Categories
Botnet Breach CVE Cyber Security Data leak Emotet Malware Scam

Dave suffers breach, 7.5M users’ data leaked, Meow attack deletes 4,000 unsecured databases, and more

Major cybersecurity events on 27th July 2020 (Evening Post): Academics smuggle 234 policy-violating skills on the Alexa Skills Store. Malicious photo apps on Google Play floods Android devices with random ads. Vigilante sabotages Emotet, replaces malware payloads with GIFs.

Round Up of Major Breaches and Scams

Dave data breach affects 7.5 million users, leaked on hacker forum

Overdraft protection and cash advance service Dave has suffered a data breach after a database containing 7.5 million user records was sold in an auction and then released later for free on hacker forums. Dave is a fintech company that allows users to link their bank accounts and receive cash advances for upcoming bills to avoid overdraft fees. Subscribers who need extra money to pay a bill can get a payday loan up to $100, but cannot receive another loan until it is repaid.

Academics smuggle 234 policy-violating skills on the Alexa Skills Store

During a recently concluded 12-month study of the Alexa Skills Store review process, academics said they managed to smuggle 234 policy-breaking Alexa skills (apps) into the official Alexa store. The study’s results are actually worse than it looks because academics tried to upload 234 policy-breaking apps, and managed to get them all approved, without serious difficulties.

Malicious ‘Blur’ Photo App Campaign Discovered on Google Play

A new campaign of malicious photo apps on Google Play floods Android devices with random ads instead of functioning as advertised. They also elude detection by making its icon disappear from the device home screen soon after it’s downloaded. Researchers at the White Ops Satori Threat Intelligence and Research Team discovered the Android apps — 29 in total — which they said “manifested suspiciously high volumes of ad traffic” during threat-hunting investigations, according to a recent report.

Round Up of Major Malware and Ransomware Incidents

New ‘Meow’ attack has deleted almost 4,000 unsecured databases

Hundreds of unsecured databases exposed on the public web are the target of an automated ‘meow’ attack that destroys data without any explanation. The activity started recently by hitting Elasticsearch and MongoDB instances without leaving any explanation, or even a ransom note. Attacks then expanded to other database types and to file systems open on the web.

A vigilante is sabotaging the Emotet botnet by replacing malware payloads with GIFs

An unknown vigilante hacker has been sabotaging the operations of the recently-revived Emotet botnet by replacing Emotet payloads with animated GIFs, effectively preventing victims from getting infected. The sabotage, which started three days ago, on July 21, has grown from a simple joke to a serious issue impacting a large portion of the Emotet operation. According to Cryptolaemus, a group of white-hat security researchers tracking the Emotet botnet, the vigilante is now poisoning around a quarter of all Emotet’s payload downloads.

Round Up of Major Vulnerabilities and Patches

DJI Drone App Riddled With Privacy Issues, Researchers Allege

Leading commercial drone maker DJI is hitting back against researcher allegations that its Android mobile application is riddled with privacy holes. One includes that the app continues to run in the background even after it’s been closed and collects sensitive data from users without consent. The privacy issues discovered in the DJI GO 4 application, which is the complementary app used to control DJI drones, and which has over 1 million Google Play downloads.

US CISA warns of attacks exploiting CVE-2020-5902 flaw in F5 BIG-IP

The U.S. CISA is warning of the active exploitation of the unauthenticated remote code execution CVE-2020-5902 vulnerability affecting F5 Big-IP ADC devices. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an alert about the active exploitation of the unauthenticated remote code execution (RCE) CVE-2020-5902 vulnerability affecting F5 Big-IP ADC devices.

NSA Urgently Warns on Industrial Cyberattacks, Triconex Critical Bug

Power plants, factories, oil and gas refineries and more are all in the sights of foreign adversaries, the U.S. warns. The U.S. National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) have issued an alert warning that adversaries could be targeting critical infrastructure across the U.S. Separately, ICS-CERT issued an advisory on a critical security bug in the Schneider Electric Triconex TriStation and Tricon Communication Module.