Round Up of Major Breaches and Scams
The database of more than 1 million customers was exposed online by ‘SCUF Gaming’, a subsidiary of Corsair that develops high-end gamepads for Xbox, PS4, and PC. The incident led to the exposure of clients’ names, payment info, contact info, repair tickets, order histories, and other sensitive information. Other data belonging to the company’s staff and internal API keys were also compromised as a result.
With this rise in online meetings and ongoing phishing campaign is affecting more and more users with a recycled Cisco security advisory that cautions of a critical vulnerability and further urges the victims to “update,” with the sole aim to steal their credentials for Cisco’s Webex web conferencing platform.
According to a data breach notification released by authorities at the San Francisco International Airport, two airport websites “SFOConnect.com” and “SFOConstruction.com” became targets of hackers recently. The unknown hackers managed to insert data-stealing code into the sites to compromise credentials used by airport employees to access email and network accounts.
Italian state-owned bank Monte dei Paschi discloses a security breach, hackers have accessed the mailboxes of some employees and sent emails to clients.
An operation conducted by Dutch authorities last week has shut down 15 DDoS-for-hire services (aka DDoS booters or DDoS stressor), states a press release published by Dutch police. The operation was conducted with the support of Europol, Interpol, and the FBI along with web hosting providers and domain registrars.
Global pump maker DESMI said on Friday it was hit by cyber attack and it was restoring its IT systems after the security incident. The attack took place on the night to Thursday, during Coronavirus pandemic employees at the company are working from home. All the systems at the company have been shut down following the cyber attack.
In January 2020, DCMC noticed suspicious activity within its payroll system. Upon investigation, hospital officials determined that a small number of employees had fallen victim to a phishing attack. By obtaining employees’ credentials in the phishing attack, the unauthorized third party was able to access employees’ payroll information and their email accounts.
Cybercriminals are taking advantage of the Covid-19 pandemic. From selling fake Coronavirus vaccines and testing kits to setting up malware-infected fake live maps of the infection, crooks can go to any level to make cheap and quick bucks on hacker forums.
The U.S. Federal Trade Commission says that approximately $12 million were lost to Coronavirus-related scams according to consumer reports received since January 2020. “FTC has received more than 16K Coronavirus-related reports from consumers. Consumers reported losing a total of $12.78M to fraud w/ a reported median loss of $570,” said the agency today.
Over 500,000 Zoom accounts are being sold on the dark web and hacker forums for less than a penny each, and in some cases, given away for free. These credentials are gathered through credential stuffing attacks where threat actors attempt to login to Zoom using accounts leaked in older data breaches.
Attackers tried obtaining large tax refunds by posing as clients of Weber and Company, the California-based accounting firm revealed last week. The scammers apparently accessed clients’ personal data — including, perhaps, Social Security numbers and bank account information — and used that to file fraudulent returns, Weber and Company said in a notification to California’s attorney general. The IRS and the FBI are investigating the matter, the company said.
Round Up of Major Malware and Ransomware Incidents
A malware distributor has decided to play a nasty prank by locking victim’s computers before they can start Windows and then blaming the infection on two well-known and respected security researchers. Over the past 24 hours, after downloading and installing software from what appears to be free software and crack sites, people suddenly find that they are locked out of their computer before Windows starts.
The gang behind the Sodinokibi Ransomware has started accepting the Monero cryptocurrency instead of Bitcoin to make it harder investigation by law enforcement agencies. The crew is planning to doesn’t allow bitcoin payments in the future. The use of the Tor anonymized network to make Monero payments makes it impossible to trace the funds and attempt to de-anonymize the threat actors behind the campaign.
Researchers are warning of a remote overlay malware attack that leverages a fake Chrome browser plugin to target the accounts of banking customers in Spain. Grandoreiro is a type of remote overlay banking trojan, designed to help attackers overtake devices and display a full-screen overlay image when victim accesses their online banking account.
Round Up of Major Vulnerabilities and Patches
Oracle admins are staring down the barrel of a massive quarterly Critical Patch Update that includes 405 patches. Business software giant Oracle Corp. revealed 286 of those vulnerabilities are remotely exploitable across nearly two dozen product lines.
VMware Inc. a publicly-traded software company recently fixed a critical security vulnerability that permitted the malicious attackers to access sensitive data. The vulnerability as indicated by them resides in the VMware Directory Service (vmdir) which is a part of vCenter Server version 6.7 on Windows and virtual appliances. Known and tracked as CVE-2020-3952, it is evaluated as critical and gets a CVSSv3 score of 10.