APT BEC Breach Bug CVE Data leak DDoS Hacking Misinformation Phishing RCE Scam Vulnerability

Barnes & Noble suffers cyberattack, exposes customer data, Carnival Corp. discloses data compromise, and more

Major cybersecurity events on 15th October 2020 (Morning Post): Iranian APT group Silent Librarian increases its spear phishing attacks, targets schools, universities. Travelex faces DDoS threats in an attempt to extort companies worldwide. Intel, Google urge users to update Linux kernel to version 5.9 or later.

Round Up of Major Breaches and Scams

Barnes & Noble hit by cyberattack that exposed customer data

U.S. Bookstore giant Barnes & Noble has disclosed that they were victims of a cyberattack that may have exposed customers’ data. Barnes & Noble is the largest brick-and-mortar bookseller in the United States, with over 600 bookstores in fifty states. The bookseller also operated the Nook Digital, which is their eBook and e-Reader platform. Since October 10th, users have been complaining on Nook’s Facebook page and Twitter that they could no longer access their library of purchased eBooks and magazine subscriptions.

JavaScript Used by Phishing Page to Steal Magento Credentials

Digital attackers created a Magento phishing page that used JavaScript to exfiltrate the login credentials of its victims. Sucuri came across a compromised website using the filename “wp-order.php” during an investigation. This phishing page hosted what appeared to be a legitimate Magento 1.x login portal at the time of discovery. In support of this ruse, it loaded its CSS code and images from the malicious domain orderline[.]club.

Iranian APT group hits schools, universities in global spear phishing attacks

The APT group known as Silent Librarian has increased its spear phishing attacks as schools and universities are back. The IT security researchers at Malwarebytes and Peter Kruse from the CSIS Security Group have reported on an Iranian APT (advanced persistent threat) group also known as Silent Librarian, TA407, and COBALT DICKENS that has been targeting schools and universities around the world with spear phishing attacks.

Travelex, Other Orgs Face DDoS Threats as Extortion Campaign Rages On

Companies worldwide have continued to receive extortion emails threatening to launch a distributed denial-of-service (DDoS) attack on their network, unless they pay up – with British foreign-exchange company Travelex reportedly being one recent high-profile threat recipient. Researchers said that since mid-August, several companies have been sent emails that warn that their company network will be hit by a DDoS attack in about a week. The initial ransom demand is set at 20 BTC and cybercriminals threaten to increase that ransom by 10 BTC for each day not paid, said researchers.

Carnival Confirms Passenger Data Compromised

Carnival Corporation has disclosed that passenger and employee data from three different cruise lines was accessed in a ransomware attack that took place in August. On August 15, the British-American cruise operator discovered that an unauthorized third party had compromised its computer system and downloaded data files. An update issued by the corporation yesterday states that personal data from passengers of Carnival Cruise Line, Holland America Line, and Seabourn was impacted in the August attack.

Cybercriminals Steal Nearly 1TB of Data from Miami-Based International Tech Firm

Databases of sensitive, financial and personally identifiable info and documents from Intcomex were leaked on Russian-language hacker forum after a ransomware attack. Hackers have stolen nearly a terabyte of data from a Miami-based tech firm, leaking a number of the pilfered files (including full credit-card information, scans of sensitive documents such as passports, bank statements and financial documents, and even customer databases) on a Russian hacker forum.

Round Up of Major Malware and Ransomware Incidents

Police Raided German Spyware Company FinFisher Offices

German investigating authorities have raided the offices of Munich-based company FinFisher that sells the infamous commercial surveillance spyware dubbed ‘FinSpy,’ reportedly in suspicion of illegally exporting the software to abroad without the required authorization. Investigators from the German Customs Investigation Bureau (ZKA) searched a total of 15 properties in Munich, including business premises of FinFisher GmbH, two other business partners, as well as the private apartments of the managing directors, from October 6 to 8.

Round Up of Major Vulnerabilities and Patches

Critical SonicWall VPN Portal Bug Allows DoS, Worming RCE

The CVE-2020-5135 stack-based buffer overflow security vulnerability is trivial to exploit, without logging in. A critical security bug in the SonicWall VPN portal can be used to crash the device and prevent users from connecting to corporate resources. It could also open the door to remote code execution (RCE), researchers said. The flaw (CVE-2020-5135) is a stack-based buffer overflow in the SonicWall Network Security Appliance (NSA).

Google, Intel Warn on ‘Zero-Click’ Kernel Bug in Linux-Based IoT Devices

Intel and Google are urging users to update the Linux kernel to version 5.9 or later. Google and Intel are warning of a high-severity flaw in BlueZ, the Linux Bluetooth protocol stack that provides support for core Bluetooth layers and protocols to Linux-based internet of things (IoT) devices. According to Google, the vulnerability affects users of Linux kernel versions before 5.9 that support BlueZ.

Microsoft Patches New Windows ‘Ping of Death’ Vulnerability

One of the vulnerabilities that Microsoft addressed as part of the October 2020 Patch Tuesday is a critical bug in Windows’ TCP/IP driver that could lead to the remote execution of code. Tracked as CVE-2020-16898, the issue is triggered when the TCP/IP stack doesn’t handle ICMPv6 Router Advertisement packets properly. An attacker could send specially crafted ICMPv6 Router Advertisement packets to a remote Windows machine to exploit the flaw and execute arbitrary code, Microsoft explains.