Trial of Alleged Locky Ransomware Creator Gets Underway in Paris

Trial of Alleged Locky Ransomware Creator Gets Underway in Paris

Microsoft top brand for phishers, GravityRAT is now multi-platform, Albion gaming platform breached, Instagram leaks of minors' data probed by data authority, NCSC urges Sharepoint patch and more

(The biggest story of the day is yesterday’s massive indictment against alleged members of GRU’s Sandworm hacking group. Check out our special report and don’t miss my column at CSO today on this major cybersecurity development.)

The trial of the alleged creator of the Locky ransomware, a Russian man named Alexander Vinnik, is about to commence in Paris. Vinnik is alleged to have used the ransomware in a 135 million euros ($157 million) bitcoin fraud between 2016 and 2018 involving twenty victims who paid the ransom through a cryptocurrency exchange called BTC-e. Vinnik is also wanted for related crimes in the U.S. and Russia. (NICOLAS VAUX-MONTAGNY and SYLVIE CORBET / Associated Press)

Related: AFP, SecurityWeek, Tech Xplore, The Sun, Infosecurity Magazine, City A.M. - Technology, TechNadu,, Natasha Lomas – TechCrunch, RT News, Silicon Republic

Microsoft Is the Top Brand for Phishing

Microsoft is the leading brand when it comes to impersonations used for phishing, according to researchers at Check Point. Microsoft products and services featuring in nearly a fifth of all global brand phishing attacks in the third quarter of this year. (Tara Seals / Threatpost)

Related: Gadgets Now,, Cyber News Group, WinBuzzer, TechRepublic, Check Point, Neowin,  MSPoweruser

GravityRat Now Is Multi-Platform and Can Infect Android and macOS

The GravityRAT Remote Access Trojan (RAT), which has reportedly been under development by Pakistani hacker groups since 2015, used to focus on Windows computers only but now is multi-platform and can be used to infect Android and macOS as well, researchers at Kaspersky report. The spyware dropped by GravityRAT can be used for a range of attacks and commands including getting system information, searching for files, intercepting keystrokes, and executing arbitrary shell commands. (Sergiu Gatlan / Bleeping Computer)

Related: Dark Reading: Vulnerabilities / Threats, Threatpost, Security Affairs, SecurityWeek, BusinessLine - Home, Enterprise Times

Albion Gaming Platform Breached, Hacker Steals Usernames and Password Hashes

A hacker has breached the forum of the popular free medieval fantasy game Albion Online and stolen usernames and password hashes. The attacker harvested encrypted passwords hashed with the Bcrypt password-hashing function. Albion said the passwords can’t be used on the website but might be used to identify accounts with weak passwords. (Catalin Cimpanu / ZDNet)

Related: HOTforSecurity, Exploit One, TechNadu

Ireland’s DPC Opens Probes Into Instagram Leaks of Minors’ Data

Ireland’s Data Protection Commission (DPC) announced it is opening two probes into Facebook-owned Instagram a year after a U.S. data scientist David Stier warned Instagram that it is leaking contact information for minors. Stier says Instagram has failed to make the necessary changes to prevent the data from leaking. (James Titcomb / Telegraph)

Related: City A.M. - Technology, The Sun, Business Insider,  Associated Press Technology, Natasha Lomas – TechCrunch, Silicon Republic, TechNadu, Neowin

NCSC Warns Everyone to Immediately Patch Certain Sharepoint Versions

The UK’s National Cyber Security Center (NCSC) has issued an advisory that organizations should immediately patch certain versions of Microsoft Sharepoint to fix a vulnerability that could allow cybercriminals to execute code as an Administrator. The flaw, assigned CVE-2020-16952, has been discovered in SharePoint Foundation 2013 Service Pack 1, SharePoint Enterprise Server 2016, and SharePoint Server 2019 but not SharePoint online, which is part of Microsoft Office 365. (Jay Jay / Teiss)

Related: Infosecurity Magazine,, The Register, Computerworld Security

Other Cybersecurity Developments

  • “Big game hunter” ransomware group The Darkside, which goes after large corporate data networks for millions of dollars in ransom, said it has donated a part of its ransoms received to charity, including Children International, a non-profit for sponsoring children in extreme poverty, and The Water Project, a non-profit aiming to provide access to clean and reliable water across sub-Saharan Africa. Each organization received $10,000 last week according to transactions on the blockchain. (Catalin Cimpanu / ZDNet)
  • Days after issuing a massive set of Patch Tuesday fixes, Microsoft has issued out-of-band patches for security holes that can be exploited by maliciously crafted files to run malware on victims' computers. One is a flaw in Visual Studio that can allow remote code execution and the other is a memory-handling bug in the Windows 10 Codecs Library. (Iain Thomson / The Register)
  • A new form of malware dubbed Vizom has been using remote overlay attacks to strike Brazilian bank account holders, according to researchers at IBM. Using Vizom attackers can take over a compromised session and overlay content to trick victims into submitting access and account credentials for their bank accounts.  (Charlie Osborne / ZDNet) Related: Security Intelligence
  • London-based visual privacy and security start-up Pimloc has closed a seed round of approximately of approx. €1.5 million (or around $1.9 million) led by Amadeus Capital Partners with participation from Speedinvest and existing shareholders. Pimloc specializes in deep learning systems for security video and diverse image collections. (Charlotte Tucker / EU Startups) Related: Verdict,
  • A group of security companies headed by two of Australia's most experienced technology and cyber veterans called CyberCX has acquired two local cybersecurity firms from ASX-listed Vortiv Limited for AU$25 million (around $17.6 million USD). The two firms are Identity management company Decipher Works and cloud security specialists CloudTen. (Asha Barbaschow / ZDNet) Related: CRN

Never Give Away 15% of Your Password

We are going to just leave this right here…

Photo by Anthony DELANOIX on Unsplash

Read more