Categories
ACE Breach CVE Cyber Security Data leak Hacking Malware Phishing Ransomware Scam Vulnerability Zero-day

Animal Jam data breach impacts 46M accounts, Malicious Minecraft scams millions of users, and more

Major cybersecurity events on 12th November 2020 (Morning Post): RegretLocker ransomware encrypts virtual hard disks on Windows machines. Cobalt Strike toolkit source code allegedly leaked online. Intel fixes 95 vulnerabilities as part of November 2020 Patch Tuesday.

Round Up of Major Breaches and Scams

Animal Jam kids’ virtual world hit by data breach, impacts 46M accounts

The immensely popular children’s online playground Animal Jam has suffered a data breach impacting 46 million accounts. Animal Jam is a virtual world created by WildWorks, where kids can play online games with other members. Geared towards children ages 7 through 11, Animal Jam has over 300 million animal avatars created by kids, with a new player registering every 1.4 seconds. Yesterday, a threat actor shared two databases belonging to Animal Jam for free on a hacker forum that they stated were obtained by ShinyHunters.

Malicious Minecraft apps on Play Store scamming millions of users

Although these apps have been reported to Google, they are yet to be removed from the Play Store putting Minecraft users at risk of further scams. It’s true, gamers for some reason that has been largely un-understood by us normal people spend hundreds of dollars on buying games and the in-built features that accompany them. However, that’s not an open license to scam them, is it? In the latest, a report by Avast has revealed a range of apps that are fraudulently charging users on the Google Play Store posing as offering add-ons for the famous Minecraft game.

Round Up of Major Malware and Ransomware Incidents

Melbourne firm denies data stolen during ransomware attack

A spokesperson from Nexia Australia and New Zealand, a network of solutions-focused accountancy and consultancy firms, said the attack had taken place on 3 November and had been acted upon immediately. An external IT consultant, Systima, was called in to deal with the incident and the spokesperson claimed that a report from the firm and a report from the Vocus exchange dated 11 November showed that no data had been exfiltrated.

RegretLocker, new ransomware, can encrypt Windows virtual hard disks

Cybersecurity researchers discovered a new ransomware called RegretLocker that can quickly encrypt virtual had disks on Windows machines. Cybersecurity researchers discovered a new ransomware last month called RegretLocker that, despite a no-frills package, can do serious damage to virtual hard disks on Windows machines. Through a clever trick, RegretLocker can bypass the often-long encryption times required when encrypting a machine’s virtual hard disks, and it can close any files currently opened by a user to then encrypt those files, too.

Alleged source code of Cobalt Strike toolkit shared online

The source code for the widely-used Cobalt Strike post-exploitation toolkit has allegedly been leaked online in a GitHub repository. Cobalt Strike is a legitimate penetration testing toolkit that allows attackers to deploy “beacons” on compromised devices to remotely “create shells, execute PowerShell scripts, perform privilege escalation, or spawn a new session to create a listener on the victim system.”

Ransomware Attack on Medical Billing Company

An Iowa medical billing and reimbursements services company is boosting its cybersecurity after suffering a ransomware attack. An unknown threat actor hit Timberline Billing Service LLC with malware between February 12 and March 4, 2020. After gaining access to the company’s network, the attacker encrypted files and removed information. Timberline said it was unable to determine precisely what data was exfiltrated, but a review of the files that could have been accessed concluded that current and former students in schools served by the company may have been impacted.

Round Up of Major Vulnerabilities and Patches

Google patches two more Chrome zero-days

Google has released today Chrome version 86.0.4240.198 to patch two zero-day vulnerabilities that were exploited in the wild. These two bugs mark the fourth and fifth zero-days that Google has patched in Chrome over the past three weeks. The difference this time is that while the first three zero-days were discovered internally by Google security researchers, these two new zero-days came to Google’s attention after tips from anonymous sources.

Intel fixes 95 vulnerabilities in November 2020 Platform Update

Intel addressed 95 vulnerabilities as part of the November 2020 Patch Tuesday, including critical ones affecting Intel Wireless Bluetooth products and Intel Active Management Technology (AMT). The issues were detailed in the 40 security advisories published by Intel on its Product Security Center, with the company having delivered security and functional updates to users through the Intel Platform Update (IPU) process.

Google and Mozilla fixed issues exploited at 2020 Tianfu Cup hacking contest

Mozilla and Google have already fixed the critical flaws in Firefox and Chrome exploited by bug bounty hunters at 2020 Tianfu Cup hacking contest. Mozilla and Google have already addressed the critical Firefox and Chrome vulnerabilities that were recently exploited by white hat hackers at the 2020 Tianfu Cup hacking contest. The vulnerability in Chrome exploited by hackers at the 2020 Tianfu Cup, tracked as CVE-2020-16016, is an inappropriate implementation issue that resided in the base component. Google addressed the flaw with the release of Chrome 86.

Office November security updates fix remote code execution bugs

Microsoft has released the November 2020 Office security updates with a total of 22 updates and 5 cumulative updates for 7 different products, fixing 14 vulnerabilities with five of them potentially enabling remote attackers to execute arbitrary code on vulnerable systems. The highlight of this month’s Office security updates is CVE-2020-17061, a high severity Microsoft SharePoint vulnerability discovered by Oleksandr Mirosh from Micro Focus Fortify that leads to remote code execution (RCE).