Categories
Breach Bug cryptominers CVE Cyber Security Data leak Hacking Malware RCE Scam Spoofing Trojan Vulnerability

Chinese hackers target Vatican despite public disclosure, MrbMiner malware hits MSSQL databases, and more

Major cybersecurity events on 16th September 2020 (Morning Post): Dunkin’ Donuts settles a lawsuit after failing to disclose 2015 data breach. Hackers face charges for defacing US websites following Soleimani killing. Billions of smartphones, tablets, laptops, and IoT devices vulnerable to BLESA.

Round Up of Major Breaches and Scams

Dunkin’ Donuts drops some dough to glaze over lawsuit accusing it of covering up customer account hacks

Dunkin’ Donuts today settled a lawsuit in which it was accused of hushing up the fact hackers siphoned its customers’ personal information from its systems in 2015. The US coffee-and-pastry slinger will refund said customers as part of an agreement that will end a lawsuit brought against it by New York. The US state claimed Dunkin failed to warn its sugar addicts that miscreants had gained access to their DD accounts, downloaded their details, and sold them on underground internet forums.

US charges two hackers for defacing US websites following Soleimani killing

The US Department of Justice has charged today two hackers with orchestrating a mass-defacement campaign against US websites following the killing of Iranian military general Qasem Soleimani by US forces earlier this year. According to an indictment unsealed today, the two hackers were identified as Behzad Mohammadzadeh (aka Mrb3hz4d), 19, from Iran, and Marwan Abusrour (aka Mrwn007), 25, from Palestine.

Public disclosure didn’t stop suspected Chinese hackers from targeting the Vatican

Hackers with suspected ties to the Chinese government kept up their operations in the weeks after they were caught targeting the Vatican, according to Recorded Future findings published Tuesday. Recorded Future researchers first called out the hacking group’s focus on the Vatican and Hong Kong’s Catholic Diocese in July, after which the hackers appeared to briefly pause their activity, in a likely effort to evade detection. But within two weeks RedDelta had resumed their activities.

The Central Bank of Russia spotted a fraud scheme using the voice menu of one of the banks

The Central Bank of Russia informed banks that fraudsters use the voice menu to get information about the status of customers’ accounts, using only the last four digits of the card. It all started with the fact that one of the credit organizations reported a sharp increase in the number of calls to customers from fraudsters, and the attackers knew the exact amount on the accounts. It turned out that the scammers made phone calls to the IVR system (Interactive Voice Response), replacing customer numbers.

Round Up of Major Malware and Ransomware Incidents

New MrbMiner malware has infected thousands of MSSQL databases

A new malware gang has made a name for itself over the past few months by hacking into Microsoft SQL Servers (MSSQL) and installing a crypto-miner. Thousands of MSSQL databases have been infected so far, according to the cybersecurity arm of Chinese tech giant Tencent. In a report published earlier this month, Tencent Security has named this new malware gang MrbMiner, after one of the domains used by the group to host their malware.

Round Up of Major Vulnerabilities and Patches

Billions of devices vulnerable to new ‘BLESA’ Bluetooth security flaw

Billions of smartphones, tablets, laptops, and IoT devices are using Bluetooth software stacks that are vulnerable to a new security flaw disclosed over the summer. Named BLESA (Bluetooth Low Energy Spoofing Attack), the vulnerability impacts devices running the Bluetooth Low Energy (BLE) protocol. BLE is a slimmer version of the original Bluetooth (Classic) standard but designed to conserve battery power while keeping Bluetooth connections alive as long as possible. Due to its battery-saving features, BLE has been massively adopted over the past decade.

IBM Spectrum Protect Plus Security Open to RCE

IBM has issued fixes for vulnerabilities in Spectrum Protect Plus, Big Blue’s security tool found under the umbrella of its Spectrum data storage software branding. The flaws can be exploited by remote attackers to execute code on vulnerable systems. IBM Spectrum Protect Plus is a data-protection solution that provides near-instant recovery, replication, reuse and self-service for virtual machines. The vulnerabilities (CVE-2020-4703 and CVE-2020-4711) affect versions 10.1.0 through 10.1.6 of IBM Spectrum Protect Plus.

Research Finds Nearly 800,000 Access Keys Exposed Online

When AWS keys were exposed in GitHub repositories, GitHub responded by invalidating those keys. Researchers at Digital Shadows have found that this proper action doesn’t end the issue of exposed keys as they have found almost 800,000 keys available on the Web. The researchers searched approximately 150 million entities across GitHub, GitLab, and Pastebin during a 30-day period in August and September to find the roughly 800,000 keys. They discovered that more than 40% of the keys were database keys while 38% were for cloud services.

Researcher hacked Facebook by exploiting flaws in MobileIron MDM

The researcher hacked Facebook after identifying and exploiting Unauthenticated RCE on MobileIron’s Mobile Device Management (MDM) used by the company’s employees. Not every time a platform is found vulnerable because of its own fault, at least not entirely. Sometimes, a third-party service may be used which has a negative ripple effect on user security. Such is the recent case of Facebook where a researcher Orange Tsai from DEVCORE found Facebook vulnerable to critical attacks because of a flaw in MobileIron.

Microsoft Releases Open Source Fuzzing Framework for Azure

Microsoft on Tuesday announced the release of Project OneFuzz, an open source fuzzing framework for Azure that the tech giant has been using internally for the past year to find and patch bugs. Fuzzing is used to find vulnerabilities and other bugs in software by injecting malformed data into the targeted application to see if it crashes or behaves unexpectedly, which could indicate the presence of a problem.