October 20, 2023 at 02:36PM
SecurityWeek provides a weekly cybersecurity roundup, summarizing noteworthy stories. This week includes: Micfo LLC CEO sentenced to prison for wire fraud; energy industry services firm BHI Energy hacked, exposing PII and PHI of over 91,000 individuals; Moldovan national charged in the US for selling computer credentials; Indian national pleads guilty to computer-hacking scheme in the US; vulnerability in Synology NAS allows admin account takeover; flaws found in Amazon’s passkey implementation; CIA’s X account glitch leads to channel hijack; ‘admin’ remains the most popular password; FBI warns of cybercriminals targeting plastic surgery offices; Eastern European industrial companies targeted with updated MATA malware; threat actor infects secure USB drives at APAC governments.
From the meeting notes, here are the takeaways:
1. Micfo LLC CEO sentenced to prison for wire fraud: Amir Golestan, the CEO of Micfo LLC, has been sentenced to five years in prison for fraudulently obtaining over 735,000 IP addresses.
2. Energy industry services firm hacked: BHI Energy, based in Weymouth, Massachusetts, experienced a cyber incident in June 2023 that resulted in the exposure of personal and medical information belonging to more than 91,000 individuals.
3. Eastern European charged with selling computer credentials: Sandu Diaconu, a Moldovan national, has been charged in the US for operating an online portal for selling stolen credentials. Over 350,000 credentials for RDP and SSH access were found on the marketplace.
4. Indian national pleads guilty in US court to computer-hacking scheme: Sukhdev Vaid, from India, pleaded guilty to participating in a computer-hacking scheme to steal $150,000 from a 73-year-old woman in the US.
5. Admin credential leak flaw in Synology NAS DSM: A vulnerability in Synology’s DiskStation Manager (DSM) platform allowed attackers to reconstruct the administrator password and take over the admin account on certain versions of the software.
6. Amazon passkey implementation issues: Tech startup Corbado analyzed Amazon’s implementation of passkeys and identified issues leading to domain redirection, user confusion, and unnecessary verification steps. The implementation also lacked certain features.
7. X (formerly Twitter) glitch leads to CIA channel hijack: A bug on the CIA’s account on X allowed a security researcher to redirect contacts to a different domain than the CIA’s official Telegram channel.
8. ‘Admin’ still the most popular password: An analysis of over 1.8 million passwords revealed that ‘admin’ remains the most widely used password, despite industry efforts to promote stronger passwords.
9. Cybercriminals targeting plastic surgery: The FBI warns of increased cybercriminal interest in stealing personal and medical records from plastic surgery offices and patients. Attackers deploy malware through phishing emails and extort victims.
10. Eastern European industrial companies targeted with updated MATA malware: Spear-phishing emails targeting industrial companies in Eastern Europe were observed carrying new malware belonging to the MATA cluster, previously linked to the Lazarus hacking group.
11. Attackers infect secure USB drives at APAC governments: A skilled threat actor has been infecting secure USB drives used by government organizations in the APAC region, enabling them to infect air-gapped systems and harvest information.
These are the main stories and highlights from the meeting notes.