Round Up of Major Breaches and Scams
Citrix has published an official statement to deny allegations that the company’s network was breached by a malicious actor who also claims that he was also able to steal customer information. The actor is now selling what he claims to be a database with information on 2,000,000 Citrix customers on the dark web, with a price tag of 2.15 bitcoins (roughly $19,700).
The personal data of over a quarter of a million people has been exposed following a malicious hack perpetrated against a Texas billing and collection company. Houston-based company Benefit Recovery Specialists, Inc. (BRSI) discovered a data breach had occurred after detecting the installation of malware on its systems. The malware may have allowed unauthorized individuals to view and obtain the personal and protected health information (PHI) of 274,837 people.
The Cofense Phishing Defense Center (PDC) has observed a new email-based phishing scam that aims to harvest Her Majesties Revenue and Customs (HMRC) credentials and sensitive personal information. According to Cofense, the threat actors use a legitimate-looking email address ([email protected]) with the impersonated organization in the name and set the name to match (HM Revenue & Customs).
US President Donald Trump gave broad powers to the Central Intelligence Agency (CIA) in 2018 to carry out offensive cyber operations across the globe. In an exclusive today, Yahoo News reported that the agency used its newly acquired powers to orchestrate “at least a dozen operations” across the world. The CIA was already authorized to conduct silent surveillance and data collection, but the new powers allow it to go even further.
Round Up of Major Malware and Ransomware Incidents
A new Android malware strain has emerged in the criminal underworld that comes equipped with a wide range of data theft capabilities allowing it to target a whopping 337 Android applications. Named BlackRock, this new threat emerged in May this year and was discovered from mobile security firm ThreatFabric. Researchers say the malware was based on the leaked source code of another malware strain but was enhanced with additional features.
Round Up of Major Vulnerabilities and Patches
Just two days after SAP released patches for a critical NetWeaver AS JAVA remote code execution vulnerability, proof-of-concept (PoC) exploits have been released, and active scans are underway to exploit devices. Discovered by Onapsis, The RECON (Remotely Exploitable Code On NetWeaver) vulnerability is tracked as CVE-2020-6287 and is rated with a maximum CVSS score of 10 out of 10.
Researchers have discovered a new technique that lets an attacker to build and deploy an image on a victim’s host. The attack exploits a misconfigured Docker API port to build and run a malicious container image on the host. In the observed attack, the adversary used a Docker SDK for Python package to send commands to a misconfigured Docker API. The aim, in the observed instance, was to execute a resource-hijacking attack using a cryptominer.
Amid a week punctuated by high-profile critical security vulnerability disclosures from Microsoft and Oracle, Cisco Systems today released 31 security patches that include critical ones for some of its router products. In a tweet today announcing the Cisco release, US-CERT recommended users to “Patch ASAP!”
A malicious hacker disrupted a Jewish congregation’s virtual prayer service to display symbols synonymous with anti-Semitism. Temple Sinai in Hartford, Connecticut, was the target of the anti-Semitic attack that took place on July 10. The temple had been holding services online for several months to help slow the spread of COVID-19 around the state. After gaining access to a service, the hacker posted offensive messages and images on a shared screen.
A group of free VPN (virtual private network) apps left their server completely open and accessible, exposing private user data for anyone to see. This lack of basic security measures in an essential part of a cybersecurity product is not just shocking. It also shows a total disregard for standard VPN practices that put their users at risk. The vpnMentor research team uncovered the server and found Personally Identifiable Information (PII) data for potentially over 20 million VPN users.
Oracle this week released its quarterly Critical Patch Update (CPU), which includes a total of 443 new security fixes. More than half of the addressed vulnerabilities are remotely exploitable without authentication. This is a record-breaking CPU not only in terms of number of patches (the first to include over 400 fixes), but also in regard to the amount of critical flaws addressed.
Microsoft addressed a total of 123 vulnerabilities with its July 2020 Patch Tuesday updates, including a critical remote code execution bug that has affected Windows DNS (Domain Name System) servers for the past 17 years. Tracked as CVE-2020-1350 and featuring a CVSS score of 10 (out of 10), the issue is triggered when the DNS server fails to properly handle requests, thus allowing a remote, unauthenticated attacker to run arbitrary code with SYSTEM privileges.