GoodWill ransomware forces victims to do good deeds/New Yorker sentenced to four years for credit card hack/FBI warns US colleges of Russian hackers

Plus:CISA adds more than 75 vulnerabilities to its known vulnerabilites catalog

Inside.com Part of   Network May 30, 2022

Presented by

Researchers have identified a new ransomware called "GoodWill", which forces its victims to donate money and clothes to the poor. The threat actor may be based in India according to authorities. More: The threat actor asks for social donations from its victims rather than money as ransom, making it a highly unusual case. GoodWill is written in .NET, as it was first identified in March 2022. The ransomware renders sensitive files inaccessible without decrypting them. The malware, which uses the AES algorithm for encryption, is unique in sleeping for 722.45 seconds to interfere with dynamic analysis. The encryption process is followed by displaying a multiple-paged ransom note that requires the victims to carry out three socially-driven activities to be able to obtain the decryption kit. The steps include donating new clothes and blankets to the homeless, taking five underprivileged children to Domino's Pizza, Pizza Hut, or KFC for a treat, and offering financial support to patients who need urgent medical attention but don't have the financial means to acquire it. Additionally, the victims are asked to record themselves during the activities and post the recordings on Facebook or Instagram, writing a specific line that says "How you transformed yourself into a kind human being by becoming a victim of a ransomware called GoodWill."

A 37-year-old man from New York was sentenced to four years in prison for using and selling stolen credit cards. He sold the information on the Infraud carding portal. More: John Telusma is one of 36 individuals U.S. authorities indicted in February 2018 for alleged roles in the Infraud Organization criminal enterprise. The operation was active from Oct. 2010 until Feb. 2018, when Infraud and its portal were taken down following a law enforcement operation. Out of 10,901 registered Infraud members in March 2017, 13 members were apprehended by law enforcement agencies in the United States and six other countries (Australia, the United Kingdom, France, Italy, Kosovo, and Serbia). The threat actors used malware to facilitate the acquisition, sale, and distribution of stolen identity information and payment cards, counterfeit documents, personally identifiable data, bank account, and credit account information. Infraud members caused victims losses of more than $568M, while the organization's members remained anonymous to each other to evade law enforcement.

A message from SECURITY COMPASS Have you given up on making your development team more productive? Figuring out the best approach to mature application security programs can be difficult, especially with increasing internal demands for a faster time to market. Many solutions claim to help organizations build more secure software. However, measuring the value provided by the solution compared to its economic and organizational cost can be difficult. That’s why Security Compass commissioned Forrester Consulting to conduct a Total Economic Impact™ study to examine the quantifiable ROI enterprises can realize by deploying SD Elements. According to this study, SD Elements enabled its users to decrease the time needed to develop security requirements for products by up to 90%. The study also found that organizations’ ROI could be as high as 332%, with a payback period of less than 6 months. If that sounds interesting to you, join experts from Forrester and Security Compass on June 1st at 2:00 p.m. (EST) and learn how organizations use SD Elements to: Reduce vulnerability remediation costs Improve productivity Reduce costs through automation And for a quick preview of the study’s results, see this infographic. Experience the study

FBI warned that Russian cybercrime forums are selling network credentials and virtual private network info from U.S. colleges and universities. The leaks could lead to hacks. More: The FBI stated that U.S. college and university credentials are being advertised across cybercrime forums. In May 2021, the FBI found more than 36,000 email and password combinations posted on publicly available instant messaging platforms. The information provided access to email accounts ending in .edu.  When hackers gain the login information, they can proceed to conduct brute-force credential stuffing attacks to break into victim accounts spanning multiple internet sites, and services. If attackers are successful in compromising a victim's account, they may steal information from the account, potentially re-selling credit card numbers and other personally identifiable information for money. Most of the credentials are stolen through spear-phishing, ransomware, or other cyberattacks. The use of these kinds of attacks on U.S. colleges and universities has become more prevalent over the last few years.  U.S. colleges and universities usually claim that they have no idea whether they have been hacked or if they have been a victim of a breach.

More than 75 vulnerabilities have been added to the Cybersecurity and Infrastructure Security Agency's Known Exploited Vulnerabilities Catalogue. Cisco, Microsoft, Adobe, and others are on the list. More: Many of the vulnerabilities range from 2010 to 2019, but one of the most recent examples is Cisco's IOS XR Open Port Vulnerability CVE-2022-20821. This flaw, which was patched on May 20, 2022, could allow an unauthenticated, remote attacker to access the Redis instance that runs within the NOSi container, a health device software package used for medical purposes. Among the new additions to the list are two 2021 Android Kernel vulnerabilities tracked as CVE-2021-1048 and CVE-2021-0920, and an Apple memory corruption vulnerability tracked as CVE-2021-30883. The list includes 34 flaws that were posted on May 25, 2022, 20 added on May 24, and another 21 previously added on May 24, 2022.

Microsoft says Android apps with millions of downloads are exposed to high-severity vulnerabilities. The flaws could potentially expose users to remote attacks. More: Microsoft's security team has uncovered high-severity vulnerabilities in a mobile framework owned by mce Systems and used by multiple large mobile service providers in pre-installed Android System apps that potentially exposed users to remote or local attacks. The vulnerabilities, which affected apps with millions of downloads, have now been patched. The company first found that the apps were embedded in the devices’ system image, suggesting that they were default applications installed by phone providers. All of these apps were available on the Google Play Store where they went through Google Play Protect’s automatic safety checks, but the checks failed to identify these types of issues. Microsoft discovered the vulnerabilities in Sep. 2021. The company shared its findings with mce Systems and affected mobile service providers through Coordinated Vulnerability Disclosure and Microsoft Security Vulnerability Research. The high-severity vulnerabilities have a CVSS score of 7.0-8.9 and are being tracked as CVE-2021-42598, CVE-2021-42599, CVE-2021-42600, and CVE-2021-42601. Zoom Out: Three weeks ago, Microsoft launched a cybersecurity services division, as its security business is growing faster than any of its main products.

Quick Hits: 64% of companies used this channel to generate nearly half of their revenue—and it’s not paid ads or content.* Icelander cybersecurity management platform Nanitor raised $1.7M in a private funding round. A nascent Linux-based botnet named Enemybot has expanded its capabilities to include recently disclosed security vulnerabilities. It uses these new capabilities to target web servers, Android devices, and content management systems. Nearly 100,000 NPM users' credentials were stolen in GitHub OAuth breach. The Space Systems Command rolled out a new process to assess the cybersecurity of commercial satellite operators that do business with the Defense Department. Financial institutions are leaving workers behind. Find out if you’re one of them.* *This is a sponsored post

Upcoming events at Inside May 31 - Ethereum Merge with Anthony Donofrio (Ethereum) (Register Here) June 01 - Selling Consumer Goods in Web3 (Register Here) June 07 - June 08 - Cloud Innovation Summit: See what high-performance cloud app dev looks like. (Register Here) * June 09 - Empowering Content Creators with No Code (Register Here) June 15 - Need To Know NoCoder - Artem Harutyunyan (bardeen.ai) (Register Here) June 16 - Future of the Art Market (Register Here) June 30 - HR Strategies to Retain Remote Employees (Register Here) *This is a sponsored listing

Arbër is an Inside writer who also has experience in entrepreneurship. He has experience covering Consumer Tech, Venture Capital, NFTs, Crypto, etc. Arbër holds a Bachelor's degree in Business from XAMK University in Finland. When he is not reading(and writing) business news, he chooses to watch sports or anime...and then read news about sports or anime. Editor Gregory Bridgman is a writer and researcher with an academic background in politics and the philosophy of science and technology. He holds a bachelor's degree in Political Science from the University of Cape Town and is currently completing a PhD at the University of Cambridge. He is interested in climate issues, technological changes, and the implications of the fourth industrial revolution.

Security Compass is on a mission to accelerate software time-to-market while managing risk.

767 Bryant St. #203, San Francisco, CA 94107 Copyright © 2022 Inside.com

Did someone forward this email to you? Head over to inside.com to get your very own free subscription! You received this email because you subscribed to Inside Security. Click here to unsubscribe from Inside Security list or manage your subscriptions.