Round Up of Major Breaches and Scams
Brown-Forman, one of the largest U.S. companies in the spirits and wine business, suffered a cyber attack. The intruders allegedly copied 1TB of confidential data; they plan on selling to the highest bidder the most important info and leak the rest. Headquartered in Louisville, Kentucky, the company holds world-known whiskey and scotch brands like Jack Daniel’s, Woodford, Old Forester, Collingwood, Glenglassaugh, and Glendronach; Herradura, El Jimador, and Pepe Lopez tequila; Finlandia vodka, and Sonoma-Cutrer wines.
On the celebration of India’s 74th Independence Day, the Prime Minister of India Narendra Modi announced his plans about bring up a new cybersecurity policy for the country. While addressing the nation, in his speech he highlighted the threats radiating from cyberspace that could affect India’s society, economy, and development. He emphasized the fact that dangers from cyberspace can jeopardize every one of these parts of Indian life and they shouldn’t be taken for granted.
In the last month, FB CEO Mark Zuckerberg and others met with civil rights activists to discuss FB’s way of dealing with the rising hate speeches on the platform. The activists were not too happy about Facebook’s failure to deal with hate speeches and misinformation. As it seems, the civil rights group took an ‘advertising boycott’ action against the social media giant and expressed their stark criticism.
Round Up of Major Malware and Ransomware Incidents
A number of Xcode projects have been found to contain malware that can attack Safari and other browsers, security researchers have revealed, with the discovery of XCSSET malware making its way into Mac software projects through largely unknown means. Researchers at Trend Micro discovered what the company describes as “an unusual infection related to Xcode developer projects,” where malware would incorporate itself into the project itself.
The revelation from the FBI and National Security Agency that Russian military intelligence has build malware to target Linux systems is the latest dramatic twist the unrelenting cyber security battle. The two agencies have revealed that Russian hackers have been using the previously-undisclosed malware for Linux systems, called Drovorub, as part of their cyber espionage operations. The malware allowed hackers to steal files and take over devices.
Business technology giant Konica Minolta was hit with a ransomware attack at the end of July that impacted services for almost a week, BleepingComputer has learned. Konica Minolta is a Japanese multinational business technology giant with almost 44,000 employees and over $9 billion in revenue for 2019. The company offers a wide variety of services and products ranging from printing solutions, healthcare technology, to providing managed IT services to businesses.
The US Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has published a security alert warning of cybercriminals using phishing emails to deploy KONNI malware on target machines. KONNI is a remote administration tool (RAT) attackers use to steal files, capture keystrokes, take screenshots, and execute malicious code on infected machines.
Round Up of Major Vulnerabilities and Patches
Canadian government sites used to provide access to crucial services for immigration, taxes, pension, and benefits have been breached in a coordinated attack to steal COVID-19 relief payments. The online portal referred to as GCKey is acritical single sign-on (SSO) system used by the public to access multiple Canadian government services. Over the weekend, the Office of the Chief Information Office of Government of Canada released a statement advising the public of the cyberattack the GCKey system had experienced.
A security flaw in the way Microsoft Windows guards users against malicious files was actively exploited in malware attacks for two years before last week, when Microsoft finally issued a software update to correct the problem. One of the 120 security holes Microsoft fixed on Aug. 11’s Patch Tuesday was CVE-2020-1464, a problem with the way every supported version of Windows validates digital signatures for computer programs.
A plugin that is designed to add quizzes and surveys to WordPress websites has patched two critical vulnerabilities. The flaws can be exploited by remote, unauthenticated attackers to launch varying attacks – including fully taking over vulnerable websites. The plugin, Quiz and Survey Master, is actively installed on over 30,000 websites. The two critical flaws discovered by researchers include an arbitrary file-upload vulnerability as well as an unauthenticated arbitrary file deletion error.
Smart-assistant devices have had their share of privacy missteps, but they’re generally considered safe enough for most people. New research into vulnerabilities in Amazon’s Alexa platform, though, highlights the importance of thinking about the personal data your smart assistant stores about you—and minimizing it as much as you can. Findings published on Thursday by the security firm Check Point reveal that Alexa’s Web services had bugs that a hacker could have exploited to grab a target’s entire voice history.
A cyber security firm said on Wednesday that it stumbled upon large parts of the government’s contact tracing app Aarogya Setu’s code and back-end components that could jeopardise the privacy of 150 million users after a government website appeared to have inadvertently uploaded log-in credentials used by the developers, triggering a war of words with the government before both sides retracted their claims.