Round Up of Major Breaches and Scams
In a data breach notification sent to affected individuals and submitted to the California Attorney General, GE said an unauthorized party gained access to a Canon email account containing documents belonging to some of its employees. The breach occurred between February 3 and 14 and it resulted in the exposure of information belonging to current and former GE employees and beneficiaries entitled to benefits.
Hackers have compromised the website of the world-famous Tupperware brand and are stealing customers’ payment card details at checkout. The risk existed for a while as researcher’s attempts to alert the company remained unanswered. Some localized versions of the official Tupperware website were also running malicious code that skims credit card data.
Daniel’s Hosting (DH), the largest free web hosting provider for dark web services, has shut down today after getting hacked for the second time in 16 months, ZDNet has learned. Almost 7,600 dark web portals have been taken offline following the hack, during which an attacker deleted the web hosting portal’s entire database.
According to new BitDefender research, criminals have moved quickly to manipulate personal Wi-Fi routers in a wide swath of countries in Europe, as well as in the United States. Attackers have begun changing Domain Name System (DNS) settings in Linksys routers, pointing users to what they believe is a legitimate website that also includes a pop-up message with information about the pandemic.
Round Up of Major Malware and Ransomware Incidents
The threat actors behind the WordPress WP-VCD malware have started to distribute modified versions of Coronavirus plugins that inject a backdoor into a web site. The WP-VCD family of WordPress infections are distributed as nulled, or pirated, WordPress plugins that contain modified code that injects a backdoor into any themes that are installed on the blog as well as various PHP files.
Round Up of Major Vulnerabilities and Patches
Vulnerabilities that Videolabs recently addressed in its libmicrodns library could lead to denial of service (DoS) and arbitrary code execution, Cisco Talos’ security researchers warn. The most severe of the newly discovered vulnerabilities is an exploitable remote code execution bug in the label-parsing functionality of the library. It is tracked as CVE-2020-6072 and has a CVSS score of 9.8.
Earlier this year, state-backed Chinese hackers embarked on one of the most sweeping Chinese espionage campaigns FireEye has seen in years, according to new research the security firm published Wednesday. The campaign, which lasted between January 20 and March 11, targeted 75 organizations ranging in nearly every economic sector.
Microsoft has silently fixed the “items skipped during scan” Windows Defender bug that was causing some items to be excluded from scans if they were stored on a network device. The issue was fixed with the release of the KB4052623 update for the Windows Defender antimalware platform that will increment the scan engine’s version to 4.18.2003.8 and will prevent future notifications of files being skipped from appearing.
Security patches released this week by Apple for many of its products address a variety of vulnerabilities, including multiple issues that could lead to arbitrary code execution on the affected devices. A total of 27 bugs were squashed with the release of macOS Catalina 10.15.4, affecting components such as Bluetooth, Call History, CoreFoundation, FaceTime, Kernel, libxml2, Mail, sudo, and Time Machine, among others.