Round Up of Major Breaches and Scams
Canon’s image.canon cloud storage service has resumed operations after an almost six-day outage that led to data loss for stored images and videos. Image.canon is a cloud storage service that allows Canon wi-fi connected cameras to upload and temporarily store videos and pictures. As part of this service, Canon users also get 10GB of permanent storage that can be used to back up their most important videos and images.
Initially targeting Zoom users; the phishing scam aims for Outlook and Office365 credentials. As the digital world deals with the added responsibility of hosting more and more meetings online, popular video conferencing apps like Zoom and Microsoft Teams have increasingly come under fire from cybercriminals. With over 300 million participants every day, this makes Zoom a highly lucrative target for malicious elements. Keeping this in mind, researchers from INKY have revealed how the app is being subject to a dedicated phishing campaign in several countries designed to extract credentials from users.
On July 24, an archive with a database of motorists was put up for sale on one of the forums specializing in selling databases and organizing information leaks. It contains Excel files of about 1 million lines with personal data of drivers in Moscow and the Moscow region, relevant at the end of 2019. The starting price is $1.5 thousand. The seller also attached a screenshot of the table. So, the file contains the following lines: date of registration of the car, state registration plate, brand, model, year of manufacture, last name, first name and patronymic of the owner, etc.
Security researchers from threat intelligence firm Cyble have discovered user records of American online food ordering and delivery platform UberEats on DarkWeb. Another day, another data breach made the headlines, this time the alleged victim is UberEATS. UberEats is an American online food ordering and delivery platform launched by Uber in 2014. During the process of darkweb and deep web monitoring, the Cyble Research Team came across a threat actor who leaked user records of UberEATS.
Round Up of Major Malware and Ransomware Incidents
An Iranian hacking group known as Oilrig has become the first publicly known threat actor to incorporate the DNS-over-HTTPS (DoH) protocol in its attacks. Speaking in a webinar last week, Vincente Diaz, a malware analyst for antivirus maker Kaspersky, said the change happened in May this year when Oilrig added a new tool to its hacking arsenal. According to Diaz, Oilrig operators began using a new utility called DNSExfiltrator as part of their intrusions into hacked networks.
The WastedLocker ransomware is abusing a Windows memory management feature to evade detection by security software. Before we get to how WastedLocker is evading detection, it is necessary to understand how anti-ransomware solutions detect ransomware. Anti-ransomware solutions will monitor the operating system for file system calls traditionally used by ransomware when encrypting a file. As part of anti-ransomware solutions, security software will register a minifilter driver that allows it to monitor the system calls that are interacting with a file system in real-time.
Round Up of Major Vulnerabilities and Patches
A high severity bug found in Facebook’s official chat plugin for WordPress websites with over 80,000 active installations could allow attackers to intercept messages sent by visitors to the vulnerable sites’ owner. The Facebook Chat Plugin allows WordPress website owners to embed a chat pop-up to communicate with visitors in real-time through Facebook’s messaging platform for Facebook Pages. The plugin also comes with support for chat transcripts and makes it easy to set up auto-replies and FAQs.
A Node.js module downloaded millions of times has a security flaw that can enable attackers to perform a denial-of-service (DoS) attack on a server or get full-fledged remote shell access. Assigned CVE-2020-7699, the vulnerability lies in the “express-fileupload” npm component, which has been downloaded at least 7.3 million times from npm. The estimate is conservative as it does not take into account downloads from GitHub, mirror websites, and other cloned repositories.
Researchers at the Polytechnic University of Milan and cybersecurity firm Trend Micro have analyzed some of the most popular industrial programming languages and showed how they can open the door to attacks against robots and other programmable manufacturing machines. They have developed a worm to demonstrate the severity of their findings. The researchers analyzed programming languages from ABB, Comau, Denso, Fanuc, Kawasaki, Kuka, Mitsubishi, and Universal Robots.
An XSS bug and a PHP object-injection vulnerability are present in a plugin used by hundreds of thousands of websites. Newsletter, a WordPress plugin with more than 300,000 installations, has a pair of vulnerabilities that could lead to code-execution and even site takeover. The Newsletter plugin offers site admins a visual editor that can be used to create newsletters and email campaigns from within WordPress. According to Wordfence, the issues are a reflected cross-site scripting (XSS) vulnerability and a PHP object-injection vulnerability.