Dragos this morning reported that threat actor, "RASPITE," which Symantec has tracked as Leafminer in the Middle East, is operating against targets in Europe, East Asia, and North America. Operations against electrical utilities seem focused on the US.
Fin7, the organized cybercrime gang also known as Carbanak, saw three of its leaders picked up by European authorities and indicted in the US. The FBI's Seattle Field Office ran the US side of the investigation in cooperation with police in Spain, Poland, and Germany. The ringleaders, all Ukrainian nationals, are Dmytro Fedorov, Fedir Hladyr and Andrii Kopakov. Carbanak specialized in gaining access to businesses' point-of-sale systems through phishing emails. They stole credentials enabling them to load malware that gave them access to paycard data. They would then sell the data in carding black markets. Carbanak also stole and sold non-public and proprietary data.
Reddit was hacked, apparently due to a two-factor authentication failure. The data that were compromised were mostly old, dating to 2007, and therefore probably stale. With Reddit, however, the hack was a recent one, with unauthorized access achieved between June 14th and 18th of this year. The hackers defeated two-factor authentication via SMS interception. Reddit doesn't use SMS for two-factor authentication, employing tokens instead, but one of its providers apparently did use SMS. In addition to older backup files, June’s email digests, including usernames and emails, were exposed. Reddit's offering advice on how users may protect themselves.
Cisco will buy Duo Security for $2.35 billion in cash.