Categories
APT Breach Bug CVE Cyber Security Data leak DDoS Hacking Malware Phishing Ransomware Scam Vulnerability

Canon outage causes data loss, Fake Zoom meeting invitations phishing targets Microsoft credentials, and more

Major cybersecurity events on 5th August 2020 (Morning Post): American online food ordering and delivery platform UberEats falls prey to data breach. Oilrig, first publicly known threat actor to incorporate the DNS-over-HTTPS (DoH) protocol in attacks.

Round Up of Major Breaches and Scams

Suspicious Canon outage leads to image.canon data loss

Canon’s image.canon cloud storage service has resumed operations after an almost six-day outage that led to data loss for stored images and videos. Image.canon is a cloud storage service that allows Canon wi-fi connected cameras to upload and temporarily store videos and pictures. As part of this service, Canon users also get 10GB of permanent storage that can be used to back up their most important videos and images.

Fake Zoom meeting invitation phishing scam harvests Microsoft credentials

Initially targeting Zoom users; the phishing scam aims for Outlook and Office365 credentials. As the digital world deals with the added responsibility of hosting more and more meetings online, popular video conferencing apps like Zoom and Microsoft Teams have increasingly come under fire from cybercriminals. With over 300 million participants every day, this makes Zoom a highly lucrative target for malicious elements. Keeping this in mind, researchers from INKY have revealed how the app is being subject to a dedicated phishing campaign in several countries designed to extract credentials from users.

Personal data of one million Moscow car owners were put up for sale on the Internet

On July 24, an archive with a database of motorists was put up for sale on one of the forums specializing in selling databases and organizing information leaks. It contains Excel files of about 1 million lines with personal data of drivers in Moscow and the Moscow region, relevant at the end of 2019. The starting price is $1.5 thousand. The seller also attached a screenshot of the table. So, the file contains the following lines: date of registration of the car, state registration plate, brand, model, year of manufacture, last name, first name and patronymic of the owner, etc.

UberEats data leaked on the dark web

Security researchers from threat intelligence firm Cyble have discovered user records of American online food ordering and delivery platform UberEats on DarkWeb. Another day, another data breach made the headlines, this time the alleged victim is UberEATS. UberEats is an American online food ordering and delivery platform launched by Uber in 2014. During the process of darkweb and deep web monitoring, the Cyble Research Team came across a threat actor who leaked user records of UberEATS.

Round Up of Major Malware and Ransomware Incidents

Iranian hacker group becomes first known APT to weaponize DNS-over-HTTPS (DoH)

An Iranian hacking group known as Oilrig has become the first publicly known threat actor to incorporate the DNS-over-HTTPS (DoH) protocol in its attacks. Speaking in a webinar last week, Vincente Diaz, a malware analyst for antivirus maker Kaspersky, said the change happened in May this year when Oilrig added a new tool to its hacking arsenal. According to Diaz, Oilrig operators began using a new utility called DNSExfiltrator as part of their intrusions into hacked networks.

WastedLocker ransomware abuses Windows feature to evade detection

The WastedLocker ransomware is abusing a Windows memory management feature to evade detection by security software. Before we get to how WastedLocker is evading detection, it is necessary to understand how anti-ransomware solutions detect ransomware. Anti-ransomware solutions will monitor the operating system for file system calls traditionally used by ransomware when encrypting a file. As part of anti-ransomware solutions, security software will register a minifilter driver that allows it to monitor the system calls that are interacting with a file system in real-time.

Round Up of Major Vulnerabilities and Patches

Facebook plugin bug lets hackers hijack WordPress sites’ chat

A high severity bug found in Facebook’s official chat plugin for WordPress websites with over 80,000 active installations could allow attackers to intercept messages sent by visitors to the vulnerable sites’ owner. The Facebook Chat Plugin allows WordPress website owners to embed a chat pop-up to communicate with visitors in real-time through Facebook’s messaging platform for Facebook Pages. The plugin also comes with support for chat transcripts and makes it easy to set up auto-replies and FAQs.

NodeJS module downloaded 7M times lets hackers inject code

A Node.js module downloaded millions of times has a security flaw that can enable attackers to perform a denial-of-service (DoS) attack on a server or get full-fledged remote shell access. Assigned CVE-2020-7699, the vulnerability lies in the “express-fileupload” npm component, which has been downloaded at least 7.3 million times from npm. The estimate is conservative as it does not take into account downloads from GitHub, mirror websites, and other cloned repositories.

Legacy Programming Languages Pose Serious Risks to Industrial Robots

Researchers at the Polytechnic University of Milan and cybersecurity firm Trend Micro have analyzed some of the most popular industrial programming languages and showed how they can open the door to attacks against robots and other programmable manufacturing machines. They have developed a worm to demonstrate the severity of their findings. The researchers analyzed programming languages from ABB, Comau, Denso, Fanuc, Kawasaki, Kuka, Mitsubishi, and Universal Robots.

Newsletter WordPress Plugin Opens Door to Site Takeover

An XSS bug and a PHP object-injection vulnerability are present in a plugin used by hundreds of thousands of websites. Newsletter, a WordPress plugin with more than 300,000 installations, has a pair of vulnerabilities that could lead to code-execution and even site takeover. The Newsletter plugin offers site admins a visual editor that can be used to create newsletters and email campaigns from within WordPress. According to Wordfence, the issues are a reflected cross-site scripting (XSS) vulnerability and a PHP object-injection vulnerability.