APT Breach Bug CVE Cyber Security Data leak Hacking Malware Phishing Scam Vulnerability

Citrix denies data breach, actor claims to have data on 2M customers, CIA allegedly behind APT34, FSB hacks, and more

Major cybersecurity events on 16th July 2020 (Evening Post): Cofense PDC detects tax relief phishing scam targeting HMRC credentials and sensitive data. Jewish Temple Sinai virtual prayer service disrupted with anti-semitic attacks. BlackRock malware can steal passwords, card data from 337 apps.

Round Up of Major Breaches and Scams

Citrix: No breach, hacker stole business info from third party

Citrix has published an official statement to deny allegations that the company’s network was breached by a malicious actor who also claims that he was also able to steal customer information. The actor is now selling what he claims to be a database with information on 2,000,000 Citrix customers on the dark web, with a price tag of 2.15 bitcoins (roughly $19,700).

Data Breach at Texas Benefits Recovery Firm

The personal data of over a quarter of a million people has been exposed following a malicious hack perpetrated against a Texas billing and collection company. Houston-based company Benefit Recovery Specialists, Inc. (BRSI) discovered a data breach had occurred after detecting the installation of malware on its systems. The malware may have allowed unauthorized individuals to view and obtain the personal and protected health information (PHI) of 274,837 people.

Cofense Detects HMRC #COVID19 Tax Relief Scam

The Cofense Phishing Defense Center (PDC) has observed a new email-based phishing scam that aims to harvest Her Majesties Revenue and Customs (HMRC) credentials and sensitive personal information. According to Cofense, the threat actors use a legitimate-looking email address ([email protected]) with the impersonated organization in the name and set the name to match (HM Revenue & Customs).

CIA most likely behind APT34 and FSB hacks and data dumps

US President Donald Trump gave broad powers to the Central Intelligence Agency (CIA) in 2018 to carry out offensive cyber operations across the globe. In an exclusive today, Yahoo News reported that the agency used its newly acquired powers to orchestrate “at least a dozen operations” across the world. The CIA was already authorized to conduct silent surveillance and data collection, but the new powers allow it to go even further.

Round Up of Major Malware and Ransomware Incidents

New BlackRock Android malware can steal passwords and card data from 337 apps

A new Android malware strain has emerged in the criminal underworld that comes equipped with a wide range of data theft capabilities allowing it to target a whopping 337 Android applications. Named BlackRock, this new threat emerged in May this year and was discovered from mobile security firm ThreatFabric. Researchers say the malware was based on the leaked source code of another malware strain but was enhanced with additional features.

Round Up of Major Vulnerabilities and Patches

PoC exploits released for SAP Recon vulnerabilities, patch now!

Just two days after SAP released patches for a critical NetWeaver AS JAVA remote code execution vulnerability, proof-of-concept (PoC) exploits have been released, and active scans are underway to exploit devices. Discovered by Onapsis, The RECON (Remotely Exploitable Code On NetWeaver) vulnerability is tracked as CVE-2020-6287 and is rated with a maximum CVSS score of 10 out of 10.

New Attack Technique Uses Misconfigured Docker API

Researchers have discovered a new technique that lets an attacker to build and deploy an image on a victim’s host. The attack exploits a misconfigured Docker API port to build and run a malicious container image on the host. In the observed attack, the adversary used a Docker SDK for Python package to send commands to a misconfigured Docker API. The aim, in the observed instance, was to execute a resource-hijacking attack using a cryptominer.

‘Patch ASAP’: Cisco Issues Updates for Routers, VPN Firewall

Amid a week punctuated by high-profile critical security vulnerability disclosures from Microsoft and Oracle, Cisco Systems today released 31 security patches that include critical ones for some of its router products. In a tweet today announcing the Cisco release, US-CERT recommended users to “Patch ASAP!”

Jewish Service Zoom-bombed with Swastikas

A malicious hacker disrupted a Jewish congregation’s virtual prayer service to display symbols synonymous with anti-Semitism. Temple Sinai in Hartford, Connecticut, was the target of the anti-Semitic attack that took place on July 10. The temple had been holding services online for several months to help slow the spread of COVID-19 around the state. After gaining access to a service, the hacker posted offensive messages and images on a shared screen.

No-Log VPNs Exposed Users’ Logs and Personal Details for All to See

A group of free VPN (virtual private network) apps left their server completely open and accessible, exposing private user data for anyone to see. This lack of basic security measures in an essential part of a cybersecurity product is not just shocking. It also shows a total disregard for standard VPN practices that put their users at risk. The vpnMentor research team uncovered the server and found Personally Identifiable Information (PII) data for potentially over 20 million VPN users.

Oracle’s July 2020 CPU Includes 443 New Patches

Oracle this week released its quarterly Critical Patch Update (CPU), which includes a total of 443 new security fixes. More than half of the addressed vulnerabilities are remotely exploitable without authentication. This is a record-breaking CPU not only in terms of number of patches (the first to include over 400 fixes), but also in regard to the amount of critical flaws addressed.

Critical, Wormable Bug in Windows DNS Servers Could Allow Full Infrastructure Compromise

Microsoft addressed a total of 123 vulnerabilities with its July 2020 Patch Tuesday updates, including a critical remote code execution bug that has affected Windows DNS (Domain Name System) servers for the past 17 years. Tracked as CVE-2020-1350 and featuring a CVSS score of 10 (out of 10), the issue is triggered when the DNS server fails to properly handle requests, thus allowing a remote, unauthenticated attacker to run arbitrary code with SYSTEM privileges.