Round Up of Major Breaches and Scams
US prosecutors claim six people bribed corrupt Amazon insiders to rig the the web giant’s Marketplace in their favor and leak terabytes of data including some search algorithms. Amazon’s digital bazaar is open to third parties who can push their products on the e-commerce giant’s store, and even have Amazon do their deliveries. Amazon vets such vendors – who are known as “3Ps” – and then polices their activities on its platform.
President Donald Trump said Saturday he’s given his “blessing” to a proposed deal that would see the popular video-sharing app TikTok partner with Oracle and Walmart and form a U.S. company. Trump has targeted Chinese-owned TikTok for national security and data privacy concerns in the latest flashpoint in the rising tensions between Washington and Beijing. The president’s support for a deal comes just a day after the Commerce Department announced restrictions.
A group of hackers has leaked on Saturday the names and personal details of more than 1,000 high-ranking Belarusian police officers in response to violent police crackdowns against anti-government demonstrations. The leaked data included names, dates of birth, and the officers’ departments and job titles. Details for 1,003 police officers were leaked via a Google spreadsheet, with most of the entries being for high-ranking officers, such as lieutenants, majors, and captains.
The U.S. House of Representatives passed the IoT Cybersecurity Improvement Act, which is intended to improve the security of Internet of Things (IoT) devices in the country. The bipartisan bill, which was introduced in 2017 and reintroduced in 2019, will now have to pass the Senate. As per the proposed bill, all the IoT devices purchased by the government must fulfil minimum security requirements.
A newly discovered technique by a researcher shows how Google’s App Engine domains can be abused to deliver phishing and malware while remaining undetected by leading enterprise security products. Google App Engine is a cloud-based service platform for developing and hosting web apps on Google’s servers. While reports of phishing campaigns leveraging enterprise cloud domains are nothing new, what makes Google App Engine infrastructure risky in how the subdomains get generated and paths are routed.
Encrypted email service, Tutanota has experienced a series of DDoS attacks this week, first targeting the Tutanota website and further its DNS providers. This had caused downtime for several hours for millions of Tutanota users. The outage was further exacerbated by the fact that different DNS servers continued to cache the incorrect entries for the domain. Tutanota is a German provider of end-to-end encrypted email service with over 2 million users. The company is frequently cited alongside popular encrypted email providers like ProtonMail.
Twitter announced that it will adopt new security measures to protect high-profile accounts during the upcoming election in the United States. Twitter announced new measures to protect high-profile accounts during the upcoming US Presidential election. The types of accounts that are in this designated group are: US Executive Branch and Congress and US Governors and Secretaries of State.
Round Up of Major Malware and Ransomware Incidents
LockBit, a relatively new Ransomware that was first identified performing targeted attacks by Northwave Security in September 2019 veiled as.ABCD virus. The threat actors behind the ransomware were observed to be leveraging brute-force tactics and evasion-based techniques to infect computers and encrypt files until the victim pays the ransom. LockBit enables attackers to move around a network after compromising it quickly.
The Mozi botnet accounted for 90% of the IoT network traffic observed between October 2019 and June 2020, IBM reported. Mozi is an IoT botnet that borrows the code from Mirai variants and the Gafgyt malware, it appeared on the threat landscape in late 2019. The Mozi botnet was spotted by security experts from 360 Netlab, at the time of its discovery it was actively targeting Netgear, D-Link, and Huawei routers by probing for weak Telnet passwords to compromise them.
Capping off a busy week of charges and sanctions against Iranian hackers, a new research offers insight into what’s a six-year-long ongoing surveillance campaign targeting Iranian expats and dissidents with an intention to pilfer sensitive information. The threat actor, suspected to be of Iranian origin, is said to have orchestrated the campaign with at least two different moving using a wide arsenal of intrusion tools.
After the attack, the incident was reported to Delhi Police’s Special Cell and the case was registered under the Information Technology Act (IT Act). The attack came from an email, which upon opening by an employee – all data from the machine was stolen and encrypted. The National Informatics Center is a branch of the Ministry of Electronics and Information Technology (MEITY). The NIC is responsible for the government’s technical infrastructure and for the implementation and delivery of digital India initiatives.
IPG Photonics, a leading U.S. manufacturer of high-performance fiber lasers for diverse applications and industries was hit by a ransomware attack that disrupted its operations. IPG Photonics manufactures high-performance fiber lasers, amplifiers, and laser systems for diverse applications and industries. The company was founded in 1990 in Russia by physicist Valentin Gapontsev, it employs over 4,000 people and has a $1.3 billion revenue in 2019.
Round Up of Major Vulnerabilities and Patches
The US Cybersecurity and Infrastructure Security Agency (CISA) has taken the unusual step of issuing an emergency directive that gives US government agencies a four-day deadline to implement a Windows Server patch. The directive, issued on September 18th, demanded that executive agencies to take “immediate and emergency action” to patch CVE-2020-1472, the CVSS-perfect-ten-rated flaw that Dutch security outfit Secura BV said allows attackers to instantly become domain admin by subverting Netlogon cryptography.
Microsoft has acknowledged that changes introduced in recent Windows 10 2004 updates cause crashes on Lenovo ThinkPad laptops and has offered a workaround. After users installed the July’s Windows 10 2004 KB4568831 update, Lenovo ThinkPad users found that their laptops would crash with “SYSTEM_THREAD_EXCEPTION_NOT_HANDLED” and “0xc0000005 Access Denied” errors. Lenovo warned that ThinkPad models from 2019 and 2020 with Virtualization, could encounter crashes and other bugs.
The Department of Homeland Security’s cybersecurity division has ordered federal civilian agencies to install a security patch for Windows Servers, citing “unacceptable risk” posed by the vulnerability to federal networks. The DHS order was issued via an emergency directive, a rarely-used legal mechanism through which US government officials can force federal agencies into taking various actions.
Microsoft has released Sysmon 12, and it comes with a useful feature that logs and captures any data added to the Windows Clipboard. This feature can help system administrators and incident responders track the activities of malicious actors who compromised a system. Those not familiar with Sysmon, otherwise known as System Monitor, it is a Sysinternals tool that monitors Windows systems for malicious activity and logs it to the Windows event log.
Users of the Discount Rules for WooCommerce WordPress plugin are urged to apply a third and (hopefully) final patch. E-commerce sites using the WordPress plugin Discount Rules for WooCommerce are being urged to patch two high-severity cross-site scripting flaws that could allow an attacker to hijack a targeted site. Two fixes for the flaws, first available on Aug. 22 and second on Sept. 2, failed to patch the problem.