Cyber Weekly Digest - Week #4

In this week's digest we dig into why one of the largest underground sites is closing down and how forum members are being targeting in the latest ransomware attack. Keep reading to find out about the biggest cyber security news from around the globe.

1. Joker's Stash, one of the largest underground sites for stolen credit card and identity data is closing.

One of the largest underground sites for selling stolen credit card and identity data, Joker's Stash has announced it will be closing as of mid-February. The announcement comes after a rough year for Joker's Stash after US and European authorities seized a number of its servers and customers complaining that data quality was decreasing. It is estimated that over the past few years Joker's Stash generated more than a billion dollars in revenue, which came from some of the high-profile breaches including Hilton Hotels, Saks Fifth Avenue and Whole Foods.

2. 1.9 million Pixlr user records have been posted for free on a hacker forum.

ShinyHunters shared a database containing 1,921,141 Pixlr user records consisting of email addresses, login names, SHA-512 hashed passwords, a user's country, whether they signed up for the newsletter, and other internal information. The breach appears to be legitimate as much of the exposed data has been confirmed as accurate; this means Pixlr users should immediately change their passwords.

3. Windows utility developer IObit's forum members have been targeted by DeroHE ransomware.

This week IObit forum members began receiving emails claiming to be from IObit stating that they are entitled to a free 1-year license to their software as a special perk of being a forum member. Included in the email is a 'GET IT NOW' link that redirects to a site distributing malicious files. Once executed, the DeroHE ransomware is installed. According to reports, the attack targeted all forum members.

4. Malwarebytes becomes the fourth major security firm targeted by the SolarWinds attackers.

Hackers breached Malwarebytes' internal systems by exploiting a dormant email protection product within its Office 365 tenant. After an investigation, it was found that the attacker was only able to gain access to a limited number of internal company emails. Malwarebytes said its intrusion is not related to the SolarWinds supply chain incident since it doesn't use any of SolarWinds software in its internal network.

5. Laptops given by the UK government to disadvantaged students are infected with malware.

This week teachers in Bradford found that some files found on the government-provided laptops were infected with malware. The malware found is Gamarue, popularly used by Russian cybercriminals. The Department of Education does not believe that the issue is widespread, however, are investigating as an urgent priority. The Department of Education has delivered more than 800,000 laptops and tablets to schools to help support students with remote education during the pandemic.