Twitter CEO’s social media accounts hackedTwitter’s Jack Dorsey is the latest CEO to fall victim to OurMine’s [1] recent hacking campaign. Dorsey’s Twitter and Vine accounts were hacked, with the hacker group posting that they were ‘testing your security’ on Dorsey’s Twitter account. It is believed that hackers gained access to Dorsey’s Vine profile, from which they were able to post to his Twitter account.New Jigsaw ransomware decrypterCheck Point researchers have identified a new way to decrypt Jigsaw [2] ransomware through a weakness in how the ransomware handles the ransom payment. Contrary to other ransomware, Jigsaw does not use a Tor-based website for payment, but prints a Bitcoin wallet address to the victim along with a button to confirm payment. One the button is clicked, a request from the user’s computer to an online API is made to check if the payment has been received. Check Point created a tool that intercepts and mimics the positive API response, making the ransomware think that payment has been made, starting the decryption process and deleting itself from the system.More information here [3].Deric Lostutter charged over Anonymous Steubenville campaignDeric Lostutter has been charged in connection with a hacking campaign in 2012 related to the Steubenville rape case in Ohio. Lostutter, using the alias ‘KYAnonymous’, participated in the campaign that leaked evidence, including a video revealing the attackers’ identities and threatened action against the both the attackers and officials who helped to cover up the crime. Motion sensors in wearables could reveal ATM PINsResearchers at Binghamton University suggest that motion sensors in smartwatches and other wearable devices could be exploited to reveal PINs and passwords. If a device is infected with malware, attackers can retrieve information about hand movements when inputting PINs, reproduce them and recover the secret key. Researchers developed an algorithm that enabled them to estimate the distances and directions between keystrokes, which allowed them to determine PINs and passwords with an 80% success rate.Read the full study here [4].IS supporting hackers dump PII of U.S. business personnel directory The United Cyber Caliphate hacking group, known supporters of ISIL, have defaced a Nigerian-hosted website and posted an HTML file containing the personal information of approximately 1137 U.S.-based individuals. The dump includes names, companies, emails, addresses and phone numbers.More information here [5].Hotel chain hit with POS malwareLuxury hotel chain Omni Hotels & Resorts has revealed that a number of its 60 locations have been infected with POS malware. Discovery of the malware was first made by the company at its Dallas location on May 30th.The hotel chain has stated that the malware may have been in operation between December 23rd last 2015 and June 14th this year. One hacker, known as JokerStash, has sold more than 50,000 payment card numbers related to the breach.Pokemon Go infected with malwareProofpoint have discovered a malware-infected version of Nintendo’s new augmented reality Pokemon game that is set to infect Android phones worldwide. The security firm’s researchers found a version of the software that included a RAT, named Droidjack, which they say can give an attacker “full control over a victim’s phone.”The spread of the malware is a result of the game’s huge popularity and it only being available for download in certain countries. Gamers without download access to the game have taken to non-legitimate sources to get their hands on it.More details here [6].Zero-day vulnerabilities discovered in BMW web portal Benjamin Kunz Mejri, a security researcher for Vulnerability Lab, has published two zero-day vulnerabilities in BMW's ConnectedDrive web portal.The first flaw means that a user can get access to another customer’s Vehicle Registration Number. The unique sequence is used by the German vehicle manufacturer’s web service for a back-up of the ConnectedDrive settings. By doing this, a hacker could open e-mails, manage routes, and even lock/unlock a vehicle. The second vulnerability is a cross-site scripting bug to the password reset page, which could lead to phishing attacks, among with other computer-security issues. BMW is yet to release a statement on the matter.Hancitor and Ruckguv malware downloaders reappearResearchers at Proofpoint have discovered the re-emergence of two malware downloaders after they had disappeared for several months. Hancitor [7] (also known as Tordal and Chanitor) and Ruckguv [8] have been updated and found distributing both Pony [9] and Vawtrak [10] with increased functionality. Proofpoint claim that they have also been tracking an actor experimenting with various loaders, providing insights into these evolving components of malware ecosystems.More details here. [11]Hacker finds bug in Medium A hacker has found a bug in extended blog-post website Medium that allows hackers to edit or delete any post on the platform. The hacker in question, Philippines-based freelance penetration test and bug bounty hunter Allan Jay Dumanhug, has published further details via his blog [12]. Medium have since confirmed that the flaw has been fixed.The Silobreaker TeamDisclaimer: Although Silobreaker has relied on what it regards as reliable sources while compiling the content herein, Silobreaker cannot guarantee the accuracy, completeness, integrity or quality of such content and no responsibility is accepted by Silobreaker in respect of such content. Readers must determine for themselves what reliance they should place on the compiled content herein.
[1] https://my.silobreaker.com/view360.aspx?item=11_889029636#?q=Organization:%22OurMine%20Team%22&rd=true
[2] https://my.silobreaker.com/view360.aspx?item=11_994098809#?q=Keyphrase:%22Jigsaw%20Ransomware%22&rd=true
[3] http://news.softpedia.com/news/jigsaw-ransomware-defeated-free-decrypter-available-506162.shtml
[4] https://www.semanticscholar.org/paper/Friend-or-Foe-Your-Wearable-Devices-Reveal-Your-Wang-Guo/e867c843844a46d35434f01855d10d9738757037
[5] https://publicintelligence.net/fbi-cyber-caliphate-pii/
[6] https://www.proofpoint.com/us/threat-insight/post/droidjack-uses-side-load-backdoored-pokemon-go-android-app
[7] https://my.silobreaker.com/view360.aspx?item=11_825797094#?q=Keyphrase:%22Hancitor%22&rd=true
[8] https://my.silobreaker.com/view360.aspx?item=11_851306688#?q=Keyphrase:%22Ruckguv%22&rd=true
[9] https://my.silobreaker.com/view360.aspx?item=11_603005432#?q=Keyphrase:%22Pony%20Botnet%22&rd=true
[10] https://my.silobreaker.com/view360.aspx?item=11_623759270#?q=Keyphrase:%22Vawtrak%22&rd=true
[11] https://www.proofpoint.com/us/threat-insight/post/hancitor-ruckguv-reappear?utm_content=buffer15d5c&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
[12] https://medium.com/@atom/update-and-delete-any-story-of-any-user-on-medium-8b6a609c9bbe#.173cehyof