Round Up of Major Breaches and Scams
Yesterday almost $1 billion worth of cryptocurrency contained in a password-protected BitCoin wallet was moved to another wallet. Ahead of the 2020 Presidential election a mysterious transaction was noticed by cyber security experts and researchers. Someone has transferred almost $1 billion worth of cryptocurrency contained in a password-protected BitCoin wallet to another wallet. It is still unclear if the funds were transferred by the owner themselves, or if someone has hacked the wallet.
Pilot program again sparks privacy fears from ACLU as Amazon takes its partnership with law enforcement to the next level. Police in Mississippi are testing a program in which they can livestream video from Ring cameras installed at private homes and businesses. The move is sounding an alarm bell with the American Civil Liberties Union (ACLU) and other privacy advocates who have long disapproved of the Amazon-owned company’s alliance with law enforcement.
More than 23,000 hacked databases have been made available for download on several hacking forums and Telegram channels in what threat intel analysts are calling the biggest leak of its kind. The database collection is said to have originated from Cit0Day.in, a private service advertised on hacking forums to other cybercriminals. Cit0day operated by collecting hacked databases and then providing access to usernames, emails, addresses, and even cleartext passwords to other hackers for a daily or monthly fee.
A community website for cannabis growers has unwittingly exposed over 3.4 million user records, including information on individuals from countries where the plant is illegal, according to researchers. Bob Diachenko discovered the unprotected database on October 10, although it was indexed by the BinaryEdge search engine on September 22. It belonged to GrowDiaries, a site which allows users to share updates on their cannabis plants.
Round Up of Major Malware and Ransomware Incidents
As the developers of the Maze ransomware announce their exit from the malware scene, clients are now thought to be turning to Egregor as a substitute. The Maze group has been a devastating force for companies that have fallen victim to the cybercriminals over the past year. What has separated Maze in the past from many other threat groups are practices following infection. Maze would attack a corporate resource, encrypt files or just focus on stealing proprietary data, and then demanded payment in cryptocurrency.
Round Up of Major Vulnerabilities and Patches
We advised everyone to look for a Chrome or Chromium version number ending in .111, given that the previous mainstream version turned out to include a buffer overflow bug that was already known to cybercriminals. Loosely speaking, if the crooks get there first and start exploiting a bug before a patch is available, that’s known as a zero-day hole. The name comes from the early days of software piracy, when game hackers took brand new product releases and competed to see who could “crack” them first.
A researcher at cybersecurity services provider IOActive has identified a privilege escalation vulnerability in Windows that can be exploited by abusing games in the Microsoft Store. The flaw, tracked as CVE-2020-16877 and rated high severity, affects Windows 10 and Windows Server. It was patched by Microsoft with its Patch Tuesday updates for October 2020. Donato Ferrante, principal security consultant at IOActive and the researcher credited for reporting the vulnerability to Microsoft, this week published a blog post detailing CVE-2020-16877 and some theoretical attack scenarios.
The updates come on the heels of news of attacks exploiting another zero-day in Chrome in tandem with a previously-unknown Windows flaw. Two weeks after patching an actively-exploited vulnerability affecting Chrome for desktop, Google is squashing another zero-day bug in the browser’s version for Windows, macOS, and Linux, as well as pushing out an update for Chrome for Android that plugs yet another security loophole that is being exploited in the wild.