Law Enforcement Authorities Take Down Massive Identity Theft Marketplace
Read also: China-linked hackers attack telcos and network service providers using known bugs, a massive phishing campaign targets millions of Facebook users, and more.
Thursday, June 9, 2022
US authorities shut down the SSNDOB marketplace selling stolen personal data
SSNDOB, a dark web market that specialized in the sale of stolen personal data, has been dismantled and shut down as part of an international police operation conducted by law enforcement agencies from the US, Cyprus and Latvia.
SSNDOB operated through a series of websites and offered for sale stolen personal data, including names, dates of birth, email addresses, passwords, credit card numbers, and Social Security numbers. According to the US Department of Justice, the marketplace has listed the personal information of roughly 24 million US citizens, and has made more than $19 million in revenue.
Researchers at cryptocurrency analysis firm Chainalysis said they discovered financial ties between SSNDOB and Joker’s Stash, a now-defunct underground market for selling stolen credit card and identity information. Between December 2018 and June 2019, SSNDOB sent over $100,000 worth of Bitcoin to Joker’s Stash, suggesting there may have been some sort of relationship between the two shops, or they were run by the same owner.
Kinsing, Hezb, and Dark.IoT botnets target a recently disclosed Atlassian Confluence zero-day
Three botnets, Kinsing, Hezb, and Dark.IoT, have been observed using exploits for a recently patched zero-day vulnerability to infect Linux servers running unpatched Atlassian Confluence Server and Data Center software with malicious payloads.
Tracked as CVE-2022-26134, the zero-day flaw in question is an OGNL injection issue, which allows an unauthenticated user to execute arbitrary code on a Confluence Server or Data Center instance. The vulnerability impacts all supported versions of Confluence Server and Data Center.
Shortly after the bug has been publicly disclosed, proof-of-concept (PoC) exploits have been released, leading to a surge of exploitation attempts. As of June 7, over 800 unique IP addresses were observed exploiting the CVE-2022-26134 vulnerability.
A large-scale Facebook phishing campaign stole 1 million credentials in 4 months
A massive credential harvesting campaign has been uncovered that abused the Facebook and Messenger social media services to trick victims into visiting phishing pages in order to steal their account credentials. These stolen accounts were then used to send further phishing links to victims’ friends, generating substantial revenue through advertising.
Although the campaign has been active since 2021, it significantly peaked in April-May of 2022, potentially impacting millions of Facebook users. It was found that in 2021, 2.7 million users had visited one of the phishing portals, and this number had risen to 8.5 million in 2022, representing the tremendous growth of the campaign.
Google’s Android June 2022 security updates fix critical vulnerabilities
Google has released its June 2022 security updates for Android devices running versions 10, 11, and 12 that address over 40 security vulnerabilities, with several of them rated critical. Of the critical issues fixed this month, the most severe is CVE-2022-20127 in the System component which could lead to remote code execution with no additional execution privileges needed.
Two other critical-severity issues (CVE-2022-20140, CVE-2022-20145) also affect the System component and both could lead to elevation of privilege.
Another RCE vulnerability (CVE-2022-20130) resides in the Media Framework and could be abused for remote code execution on devices running Android 10 and later.
June 2022 security updates also address a critical flaw (CVE-2022-20210) in Unisoc chips publicly disclosed earlier this month. It was found that the vulnerability could be potentially used to disrupt the device’s radio communication through a malformed packet. A hacker or a military unit can leverage such a vulnerability to neutralize communications in a specific location, researchers warned.
Chinese cyber spies target telcos and network service providers using a slew of known bugs
US cybersecurity and intelligence authorities have released a joint security advisory to warn organizations and private business of China-based state-sponsored hackers that leverage known vulnerabilities in order to establish a broad network of compromised infrastructure.
According to the advisory, the hacker groups have exploited known security issues to compromise network devices ranging from unpatched small office/home office (SOHO) routers to medium and even large enterprise networks. A list of targeted devices includes the equipment manufactured by major industry providers like Cisco, Citrix, DrayTek, D-Link, Fortinet, MikroTik, Netgear, Pulse, QNAP, and Zyxel.
The advisory provides information about tactics, techniques, and procedures (TTPs) used by adversaries, as well as a list of the network device CVEs most frequently exploited by Chinese APT groups since 2020. In addition, it offers mitigation measures that would help organizations to reduce the risk of such attacks against their infrastructure.
What’s next:
- Follow ImmuniWeb on Twitter and LinkedIn
- Explore 20 use cases how ImmuniWeb can help
- Browse open positions to join our great Team
- See the benefits of our partner program
- Request a demo, quote or special price
- Subscribe to our newsletter
Application Security Weekly is a weekly review of the most important news and events in cybersecurity, privacy and compliance. We cover innovative cyber defense technologies, new hacking techniques, data breaches and evolving cyber law. 
