Round Up of Major Breaches and Scams
Norwegian cruise company Hurtigruten experienced a cyber attack on Monday December 14, which caused several key systems are to go down, the company said in a statement. The company, which operates ferries along the Norwegian coast as well as cruises in the Arctic and Antarctic in normal times, said that it does not expect the attack to lead to a “material financial effect”, it said.
This is the third breach in the past few weeks for the world’s most popular streaming service. Spotify has alerted users that some of their registration data was inadvertently exposed to a third-party business partner, including emails addresses, preferred display names, passwords, gender and dates of birth. This is at least the third breach in less than a month for the world’s largest streaming service.
What are some common ploys targeting PayPal users? Here’s what you should watch out for when using the popular payment service. PayPal is one of the key players in the field of online payment providers, operating as a payment processor for popular online marketplaces, auction websites, as well as other commercial sellers. Popular brands such as Microsoft, Google Play, PlayStation Store, and Ikea are among the vendors that offer payment through the platform.
A cyber-stalker from Arizona who joined up with a neo-Nazi group to harass and threaten journalists, advocates, and other targets has been sentenced to prison. Johnny Roman Garza admitted to conspiring with other members of the Atomwaffen Division to deliver menacing messages to journalists online and in person, sometimes targeting their homes. The campaign was created to intimidate individuals who had exposed anti-Semitic behavior.
Emails from legitimate, compromised accounts are being sent to numerous enterprise employees with the aim of stealing their O365 credentials. Researchers are warning of a coordinated phishing attack that targeted “numerous” enterprise organizations last week. The attackers behind the attack leveraged hundreds of compromised, legitimate email accounts in order to target organizations with emails, which pretended to be document delivery notifications. In reality, the phishing attack stole victims’ Office 365 credentials.
The U.S. Government acknowledged reports that a group backed by a foreign government carried out a targeted cyberattack on U.S. Government agencies that was planned for months. The White House on Sunday acknowledged reports that a group backed by a foreign government carried out a cyberattack on the U.S. Department of Treasury and a section of the U.S. Department of Commerce. As per a report from The Washington Post, threat actors are said to belong to the infamous Russian state-sponsored group Cozy Bear or APT 29.
Round Up of Major Malware and Ransomware Incidents
Symrise, a German manufacturer of flavors and fragrances used in products, has reportedly been the victim of a ransomware attack. The attack was reported by Handelsblatt, and brought to our attention by @Chum1ng0. Unfortunately Google translate is giving me a bit of a headache with this one. That said, I do not see any ransom amount mentioned or type of ransomware mentioned.
The Pay2Key ransomware group on Sunday posted what appear to be details of internal files obtained from Habana Labs, an Israel-based chip startup acquired a year ago by Intel. The hacking group, which has been linked to Iranians by security firm Check Point, published a screenshot of source code credited to Habana Labs via Twitter, alongside a link to a Tor Browser-accessible .onion address. The website contains file names associated with Habana Labs’ Gerrit code collaboration software, DomainController data, and documents that appear to have come from the AI chipmaker.
Cybereason researchers have identified an ongoing espionage campaign using three yet unidentified malware variants. Cybereason has discovered a new espionage campaign in which attackers are using three different malware variants and exploiting Facebook, Google Docs, Dropbox, and Simplenote as its C&C server to target victims. The malware variants were previously unidentified, claims Cybereason. The campaign involves the exfiltration of confidential data.
Researchers have discovered a new information-stealing trojan, which targets Microsoft Windows systems with an onslaught of data-exfiltration capabilities– from collecting browser credentials to targeting Outlook files. The trojan, called PyMicropsia (due to it being built with Python) has been developed by threat group AridViper, researchers said, which is known for targeting organizations in the Middle East.
Round Up of Major Vulnerabilities and Patches
Analysis As the debris from the explosive SolarWinds hack continues to fly, it has been a busy 48 hours as everyone scrambles to find out if, like various US government bodies, they’re been caught in the blast. So, where are we at? In terms of the news flow, it started in the middle of last week with FireEye. The specialist IT security firm brought in by multinationals when they suffer high-profile hacks found itself admitting last week it had itself been hacked.
This week, Mattermost, in coordination with Golang has disclosed 3 critical vulnerabilities within Go language’s XML parser. If exploited, these vulnerabilities, also impacting multiple Go-based SAML implementations, can lead to a complete bypass of SAML authentication which powers prominent web applications today. The XML round-trip vulnerabilities listed below lurk in Golang’s XML language parser encoding/xml which doesn’t return reliable results when encoding and decoding XML input.
Mozilla has shared info on how to fix a known issue leading to errors on multiple video streaming platforms including Netflix, Hulu, Disney+, and Amazon’s Prime Video Prime on the Mac version of Firefox 84. “If you’re on a Mac with Apple Silicon and are experiencing errors when trying to watch Netflix, Hulu, Disney+, Prime or another streaming service after installing Firefox 84+, you might need to install Rosetta,” Mozilla says in a recently published support document.
Apple on Monday released a major point-upgrade to its flagship iOS and iPadOS mobile operating systems to patch a handful of serious security vulnerabilities. The iOS 14.3 and iPadOS 14.3 release will provide cover for 11 documented security flaws, some serious enough to expose iPhones and iPads to code execution attacks. The most serious of the bugs could allow hackers to launch harmful code on iPhones and iPads via a malicious font file.