Round Up of Major Breaches and Scams
U.S. system-on-chip (SOC) maker company MaxLinear disclosed that some of its computing systems were encrypted by Maze Ransomware operators last month, after an initial breach that took place around April 15. MaxLinear is a New York Stock Exchange-traded company and a provider of RF, analog, and mixed-signal integrated circuits.
VpnMentor’s security research team headed by Noam Rotem and Ran Locar has discovered an unprotected database online containing sensitive data of members of at least 9 datings and hook up apps. The exposed data comprises of sexually explicit images, private conversations, audio recordings, and other types of sensitive data.
An internal CIA report found that the majority of the agency’s top-secret hacking tools were improperly secured, including the use of shared administrator passwords and a lack of proper control over removable media. The report, released today by Sen. Ron Wyden (D-Ore.), found that it wasn’t until the tools were posted on WikiLeaks in 2017 that the agency learned of its data breach.
Online sports retailer Wiggle is investigating a suspected cyber-attack after receiving a series of complaints from customers. Concerns were raised after customers received emails confirming orders for items from Wiggle that they had not placed. The suspicious orders were set to be delivered to addresses that the confused customers did not recognize.
Round Up of Major Malware and Ransomware Incidents
Cosmetics giant Avon is recovering from a mysterious cyber-security incident that took place last week, on June 8, sources have told ZDNet. The company has filed documents with the US Securities Exchange Commission disclosing the incident on June 9, a day after the company first discovered issues with some of its IT infrastructure.
In a Form S-1 filed with the SEC today, DraftKings disclosed that SBTech, who they merged with in April, was hit by a ransomware attack at the end of March 2020. In April 2020, online fantasy sports leader DraftKings, online gambling technology provider SBTech, and Diamond Eagle Acquisition Corp (DEAC) finalized a three-way merger to operate under the name DraftKings Inc.
Round Up of Major Vulnerabilities and Patches
Malware distributors are abusing a DLL hijacking vulnerability in Apple’s Push Notification service Windows executable to install coin miners on users attempting to download copyrighted software. A common method of generating revenue on warez and crack sites, adult sites, video sharing sites, and file-sharing sites is to open low-quality web pages when a visitor attempts to view or download content.
Adobe patched 18 critical vulnerabilities Tuesday impacting key products Adobe After Effects, Illustrator, Premiere Pro, Premiere Rush and Audition. The out-of-band fixes address vulnerabilities allowing an attacker to execute arbitrary code, if bugs are exploited. In its security bulletin Adobe said it was not aware of any exploits in the wild for any of the bugs.
A security vulnerability in President Trump’s mobile campaign app exposed Twitter application keys and secrets, Google apps and maps keys and Branch.io keys in the Android APK file, researchers at Website Planet recently discovered.
Rumors began circulating on Twitter yesterday that the U.S. was under a massive DDoS attack. It turned out to be an outage on T-Mobile caused by a configuration error. It started with a tweet by an ‘Anonymous’ Twitter account that showed a “DDoS attack” map indicating that the USA was under a massive DDoS attack allegedly from China.