Sealed U.S. Court Records Exposed in SolarWinds Breach

The ongoing breach affecting thousands of organizations that relied on backdoored products by network software firm SolarWinds may have jeopardized the privacy of countless sealed court documents on file with the U.S. federal court system, according to a memo released Wednesday by the Administrative Office (AO) of the U.S. Courts.

The judicial branch agency said it will be deploying more stringent controls for receiving and storing sensitive documents filed with the federal courts, following a discovery that its own systems were compromised as part of the SolarWinds supply chain attack. That intrusion involved malicious code being surreptitiously inserted into updates shipped by SolarWinds for some 18,000 users of its Orion network management software as far back as March 2020.

“The AO is working with the Department of Homeland Security on a security audit relating to vulnerabilities in the Judiciary’s Case Management/Electronic Case Files system (CM/ECF) that greatly risk compromising highly sensitive non-public documents stored on CM/ECF, particularly sealed filings,” the agency said in a statement published Jan. 6.

“An apparent compromise of the confidentiality of the CM/ECF system due to these discovered vulnerabilities currently is under investigation,” the statement continues. “Due to the nature of the attacks, the review of this matter and its impact is ongoing.”

The AO declined to comment on specific questions about their breach disclosure. But a source close to the investigation told KrebsOnSecurity that the federal court document system was “hit hard,” by the SolarWinds attackers, which multiple U.S. intelligence and law enforcement agencies have attributed as “likely Russian in origin.”

The source said the intruders behind the SolarWinds compromise seeded the AO’s network with a second stage “Teardrop” malware that went beyond the “Sunburst” malicious software update that was opportunistically pushed out to all 18,000 customers using the compromised Orion software. This suggests the attackers were targeting the agency for deeper access to its networks and communications.

The AO’s court document system powers a publicly searchable database called PACER, and the vast majority of the files in PACER are not restricted and are available to anyone willing to pay for the records.

But experts say many other documents stored in the AO’s system are sealed — either temporarily or indefinitely by the courts or parties to a legal matter — and may contain highly sensitive information, including intellectual property and trade secrets, or even the identities of confidential informants.

Nicholas Weaver, a lecturer at the computer science department at University of California, Berkeley, said the court document system doesn’t hold documents that are classified for national security reasons. But he said the system is full of sensitive sealed filings — such as subpoenas for email records and so-called “trap and trace” requests that law enforcement officials use to determine with whom a suspect is communicating via phone, when and for how long.

“This would be a treasure trove for the Russians knowing about a lot of ongoing criminal investigations,” Weaver said. “If the FBI has indicted someone but hasn’t arrested them yet, that’s all under seal. A lot of the investigative tools that get protected under seal are filed very early on in the process, often with gag orders that prevent [the subpoenaed party] from disclosing the request.”

The acknowledgement from the AO comes hours after the U.S. Justice Department said it also was a victim of the SolarWinds intruders, who took control over the department’s Office 365 system and accessed email sent or received from about three percent of DOJ accounts (the department has more than 100,000 employees).

The SolarWinds hack also reportedly jeopardized email systems used by top Treasury Department officials, and granted the attackers access to networks inside the Energy, Commerce and Homeland Security departments.

The New York Times on Wednesday reported that investigators are examining whether a breach at another software provider — JetBrains — may have precipitated the attack on SolarWinds. The company, which was founded by three Russian engineers in the Czech Republic, makes a tool called TeamCity that helps developers test and manage software code. TeamCity is used by developers at 300,000 organizations, including SolarWinds and 79 of the Fortune 100 companies.

“Officials are investigating whether the company, founded by three Russian engineers in the Czech Republic with research labs in Russia, was breached and used as a pathway for hackers to insert back doors into the software of an untold number of technology companies,” The Times said. “Security experts warn that the monthslong intrusion could be the biggest breach of United States networks in history.”

Under the AO’s new procedures, highly sensitive court documents filed with federal courts will be accepted for filing in paper form or via a secure electronic device, such as a thumb drive, and stored in a secure stand-alone computer system. These sealed documents will not be uploaded to CM/ECF.

“This new practice will not change current policies regarding public access to court records, since sealed records are confidential and currently are not available to the public,” the AO said.

James Lewis, senior vice president at the Center for Strategic and International Studies, said it’s too soon to tell the true impact of the breach at the court system, but the fact that they were apparently targeted is a “a very big deal.”

“We don’t know what the Russians took, but the fact that they had access to this system means they had access to a lot of great stuff, because federal cases tend to involve fairly high profile targets,” he said.

Read More

The post Sealed U.S. Court Records Exposed in SolarWinds Breach appeared first on Malware Devil.

https://malwaredevil.com/2021/01/07/sealed-u-s-court-records-exposed-in-solarwinds-breach-2/?utm_source=rss&utm_medium=rss&utm_campaign=sealed-u-s-court-records-exposed-in-solarwinds-breach-2

Sealed U.S. Court Records Exposed in SolarWinds Breach

The ongoing breach affecting thousands of organizations that relied on backdoored products by network software firm SolarWinds may have jeopardized the privacy of countless sealed court documents on file with the U.S. federal court system, according to a memo released Wednesday by the Administrative Office (AO) of the U.S. Courts.

The post Sealed U.S. Court Records Exposed in SolarWinds Breach appeared first on Security Boulevard.

Read More

The post Sealed U.S. Court Records Exposed in SolarWinds Breach appeared first on Malware Devil.

https://malwaredevil.com/2021/01/07/sealed-u-s-court-records-exposed-in-solarwinds-breach/?utm_source=rss&utm_medium=rss&utm_campaign=sealed-u-s-court-records-exposed-in-solarwinds-breach

Biden to Appoint Cybersecurity Advisor to NSC – Report

Anne Neuberger will join the National Security Council, according to sources.
Read More

The post Biden to Appoint Cybersecurity Advisor to NSC – Report appeared first on Malware Devil.

https://malwaredevil.com/2021/01/07/biden-to-appoint-cybersecurity-advisor-to-nsc-report/?utm_source=rss&utm_medium=rss&utm_campaign=biden-to-appoint-cybersecurity-advisor-to-nsc-report

Nvidia Warns Windows Gamers of High-Severity Graphics Driver Flaws

In all, Nvidia patched flaws tied to 16 CVEs across its graphics drivers and vGPU software, in its first security update of 2021.
Read More

The post Nvidia Warns Windows Gamers of High-Severity Graphics Driver Flaws appeared first on Malware Devil.

https://malwaredevil.com/2021/01/07/nvidia-warns-windows-gamers-of-high-severity-graphics-driver-flaws/?utm_source=rss&utm_medium=rss&utm_campaign=nvidia-warns-windows-gamers-of-high-severity-graphics-driver-flaws

Evaluating Cookies to Hide Backdoors

Identifying website backdoors is not always an easy task. Since a backdoors primary function is to conceal itself while providing unauthorized access, they are often developed using a variety of techniques that can make it challenging to detect.

For example, an attacker can inject a single line of code containing less than 130 characters into a website file. While this may not seem like a lot of code, this short string can be used to load PHP web shells on your website at the attacker’s whim —  while also preventing website visitors and administrators from detecting the malicious behavior.

Continue reading Evaluating Cookies to Hide Backdoors at Sucuri Blog.

The post Evaluating Cookies to Hide Backdoors appeared first on Security Boulevard.

Read More

The post Evaluating Cookies to Hide Backdoors appeared first on Malware Devil.

https://malwaredevil.com/2021/01/07/evaluating-cookies-to-hide-backdoors/?utm_source=rss&utm_medium=rss&utm_campaign=evaluating-cookies-to-hide-backdoors

Red Hat to Acquire StackRox to Further Expand its Security Leadership

Today Red Hat announced a definitive agreement to acquire StackRox. This is an exciting milestone for StackRox and a tremendous validation of our innovative approach to container and Kubernetes security. It combines the industry’s first Kubernetes-native security platform with Red Hat’s leading enterprise Kubernetes platform, OpenShift – helping businesses further accelerate their digital transformation initiatives by more securely building, deploying and running their cloud-native applications anywhere. StackRox will continue to support multiple Kubernetes offerings such as Amazon EKS, Azure AKS, and Google GKE.

The post Red Hat to Acquire StackRox to Further Expand its Security Leadership appeared first on Security Boulevard.

Read More

The post Red Hat to Acquire StackRox to Further Expand its Security Leadership appeared first on Malware Devil.

https://malwaredevil.com/2021/01/07/red-hat-to-acquire-stackrox-to-further-expand-its-security-leadership/?utm_source=rss&utm_medium=rss&utm_campaign=red-hat-to-acquire-stackrox-to-further-expand-its-security-leadership

CVE-2020-35774: twitter-server XSS Vulnerability Discovered

According to its official documentation, “twitter-server” is a Twitter OSS project used to provide a template from which servers at Twitter are built. It provides common application components such as an administrative HTTP server, tracing, stats, and more, and is used, amongst other things, by both the Finagle and Finatra frameworks. After researching twitter-server, the

Read More ›

The post CVE-2020-35774: twitter-server XSS Vulnerability Discovered appeared first on Security Boulevard.

Read More

The post CVE-2020-35774: twitter-server XSS Vulnerability Discovered appeared first on Malware Devil.

https://malwaredevil.com/2021/01/07/cve-2020-35774-twitter-server-xss-vulnerability-discovered/?utm_source=rss&utm_medium=rss&utm_campaign=cve-2020-35774-twitter-server-xss-vulnerability-discovered

All Aboard the Pequod!

Like countless others, I frittered away the better part of Jan. 6 doomscrolling and watching television coverage of the horrifying events unfolding in our nation’s capital, where a mob of President Trump supporters and QAnon conspiracy theorists was incited to lay siege to the U.S. Capitol. For those trying to draw meaning from the experience, might I suggest consulting the literary classic Moby Dick, which simultaneously holds clues about QAnon’s origins and offers an apt allegory about a modern-day Captain Ahab and his ill-fated obsessions.

The post All Aboard the Pequod! appeared first on Security Boulevard.

Read More

The post All Aboard the Pequod! appeared first on Malware Devil.

https://malwaredevil.com/2021/01/07/all-aboard-the-pequod-2/?utm_source=rss&utm_medium=rss&utm_campaign=all-aboard-the-pequod-2

All Aboard the Pequod!

Like countless others, I frittered away the better part of Jan. 6 doomscrolling and watching television coverage of the horrifying events unfolding in our nation’s capital, where a mob of President Trump supporters and QAnon conspiracy theorists was incited to lay siege to the U.S. Capitol. For those trying to draw meaning from the experience, might I suggest consulting the literary classic Moby Dick, which simultaneously holds clues about QAnon’s origins and offers an apt allegory about a modern-day Captain Ahab and his ill-fated obsessions.

Many have speculated that Jim Watkins, the administrator of the online message board 8chan (a.k.a. 8kun), and/or his son Ron are in fact “Q,” the anonymous persona behind the QAnon conspiracy theory, which holds that President Trump is secretly working to save the world from a satanic cult of pedophiles and cannibals.

Last year, as I was scrutinizing the computer networks that kept QAnon online, researcher Ron Guilmette pointed out a tantalizing utterance from Watkins the younger which adds tenuous credence to the notion that one or both of them is Q.

We’ll get to how the Great White Whale (the Capitol?) fits into this tale in a moment. But first, a bit of background. A person identified only as “Q” has for years built an impressive following for the far-right conspiracy movement by leaving periodic “Q drops,” cryptic messages that QAnon adherents spend much time and effort trying to decipher and relate to current events.

Researchers who have studied more than 5,000 Q drops are convinced that there are two distinct authors of these coded utterances. The leading theory is that those identities corresponded to the aforementioned father-and-son team responsible for operating 8chan.

Jim Watkins, 56, is the current owner of 8chan, a community perhaps now best known as a forum for violent extremists and mass shooters. Watkins is an American pig farmer based in the Philippines; Ron reportedly resides in Japan.

In the aftermath of back-to-back mass shootings on Aug. 3 and Aug. 4, 2019 in which a manifesto justifying one of the attacks was uploaded to 8chan, Cloudflare stopped providing their content delivery network to 8chan. Several other providers quickly followed suit, leaving 8chan offline for months before it found a haven at a notorious bulletproof hosting facility in Russia.

One reason Q watchers believe Ron and Jim Watkins may share authorship over the Q drops is that while 8chan was offline, the messages from Q ceased. The drops reappeared only months later when 8chan rebranded as 8kun.

CALL ME ISHMAEL

Here’s where the admittedly “Qonspiratorial” clue about the Watkins’ connection to Q comes in. On Aug. 5, 2019, Ron Watkins posted a Twitter message about 8chan’s ostracization which compared the community’s fate to that of the Pequod, the name of the doomed whaling ship in the Herman Melville classic “Moby Dick.”

“If we are still down in a few hours then maybe 8chan will just go clearnet and we can brave DDOS attacks like Ishmael on the Pequod,” Watkins the younger wrote.

Ishmael, the first-person narrator in the novel, is a somewhat disaffected American sailor who decides to try his hand at a whaling ship. Ishmael is a bit of a minor character in the book; very soon into the novel we are introduced to a much more interesting and enigmatic figure — a Polynesian harpooner by the name of Queequeg.

Apart from being a cannibal from the Pacific islands who has devoured many people, Queequeg is a pretty nice guy and shows Ismael the ropes of whaling life. Queequeg is covered head to toe in tattoos, which are described by the narrator as the work of a departed prophet and seer from the cannibal’s home island.

Like so many Q drops, Queequeg’s tattoos tell a mysterious tale, but we never quite learn what that full story is. Indeed, the artist who etched them into Queequeg’s body is long dead, and the cannibal himself can’t seem to explain what it all means.

Ishmael describes Queequeg’s mysterious markings in this passage:

“…a complete theory of the heavens and earth, and a mystical treatise on the art of attaining truth; so that Queequeg in his own proper person was a riddle to unfold; a wondrous work in one volume; but whose mysteries not even himself could read, though his own live heart beat against them; and these mysteries were therefore destined in the end to moulder away with the living parchment whereon they were inscribed, and so be unsolved to the last.”

THE GREAT WHITE WHALE

It’s perhaps fitting then that one of the most recognizable figures from the mob that stormed the U.S. Capitol on Wednesday was a heavily-tattooed, spear-wielding QAnon leader who goes by the name “Q Shaman” (a.k.a. Jake Angeli).

“Q Shaman,” a.k.a. Jake Angeli, at a Black Lives Matter event in Arizona (left) and Wednesday, confronted by U.S. Capitol Police. Image: Twitter, @KelemenCari.

“Angeli’s presence at the riot, along with others wearing QAnon paraphernalia, comes as the conspiracy-theory movement has been responsible for the popularization of Trump’s voter-fraud conspiracy theories,” writes Rachel E. Greenspan for Yahoo! News.

“As Q has become increasingly hands-off, giving fewer and fewer messages to his devotees, QAnon leaders like Angeli have gained fame and power in the movement,” Greenspan wrote.

If somehow Moby Dick was indeed the inspiration for the “Q” identity in QAnon, yesterday’s events at The Capitol were the inexorable denouement of a presidential term that increasingly came to be defined by conspiracy theories. In a somewhat prescient Hartford Courant op-ed published in 2018, author Steven Almond observed that Trump’s presidency could be best understood through the lens of the Pequod’s Captain Ahab. To wit:

“Melville is offering a mythic account of how one man’s virile bombast ensnares everyone and everything it encounters. The setting is nautical, the language epic. But the tale, stripped to its ribs, is about the seductive power of the wounded male ego, how naturally a ship steered by men might tack to its vengeful course.”

“Trump’s presidency has been, in its way, a retelling of this epic. Whether we cast him as agent or principal hardly matters. What matters is that Americans have joined the quest. In rapture or disgust, we’ve turned away from the compass of self-governance and toward the mesmerizing drama of aggression on display, the masculine id unchained and all that it unchains within us. With every vitriolic tweet storm and demeaning comment, Trump strikes through the mask.”

EPILOGUE

If all of the above theorizing reads like yet another crackpot QAnon conspiracy, that may be the inevitable consequence of my spending far too much time going down this particular rabbit hole (and re-reading Moby Dick in the process!).

In any case, none of this is likely to matter to the diehard QAnon conspiracy theorists themselves, says Mike Rothschild, a writer who specializes in researching and debunking conspiracy theories.

“Even if Jim Watkins was revealed as owning the board or making the posts, it wouldn’t matter,” Rothschild said. “Anything that happens that disconfirms Q being an official in the military industrial complex is going to help fuel their persecution complex.”

Rothschild has been working hard on finishing his next book, “The Storm is Upon Us: How QAnon Became a Movement, Cult, and Conspiracy Theory of Everything,” which is due to be published in October 2021. Who’s printing the book? Ten points if you guessed Melville House, an independent publisher named after Herman Melville.

Read More

The post All Aboard the Pequod! appeared first on Malware Devil.

https://malwaredevil.com/2021/01/07/all-aboard-the-pequod/?utm_source=rss&utm_medium=rss&utm_campaign=all-aboard-the-pequod

🔴 LIVE: Paul’s Security Weekly #679

This week, we welcome Clayton Fields & Michael Assraf from Vicarius, then we are joined by Ming Chow from Tufts University to discuss how much has changed since his last appearance in 2014, and then we wrap with the Security News!

→Full Show Notes: https://securityweekly.com/psw679
→Join the Security Weekly Discord Server: https://discord.gg/pqSwWm4
→Visit our website: https://www.securityweekly.com
→Follow us on Twitter: https://www.twitter.com/securityweekly

The post 🔴 LIVE: Paul’s Security Weekly #679 appeared first on Malware Devil.

https://malwaredevil.com/2021/01/07/%f0%9f%94%b4-live-pauls-security-weekly-679/?utm_source=rss&utm_medium=rss&utm_campaign=%25f0%259f%2594%25b4-live-pauls-security-weekly-679

¿Cómo podrán las empresas liderar el mercado en el 2021?

Todas las compañías del mundo, sin importar su sector económico, tamaño o país de origen, se están enfrentando a un punto de quiebre que determinará sus perspectivas en el futuro próximo y a largo plazo. ¿Cómo podrán las empresas prepararse …

The post ¿Cómo podrán las empresas liderar el mercado en el 2021? appeared first on ManageEngine Blog.

The post ¿Cómo podrán las empresas liderar el mercado en el 2021? appeared first on Security Boulevard.

Read More

The post ¿Cómo podrán las empresas liderar el mercado en el 2021? appeared first on Malware Devil.

https://malwaredevil.com/2021/01/07/como-podran-las-empresas-liderar-el-mercado-en-el-2021/?utm_source=rss&utm_medium=rss&utm_campaign=como-podran-las-empresas-liderar-el-mercado-en-el-2021

“I have full control of your device”: Sextortion scam rears its ugly head in time for 2021

Malwarebytes recently received a report about a fresh spate of Bitcoin sextortion scam campaigns doing the rounds.

Bitcoin sextortion scams tend to email you to say they’ve videoed you on your webcam performing sexual acts in private, and ask you to pay them amount in Bitcoin to keep the video (which doesn’t exist) private. This type of blackmail has become quite popular since the middle of 2018.

Sextortion scammers frequently use spoofed or made up email addresses to contact their targets. Previous campaigns have targeted those with compromised account passwords scraped from third-party breaches, minors, and other vulnerable groups. In this case, our experts believe that these emails have been targeting .org email addresses, and senior leadership almost exclusively.

From: {spoofed sender name}

Subject: I have full control of your device

Message body:

Hi

Did you notice that I sent you an email from your address? Yes, that means I have full control of your device. I am aware you watch adults [sic] content with underage teens frequently. My spyware recorded a video of you masturbating. I also got access to your address book. I am happy to share these interesting videos with your address list and social media contacts. To prevent this from happening, you need to send me 1000 (USD) in bitcoins.

Bitcoin wallet part 1: 1C1FfgyNsJGJZfuR2ePXxTraa

Bitcoin wallet part 2: CqE6WLWSM

Combine part 1 and part 2 with no space between them to get the full bitcoin wallet.

Quick tip! You can procure bitcoins from Paxful. Use Google to find it.Once I receive the compensation (Yes, consider it a compensation), I will immediately delete the videos, and you will never hear from me again. You have three days to send the amount. I will receive a notification once this email is opened, and the countdown will begin.

What we may perceive as a-dime-a-dozen, cookie-cutter blackmail email may be something new to someone, especially those who aren’t aware of such a charade. Make no mistake: Email scams that contain little to no threats towards recipients have worked repeatedly like a charm.

This is why it’s important to keep up with what’s happening in cybersecurity, how online threats affect aspects of our lives, and how we can better protect ourselves, our data, and the people around us from those who scare, threaten, and bluff their way into our wallets. Treat all emails like this with a healthy amount of skepticism and you should be able to really see the email as it truly is: a fake.

Malwarebytes has extensively written about Bitcoin sextortion scams through the years. And what we advised then is still relevant to these new sextortion scams.

Change your passwords–or, better yet, consider using a password manager to help you create and store more complicated passwords for you.

Always use multi-factor authentication (MFA) to add an extra step of security. Most companies with an online presence have this, so make full use of it.

Do not pay the scammer.

If you received a sextortion email at work, let your IT department know. If you’re in the United States, feel free to report this to the FBI’s IC3.

Our Director of Mac and Mobile, Thomas Reed, had drafted a post aimed at Mac users who have received such scammy emails but need guidance on what these are what they need to do.

Stay safe, as always, and remain vigilant.

---

Bitcoin addresses related to this scam (as of this writing):

• 1Nd3JST1daeyzmPovkRoemjysA6JfXjVRg
• 17qBCU7Y5yrS9eimxvydRYw3XNF9meuSCY
• 1C1FfgyNsJGJZfuR2ePXxTraaCqE6WLWSM

The post “I have full control of your device”: Sextortion scam rears its ugly head in time for 2021 appeared first on Malware Devil.

https://malwaredevil.com/2021/01/07/i-have-full-control-of-your-device-sextortion-scam-rears-its-ugly-head-in-time-for-2021-7/?utm_source=rss&utm_medium=rss&utm_campaign=i-have-full-control-of-your-device-sextortion-scam-rears-its-ugly-head-in-time-for-2021-7

DEF CON 28 Safe Mode Lock Picking Village – D1dymu5’s ‘Hybrid PhySec Tools’

Many thanks to DEF CON and Conference Speakers for publishing their outstanding presentations; of which, originally appeared at the organization’s DEFCON 28 SAFE MODE Conference, and on the DEF CON YouTube channel. Enjoy!

Permalink

The post DEF CON 28 Safe Mode Lock Picking Village – D1dymu5’s ‘Hybrid PhySec Tools’ appeared first on Security Boulevard.

Read More

The post DEF CON 28 Safe Mode Lock Picking Village – D1dymu5’s ‘Hybrid PhySec Tools’ appeared first on Malware Devil.

https://malwaredevil.com/2021/01/07/def-con-28-safe-mode-lock-picking-village-d1dymu5s-hybrid-physec-tools/?utm_source=rss&utm_medium=rss&utm_campaign=def-con-28-safe-mode-lock-picking-village-d1dymu5s-hybrid-physec-tools

The Seven Types of Risk Assurance Professionals

Risk assurance in the modern enterprise is a team effort. So that begs the question: exactly what do …

Read More

The post The Seven Types of Risk Assurance Professionals appeared first on Hyperproof.

The post The Seven Types of Risk Assurance Professionals appeared first on Security Boulevard.

Read More

The post The Seven Types of Risk Assurance Professionals appeared first on Malware Devil.

https://malwaredevil.com/2021/01/07/the-seven-types-of-risk-assurance-professionals/?utm_source=rss&utm_medium=rss&utm_campaign=the-seven-types-of-risk-assurance-professionals

“I have full control of your device”: Sextortion scam rears its ugly head in time for 2021

Malwarebytes recently received a report about a fresh spate of Bitcoin sextortion scam campaigns doing the rounds.

Bitcoin sextortion scams tend to email you to say they’ve videoed you on your webcam performing sexual acts in private, and ask you to pay them amount in Bitcoin to keep the video (which doesn’t exist) private. This type of blackmail has become quite popular since the middle of 2018.

Sextortion scammers frequently use spoofed or made up email addresses to contact their targets. Previous campaigns have targeted those with compromised account passwords scraped from third-party breaches, minors, and other vulnerable groups. In this case, our experts believe that these emails have been targeting .org email addresses, and senior leadership almost exclusively.

From: {spoofed sender name}

Subject: I have full control of your device

Message body:

Hi

Did you notice that I sent you an email from your address? Yes, that means I have full control of your device. I am aware you watch adults [sic] content with underage teens frequently. My spyware recorded a video of you masturbating. I also got access to your address book. I am happy to share these interesting videos with your address list and social media contacts. To prevent this from happening, you need to send me 1000 (USD) in bitcoins.

Bitcoin wallet part 1: 1C1FfgyNsJGJZfuR2ePXxTraa

Bitcoin wallet part 2: CqE6WLWSM

Combine part 1 and part 2 with no space between them to get the full bitcoin wallet.

Quick tip! You can procure bitcoins from Paxful. Use Google to find it.Once I receive the compensation (Yes, consider it a compensation), I will immediately delete the videos, and you will never hear from me again. You have three days to send the amount. I will receive a notification once this email is opened, and the countdown will begin.

What we may perceive as a-dime-a-dozen, cookie-cutter blackmail email may be something new to someone, especially those who aren’t aware of such a charade. Make no mistake: Email scams that contain little to no threats towards recipients have worked repeatedly like a charm.

This is why it’s important to keep up with what’s happening in cybersecurity, how online threats affect aspects of our lives, and how we can better protect ourselves, our data, and the people around us from those who scare, threaten, and bluff their way into our wallets. Treat all emails like this with a healthy amount of skepticism and you should be able to really see the email as it truly is: a fake.

Malwarebytes has extensively written about Bitcoin sextortion scams through the years. And what we advised then is still relevant to these new sextortion scams.

Change your passwords—or, better yet, consider using a password manager to help you create and store more complicated passwords for you.

Always use multi-factor authentication (MFA) to add an extra step of security. Most companies with an online presence have this, so make full use of it.

Do not pay the scammer.

If you received a sextortion email at work, let your IT department know. If you’re in the United States, feel free to report this to the FBI’s IC3.

Our Director of Mac and Mobile, Thomas Reed, had drafted a post aimed at Mac users who have received such scammy emails but need guidance on what these are what they need to do.

Stay safe, as always, and remain vigilant.

---

Bitcoin addresses related to this scam (as of this writing):

• 1Nd3JST1daeyzmPovkRoemjysA6JfXjVRg
• 17qBCU7Y5yrS9eimxvydRYw3XNF9meuSCY
• 1C1FfgyNsJGJZfuR2ePXxTraaCqE6WLWSM

The post “I have full control of your device”: Sextortion scam rears its ugly head in time for 2021 appeared first on Malwarebytes Labs.

The post “I have full control of your device”: Sextortion scam rears its ugly head in time for 2021 appeared first on Malware Devil.

https://malwaredevil.com/2021/01/07/i-have-full-control-of-your-device-sextortion-scam-rears-its-ugly-head-in-time-for-2021-6/?utm_source=rss&utm_medium=rss&utm_campaign=i-have-full-control-of-your-device-sextortion-scam-rears-its-ugly-head-in-time-for-2021-6

XKCD ‘Egg Strategies’

via the comic delivery system monikered Randall Munroe resident at XKCD!

Permalink

The post XKCD ‘Egg Strategies’ appeared first on Security Boulevard.

Read More

The post XKCD ‘Egg Strategies’ appeared first on Malware Devil.

https://malwaredevil.com/2021/01/07/xkcd-egg-strategies/?utm_source=rss&utm_medium=rss&utm_campaign=xkcd-egg-strategies

ISC Stormcast For Thursday, January 7th, 2021 https://isc.sans.edu/podcastdetail.html?id=7318, (Thu, Jan 7th)

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Read More

The post ISC Stormcast For Thursday, January 7th, 2021 https://isc.sans.edu/podcastdetail.html?id=7318, (Thu, Jan 7th) appeared first on Malware Devil.

https://malwaredevil.com/2021/01/07/isc-stormcast-for-thursday-january-7th-2021-https-isc-sans-edu-podcastdetail-htmlid7318-thu-jan-7th/?utm_source=rss&utm_medium=rss&utm_campaign=isc-stormcast-for-thursday-january-7th-2021-https-isc-sans-edu-podcastdetail-htmlid7318-thu-jan-7th

2021-01-05 (Tuesday) – PurpleFox EK pushes NuggetPhantom malware

Read More

The post 2021-01-05 (Tuesday) – PurpleFox EK pushes NuggetPhantom malware appeared first on Malware Devil.

https://malwaredevil.com/2021/01/07/2021-01-05-tuesday-purplefox-ek-pushes-nuggetphantom-malware/?utm_source=rss&utm_medium=rss&utm_campaign=2021-01-05-tuesday-purplefox-ek-pushes-nuggetphantom-malware

ESB-2021.0073 – [Ubuntu] kernel: Multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2021.0073
               USN-4683-1: Linux kernel (OEM) vulnerability
                              7 January 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           kernel
Publisher:         Ubuntu
Operating System:  Ubuntu
Impact/Access:     Denial of Service        -- Existing Account
                   Access Confidential Data -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-28974  

Reference:         ESB-2021.0071
                   ESB-2021.0069
                   ESB-2020.4377

Original Bulletin: 
   https://ubuntu.com/security/notices/USN-4683-1

- --------------------------BEGIN INCLUDED TEXT--------------------

USN-4683-1: Linux kernel (OEM) vulnerability
07 January 2021

The system could be made to crash or expose sensitive information
under certain conditions.
Releases

  o Ubuntu 20.04 LTS

Packages

  o linux-oem-5.6 - Linux kernel for OEM systems

Details

Minh Yuan discovered that the framebuffer console driver in the Linux
kernel did not properly handle fonts in some conditions. A local attacker
could use this to cause a denial of service (system crash) or possibly
expose sensitive information (kernel memory).

Update instructions

The problem can be corrected by updating your system to the following package
versions:

Ubuntu 20.04

  o linux-image-5.6.0-1039-oem - 5.6.0-1039.43
  o linux-image-oem-20.04 - 5.6.0.1039.37

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References

  o CVE-2020-28974

Related notices

  o USN-4679-1 : linux-image-virtual, linux-image-generic,
    linux-image-5.4.0-1035-azure, linux-image-5.4.0-1031-kvm, linux-raspi,
    linux-image-lowlatency-hwe-18.04, linux-image-oracle,
    linux-image-5.4.0-1034-oracle, linux-kvm, linux-image-snapdragon-hwe-18.04,
    linux-azure, linux-image-virtual-hwe-18.04, linux-gcp, linux-oracle,
    linux-azure-5.4, linux-image-5.4.0-1026-raspi, linux-image-raspi-hwe-18.04,
    linux-image-azure, linux-image-raspi2, linux-image-5.4.0-1034-aws,
    linux-gke-5.4, linux-image-kvm, linux-image-generic-hwe-18.04,
    linux-image-lowlatency, linux, linux-image-generic-lpae, linux-image-gcp,
    linux-gcp-5.4, linux-aws, linux-aws-5.4, linux-raspi-5.4,
    linux-image-5.4.0-59-generic-lpae, linux-image-5.4.0-59-generic,
    linux-image-oem, linux-image-oem-osp1, linux-image-raspi,
    linux-image-5.4.0-59-lowlatency, linux-image-5.4.0-1033-gcp,
    linux-image-gke-5.4, linux-hwe-5.4, linux-image-aws, linux-oracle-5.4,
    linux-image-generic-lpae-hwe-18.04, linux-image-5.4.0-1033-gke
  o USN-4680-1 : linux-image-virtual, linux-image-generic,
    linux-image-4.15.0-1077-gke, linux-image-oracle, linux-kvm,
    linux-image-4.15.0-1082-kvm, linux-image-azure-lts-18.04,
    linux-image-gke-4.15, linux-azure-4.15, linux-azure,
    linux-image-powerpc64-emb, linux-image-4.15.0-129-generic,
    linux-image-powerpc-smp, linux-gcp, linux-oracle,
    linux-image-4.15.0-129-generic-lpae, linux-image-aws-hwe,
    linux-image-aws-lts-18.04, linux-image-azure, linux-image-gke,
    linux-image-raspi2, linux-image-generic-lpae-hwe-16.04, linux-hwe,
    linux-image-4.15.0-1091-gcp, linux-image-kvm,
    linux-image-virtual-hwe-16.04, linux-image-4.15.0-1062-oracle,
    linux-image-oracle-lts-18.04, linux-image-gcp-lts-18.04,
    linux-image-lowlatency, linux-image-powerpc-e500mc, linux,
    linux-image-4.15.0-1077-raspi2, linux-gcp-4.15, linux-image-generic-lpae,
    linux-image-gcp, linux-image-4.15.0-1091-aws, linux-aws,
    linux-image-4.15.0-1103-azure, linux-raspi2, linux-image-oem,
    linux-image-snapdragon, linux-image-4.15.0-129-lowlatency, linux-aws-hwe,
    linux-image-lowlatency-hwe-16.04, linux-image-generic-hwe-16.04,
    linux-snapdragon, linux-image-powerpc64-smp,
    linux-image-4.15.0-1094-snapdragon, linux-gke-4.15
  o USN-4681-1 : linux-image-virtual, linux-image-4.4.0-198-generic,
    linux-image-4.4.0-198-powerpc-e500mc, linux-image-powerpc64-smp-lts-xenial,
    linux-image-generic, linux-kvm, linux-image-powerpc64-emb,
    linux-image-virtual-lts-xenial, linux-image-powerpc-smp,
    linux-image-4.4.0-1147-snapdragon, linux-image-lowlatency-lts-xenial,
    linux-image-generic-lpae-lts-xenial, linux-image-4.4.0-1143-raspi2,
    linux-lts-xenial, linux-image-raspi2, linux-image-4.4.0-198-powerpc-smp,
    linux-image-kvm, linux-image-lowlatency, linux-image-powerpc-e500mc,
    linux-image-powerpc64-emb-lts-xenial, linux, linux-image-generic-lpae,
    linux-image-4.4.0-1119-aws, linux-aws, linux-image-4.4.0-1085-kvm,
    linux-image-powerpc-smp-lts-xenial, linux-raspi2,
    linux-image-4.4.0-198-powerpc64-smp, linux-image-4.4.0-1083-aws,
    linux-image-powerpc-e500mc-lts-xenial, linux-image-4.4.0-198-generic-lpae,
    linux-image-snapdragon, linux-image-generic-lts-xenial,
    linux-image-4.4.0-198-lowlatency, linux-image-aws,
    linux-image-4.4.0-198-powerpc64-emb, linux-snapdragon,
    linux-image-powerpc64-smp

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBX/ZnIeNLKJtyKPYoAQiKIBAAjp6BQFnx608bb4Ldj7hpyrCIDNENUQPm
yDKWNOMy+BrR3co+ARZeYr1vF16Mqb6KhVEek72VtwmBmX1bbNTM1JXL3TVUfuNc
6IX4Wxm5tHhMYJrApTeHa7/gohrOUk9K3XXn2KLj3sZvN0TbquQi6NUrY+hw9TM1
f/4nereWvR5ac0SWTBnfJ8AO9KMF1wPnf/Ig1YSAthM0NvVOS+h3P/kH/JGE52r9
4lki6KSy4F0UiNr6pAC2FD9qs4LJPrmOs4f9qEwvFYhN8pjKkxVPLCX+aIsc6++X
gub+WAkh9NmXGcDcnzqD/My3uPBh+qvCf1+veGV5yR1bPAXIQHjat1qqKvYU3iCT
F2h3p4OB6ZBOORW9nh6dY0AGXenBApYPAOhn/6xVkc4SXmAkLgvI1pZEDuSezd4x
BqNKqugVQFGLFzlDrkfPbYC+AwFp7pG5/mxdQ3FIbAC5aMckD2OJKEagkFqTHCCr
TFmp29oZ+88i64GlRljvcPN9EsQVUS/rBGdu6FU63nlc/LNSgZ/iFsQpVcr9CtEU
vzVcZsCrcacuRLcEUIGAplp2PHjscbqEX88sQzoH+wb1Xct0s8Wo5mYOHQ65cXjI
GgnNb+kLhoSaQttg1qz9gPq56CTprZofhyKyFBh+UeFdW2JBCc9mRp3F23mN9SxX
jC8PiL5f4YA=
=MKKU
-----END PGP SIGNATURE-----

Read More

The post ESB-2021.0073 – [Ubuntu] kernel: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2021/01/07/esb-2021-0073-ubuntu-kernel-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-0073-ubuntu-kernel-multiple-vulnerabilities

ESB-2021.0072 – [Linux] Liberty for Java : Multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2021.0072
  Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - Oct
         2020 - Includes Oracle Oct 2020 CPU minus CVE-2020-14782
                  affects Liberty for Java for IBM Cloud
                              7 January 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Liberty for Java
Publisher:         IBM
Operating System:  Linux variants
Impact/Access:     Modify Arbitrary Files   -- Remote/Unauthenticated
                   Denial of Service        -- Remote/Unauthenticated
                   Access Confidential Data -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-14798 CVE-2020-14797 CVE-2020-14796
                   CVE-2020-14792 CVE-2020-14782 CVE-2020-14781
                   CVE-2020-14779  

Reference:         ESB-2020.4526
                   ESB-2020.4454
                   ESB-2020.4389

Original Bulletin: 
   https://www.ibm.com/support/pages/node/6398384

- --------------------------BEGIN INCLUDED TEXT--------------------

IBM SDK, Java Technology Edition Quarterly CPU - Oct 2020 - Includes Oracle Oct
2020 CPU minus CVE-2020-14782 affects Liberty for Java for IBM Cloud

Document Information

Document number    : 6398384
Modified date      : 06 January 2021
Product            : Liberty for Java
Software version   : All
Operating system(s): Linux

Summary

Multiple vulnerabilities in IBM Java SDK affect Liberty for Java October 2020
CPU.

Vulnerability Details

CVEID: CVE-2020-14792
DESCRIPTION: An unspecified vulnerability in Java SE related to the Hotspot
component could allow an unauthenticated attacker to cause low confidentiality
impact, low integrity impact, and no availability impact.
CVSS Base score: 4.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
190110 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N)

CVEID: CVE-2020-14797
DESCRIPTION: An unspecified vulnerability in Java SE related to the Libraries
component could allow an unauthenticated attacker to cause no confidentiality
impact, low integrity impact, and no availability impact.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
190115 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)

CVEID: CVE-2020-14781
DESCRIPTION: An unspecified vulnerability in Java SE related to the JNDI
component could allow an unauthenticated attacker to obtain sensitive
information resulting in a low confidentiality impact using unknown attack
vectors.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
190099 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)

CVEID: CVE-2020-14779
DESCRIPTION: An unspecified vulnerability in Java SE related to the
Serialization component could allow an unauthenticated attacker to cause a
denial of service resulting in a low availability impact using unknown attack
vectors.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
190097 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID: CVE-2020-14798
DESCRIPTION: An unspecified vulnerability in Java SE related to the Libraries
component could allow an unauthenticated attacker to cause no confidentiality
impact, low integrity impact, and no availability impact.
CVSS Base score: 3.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
190116 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N)

CVEID: CVE-2020-14796
DESCRIPTION: An unspecified vulnerability in Java SE related to the Libraries
component could allow an unauthenticated attacker to obtain sensitive
information resulting in a low confidentiality impact using unknown attack
vectors.
CVSS Base score: 3.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
190114 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N)

Affected Products and Versions

+--------------------+----------+
|Affected Product(s) |Version(s)|
+--------------------+----------+
|Liberty for Java    |3.51      |
+--------------------+----------+

Remediation/Fixes

To upgrade to Liberty for Java v3.52-20201210-1626 or higher, you must re-stage
or re-push your application

To find the current version of Liberty for Java in IBM Cloud being used, from
the command-line Cloud Foundry client by running the following commands:

cf ssh  -c cat "staging_info.yml"

Look for the following lines:

{"detected_buildpack":"Liberty for Java(TM) (WAR, liberty-20.0.0_12,
buildpack-v3.51-20201113-1351, ibmjdk-1.8.0_sr6fp16-20200902, env)
","start_command":".liberty/initial_startup.rb"}

To re-stage your application using the command-line Cloud Foundry client, use
the following command:

cf restage 

To re-push your application using the command-line Cloud Foundry client, use
the following command:

cf push 

Workarounds and Mitigations

None

Get Notified about Future Security Bulletins

References

Complete CVSS v3 Guide
On-line Calculator v3

Off

Change History

06 Jan 2021: Initial Publication

Document Location

Worldwide

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBX/ZmueNLKJtyKPYoAQiuzA//csN1jd6N5tWhhWLvEtOOyvvHJGVisRII
+k2fiB0i+Ou+AGKI/KyGoqrVCmuqnWGObSuLgWAYjOxPXd8LnugWIdOX9QDi6fd8
IxQmzg1gnQzDYBdtecZey9h2T+Qm55yQyboOw926k8QR3+PzffpCQqeAk9px797D
FDdxbZluU4AH4xIt6sH8fWRPxvVAotE9yG0CcexY/KA7WCiLOLWKoHj5qhrTNhth
40PitwFn25FbbvzMG8NtFAxlcieqw/C+V23wV3y59DlG8j7q76jEz6fHjdLkNsFh
qyzhtpRIhqbMshhGdNtr9FBtkwSMjauZa2zEHroscpHmbebr+JsdtaTl1aCA+Rbm
S4PxgoRU8vwcGN3DSjoYCVVYLHLBlJ2Qk96XjzRYKtvJ+RKouPYWoMDrfYIDKyr4
kzkZGTC6LV0FuY0ez+/RwyeikehCt15dgzN6vYUO1cKXZQcN6Ul6Ev7rh9r2W1mZ
qROt3mc6ajIWH9swDhYVtEZo+SAkpMO3zD0/UfHz1O91f5P2Xzg7cItAKg5VywZq
l3DQ1hHEtVv5Anxes1UgSXstU0Ke53k4jZf/FcOFd47k50VJXr8HhRGpFCwdkVkv
6aJfg60hMRVWjMBM4uuRVDb5oLqjI9OzoldYGD+i07vvbozu+nH4ZxFusjygYc0R
jHxYKxOxNo8=
=lNx1
-----END PGP SIGNATURE-----

Read More

The post ESB-2021.0072 – [Linux] Liberty for Java : Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2021/01/07/esb-2021-0072-linux-liberty-for-java-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-0072-linux-liberty-for-java-multiple-vulnerabilities