Round Up of Major Breaches and Scams
In a report produced for Facebook, an analysis firm said that Iranian hackers attempted to interfere in the 2014 Scottish independence referendum in favor of those wanting to leave in an attempt to break up the UK. The report said “covert assets” linked to Iran’s state broadcaster ran fake Facebook pages that produced memes, cartoons, and propaganda to bolster the pro-independence movement.
In a notification sent to users on May 8, City Index said that its network “was accessed by an unauthorized third party and client personal data may have been viewed.” Upon discovering the incident, it said it “shut down access to the server concerned and launched a full forensic investigation.” The incident took place on April 14.
Data belonging to nine million customers of the CDEC Express transportation service was put up for sale on the Web for 70 thousand rubles ($950). This is the largest leak of personal data in Russian delivery services
The claims have added fuel to tensions between the global superpowers, who have traded barbs over the origin of the pandemic that has killed 300,000 people. US authorities said Wednesday that Chinese hackers were trying to obtain coronavirus data on treatments and vaccines, warning the effort involved Chinese government-affiliated groups and others.
Business email compromise (BEC) attacks continue to be a thorn in companies’ sides, with the FBI in its IC3 annual cybercrime report saying that the attacks cost victims $1.7 billion in 2019. Making matters worse, BEC cybergangs are turning to new tactics and tricks to avoid detection and capitalize on existing victims.
MagBo, a shadowy online marketplace where hackers sell and buy hacked servers, is doing better than ever and has soared in popularity to become the largest criminal marketplace of its kind since its launch in the summer of 2018. Two years later, the MagBo portal has grown more than 14 times in size and is currently selling access to more than 43,000 hacked websites, up from the 3,000 sites listed in September 2018.
On Jan. 31, 2019, Wright County discovered unusual activity in an individual email account in the Wright County system (not the entire network or database). The county took immediate action, securing the email network and hiring a third-party computer forensics expert to conduct an investigation to determine whether personal information was involved.
Microsoft says that attackers have already adapted their phishing campaigns to use the newly updated design for Azure AD and Microsoft 365 sign-in pages. “Office 365 ATP data shows that attackers have started to spoof the new Azure AD sign-in page in multiple phishing campaigns,” Microsoft tweeted earlier. “We have so far seen several dozens of phishing sites used in these campaigns.”
New research published today by the Identity Defined Security Alliance (IDSA) has revealed that 79% of organizations have experienced an identity-related security breach in the last two years.
A threat actor is selling twenty-nine databases on a hacker forum that allegedly contains a combined total of 550 million stolen user records. The actor began selling these databases on May 7th, when they posted them on a well-known hacker where threat actors can buy each one individually.
Thieves spent months inside the networks of the world’s largest sovereign wealth fund before stealing $10 million in what the enterprise is describing as “a serious case of fraud.” The Norwegian Investment Fund, more commonly known as Norfund, announced Wednesday that scammers stole £8.2 million ($10 million) by spoofing an email address, then fabricating payment information and directing cash into their own account.
Round Up of Major Malware and Ransomware Incidents
Two construction firms that helped to build emergency hospitals to cope with the COVID-19 pandemic have been attacked by separate cyber-attacks, it has emerged. Bam Construct, which worked on the Yorkshire and Humber hospital, appears to have fallen victim to a ransomware attack, whilst Interserve, which worked on Birmingham’s NHS Nightingale, may have suffered a major data breach.
Elexon, a crucial middleman in the UK power grid network, reported that it fell victim to a cyber-attack earlier today. In a short message posted on its website, the company said the incident only impacted its internal IT network and employee laptops. The company didn’t specify the nature of the cyber-attack, but experts believe this is a ransomware incident due to the destructive nature of the attack.
A fresh malware trojan has emerged, built from the same code base as the stealthy COMPFun remote access trojan (RAT). The malware is using spoofed visa applications to hit diplomatic targets in Europe and may be the work of the Turla APT.
ProLock is a relatively new malware on the ransomware scene but has quickly attracted attention by targeting businesses and local governments and demanding huge ransoms for file decryption. Its most recent victim is Diebold Nixdorf, mostly known for providing automated teller machines (ATMs).
Round Up of Major Vulnerabilities and Patches
The plugin, Site Kit by Google, was designed to provide site admins with information on how people find and use their websites, providing insights from critical Google tools, straight to the WordPress dashboard. The plugin has over 400,000 active installations.
On May 11, 2020, the team behind ARCHER disabled access to the service due to a “security exploitation” on its login nodes. The team announced that jobs already running or queued would continue to run, although login has been disabled and no other jobs could be added.
Critical flaws have been discovered in a cybersecurity company’s next-generation firewall and VPN technology. Researchers at vpnMentor detected two vulnerabilities in cybersecurity devices developed by Cyberoam Technologies. Founded in 1999, Ahmedabad-based company Cyberoam was bought by British security software and hardware company Sophos Group plc in 2014.
One of the most serious of the flaws is CVE-2020-2018, which has a CVSS score of 9, and which allows an attacker with access to the Panorama management system’s interface to gain privileged access to managed firewalls. This authentication bypass issue affects the Panorama context switching feature, and the vendor says exploitation “requires some knowledge of managed firewalls.”