Categories
APT Breach Bug Cyber Security Data leak Espionage Hacking Malware RaaS Ransomware Scam Vulnerability

BrandBQ exposes 7 million customer records, Town Sports leaks personal data of 600,000 customers, and more

Major cybersecurity events on 28th September 2020 (Evening Post): Hacker (m1gh7yh4ck3r) uploads PDF documents to WHO, UNESCO websites. REvil ransomware deposits $1 million in Bitcoins for hacker recruitment drive. FinCEN outlines world’s biggest banks embezzle trillions for terrorists and drug cartels.

Round Up of Major Breaches and Scams

Putin proposes new information security collaboration to US, including no-hack pact for election

Putin is proposing a new cyber security collaboration with the United States, including a no-hack pact for the upcoming Presidential election. Russian Government has published a statement by President Vladimir Putin that proposes to the United States a comprehensive program of measures for restoring the Russia – US cooperation in information security. Russia was accused of interfering in the 2016 US presidential election, in February 2018 the special prosecutor Robert Mueller accused thirteen Russian nationals of tampering with the election and charged them with conspiring against the United States.

Fashion Retailer BrandBQ Exposes Seven Million Customer Records

A European fashion retailer has become the latest big-name brand to expose personal data on millions of its customers after misconfiguring a cloud database. Researchers at vpnMentor discovered the unencrypted Elasticsearch server on June 28 and parent company BrandBQ finally secured it around a month later, on August 20. The Krakow-based retailer operates online and physical stores across Eastern Europe, in: Poland, Romania, Hungary, Bulgaria, Slovakia, Ukraine and the Czech Republic. Its main brands are Answear and WearMedicine.com.

Personal data of 600,000 customers of U.S. fitness chain exposed Online

An unprotected database containing private data of Town Sports’ employees and members was leaked on the internet. A US-based fitness chain Town Sports International exposed personal records of over 600,000 employees and members on the internet due to a misconfigured database, reported Comparitech. Town Sports is a chain of gyms, spas, and fitness clubs with branches across the northeast U.S. and has around 600,000 members. The company owns many brand names, including Around the Clock Fitness, My Sports Clubs, Total Woman, and Lucille Roberts.

Hacker Uploads Documents to WHO, UNESCO Websites

A hacker has found a way to upload PDF files to the websites of several organizations, including the World Health Organization (WHO) and UNESCO. The attack, first reported by Cyberwarzone.com, does not appear particularly sophisticated and its impact is likely low, but the same vulnerabilities could have been exploited by more advanced threat actors for more serious attacks. The files were uploaded by a hacker who uses the online moniker m1gh7yh4ck3r.

Researchers Uncover Cyber Espionage Operation Aimed At Indian Army

Cybersecurity researchers uncovered fresh evidence of an ongoing cyberespionage campaign against Indian defense units and armed forces personnel at least since 2019 with an aim to steal sensitive information. Dubbed “Operation SideCopy” by Indian cybersecurity firm Quick Heal, the attacks have been attributed to an advanced persistent threat (APT) group that has successfully managed to stay under the radar by “copying” the tactics of other threat actors such as the SideWinder.

TikTok Gets Reprieve as Judge Halts Trump Download Ban

TikTok won a last-minute reprieve late Sunday as a US federal judge halted enforcement of a politically charged ban ordered by the Trump administration on downloads of the popular video app, hours before it was set to take effect. District Judge Carl Nichols issued a temporary injunction at the request of TikTok, which the White House has called a national security threat stemming from its Chinese parent firm’s links to the Beijing government.

World’s biggest banks helping criminals and terrorist embezzle money

The Financial Crimes Enforcement Network (FinCEN), a department within the Treasury has released a set of files outlining how some of the biggest banks in the world are moving trillions of dollars in transactions for presumed terrorists and drug cartels. However, FinCEN has no authority to stop such money laundering and the US government has yet to do anything either. BuzzFeedNews has written a tell-all piece, giving the names of some of the banks involved, including JPMorgan Chase, HSBC and Deutsche Bank.

Round Up of Major Malware and Ransomware Incidents

Suspicious logins reported after ransomware attack on US govt contractor

Executive guide Ransomware: One of the biggest menaces on the web Everything you need to know about ransomware: how it started, why it’s booming, how to protect against it, and what to do if your PC’s infected. Read More Customers of Tyler Technologies, one of the biggest software providers for the US state and federal government, are reporting finding suspicious logins and previously unseen remote access tools (RATs) on their networks and servers.

Safeguarding Schools Against RDP-Based Ransomware

How getting online learning right today will protect schools, and the communities they serve, for years to come. The FBI has issued a warning to US K-12 school districts, advising them that they are being targeted by cyberthieves and should take extra precautions to secure their networks. With schools around the world responding to COVID-19 restrictions by moving to online learning, millions of students and teachers are logging on to school networks for classes and assignments.

Mount Locker ransomware operators demand multi-million dollar ransoms

The operators behind new ransomware dubbed Mount Locker have adopted the same tactic of other gangs threatening the victims to leak stolen data. A new ransomware gang named Mount Locker has started its operations stealing victims’ data before encrypting. According to BleepingComputer, the ransomware operators are demanding multi-million dollar ransoms. Like other ransomware operators, it has been active since the end of July 2020.

REvil ransomware deposits $1 million in hacker recruitment drive

The REvil Ransomware (Sodinokibi) operation has deposited $1 million in bitcoins on a Russian-speaking hacker forum to prove to potential affiliates that they mean business. Many ransomware operations are conducted as a Ransomware-as-a-Service (RaaS), where developers are in charge of developing the ransomware and payment site, and affiliates are recruited to hack businesses and encrypt their devices.

UHS hospitals hit by reported country-wide Ryuk ransomware attack

Universal Health Services (UHS), a Fortune 500 hospital and healthcare services provider, has reportedly shut down systems at healthcare facilities around the US after a cyber-attack that hit its network during early Sunday morning. UHS operates over 400 healthcare facilities in the US and the UK, has more than 90,000 employees and provides healthcare services to approximately 3.5 million patients each year.

Round Up of Major Vulnerabilities and Patches

Twitter Says Bug Leading to API Key Leak Patched

Twitter last week started sending emails to developers to inform them of a vulnerability that might have resulted in the disclosure of developer information, including API keys. The issue, which has been fixed, potentially resulted in details about Twitter developer applications being stored in the browser’s cache when the app builders visited the developer.twitter.com website, the company said in an email sent to developers, which was shared online.