Categories
Breach CVE Cyber Security DDoS Malware Phishing Ransomware Vulnerability

Cisco phishing targets Webex users, 1.41M US Doctors data on hacker forum, 500,000 Zoom accounts sold on dark web, and more

Major cybersecurity events on 13th April 2020: The database of more than 1 million SCUF Gaming customers was exposed online. Two airport websites “SFOConnect.com” and “SFOConstruction.com” became targets of hackers. US consumers report $12M in COVID-19 scam losses. Oracle tackles a massive 405 bugs for its patch update.

Round Up of Major Breaches and Scams

1.1 Million Customers Records of SCUF Gaming Exposed Online

The database of more than 1 million customers was exposed online by ‘SCUF Gaming’, a subsidiary of Corsair that develops high-end gamepads for Xbox, PS4, and PC. The incident led to the exposure of clients’ names, payment info, contact info, repair tickets, order histories, and other sensitive information. Other data belonging to the company’s staff and internal API keys were also compromised as a result.

Cisco “critical security advisory” part of a phishing campaign ?

With this rise in online meetings and ongoing phishing campaign is affecting more and more users with a recycled Cisco security advisory that cautions of a critical vulnerability and further urges the victims to “update,” with the sole aim to steal their credentials for Cisco’s Webex web conferencing platform.

2 San Francisco Int. airport websites hacked with info-stealer code

According to a data breach notification released by authorities at the San Francisco International Airport, two airport websites “SFOConnect.com” and “SFOConstruction.com” became targets of hackers recently. The unknown hackers managed to insert data-stealing code into the sites to compromise credentials used by airport employees to access email and network accounts.

Hackers accessed staff mailboxes at Italian bank Monte dei Paschi

Italian state-owned bank Monte dei Paschi discloses a security breach, hackers have accessed the mailboxes of some employees and sent emails to clients.

The Dutch police took down 15 DDoS-for-hire services in a week

An operation conducted by Dutch authorities last week has shut down 15 DDoS-for-hire services (aka DDoS booters or DDoS stressor), states a press release published by Dutch police. The operation was conducted with the support of Europol, Interpol, and the FBI along with web hosting providers and domain registrars.

Danish pump maker DESMI reveals cyber attack

Global pump maker DESMI said on Friday it was hit by cyber attack and it was restoring its IT systems after the security incident. The attack took place on the night to Thursday, during Coronavirus pandemic employees at the company are working from home. All the systems at the company have been shut down following the cyber attack.

Doctors Community Medical Center Provides Notice of a Phishing Event

In January 2020, DCMC noticed suspicious activity within its payroll system. Upon investigation, hospital officials determined that a small number of employees had fallen victim to a phishing attack. By obtaining employees’ credentials in the phishing attack, the unauthorized third party was able to access employees’ payroll information and their email accounts.

Exclusive: Personal data of 1.41m US doctors sold on hacker forum

Cybercriminals are taking advantage of the Covid-19 pandemic. From selling fake Coronavirus vaccines and testing kits to setting up malware-infected fake live maps of the infection, crooks can go to any level to make cheap and quick bucks on hacker forums.

US consumers report $12M in COVID-19 scam losses since January

The U.S. Federal Trade Commission says that approximately $12 million were lost to Coronavirus-related scams according to consumer reports received since January 2020. “FTC has received more than 16K Coronavirus-related reports from consumers. Consumers reported losing a total of $12.78M to fraud w/ a reported median loss of $570,” said the agency today.

Over 500,000 Zoom accounts sold on hacker forums, the dark web

Over 500,000 Zoom accounts are being sold on the dark web and hacker forums for less than a penny each, and in some cases, given away for free. These credentials are gathered through credential stuffing attacks where threat actors attempt to login to Zoom using accounts leaked in older data breaches.

Hackers file fake tax returns in scheme to steal IRS refunds

Attackers tried obtaining large tax refunds by posing as clients of Weber and Company, the California-based accounting firm revealed last week. The scammers apparently accessed clients’ personal data — including, perhaps, Social Security numbers and bank account information — and used that to file fraudulent returns, Weber and Company said in a notification to California’s attorney general. The IRS and the FBI are investigating the matter, the company said.

Round Up of Major Malware and Ransomware Incidents

New Wiper Malware impersonates security researchers as prank

A malware distributor has decided to play a nasty prank by locking victim’s computers before they can start Windows and then blaming the infection on two well-known and respected security researchers. Over the past 24 hours, after downloading and installing software from what appears to be free software and crack sites, people suddenly find that they are locked out of their computer before Windows starts.

Sodinokibi Ransomware crew chooses Monero for ransom payments

The gang behind the Sodinokibi Ransomware has started accepting the Monero cryptocurrency instead of Bitcoin to make it harder investigation by law enforcement agencies. The crew is planning to doesn’t allow bitcoin payments in the future. The use of the Tor anonymized network to make Monero payments makes it impossible to trace the funds and attempt to de-anonymize the threat actors behind the campaign.

Overlay Malware Leverages Chrome Browser, Targets Banks and Heads to Spain

Researchers are warning of a remote overlay malware attack that leverages a fake Chrome browser plugin to target the accounts of banking customers in Spain. Grandoreiro is a type of remote overlay banking trojan, designed to help attackers overtake devices and display a full-screen overlay image when victim accesses their online banking account.

Round Up of Major Vulnerabilities and Patches

Oracle Tackles a Massive 405 Bugs for Its April Quarterly Patch Update

Oracle admins are staring down the barrel of a massive quarterly Critical Patch Update that includes 405 patches. Business software giant Oracle Corp. revealed 286 of those vulnerabilities are remotely exploitable across nearly two dozen product lines.

Critical Security Vulnerability Patched By VMware

VMware Inc. a publicly-traded software company recently fixed a critical security vulnerability that permitted the malicious attackers to access sensitive data. The vulnerability as indicated by them resides in the VMware Directory Service (vmdir) which is a part of vCenter Server version 6.7 on Windows and virtual appliances. Known and tracked as CVE-2020-3952, it is evaluated as critical and gets a CVSSv3 score of 10.