Categories
APT Breach Bug Data leak Hacking Malware Phishing Ransomware Scam Vulnerability

Cruise company Hurtigruten suffers cyber attack, Spotify’s registration data exposed to 3rd party partner, and more

Major cybersecurity events on 15th December 2020 (Morning Post): Microsoft Office 365 credentials under attack by fax ‘alert’ emails. Ransomware masterminds claim to have nabbed 53GB of data from Intel’s Habana Labs. MoleRats using Facebook, Dropbox, Google Docs to spread malware.

Round Up of Major Breaches and Scams

Norwegian Cruise Company Hurtigruten Experiences Cyber Attack

Norwegian cruise company Hurtigruten experienced a cyber attack on Monday December 14, which caused several key systems are to go down, the company said in a statement. The company, which operates ferries along the Norwegian coast as well as cruises in the Arctic and Antarctic in normal times, said that it does not expect the attack to lead to a “material financial effect”, it said.

Spotify Changes Passwords After Another Data Breach

This is the third breach in the past few weeks for the world’s most popular streaming service. Spotify has alerted users that some of their registration data was inadvertently exposed to a third-party business partner, including emails addresses, preferred display names, passwords, gender and dates of birth. This is at least the third breach in less than a month for the world’s largest streaming service.

How scammers target PayPal users and how you can stay safe

What are some common ploys targeting PayPal users? Here’s what you should watch out for when using the popular payment service. PayPal is one of the key players in the field of online payment providers, operating as a payment processor for popular online marketplaces, auction websites, as well as other commercial sellers. Popular brands such as Microsoft, Google Play, PlayStation Store, and Ikea are among the vendors that offer payment through the platform.

US Jails Journalists’ Cyber-Stalker

A cyber-stalker from Arizona who joined up with a neo-Nazi group to harass and threaten journalists, advocates, and other targets has been sentenced to prison. Johnny Roman Garza admitted to conspiring with other members of the Atomwaffen Division to deliver menacing messages to journalists online and in person, sometimes targeting their homes. The campaign was created to intimidate individuals who had exposed anti-Semitic behavior.

Microsoft Office 365 Credentials Under Attack By Fax ‘Alert’ Emails

Emails from legitimate, compromised accounts are being sent to numerous enterprise employees with the aim of stealing their O365 credentials. Researchers are warning of a coordinated phishing attack that targeted “numerous” enterprise organizations last week. The attackers behind the attack leveraged hundreds of compromised, legitimate email accounts in order to target organizations with emails, which pretended to be document delivery notifications. In reality, the phishing attack stole victims’ Office 365 credentials.

White House Confirms Cyberattack on U.S. Dept of Treasury and Commerce

The U.S. Government acknowledged reports that a group backed by a foreign government carried out a targeted cyberattack on U.S. Government agencies that was planned for months. The White House on Sunday acknowledged reports that a group backed by a foreign government carried out a cyberattack on the U.S. Department of Treasury and a section of the U.S. Department of Commerce. As per a report from The Washington Post, threat actors are said to belong to the infamous Russian state-sponsored group Cozy Bear or APT 29.

Round Up of Major Malware and Ransomware Incidents

DE: Symrise impacted by ransomware attack

Symrise, a German manufacturer of flavors and fragrances used in products, has reportedly been the victim of a ransomware attack. The attack was reported by Handelsblatt, and brought to our attention by @Chum1ng0. Unfortunately Google translate is giving me a bit of a headache with this one. That said, I do not see any ransom amount mentioned or type of ransomware mentioned.

Ransomware masterminds claim to have nabbed 53GB of data from Intel’s Habana Labs

The Pay2Key ransomware group on Sunday posted what appear to be details of internal files obtained from Habana Labs, an Israel-based chip startup acquired a year ago by Intel. The hacking group, which has been linked to Iranians by security firm Check Point, published a screenshot of source code credited to Habana Labs via Twitter, alongside a link to a Tor Browser-accessible .onion address. The website contains file names associated with Habana Labs’ Gerrit code collaboration software, DomainController data, and documents that appear to have come from the AI chipmaker.

MoleRats using Facebook, Dropbox, Google Docs to spread malware

Cybereason researchers have identified an ongoing espionage campaign using three yet unidentified malware variants. Cybereason has discovered a new espionage campaign in which attackers are using three different malware variants and exploiting Facebook, Google Docs, Dropbox, and Simplenote as its C&C server to target victims. The malware variants were previously unidentified, claims Cybereason. The campaign involves the exfiltration of confidential data.

New Windows Trojan Steals Browser Credentials, Outlook Files

Researchers have discovered a new information-stealing trojan, which targets Microsoft Windows systems with an onslaught of data-exfiltration capabilities– from collecting browser credentials to targeting Outlook files. The trojan, called PyMicropsia (due to it being built with Python) has been developed by threat group AridViper, researchers said, which is known for targeting organizations in the Middle East.

Round Up of Major Vulnerabilities and Patches

SolarWinds: Hey, only as many as 18,000 customers installed backdoored software linked to US govt hacks

Analysis As the debris from the explosive SolarWinds hack continues to fly, it has been a busy 48 hours as everyone scrambles to find out if, like various US government bodies, they’re been caught in the blast. So, where are we at? In terms of the news flow, it started in the middle of last week with FireEye. The specialist IT security firm brought in by multinationals when they suffer high-profile hacks found itself admitting last week it had itself been hacked.

Critical Golang XML parser bugs can cause SAML authentication bypass

This week, Mattermost, in coordination with Golang has disclosed 3 critical vulnerabilities within Go language’s XML parser. If exploited, these vulnerabilities, also impacting multiple Go-based SAML implementations, can lead to a complete bypass of SAML authentication which powers prominent web applications today. The XML round-trip vulnerabilities listed below lurk in Golang’s XML language parser encoding/xml which doesn’t return reliable results when encoding and decoding XML input.

Mozilla shares fix for Netflix, Hulu errors on Apple Silicon Macs

Mozilla has shared info on how to fix a known issue leading to errors on multiple video streaming platforms including Netflix, Hulu, Disney+, and Amazon’s Prime Video Prime on the Mac version of Firefox 84. “If you’re on a Mac with Apple Silicon and are experiencing errors when trying to watch Netflix, Hulu, Disney+, Prime or another streaming service after installing Firefox 84+, you might need to install Rosetta,” Mozilla says in a recently published support document.

Apple Patches Code Execution Flaws iOS and iPadOS

Apple on Monday released a major point-upgrade to its flagship iOS and iPadOS mobile operating systems to patch a handful of serious security vulnerabilities. The iOS 14.3 and iPadOS 14.3 release will provide cover for 11 documented security flaws, some serious enough to expose iPhones and iPads to code execution attacks. The most serious of the bugs could allow hackers to launch harmful code on iPhones and iPads via a malicious font file.