Round Up of Major Breaches and Scams
In recent days, the U.S. Department of Justice filed a temporary restraining order against registrar Namecheap to suspend a domain that was used to host fake COVID test kits, citing that, “NameCheap, Inc. plays a critical role in the scheme by serving as the domain registrar of the website, which allows potential victims to access the website.”
OGUsers, one of the most popular hacking forums on the internet, disclosed today a security breach, the second such incident in the past year. The attacker is believed to have stolen the details of more than 200,000 users, the latest user counter listed on the forum.
For the past two weeks, a hacker has been breaking into Elasticsearch servers that have been left open on the internet without a password and attempting to wipe their content, while also leaving the name of a cyber-security firm behind, trying to divert blame.
Round Up of Major Malware and Ransomware Incidents
Researchers uncovered a new wave of an APT campaign that target the Indian financial institutions with the powerful Crimson RAT to compromise the network devices and exfiltrate the sensitive data. The recently observed campaign has specifically targeted the Indian Financial institutions with spear-phishing emails.
The attack knocked out the city’s core systems, including its network of 185 surveillance cameras, Associated Press reported at the time. Allentown officials said Emotet was self-replicating and stealing employee login credentials. The city also revealed it paid Microsoft an initial $185,000 emergency response fee to “stop this hemorrhaging”. The rest of the $1m would go on recovery costs.
Cyber criminals are preying on anxieties around the coronavirus outbreak in an effort to maximise the impact of their attacks – with some operations intensifying ransomware and DDoS attacks at a time when remote access to computer networks and online services is more vital than ever.
Researchers at FortiGuard Labs on March 27 first observed the malicious COVID-19-themed scam, which claims to be from the WHO and attempts to address misinformation related to the pandemic to convince users it’s authentic. Instead, it sends an attachment that unleashes the infostealer LokiBot if downloaded and executed, according to a blog post published Thursday by threat analyst Val Saengphaibul.
The Docker cloud containerization technology is under fire, with an organized, self-propagating cryptomining campaign targeting misconfigured open Docker Daemon API ports. Thousands of container-compromise attempts are being observed every day as part of the campaign, according to Gal Singer, a security researcher at AquaSec. The effort has been ongoing for months.
A new version of the popular AnarchyGrabber Discord malware has been released that modifies the Discord client files so that it can evade detection and steal user accounts every time someone logs into the chat service.
Round Up of Major Vulnerabilities and Patches
A stored cross-site scripting (XSS) vulnerability in the Contact Form 7 Datepicker WordPress plugin will not receive a patch, leaving websites exposed to attacks, WordPress security firm Defiant reports. The plugin, designed to integrate with the Contact Form 7 contact form management plugin, had over 100,000 installations when the vulnerability was discovered. The authenticated XSS bug is considered high severity.
A white hat hacker says he has earned $75,000 from Apple for reporting several Safari vulnerabilities that can be exploited to hijack the camera and microphone of devices running iOS or macOS.
A big municipal government in the U.S. had just handed him the source code for software the city uses to manage contracts and track infrastructure projects. He unpacked the code, sifted through it, and found more than a dozen previously undisclosed vulnerabilities, or zero-days, that a hacker could exploit to manipulate data or dump user passwords. But it was more than just a catalog of bugs: Poring over the code, Rhoads-Herrera found the names of two other city governments that have used the software.