Round Up of Major Breaches and Scams
China has arrested 109 individuals suspected of involvement in the PlusToken cryptocurrency fraud ring. South Korea-based PlusToken was marketed as a high-yield investment opportunity for traders interested in cryptocurrencies. 9% to 18% in monthly returns were dangled in front of investors mainly based in China and South Korea, who then stored Bitcoin (BTC), Ethereum (ETH), and EOS on the platform.
Alcohol delivery startup Drizly has suffered a major breach of customer data, with nearly 2.5 million accounts compromised in an incident discovered earlier this month. The firm — which describes itself as the world’s largest marketplace for beers, wines and spirits — partners with retail stores in over 100 North American cities. It has been emailing customers to warn them of a recent incident in which personally identifiable information (PII) but no financial data was compromised.
Round Up of Major Malware and Ransomware Incidents
In a press release last week, the Minister of Internal Affairs of Belarus announced the arrest of a 31-year-old man on charges of distributing the GandCrab ransomware. The man, whose name was not released, was arrested in Gomel, a small city in southeastern Belarus, at the intersection with the Russian and Ukraine border. Authorities said the man had no previous convictions prior to his arrest but had signed up on a hacking forum to become an affiliate for the GandCrab ransomware operation.
The Taiwanese vendor QNAP urges its users to update the Malware Remover app following the alert on the QSnatch malware. The Taiwanese company QNAP is urging its users to update the Malware Remover app to prevent NAS devices from being infected by the QSnatch malware. This week, the United States Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC) issued a joint advisory about a massive ongoing campaign spreading the QSnatch.
According to reports, Minnesota-based business travel company CWT is the latest victim of the latest trend in ransomware. In fact, we’re probably at the point where we need to stop calling them just “ransomware” attacks, because it’s increasingly common that there’s a lot more to these attacks than just locking you out of your files, which is how we usually think of ransomware. When ransomware first became big news, the crooks behind the crime deliberately chose to use in-place encryption to tie up your computer.
Round Up of Major Vulnerabilities and Patches
According to data collected by Google’s Project Zero security team, there have been 11 zero-day vulnerabilities exploited in the wild in the first half of the year. The current number puts 2020 on track to have just as many zero-days as 2019 when Google security researchers said they tracked 20 zero-days all of last year. Details about these zero-days have been obtained from a spreadsheet managed by Google security researchers, which the company made public available earlier this year.
The flaws have been confirmed by Grandstream, but no firmware update has yet been issued. Multiple high-severity vulnerabilities in the Grandstream HT800 series of Analog Telephone Adaptors (ATAs) threaten home office and midrange users alike, with outages, eavesdropping and device takeover. The HT800 series of ATAs is designed for everyone from home or small-office users to medium-sized businesses, looking to connect their analogue telephone devices to a VoIP network, unified communications system etc.
Early this morning, an urgent bug showed up at Red Hat’s bugzilla bug tracker—a user discovered that the RHSA_2020:3216 grub2 security update and RHSA-2020:3218 kernel security update rendered an RHEL 8.2 system unbootable. The bug was reported as reproducible on any clean minimal install of Red Hat Enterprise Linux 8.2. The patches were intended to close a newly discovered vulnerability in the GRUB2 boot manager called BootHole.
Update as of 10:00 A.M. PST, July 30, 2020: Our continued analysis of the malware sample showed adjustments to the details involving the URI and Shodan scan parameters. We made the necessary changes in this post. We would like to thank F5 Networks for reaching out to us to clarify these details. Following the initial disclosure of two F5 BIG-IP vulnerabilities on the first week of July, we continued monitoring and analyzing the vulnerabilities and other related activities to further understand their severities.
A new technique uses a simplified process of DLL hijacking and mock directories to bypass Windows 10’s UAC security feature and run elevated commands without alerting a user. Windows UAC is a protection mechanism introduced in Windows Vista and above, which asks the user to confirm if they wish to run a high-risk application before it is executed. As users are repeatedly asked to authorize legitimate processes, which can get annoying fast, starting with Windows 7, Microsoft introduced inbuilt “exceptions” within the UAC framework.