Categories
APT Breach Cyber Security DDoS Emotet Malware Phishing Ransomware RAT Spearphishing Trojan Vulnerability

NameCheap facilitates fake domains, Crimson RAT targets Indian Financial sector, Spearphishing spreads LokiBot, and more

Major cybersecurity events on 3rd April 2020: Domain names are leveraged to lure victims in the name of Coronavirus, NameCheap hosts one such domain. Hacking forum OGUsers gets hacked again. Self-replicating Emotet infects Microsoft client’s entire network. Researcher hacks iOS, macOS camera vulnerabilities, Apple awards $75,000.

Round Up of Major Breaches and Scams

Weaponizing domain names: how bulk registration aids global spam campaigns

In recent days, the U.S. Department of Justice filed a temporary restraining order against registrar Namecheap to suspend a domain that was used to host fake COVID test kits, citing that, “NameCheap, Inc. plays a critical role in the scheme by serving as the domain registrar of the website, which allows potential victims to access the website.”

Hacking forum gets hacked for the second time in a year

OGUsers, one of the most popular hacking forums on the internet, disclosed today a security breach, the second such incident in the past year. The attacker is believed to have stolen the details of more than 200,000 users, the latest user counter listed on the forum.

A hacker has wiped, defaced more than 15,000 Elasticsearch servers

For the past two weeks, a hacker has been breaking into Elasticsearch servers that have been left open on the internet without a password and attempting to wipe their content, while also leaving the name of a cyber-security firm behind, trying to divert blame.

Round Up of Major Malware and Ransomware Incidents

APT hackers attack Indian financial institutions to exfiltrate the sensitive data with Crimson RAT

Researchers uncovered a new wave of an APT campaign that target the Indian financial institutions with the powerful Crimson RAT to compromise the network devices and exfiltrate the sensitive data. The recently observed campaign has specifically targeted the Indian Financial institutions with spear-phishing emails. 

Microsoft: How one Emotet infection took out this organization’s entire network

The attack knocked out the city’s core systems, including its network of 185 surveillance cameras, Associated Press reported at the time. Allentown officials said Emotet was self-replicating and stealing employee login credentials. The city also revealed it paid Microsoft an initial $185,000 emergency response fee to “stop this hemorrhaging”. The rest of the $1m would go on recovery costs.

Ransomware and DDoS attacks: Cybercrooks are stepping up their activities in the midst of coronavirus

Cyber criminals are preying on anxieties around the coronavirus outbreak in an effort to maximise the impact of their attacks – with some operations intensifying ransomware and DDoS attacks at a time when remote access to computer networks and online services is more vital than ever.

Spearphishing campaign exploits COVID-19 to spread Lokibot infostealer

Researchers at FortiGuard Labs on March 27 first observed the malicious COVID-19-themed scam, which claims to be from the WHO and attempts to address misinformation related to the pandemic to convince users it’s authentic. Instead, it sends an attachment that unleashes the infostealer LokiBot if downloaded and executed, according to a blog post published Thursday by threat analyst Val Saengphaibul.

Self-propagating malware targets thousands of docker ports per day

The Docker cloud containerization technology is under fire, with an organized, self-propagating cryptomining campaign targeting misconfigured open Docker Daemon API ports. Thousands of container-compromise attempts are being observed every day as part of the campaign, according to Gal Singer, a security researcher at AquaSec. The effort has been ongoing for months.

Discord turned into an account stealer by updated malware

A new version of the popular AnarchyGrabber Discord malware has been released that modifies the Discord client files so that it can evade detection and steal user accounts every time someone logs into the chat service.

Round Up of Major Vulnerabilities and Patches

Unpatched flaw in discontinued plugin exposes WordPress sites to attacks

A stored cross-site scripting (XSS) vulnerability in the Contact Form 7 Datepicker WordPress plugin will not receive a patch, leaving websites exposed to attacks, WordPress security firm Defiant reports. The plugin, designed to integrate with the Contact Form 7 contact form management plugin, had over 100,000 installations when the vulnerability was discovered. The authenticated XSS bug is considered high severity.

Apple awards researcher $75,000 for camera hacking vulnerabilities

A white hat hacker says he has earned $75,000 from Apple for reporting several Safari vulnerabilities that can be exploited to hijack the camera and microphone of devices running iOS or macOS.

A researcher found zero-days in one city’s software. Then he realized the problem could be bigger

A big municipal government in the U.S. had just handed him the source code for software the city uses to manage contracts and track infrastructure projects. He unpacked the code, sifted through it, and found more than a dozen previously undisclosed vulnerabilities, or zero-days, that a hacker could exploit to manipulate data or dump user passwords. But it was more than just a catalog of bugs: Poring over the code, Rhoads-Herrera found the names of two other city governments that have used the software.