Round Up of Major Breaches and Scams
A browser vendor leaked user data after it accidentally left an Elasticsearch server exposed on the internet without a password. In total, they found 2.9 million records, amounting for 3.4 GB of data, left exposed online. The data appeared to be log entries for actions developers were taking inside the browser, such as registering profiles or inviting friends. Personal details leaked via the exposed servers included email addresses and user-agent strings.
FBI’s Internet Crime Complaint Center (IC3) today issued a public service announcement on human traffickers’ continued usage of online platforms like dating sites and social networks to lure victims. According to the FBI’s investigations, victims are being lured into forced labor or sex work using online platforms. In many cases, the criminals will pose as legitimate job recruiters or agents of employment agencies and will bait potential victims with the promise of fake employment and a better life.
The United States Health and Human Services Department’s web site was hit with a DDoS cyber attack Sunday night to take it offline in the middle of the Coronavirus outbreak. Since the COVID-19 outbreak, there has been a tremendous spike in people searching for HHS information about the Coronavirus. Attackers on Sunday night attempted to disrupt the dissemination of Coronavirus information by performing a DDoS attack against the HHS.gov web site.
Another COVID-19 (Coronavirus) phishing campaign has been discovered — this one apparently operated by the Pakistan-based APT36, which is thought to be nation-backed. APT36 has been active since 2016, and possibly earlier, performing cyber espionage activity against Indian defense and government activities.
Round Up of Major Malware and Ransomware Incidents
Computer systems at the University Hospital Brno in the Czech Republic have been shut down on Friday due to a cyberattack that struck in the wee hours of the day. Little information has been released about the attack, which occurred on Friday morning, around 2 a.m. local time. Its nature remains unknown but it would not be a surprise if it were a ransomware incident.
A new backdoor malware called BlackWater pretending to be COVID-19 information while abusing Cloudflare Workers as an interface to the malware’s command and control (C2) server. Recently MalwareHunterTeam discovered a RAR file being distributed pretending to be information about the Coronavirus (COVID-19) called “Important – COVID-19.rar”. It is not known at this time how the file is being distributed, but it is most likely being done through phishing emails.
A new Android app that promises to deliver up-to-date figures on the coronavirus pandemic includes a strain of malicious software that locks up a user’s phone and demands an extortion fee. The ransomware app, called CovidLock, threatens to erase everything on an infected phone if victims don’t pay $100 in bitcoin within 48 hours, according to the security firm DomainTools.
Android traps ensnared an interesting specimen of commercial software that is positioned as a parental control app, but may also be used to secretly monitor family members or colleagues – or, in other words, for stalking. Such apps are often called stalkerware.
Round Up of Major Vulnerabilities and Patches
Slack has fixed a security flaw that allowed hackers to automate the takeover of arbitrary accounts after stealing session cookies using an HTTP Request Smuggling CL.TE hijack attack on https://slackb.com/. Slack fixed the bug within 24 hours according to the bug report’s timeline and rewarded Custodio with a $6,500 bounty, with the report being publicly disclosed just two days ago.
Intel processors are vulnerable to a new attack that can leak data from the CPU’s internal memory — also known as the cache. The attack, described as “Snoop-assisted L1 Data Sampling,” or just Snoop (CVE-2020-0550), has been discovered by Pawel Wieczorkiewicz, a software engineer at Amazon Web Services (AWS).
Researchers have discovered 16 types of vulnerabilities, including many backdoors, in Zyxel’s CloudCNM SecuManager network management software. Following the disclosure of the flaws, Zyxel published an advisory confirming that its product is affected by more than a dozen vulnerabilities, mostly related to hardcoded credentials and missing authentication. The company said its investigation determined that only CloudCNM SecuManager is impacted.