Breach Data leak Hacking Malware Scam Spearphishing Spying TrickBot Trojan Vulnerability

Cryptocurrency scam hits Bill Gates, Elon Musk, Joe Biden, Welcome Chat stores user data in unsecure location, and more

Major cybersecurity events on 16th July 2020 (Morning Post): Bhinneka database of more than one million accounts dumped on hacker forum. An info-stealer Trojan found to be linked to threat actors responsible for TrickBot. Brazil’s four malware families ramp up techniques, spread to countries.

Round Up of Major Breaches and Scams

Twitter Confirms it was Hacked in an Unprecedented Cryptocurrency Scam

The Twitter accounts of Bill Gates, Elon Musk, Joe Biden, Apple and Uber have each been hijacked at the same time to push a cryptocurrency scam in an unprecedented breach of Twitter accounts. Twitter locked down thousands of verified accounts belonging to elite Twitter users and high-profile companies Wednesday afternoon in an effort to prevent hackers from perpetrating a massive cryptocurrency scam.

Chinese state hackers target Hong Kong Catholic Church

China’s government hackers have targeted members of the Hong Kong Catholic Church in a series of spear-phishing operations traced back to May this year. The attacks have come to light after reports that some of Hong Kong’s church leaders and clergy have been directly involved in supporting pro-democracy protests despite orders from the Vatican to remain neutral.

Vulns in Open Source EHR Puts Patient Health Data at Risk

Five high-risk flaws in health IT software from LibreHealth, a researcher at Bishop Fox finds. Security researchers from Bishop Fox have discovered several critical vulnerabilities in an emerging open source electronic health record (EHR) system from LibreHealth. The vulnerabilities give unauthenticated attackers multiple ways to compromise the application’s underlying server and gain access to sensitive patient health information and health records.

New Zealand property management company leaks 30,000 users’ passports, driver’s licenses and other personal data

CyberNews received information from reader Jake Dixon, a security researcher with Vadix Solutions, who discovered an unsecured Amazon Simple Storage Solution (S3) database containing more than 31,000 images of users’ passports, driver’s licenses, evidence of age documents, and more. These files are publicly accessible to anyone who has the URL and appears to be owned by LPM Property Management.

Database of Indonesian store Bhinneka dumped with 1 million+ accounts

Mostly, when an attacker gains access to a database, they try to profit off it either through a ransom or by listing it for sale. Sometimes though due to reasons such as revenge or perhaps ol’ fashioned fun, attackers dump the databases online making them freely available. A case of the latter has emerged today when a hacker posted the database of one of Indonesia’s largest online store named Bhinneka on a hacker forum.

Exclusive, Ghost Squad Hackers defaced European Space Agency (ESA) site

A group of hackers that goes online with the name Ghost Squad Hackers has defaced a site of the European Space Agency (ESA). I have reached them for a comment and they told me that the attack was not targeted, they defaced the site only for fun. The group claims to have hacked numerous organizations and government agencies over the years, including US military, European Union, Washington DC, Israeli Defense Forces, the Indian Government, and some central banks.

South East Coast Ambulance sees massive data breach

The South East Coast Ambulance Service has experienced a massive data breach and has referred itself to a privacy watchdog. In May, the personal and medical details of all ambulance staff could have been seen by employees outside of senior management. An internal memo revealed that a server containing details of sick leave – including operations and mental and physical health issues – was for 10 days accessible to seven people who were not managers.

Welcome Chat App Harvesting User Data and Storing it in Unsecure Location

A messaging platform for Android, Welcome Chat spies upon its users and stores their data in an unsafe location that is accessible to the public. The authors of the app claim it to be available on the Google Play store, meanwhile, marketing it to be a secure platform for exchanging messages which however is not true by any means. The website of the malicious ‘Welcome Chat’ app publicizes the platform as a secure communication Android solution.

Round Up of Major Malware and Ransomware Incidents

Bazar backdoor linked to Trickbot banking Trojan campaigns

A new malware family has been linked to the threat actors behind Trickbot, a prolific information-stealing Trojan. On Thursday, the Cybereason Nocturnus research team said that since April this year, the backdoor has been used in attacks against targets across the US and Europe. In particular, organizations in the professional, healthcare, IT, manufacturing, logistics, and travel industries are in the spotlight.

Brazil’s Banking Trojans Go Global

Four sophisticated malware families are ramping up their techniques and actively spreading to new countries, including the U.S. Malware that is typically used in Brazil is expanding its geography, targeting users in North America, Europe and elsewhere in Latin America. Banking trojans, which steal online banking logins and other financial credentials from unsuspecting victims, are fairly common – but the more sophisticated examples are often pioneered in Brazil.

Round Up of Major Vulnerabilities and Patches

Vulnerabilities Impact Multiple Rittal Products Due to Use of Same Firmware

Researchers have discovered several potentially serious vulnerabilities affecting monitoring, cooling and power distribution products made by Germany-based Rittal. According to Austria-based cybersecurity company SEC Consult, Rittal’s CMC III industrial and IT monitoring system, LCP CW cooling system, and the entire portfolio of power distribution units (PDU) are impacted by six types of vulnerabilities.