Breach Credential Stuffing Data leak Emotet Hacking Ransomware RCE Scam Trojan Vulnerability

Clearview grants ICE access to use technology, Momentum Metropolitan suffers cyber attack, and more

Major cybersecurity events on 17th August 2020 (Evening Post): Medical debt collector R1 RCM Inc. hit in ransomware attack. Emotet installation process vulnerability allows researchers to create killswitch. Fraudsters target Ritz Hotel staff in credit card data scam.

Round Up of Major Breaches and Scams

Controversial facial recognition tech firm Clearview AI inks deal with ICE

The US Department of Homeland Security (DHS) has signed a contract with Clearview AI to give Immigration and Customs Enforcement (ICE) access to the controversial facial recognition firm’s technology. Tech Inquiry, a non-profit technology watchdog and rights outfit, spotted documents revealing the deal last week. The $224,000 purchase order, signed on August 12, 2020, is for “Clearview licenses” relating to “information technology components,” but no further information has been made public.

Ritz London suspects data breach, fraudsters pose as staff in credit card data scam

The Ritz Hotel in London has launched an investigation into a data breach in which scammers may have posed as staff members to steal credit card data. In a series of messages posted to Twitter dated August 15, the luxury hotel chain said that on August 12, the company was made aware of a “potential data breach within our food and beverage reservation system.” Ritz London added that this may have led to the compromise of “some of our clients’ personal data.”

NSW Police Leak Private Information of Complainants

The NSW Police have leaked the emails of over 150 complainants who contacted them in order to raise concerns regarding officer’s use of force following the Sydney Black Lives Matter protest on Saturday, 6 June. It contained the original letter, with an additional page which contained text beginning “Please note; outcome letter was sent to all of the following complainants via email (Bcc recipients not shown above):” with the email addresses of 150 complainants listed below.

Momentum Metropolitan Suffer from Cyberattack

The South African financial services group, Momentum Metropolitan, has suffered a cyberattack last Thursday, according to Business Insider. Data from one of its subsidiaries has now been accessed by hackers but, investigations suggest that client information has not been stolen.  “Information accessed contains administrative and financial data that is not expected to prejudice any stakeholders of the Group,” the company said.

Round Up of Major Malware and Ransomware Incidents

Ransomware Hits Leading US Medical Debt Collector R1 RCM Inc.

R1 RCM, formerly Accretive Health Inc., is the latest target of a ransomware attack. It is one of the largest medical debt collection firms in the US, with a turnover of over $1.18 billion in 2019. RCM refers to the revenue cycle management sector that tracks patient records and profits details throughout their life cycle. This includes details like patient insurance, registration, medical treatment documents, benefits verification, bill preparation, and collection, etc.

‘Vaccine’ Kept Emotet Infections Away for Six Months

First identified over a decade ago, Emotet went from a banking Trojan to being an information stealer and a downloader for other malware families out there. A prolific threat, Emotet was seen taking a four-month vacation last year, and five months off in 2020, before recommencing activity on July 17. Just as legitimate software, malicious programs are prone to vulnerabilities, and the issue in Emotet’s installation process allowed security researchers to create a killswitch that helped the infosec community keep the threat away.

Round Up of Major Vulnerabilities and Patches

Credential Stuffing Attacks Targeted GCKey, CRA Accounts

Malicious actors launched credential stuffing attacks that targeted Canada’s GCKey service and Canada Revenue Agency (CRA) accounts. On August 15, the Treasury Board of Canada Secretariat announced that the Government of Canada was in the process of responding to a series of credential stuffing attacks. Those campaigns had compromised the credentials of 9,041 users of GCKey, an electronic credential which enables Canadians to access online government services such as employment.

Major Security Vulnerability Discovered in CMS System Used by US Army

The content management system, Concrete5 CMS, contains a major vulnerability which has now been addressed in an updated version, according to an analysis published today by Edgescan. Edgescan senior information security consultant, Guram Javakhishvili, revealed that Concrete5 has a Remote Code Evaluation (RCE), a known security weakness which if exploited, “can lead to a full compromise of the susceptible web application and also the web server that it is hosted on.”