Threatpost

07 December 2019

• Email Voted a Weak Link for Election Security, with DMARC Lagging
  Most counties are not protected from impersonation-based spearphishing attacks.
• Feds Crack Down on Money Mules, Warn of BEC Scams
  Authorities say they have halted over 600 domestic money mules – exceeding the 400 money mules stopped last year.
• News Wrap: Authorities Target Evil Corp., Imminent Monitor, Money Mules
  In this past week, the authorities have cracked down on various BEC scams and cybercrime gangs.
• Linux Bug Opens Most VPNs to Hijacking
  In a coffee-shop scenario, attackers can hijack "secure" VPN sessions of those working remotely, injecting data into their TCP streams.
• Facebook Alleges Company Infiltrated Thousands for Ad Fraud
  Facebook has paid over $4 million to victims to reimburse them for the unauthorized ads purchased using their ad accounts.
• Stealthy MacOS Malware Tied to Lazarus APT
  Researcher discovered a MacOS trojan hiding behind a fake crypto trading platform believed to be the work of the state-sponsored North Korean hackers behind WannaCry.
• Ransomware Attack Hits Data Center Provider CyrusOne: Report
  Security experts say the incident shows that cybercriminals are using ransomware to hit companies where it hurts.
• AT&T, Verizon Subscribers Exposed as Mobile Bills Turn Up on the Open Web
  Names, addresses, phone numbers, call and text message records and account PINs were all caught up in a cloud misconfiguration.
• Feds Offer $5M Reward to Nab ‘Evil Corp’ Dridex Hacker
  Authorities cracked down on cybercrime group Evil Corp. with sanctions and charges against its leader, known for his lavish lifestyle.
• HackerOne Breach Leads to $20,000 Bounty Reward
  HackerOne has paid out $20,000 to a bounty hunter who discovered a session cookie issue, due to "human error," on the bug bounty platform.