Round Up of Major Breaches and Scams
A large Czech Republic hospital responsible for running tests for the novel coronavirus said Friday that a cyberattack had hit its computer systems. It was not immediately clear how, if at all, the hack would affect University Hospital Brno’s ability to test for the COVID-19 virus, but it was nevertheless a reminder of how cyberattacks have the potential to exacerbate the global health crisis.
Open Exchange Rates has announced a data breach that exposed the personal information and salted and hashed passwords for customers of its API service. In data breach notification emails sent today, Open Exchange Rates explains that while investigating a network misconfiguration that was causing delays in their service, they discovered that an unauthorized user had gained access to their network and a database that included user information.
Facebook and Twitter said they have removed dozens of fake accounts and pages from their services. Facebook said the network of accounts it removed was in the “early stages” of building an audience. The accounts posted about topics such as black history, celebrity gossip and fashion. Twitter, meanwhile, said the accounts it removed tried to sow discord by emphasizing social issues such as race and civil rights without favouring any particular candidate or ideology.
Police in Europe have arrested 26 people in an effort against two gangs of scammers who would take over victims’ phones, then steal financial and personal data from the devices. Law enforcement in Spain and Romania, in coordination with Europol, arrested 12 and 14 people, respectively, in actions against two distinct groups of SIM swappers, Europol announced Friday.
Carnival-owned Princess Cruises reports that a breach may have compromised passenger data. A notice published on the Princess website says suspicious activity was identified in late May 2019. Forensics experts were hired to launch an investigation, which found an unauthorized party gained access to some employee accounts between April 11 and July 23, 2019.
Round Up of Major Malware and Ransomware Incidents
Government-backed hacking groups from China, North Korea, and Russia are not letting a global pandemic go to waste and have begun using coronavirus-based phishing lures as part of their efforts to infect victims with malware and gain access to their infrastructure.
Referred to as Cookiethief (Trojan-Spy.AndroidOS.Cookiethief), the Trojan features a package name similar to that of the Roblox Android gaming client Kaspersky’s security researchers reveal. While it’s uncertain how the Trojan infects devices — it does not exploit flaws in the Facebook application or the browser — it achieves root by connecting with another backdoor installed on the smartphone, and passes it a shell command.
The subject matter automatically contains at least two of the primary social engineering triggers, fear and urgency, making it an obvious lure for use by criminals. Even a long-standing China-based APT has begun to use the threat in a new spear-phishing campaign. Researchers from Check Point Research have found a spear-phishing campaign targeting the Mongolian public sector and apparently emanating from China.
Human rights activists and journalists in Uzbekistan, whom researchers have long claimed are victims of intrusive surveillance, are facing an increasingly sophisticated campaign in Uzbekistan, according to new findings from Amnesty International. Last year, a Canadian non-profit, eQualitie, revealed that a group of unidentified attackers has targeted journalists and human rights defenders in Uzbekistan with spearphishing emails since 2016. In June, the attackers escalated their activity, and are now trying to leverage spyware against hundreds of targets.
Champaign-Urbana Public Health District’s website was taken down by a ransomware attack, hampering the organization’s response efforts amid the Coronavirus pandemic. The attack, which is attributed to the ransomware variant known as NetWalker, shut down the organization’s website, which was providing updates and information on the Coronavirus response efforts.
Round Up of Major Vulnerabilities and Patches
VMware has patched three serious vulnerabilities in its products, including a critical flaw in Workstation and Fusion that can be exploited to execute arbitrary code on the host from the guest operating system. The critical flaw, tracked as CVE-2020-3947, is caused by a use-after-free bug in the vmnetdhcp component.