Categories
Breach Bug CVE Cyber Security Data leak Espionage Hacking Malware Misinformation Phishing Ransomware RAT Vulnerability Zero-day

Aarogya Setu code, back-end components exposed, Jack Daniel’s manufacturer suffers cyber attack, and more

Major cybersecurity events on 17th August 2020 (Morning Post): Prime Minister Narendra Modi announces new cybersecurity policy for India. Facebook fails to take action against hate speech, misinformation. FBI, NSA warns about Russian Linux malware attempting to steal files, take over devices.

Round Up of Major Breaches and Scams

U.S. spirits and wine giant hit by cyberattack, 1TB of data stolen

Brown-Forman, one of the largest U.S. companies in the spirits and wine business, suffered a cyber attack. The intruders allegedly copied 1TB of confidential data; they plan on selling to the highest bidder the most important info and leak the rest. Headquartered in Louisville, Kentucky, the company holds world-known whiskey and scotch brands like Jack Daniel’s, Woodford, Old Forester, Collingwood, Glenglassaugh, and Glendronach; Herradura, El Jimador, and Pepe Lopez tequila; Finlandia vodka, and Sonoma-Cutrer wines.

Indian Prime Minister Announces a New Cyber Security Policy for the Country

On the celebration of India’s 74th Independence Day, the Prime Minister of India Narendra Modi announced his plans about bring up a new cybersecurity policy for the country. While addressing the nation, in his speech he highlighted the threats radiating from cyberspace that could affect India’s society, economy, and development. He emphasized the fact that dangers from cyberspace can jeopardize every one of these parts of Indian life and they shouldn’t be taken for granted.

Facebook Struggles Against Hate Speech and Misinformation, Fails to Take Actions

In the last month, FB CEO Mark Zuckerberg and others met with civil rights activists to discuss FB’s way of dealing with the rising hate speeches on the platform. The activists were not too happy about Facebook’s failure to deal with hate speeches and misinformation. As it seems, the civil rights group took an ‘advertising boycott’ action against the social media giant and expressed their stark criticism.

Round Up of Major Malware and Ransomware Incidents

New Mac malware infects and spreads via Xcode projects

A number of Xcode projects have been found to contain malware that can attack Safari and other browsers, security researchers have revealed, with the discovery of XCSSET malware making its way into Mac software projects through largely unknown means. Researchers at Trend Micro discovered what the company describes as “an unusual infection related to Xcode developer projects,” where malware would incorporate itself into the project itself.

This surprise Linux malware warning shows that hackers are changing their targets

The revelation from the FBI and National Security Agency that Russian military intelligence has build malware to target Linux systems is the latest dramatic twist the unrelenting cyber security battle. The two agencies have revealed that Russian hackers have been using the previously-undisclosed malware for Linux systems, called Drovorub, as part of their cyber espionage operations. The malware allowed hackers to steal files and take over devices.

Business technology giant Konica Minolta hit by new ransomware

Business technology giant Konica Minolta was hit with a ransomware attack at the end of July that impacted services for almost a week, BleepingComputer has learned. Konica Minolta is a Japanese multinational business technology giant with almost 44,000 employees and over $9 billion in revenue for 2019. The company offers a wide variety of services and products ranging from printing solutions, healthcare technology, to providing managed IT services to businesses.

DHS CISA Warns of Phishing Emails Rigged with KONNI Malware

The US Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has published a security alert warning of cybercriminals using phishing emails to deploy KONNI malware on target machines. KONNI is a remote administration tool (RAT) attackers use to steal files, capture keystrokes, take screenshots, and execute malicious code on infected machines.

Round Up of Major Vulnerabilities and Patches

Canada suffers cyberattack used to steal COVID-19 relief payments

Canadian government sites used to provide access to crucial services for immigration, taxes, pension, and benefits have been breached in a coordinated attack to steal COVID-19 relief payments. The online portal referred to as GCKey is acritical single sign-on (SSO) system used by the public to access multiple Canadian government services. Over the weekend, the Office of the Chief Information Office of Government of Canada released a statement advising the public of the cyberattack the GCKey system had experienced.

Microsoft Put Off Fixing Zero Day for 2 Years

A security flaw in the way Microsoft Windows guards users against malicious files was actively exploited in malware attacks for two years before last week, when Microsoft finally issued a software update to correct the problem. One of the 120 security holes Microsoft fixed on Aug. 11’s Patch Tuesday was CVE-2020-1464, a problem with the way every supported version of Windows validates digital signatures for computer programs.

Critical Flaws in WordPress Quiz Plugin Allow Site Takeover

A plugin that is designed to add quizzes and surveys to WordPress websites has patched two critical vulnerabilities. The flaws can be exploited by remote, unauthenticated attackers to launch varying attacks – including fully taking over vulnerable websites. The plugin, Quiz and Survey Master, is actively installed on over 30,000 websites. The two critical flaws discovered by researchers include an arbitrary file-upload vulnerability as well as an unauthenticated arbitrary file deletion error.

An Alexa bug could have exposed your voice history to hackers

Smart-assistant devices have had their share of privacy missteps, but they’re generally considered safe enough for most people. New research into vulnerabilities in Amazon’s Alexa platform, though, highlights the importance of thinking about the personal data your smart assistant stores about you—and minimizing it as much as you can. Findings published on Thursday by the security firm Check Point reveal that Alexa’s Web services had bugs that a hacker could have exploited to grab a target’s entire voice history.

Aarogya Setu vulnerable? Drama over data firm’s contention

A cyber security firm said on Wednesday that it stumbled upon large parts of the government’s contact tracing app Aarogya Setu’s code and back-end components that could jeopardise the privacy of 150 million users after a government website appeared to have inadvertently uploaded log-in credentials used by the developers, triggering a war of words with the government before both sides retracted their claims.