Round Up of Major Breaches and Scams
Experts warn of a new sophisticated phishing scheme for stealing Office 365 credentials from small and medium-sized businesses in the U.S. The new sophisticated phishing scheme was implemented by threat actors for stealing Office 365 credentials, it leverages both cloud services from Oracle and Amazon for their infrastructure.
A threat actor is currently selling passwords for the email accounts of hundreds of C-level executives at companies across the world. The data is being sold on a closed-access underground forum for Russian-speaking hackers.
Millions of family and friends, forced to spend Thanksgiving socially distant, are being targeted by cybercriminals as they turn to video platforms like Zoom to virtually be together. In this ongoing attack. Victims are targeted with a Zoom-related and Thanksgiving-specific hook reminiscent to ZoomBoming call it TurkeyBombing.
This week, British music streaming service, Last.fm has fixed a credential leakage issue that revealed admin username and password. The leak occurred due to a misconfigured PHP Symfony app running in “debug” mode and exposing profiler logs. With these credentials, attackers could’ve accessed and modified Last.fm user account details.
Round Up of Major Malware and Ransomware Incidents
Delaware County, Pennsylvania has paid a $500,000 ransom after their systems were hit by the DoppelPaymer ransomware last weekend. On Monday, Delaware County disclosed that they had taken portions of their computer network offline after discovering that their network was compromised.
The Dark Caracal APT group has carried out a series of attacks against multiple sectors using a new variant of a 13-year-old backdoor Trojan. The Dark Caracal is an APT group associated with the Lebanese General Directorate of General, in recent attacks it employed a new version of a 13-year-old backdoor Trojan dubbed Bandook.
Round Up of Major Vulnerabilities and Patches
An unofficial patch is now available through ACROS Security’s 0patch service for a zero-day vulnerability identified earlier this month in Windows 7 and Windows Server 2008 R2. The privilege escalation flaw exists because all users have write permissions for HKLM\SYSTEM\CurrentControlSet\Services\Dnscache and HKLM\SYSTEM\Current ControlSet\Services\RpcEptMapper, that could be used for code execution.