Round Up of Major Breaches and Scams
An APT known as TA2552 has been spotted using OAuth2 or other token-based authorization methods to access Office 365 accounts, in order to steal users’ contacts and mail. OAuth is an open standard for access delegation, commonly used as a way for people to sign into services without entering a password — using signed-in status on another, trusted service or website. The most visible example might be the “Sign in with Google” or “Sign in with Facebook” that many websites use in lieu of asking visitors to create a new account.
Social networking giant Twitter said today that it removed around 130 Iranian Twitter accounts for attempting to disrupt the public conversation during last night’s first Presidential Debate for the US 2020 Presidential Election. Twitter said it learned of the accounts following a tip from the US Federal Bureau of Investigations. “We identified these accounts quickly, removed them from Twitter, and shared full details with our peers, as standard,” the social network said today.
Australia’s Department of Foreign Affairs and Trade (DFAT) has just exposed personal details of over 1,000 citizens in an email. Australia has all-but-closed its borders during the COVID-19 pandemic, rationing the number of citizens who can fly into the country each day. That policy means the few airlines still flying sell their business class seats and not many more, leading to people holding cheaper tickets being bumped off flights and big backlogs of citizens trying to get home to mostly-COVID-free Australia.
A hacker group previously associated with the North Korean regime has been spotted launching spear-phishing attacks to compromise officials part of the United Nations Security Council. The attacks, disclosed in a UN report last month, have taken place this year and have targeted at least 28 UN officials, including at least 11 individuals representing six countries of the UN Security Council.
The US Department of Justice charged two men for their involvement in the fraudulent takeover of email and social media accounts owned by multiple National Football League (NFL) and the National Basketball Association (NBA) athletes. Between December 2017 and April 2019, Trevontae Washington from Louisiana and Ronnie Magrehbi from Florida allegedly compromised and took over Facebook, Twitter, Instagram, and Snapchat social media accounts of several professional and semi-professional football and basketball players.
Kylie Jenner’s makeup company has warned customers that their information may have been compromised in a recently detected security incident at a Canadian e-commerce merchant. Earlier this month, Shopify reported the theft, by members of its own support team, of transactional records belonging to up to 200 of the company’s merchants. The incident, which is now under investigation by the FBI, involved two Shopify employees who no longer have access to the company’s network.
Round Up of Major Malware and Ransomware Incidents
ESET researchers uncover a new version of Android spyware used by the APT-C-23 threat group against targets in the Middle East. We have discovered a previously unreported version of Android spyware used by APT-C-23, a threat group also known as Two-tailed Scorpion and mainly targeting the Middle East. ESET products detect the malware as Android/SpyC23.A. The APT-C-23 group is known to have used both Windows and Android components in its operations, with the Android components first described in 2017.
When the SunCrypt ransomware group opened a leak site where they listed victims who had not paid their ransom demands, they attracted public attention and demonstrated their ability to use the media to their advantage. BleepingComputer reported that SunCrypt operators had reached out to them to introduce themselves as part of the Maze cartel. Days later, BleepingComputer had to update their article with a statement that Maze had denied that SunCrypt was part of their cartel.
An adware family known primarily for distributing browser hijackers has been caught distributing full-blown malware, security researchers said today in a talk at the VirusBulletin 2020 security conference. “What’s dangerous about Linkury is how it uses its adware front as a gateway to propagate malware,” said Arun Kumar Shunmuga Sundaram & Rajeshkumar Ravichandran, two malware analysts at Indian security firm K7 Computing.
Round Up of Major Vulnerabilities and Patches
Scanner, which just became generally available, lets developers spot problems before code gets into production. A code-scanning capability that GitHub has been testing for the past several months is now generally available for organizations using the platform as part of their software development process. The scanner is based on CodeQL, a code analysis technology that GitHub acquired from its purchase of Semmle last year.
Google has released Chrome 86 for iOS today, and it fixes an annoying issue that caused a web page rendering issue after rotating the device to landscape and back to portrait. Since the release of Chrome 85, users have complained that when you rotate a web page from portrait to landscape and back to portrait, the page would show large margins and not render correctly. This bug is demonstrated in the following image, which shows the original rendering of the apple.com site in portrait mode, and then how it looks after changing its orientation to landscape and back to portrait.
Last week, the source code for MS Windows XP and Windows Server 2003 OSs were leaked online, now a developer successfully compiled them. Last week, the source code for Microsoft’s Windows XP and Windows Server 2003 operating systems was published as a torrent file on the bulletin board website 4chan. This is the first time that the source code of Microsoft’s 19-year-old operating system was leaked online.