Message

Permalink

The post Commandant’s 245th Marine Corps Birthday Message appeared first on Security Boulevard.

Read More

The post Commandant’s 245th Marine Corps Birthday Message appeared first on Malware Devil.

https://malwaredevil.com/2020/11/06/commandants-245th-marine-corps-birthday-message/?utm_source=rss&utm_medium=rss&utm_campaign=commandants-245th-marine-corps-birthday-message

Hearing from CISOs at Google Cloud and Beyond

Security continues to be a top concern for cloud customers, and therefore continues to be a driver of our business at Google Cloud. However, specific security priorities vary wildly by vertical, by organization size, and by many other factors.

In fact, many “CISO priorities lists” are floating out there online and many people claim to know “what CISOs want.” My analyst years taught me to be skeptical about such claims, if only because there are vast differences between CISOs of different organizations, in terms of security maturity, for example. Specifically, my interactions with CISOs showed me that while one CISO of a large enterprise is expanding his or her threat hunting team, another may be dealing with the more mundane challenge of patching Windows servers in time (BTW, CSO or CISO?).

Naturally, many of us in the Google Cloud Security business speak with customer security teams every day, and they often ask how Google performs certain security operations internally, how we think about certain problems, and how our security offerings will evolve. These conversations often involve Alphabet CISO, Royal Hansen, and we want to have these in-depth conversations as much as possible with our customers.

To make that possible, Google Cloud has created the Office of the CISO. It is made up of senior security executives with experience managing large security organizations across multiple industries. These executives serve as the trusted security and compliance advisors and advocates for customers. Additionally, they leverage their expertise to inform product security and compliance priorities in accordance with industry needs.

Interested in meeting some of these security leaders? We regularly hold Google Cloud Security Talks, and during our next set of talks, on November 18, the Office of the CISO members will participate in a panel discussion on security evolution during cloud migration. You can register for the talk here, and we look forward to having you join us.

Furthermore, Google Cloud Security is putting together hot topics for future CISO discussions. We plan to hit the range of CISO interests and operational maturity levels. Other topics the panel is considering for future events include:

• Applying zero trust access to current and planned systems
• Effectiveness of automation as a solution to security staffing shortages
• Running data security programs in cloud and hybrid environments
• Compliance challenges when operating in the cloud globally
• Performing gap analyses to improve work from home processes

We hope to see you on the 18th to start our journey!

---

Hearing from CISOs at Google Cloud and Beyond was originally published in Anton on Security on Medium, where people are continuing the conversation by highlighting and responding to this story.

The post Hearing from CISOs at Google Cloud and Beyond appeared first on Security Boulevard.

Read More

The post Hearing from CISOs at Google Cloud and Beyond appeared first on Malware Devil.

https://malwaredevil.com/2020/11/06/hearing-from-cisos-at-google-cloud-and-beyond/?utm_source=rss&utm_medium=rss&utm_campaign=hearing-from-cisos-at-google-cloud-and-beyond

Feds Seize $1B in Bitcoin from Silk Road

The illegal marketplace was hacked prior to it’s takedown — the IRS has now tracked down those stolen funds, it said.
Read More

The post Feds Seize $1B in Bitcoin from Silk Road appeared first on Malware Devil.

https://malwaredevil.com/2020/11/06/feds-seize-1b-in-bitcoin-from-silk-road/?utm_source=rss&utm_medium=rss&utm_campaign=feds-seize-1b-in-bitcoin-from-silk-road

Apple Patches 24 Vulnerabilities Across Product Lines

The vulnerabilities include three for which exploits have already been seen in the wild.

The post Apple Patches 24 Vulnerabilities Across Product Lines appeared first on Malware Devil.

https://malwaredevil.com/2020/11/06/apple-patches-24-vulnerabilities-across-product-lines/?utm_source=rss&utm_medium=rss&utm_campaign=apple-patches-24-vulnerabilities-across-product-lines

Campari Site Suffers Ransomware Hangover

The Ragnar Locker operators released a stolen contract between Wild Turkey and actor Matthew McConaughey, as proof of compromise.
Read More

The post Campari Site Suffers Ransomware Hangover appeared first on Malware Devil.

https://malwaredevil.com/2020/11/06/campari-site-suffers-ransomware-hangover/?utm_source=rss&utm_medium=rss&utm_campaign=campari-site-suffers-ransomware-hangover

Billions of Bitcoins, Zoom Snooping, & Doxing Russian Bears – Wrap Up – SWN #80

This week, Dr. Doug Talks Billion USD Bitcoin Mystery Solved, Russian Bears Doxed, Oracle, Zoom Snooping, and Drugs, all this and show wrap ups on the Security Weekly News Wrap Up!
Visit https://www.securityweekly.com/swn for all the latest episodes!

Show Notes: https://securityweekly.com/swn80

The post Billions of Bitcoins, Zoom Snooping, & Doxing Russian Bears – Wrap Up – SWN #80 appeared first on Malware Devil.

https://malwaredevil.com/2020/11/06/billions-of-bitcoins-zoom-snooping-doxing-russian-bears-wrap-up-swn-80/?utm_source=rss&utm_medium=rss&utm_campaign=billions-of-bitcoins-zoom-snooping-doxing-russian-bears-wrap-up-swn-80

Billions of Bitcoins, Drugs, Zoom Snooping, & Doxing Russian Bears – SWN #80

This week, Dr. Doug Talks Billion USD Bitcoin Mystery Solved, Russian Bears Doxed, Oracle, Zoom Snooping, and Drugs, all this and show wrap ups on the Security Weekly News Wrap Up!
Visit https://www.securityweekly.com/swn for all the latest episodes!

Show Notes: https://securityweekly.com/swn80

The post Billions of Bitcoins, Drugs, Zoom Snooping, & Doxing Russian Bears – SWN #80 appeared first on Malware Devil.

https://malwaredevil.com/2020/11/06/billions-of-bitcoins-drugs-zoom-snooping-doxing-russian-bears-swn-80/?utm_source=rss&utm_medium=rss&utm_campaign=billions-of-bitcoins-drugs-zoom-snooping-doxing-russian-bears-swn-80

The Oracle-Walmart-TikTok Deal Is Not Enough

The social media deal raises issues involving data custodianship and trusted tech partnerships.

The post The Oracle-Walmart-TikTok Deal Is Not Enough appeared first on Malware Devil.

https://malwaredevil.com/2020/11/06/the-oracle-walmart-tiktok-deal-is-not-enough/?utm_source=rss&utm_medium=rss&utm_campaign=the-oracle-walmart-tiktok-deal-is-not-enough

DEF CON 28 Safe Mode ICS Village – Can Kumaz’ ‘ICS SecOps Active Defense Concept With Effective Incident Response’

Many thanks to DEF CON and Conference Speakers for publishing their outstanding presentations; of which, originally appeared at the organization’s DEFCON 28 SAFE MODE Conference, and on the DEF CON YouTube channel. Enjoy!

Permalink

The post DEF CON 28 Safe Mode ICS Village – Can Kumaz’ ‘ICS SecOps Active Defense Concept With Effective Incident Response’ appeared first on Security Boulevard.

Read More

The post DEF CON 28 Safe Mode ICS Village – Can Kumaz’ ‘ICS SecOps Active Defense Concept With Effective Incident Response’ appeared first on Malware Devil.

https://malwaredevil.com/2020/11/06/def-con-28-safe-mode-ics-village-can-kumaz-ics-secops-active-defense-concept-with-effective-incident-response/?utm_source=rss&utm_medium=rss&utm_campaign=def-con-28-safe-mode-ics-village-can-kumaz-ics-secops-active-defense-concept-with-effective-incident-response

The DIVERSE Commitment at Keyfactor | Keyfactor

Over the past few months, our team has been working on something, both prudent and special, that we are excited to officially share with the world – The DIVERSE Commitment at Keyfactor. Diversity and inclusion is something Keyfactor has always supported across our global team and communities.

The post The DIVERSE Commitment at Keyfactor | Keyfactor appeared first on Security Boulevard.

Read More

The post The DIVERSE Commitment at Keyfactor | Keyfactor appeared first on Malware Devil.

https://malwaredevil.com/2020/11/06/the-diverse-commitment-at-keyfactor-keyfactor/?utm_source=rss&utm_medium=rss&utm_campaign=the-diverse-commitment-at-keyfactor-keyfactor

CipherCloud Chronicles #6: Tackling Fat Finger Errors

Securing Remote Collaboration – Tackling Fat Finger Errors             Previous Next John, who is REALLY enjoying working from home, gets a call from his manager Kevin requesting for a sales report one afternoon. While sitting on his couch enjoying a favorite show and “working” he quickly sends the report to […]

The post CipherCloud Chronicles #6: Tackling Fat Finger Errors appeared first on CipherCloud.

The post CipherCloud Chronicles #6: Tackling Fat Finger Errors appeared first on Security Boulevard.

Read More

The post CipherCloud Chronicles #6: Tackling Fat Finger Errors appeared first on Malware Devil.

https://malwaredevil.com/2020/11/06/ciphercloud-chronicles-6-tackling-fat-finger-errors/?utm_source=rss&utm_medium=rss&utm_campaign=ciphercloud-chronicles-6-tackling-fat-finger-errors

Too Late

The post Too Late appeared first on Security Boulevard.

Read More

The post Too Late appeared first on Malware Devil.

https://malwaredevil.com/2020/11/06/too-late/?utm_source=rss&utm_medium=rss&utm_campaign=too-late