FBI warns of ‘large increase’ in sextortion attacks.

Hackers and creeps extorted $8 million from Americans over the first seven months of the year by threatening to publish sexual images unless victims paid a fee, according to figures from the Federal Bureau of Investigation.

The FBI bulletin published Thursday confirms what many cybercrime researchers may have already feared: Sextortion scams are prevalent, and profitable. More than 16,000 victims reported their issues to the FBI, with nearly half of the complaints coming from people between 20 and 39 years old.

continue reading: https://www.cyberscoop.com/fbi-sextortion-scams-losses-2021/

Over 60,000 Parked Domains Were Vulnerable to AWS Hijacking

Domain registrar MarkMonitor had left more than 60,000 parked domains vulnerable to domain hijacking.

MarkMonitor, now part of Clarivate, is a domain management company that “helps establish and protect the online presence of the world’s leading brands – and the billions who use them.”

Continue reading: https://www.bleepingcomputer.com/news/security/over-60-000-parked-domains-were-vulnerable-to-aws-hijacking/

Conti Ransomware Now Hacking Exchange Servers With Proxyshell Exploits

The Conti ransomware gang is hacking into Microsoft Exchange servers and breaching corporate networks using recently disclosed ProxyShell vulnerability exploits.

ProxyShell is the name of an exploit utilizing three chained Microsoft Exchange vulnerabilities (CVE-2021-34473, CVE-2021-34523, CVE-2021-31207) that allow unauthenticated, remote code execution on unpatched vulnerable servers.

continue reading: https://www.bleepingcomputer.com/news/security/conti-ransomware-now-hacking-exchange-servers-with-proxyshell-exploits/

Sacked Employee Deletes 21GB of Credit Union Files

A former credit union employee is facing a decade behind bars after pleading guilty to destroying large amounts of corporate data in revenge for being fired.

Juliana Barile, 35, of Brooklyn, submitted the plea at a federal court in Brooklyn on Tuesday, admitting to one count of computer intrusion arising from her “unauthorized intrusion into, and destruction of data” on her former employer’s computer system.

continue reading: https://www.infosecurity-magazine.com/news/sacked-employee-deletes-credit/

Critical Facilities and Services Disrupted/Degraded by Foreign Cyber Actors

U.S. private and public cybersecurity teams are detecting an increase in foreign-originated cyber incidents to include SolarWinds, Pulse Secure VPN, Microsoft Exchange server zero-day vulnerabilities, and ransomware infections. All these cyber events are occurring during peacetime and a global pandemic. The COVID-19 pandemic expanded the global digital footprint and introduced vulnerable platforms, while creating labor shortages in key sectors and altering traditional workflows.

continue reading: https://thescif.org/critical-facilities-and-services-disrupted-degraded-by-foreign-cyber-actors-b9468f461b29

Brute-Force Attacks Target Inboxes for Gift Card Data

Threat actors are compromising up to 100,000 inboxes daily in a campaign that targets gift card and customer-loyalty program data in hopes of reselling it or cashing in on freebies, a security researcher has found.

The actors behind the scam—outlined in a post by Brian Krebs on Krebs on Security—have been “mass-testing millions of usernames and passwords against the world’s major email providers each day” for the past three years, according to the post.

continue reading: https://threatpost.com/attacks-inboxes-gift-card/169187/

Confessions of a Ransomware Negotiator

Many people outside of IT believe computers will do away with jobs, but the current ransomware plague shows that new and more curious kinds of jobs are created at least as fast. So what sort of background sets you up to talk to people holding your data for ransom?

To find out, The Reg talked to Nick Shah of STORM Guidance, who says he acts as a conduit between victims and the extortionists.

continue reading: https://www.theregister.com/2021/09/03/how_to_be_a_ransomware/

Read more Cyber Security News at https://que.com/tag/cybersecurity/