Round Up of Major Breaches and Scams
Even for veterans of cybercriminal investigations, the recent extortion of a psychotherapy practice in Finland has been unusual — and disturbing. Rather than sticking only to the common tactic of trying to shake down a breached organization, the attackers who stole tens of thousands of patient records from Vastaamo also demanded ransoms from individual people. In doing so, the thieves have been leveraging some of the most sensitive medical data imaginable, and making it difficult for victims to respond collectively.
The Iran-linked state-sponsored threat group known as Charming Kitten was observed targeting potential attendees of two major international conferences, Microsoft reports. Also referred to as Phosphorous, APT35, Ajax Security Team, ITG18, NewsBeef, and NewsCaster, the threat actor is believed to have been active since at least 2011, targeting entities in the Middle East, the United States, and the United Kingdom.
Taiwan’s UMC has pleaded guilty to trade secret theft in the United States and will pay a $60 million fine in a case where it was accused of helping a Chinese state-owned chipmaker steal secrets from Micron Technology Inc. The fine is the second-largest ever in a criminal trade secret prosecution, the U.S. Department of Justice (DOJ) said.
Educational institutions are being disproportionately targeted by spear-phishing attacks, according to a new study by Barracuda Networks. The security firm’s latest Threat Spotlight analysis found that in the period from June to September 2020, over 1000 schools, colleges and universities faced more than 3.5 million spear-phishing attacks. More than a quarter of these were business email compromise (BEC) attacks, a method which is over twice as likely to be used against educational institutions compared with an average organization across all sectors.
True is a social networking app which promises to ‘protect your privacy’. However, they recently experienced a security lapse which exposed one of their serves, resulting in the leakage of users private data, available on the internet for anyone to see. The data leak happened after one of the app’s dashboards databases was exposed to the internet without a password meaning that anyone was able to read, search or browse the database at will, including users private data which the app swears to protect.
Round Up of Major Malware and Ransomware Incidents
The US government has been forced to issue an alert to healthcare providers of a major new ransomware campaign that may impair their ability to treat COVID-19 patients. The joint alert, issued by the FBI and Cybersecurity and Infrastructure Security Agency (CISA) and the Department of Health and Human Services (HHS), claimed that attackers using the Ryuk variant were targeting the sector with TrickBot malware.
An active botnet comprising hundreds of thousands of hijacked systems spread across 30 countries is exploiting “dozens of known vulnerabilities” to target widely-used content management systems (CMS). The “KashmirBlack” campaign, which is believed to have started around November 2019, aims for popular CMS platforms such as WordPress, Joomla!, PrestaShop, Magneto, Drupal, Vbulletin, OsCommerence, OpenCart, and Yeager.
Round Up of Major Vulnerabilities and Patches
Motorola will push ThinkShield onto the business end of its smartphone portfolio, as an extension of the security and management programme on Lenovo’s laptop and desktop line. ThinkShield for mobile devices consists of four components, with the first being a “clean OS”. In practice, this means Motorola will avoid loading up devices with unnecessary non-stock software, from additional bloatware to UI overlays. This element feels somewhat redundant given that Motorola has historically shipped devices with a near-untouched Android experience, in stark contrast to rival vendors like Samsung and Huawei.
The newly discovered Firestarter malware uses Google Firebase Cloud Messaging to notify its authors of the final payload location. Even if the command and control (C2) is taken down, the DoNot team can still redirect the malware to another C2 using Google infrastructure. The approach in the final payload upload denotes a highly personalized targeting policy.
Threat actors have started to hunt for servers running Oracle WebLogic instances vulnerable to a critical flaw that allows taking control of the system with little effort and no authentication. The vulnerability leveraged in the attacks is CVE-2020-14882 with a severity rating 9.8 out of 10 that allows compromising systems via a simple HTTP GET request. Oracle fixed the vulnerability in this month’s release of Critical Patch Update (CPU), crediting security researcher Voidfyoo of Chaitin Security Research Lab for finding and reporting it.
Parked domains, which act as aliases and redirect to other websites, can send visitors to malicious or unwanted landing pages or turn entirely malicious at any point in time – as evidenced by a recent Emotet campaign, a separate effort abusing Comcast and McAfee brands, and an election-themed attack. Researchers at Palo Alto Networks in an analysis on Thursday noted that domain-parking usually happens in the service of advertising. If someone is searching for “Bread Depot,” the person may end up on Bread Depot.net instead of the official BreadDepot.com, because it popped up in the search results.