Categories
APT Botnet Breach Bug CVE Cyber Security Data leak DDoS Doxxing Hacking Malware Misinformation Phishing QakBot Ransomware Scam Trend Micro Vulnerability Zero-day

Cork hospital fined €65K over data mishandling, ShinyHunters target Mashable, leaks 5.22GB database, and more

Major cybersecurity events on 05th November 2020 (Morning Post): QBOt election-themed phishing emails infect victims with malicious payloads, to harvest user data. Japanese game developer Capcom targeted by cyberattack, disrupts business operations. Hackers abuse Google Forms to phish for AT&T credentials.

Round Up of Major Breaches and Scams

Cork hospital fined €65k after patients’ personal data found in public recycling facility

The Data Protection Commission (DPC) has handed down a €65,000 fine to Cork University Maternity Hospital (CUMH) after the personal data of 78 of its patients was discovered disposed of in a public recycling facility elsewhere in the county. The complaint was first raised with the DPC in June 2019 after a member of the public, who had discovered the documents, brought the matter to the HSE’s attention.

ShinyHunters hacker leaks 5.22GB worth of Mashable.com database

ShinyHunters leaked the database earlier today revealing that it does not contain any password. Another day, another data breach. This time, the infamous hacker going by the online handle of ShinyHunters has leaked a database belonging to Mashable.com, a global media, and entertainment company. The 5.22GB worth of database was leaked earlier today on a prominent hacker forum. It can be confirmed that the database is now available on several other forums including Russian-speaking ones.

QBot phishing lures victims using US election interference emails

The Qbot botnet is now spewing U.S. election-themed phishing emails used to infect victims with malicious payloads designed to harvest user data and emails for use in future campaigns. Qbot (aka Qakbot, Pinkslipbot, and Quakbot) is a banking trojan with worm features actively used since at least 2009 to steal financial data and banking credentials, as well as to log user keystrokes, to deploy backdoors, and to drop additional malware.

Japanese video game firm Capcom hit by a cyberattack

Japanese video game developer and publisher Capcom has disclosed a cyberattack that impacted business operations over the weekend. Japanese game developer Capcom has admitted to have suffered a cyberattack over the weekend that is impacting business operations. The company has developed multiple multi-million-selling game franchises, including Street Fighter, Mega Man, Darkstalkers, Resident Evil, Devil May Cry, Onimusha, Dino Crisis, Dead Rising, Sengoku Basara, Ghosts ‘n Goblins, Monster Hunter, Breath of Fire, and Ace Attorney as well as games based on Disney animated properties.

Google Forms Abused to Phish AT&T Credentials

Researchers are warning of phishing attacks that leverage Google Forms as a landing page to collect victims’ credentials. The forms masquerade as login pages from more than 25 different companies, brands and government agencies. So far, 265 different Google Forms used in these attacks have been uncovered, which are likely sent to victims via email (using social engineering tactics). More than 70 percent of these forms purported to be from AT&T.

Round Up of Major Malware and Ransomware Incidents

Revamped DLL side-load attack hits Myanmar

Security vendor Sophos has suggested Chinese purveyors of advanced persistent threats (APTs) are behind a recent wave of attacks on non-governmental organisations and other commercial entities in Myanmar. The attack, which Sophos has given the charming moniker “KilllSomeOne”, is a DLL side-loading attack that tricks Windows executables into loading a malicious DLL instead of a real one. The dirty DLLs attempt information exfiltration.

Ransom Payment No Guarantee Against Doxxing

Several organizations that paid a ransom to keep attackers from releasing stolen data saw it leaked anyway, according to Coveware. Ransomware victims that pay threat actors to keep them from releasing data that might have been stolen during an attack often end up getting doxxed and hit with additional demands for money for the same dataset anyway. An analysis by Coveware of ransomware attack data during the third quarter shows several organizations were victimized in this manner after paying attackers the demanded ransom.

Russian authorities make rare arrest of malware author

Russian authorities have arrested a malware author at the end of September, an action that is extremely rare in a country known to usually be soft on hackers. According to the Russian Ministry of Internal Affairs, the suspect is a 20-year-old from the region of North Ossetia–Alania. Russian authorities claim that between November 2017 and March 2018, the suspect created several malware strains, which he later used to infect more than 2,100 computers across Russia.

Round Up of Major Vulnerabilities and Patches

Trend Micro Patches Vulnerabilities in InterScan Messaging Security Product

Trend Micro has patched several vulnerabilities in its InterScan Messaging Security product, including flaws that could have a serious impact. InterScan Messaging Security is an email and collaboration security product designed to provide protection against spam, phishing and sophisticated attacks. The product has a hybrid SaaS deployment option that combines a gateway virtual appliance with a prefilter to block spam and threats.

Zero-day in Cisco AnyConnect Secure Mobility Client yet to be fixed

Cisco disclosed a zero-day vulnerability in the Cisco AnyConnect Secure Mobility Client software and the availability of PoC exploit code. Cisco has disclosed a zero-day vulnerability, tracked as CVE-2020-3556, in the Cisco AnyConnect Secure Mobility Client software with the public availability of a proof-of-concept exploit code. The CVE-2020-3556 flaw resided in the interprocess communication (IPC) channel of Cisco AnyConnect Client, it can be exploited by authenticated and local attackers to execute malicious scripts via a targeted user.

Apple search bot leaked internal IPs via proxy configuration

A security researcher discovered that Apple’s search bots that had been crawling his podcast series had been leaking internal IPs, due to a misconfigured proxy server. And, it took Apple just a little over 9 months to fix this leak, for no obvious reason. Proxy servers act as a middle agent between a device attempting to connect to a destination on the internet, and the destination itself.

Google Discloses Details of GitHub Actions Vulnerability

Details on a vulnerability impacting GitHub Actions were made public this week by Google, following a 104-day disclosure deadline. The bug was identified by security researcher Felix Wilhelm of Google Project Zero, who reported it to GitHub on July 21. As per Google’s policy, information on the flaw was meant to be released after 90 days, but GitHub requested a 14-day grace period. Tracked as CVE-2020-15228, the vulnerability is related to the use of the set-env and add-path workflow commands, which are set to be disabled.