Round Up of Major Breaches and Scams
A Chinese government-linked hacking group whose operatives have been indicted by the U.S. and sanctioned by the European Union is suspected in a year-long effort to steal sensitive data from numerous Japanese companies and their subsidiaries. The attackers, known as APT10 or Cicada, have been burrowing into the networks of companies in the automotive, pharmaceutical, and engineering sectors.
Hundreds of Tesla Powerwall Backup Gateways may have been exposed to remote hacker attacks from the internet, but Tesla says it has taken steps to reduce risks. Tesla Powerwall is an energy storage product for homes that uses a battery to store power from solar panels or the grid, ensuring that users continue to have power even during an outage.
Round Up of Major Malware and Ransomware Incidents
Ransomware-as-a-service (RaaS) operation called DarkSide is setting up a distributed storage system in Iran for storing data stolen from victims of its attacks. This could mean big trouble for organizations. If the model proves successful, other ransomware operators are likely to implement similar systems, making it even harder for defenders to prevent crooks from leaking sensitive corporate data stolen in ransomware attacks.
A sophisticated advanced persistent threat (APT) group believed to be operating out of China has been stealthily targeting Southeast Asian governments over the past three years, Bitdefender reports. Believed to be state-sponsored, the group was observed using numerous malware families, including the Chinoxy backdoor, PCShare RAT, and the FunnyDream backdoor.
Round Up of Major Vulnerabilities and Patches
Nearly two dozen application programming interfaces (APIs) across 16 different Amazon Web Services offerings can be abused to allow attackers to obtain the roster and internal structure of an organization’s cloud account in order to launch targeted attacks against individuals.
Unknown threat actors are scanning for WordPress websites with Epsilon Framework themes installed on over 150,000 sites and vulnerable to Function Injection attacks that could lead to full site takeovers. “So far today, we have seen a surge of more than 7.5 million attacks against more than 1.5 million sites targeting these vulnerabilities, coming from over 18,000 IP addresses,” Wordfence QA engineer and threat analyst Ram Gall said.
In May 2019, Microsoft disclosed the BlueKeep vulnerability, more than a year later over 245,000 Windows systems still remain unpatched. The issue is a remote code execution flaw in Remote Desktop Services (RDS) that can be exploited by an unauthenticated attacker by connecting to the targeted system via the RDP and sending specially crafted requests.