APT Breach Cryptojacking Cryptoworm Cyber Security Data leak Hacking Identity theft Malware Phishing RaaS Ransomware Scam Snooping Spying Vulnerability

Denmark top intelligence chief suspended for spying on citizens, Indian ticket vendor suffers breach, and more

Major cybersecurity events on 25th August 2020 (Evening Post): FINRA warns: Threat actors targeting users with fake sites try to steal sensitive information. Lazarus Group leverages LinkedIn job advertisements to target cryptocurrency firm. DeathStalker APT group targets financial sector.

Round Up of Major Breaches and Scams

Members of the US Military Targeted by Cybercriminals

Cybercriminals truly have no shame when it comes to their trade. No one is safe from these nefarious criminals when it comes to fraud and phishing attempts. An investigation from AtlasVPN published in CISOMag revealed that the U.S Military personnel have lost around $379.6 million (£290 million) to a range of fraudulent schemes from 2015 to June 30, 2020. According to the report, military staff have reported in excess of 680,000 complaints about fraud, identity theft, or other consumer issues to the Federal Trade Commission (FTC).

The Viking Snowden: Denmark spy chief ‘relieved of duty’ after whistleblower reveals illegal snooping on citizens

Denmark’s top foreign intelligence chief has been suspended for spying on Danish citizens illegally for up to six years after a whistleblower released a trove of documents to government regulators. In a press release yesterday, the independent regulator of the Danish security services said it had received information from a whistleblower in November that revealed the country’s foreign intelligence service “had withheld key and crucial information.”

Police investigators blame Algerian for coronavirus-themed phishing attacks

An Algerian web developer who claims to have “a demonstrated history of working in the internet industry” has launched coronavirus-themed email scams and helped build other hacking tools, according to a police intelligence report. Samir Djelal, who allegedly used the internet alias Cazanova Haxor, developed malicious software that was used in a phishing attack aimed at California city accounts in March 2020.

Primary Indian ticket vendor suffers crippling data breach

One of India’s most popular travel booking hubs was left exposed without adequate security measures, and subsequently, suffered a significant data breach that exposed all production server information and led to the loss of over 43GB of data. The affected Elasticsearch server was left publicly exposed without password protection or encryption for several days which meant anyone with the server’s IP address, could have gained access to the entire database.

Financial Regulator FINRA Alerts About Ongoing Phishing Campaign via Fake Sites

The U.S. Financial Industry Regulatory Authority (FINRA) warned about threat actors targeting users with spoofed websites and domains to steal sensitive information. Attackers are using FINRA members’ real names and images to trick users into believing that they are legitimate. FINRA regulates member brokerage firms and exchange markets. In a security alert, the agency stated that the phishing attacks via fake websites are on rise.

Round Up of Major Malware and Ransomware Incidents

Lazarus group strikes cryptocurrency firm through LinkedIn job adverts

The Lazarus group is on the hunt for cryptocurrency once more and has now launched a targeted attack against a crypto organization by exploiting the human element of the corporate chain. On Tuesday, cybersecurity researchers from F-Secure said the cryptocurrency organization is one of the latest victims in a global campaign which has targeted businesses in at least 14 countries including the UK and US.

Low-Skilled Iranian Hackers Spotted Using Dharma Ransomware

A group of “newbie” Iranian hackers have been blamed for attacks using the Dharma ransomware variant on targets in Russia and Asia. The threat actors’ relative inexperience was highlighted by several characteristics of the attacks against companies in Russia, Japan, China and India, according to Group-IB. First is the choice of a ransomware-as-a-service model employed by Dharma (aka Crysis) and publicly available IP scanning tool Masscan.

Hack-for-Hire Group Targets Financial Sector Since 2012

Dubbed DeathStalker, the “mercenary” APT has been targeting organizations worldwide, mainly focusing on law firms and financial entities. The adversary was observed quickly adapting to ensure the success of attacks, and to update their software at a fast pace. Tracking the hacking group since 2018, Kaspersky was able to link its activity to the Powersing, Evilnum and Janicab malware families, thus suggesting that the threat actor might have been active since at least 2012, yet it continues to develop its toolset.

Malicious Actors Impersonating Bitcoin Platform to Launch Malware Attacks

Cyber-criminals have been impersonating the well-known Bitcoin BTC ERA trading platform in order to infect users of the online currency with malware, according to new research from Abnormal Security. The cybersecurity firm found that malicious actors have been sending emails purporting to be from BTC Era that encourage users of Bitcoin to pay for what they believe is an investment.

Cryptoworm infecting AWS Cloud to mine cryptocurrency

Amazon is more often than not in cybersecurity news with reports of unexposed servers on AWS being breached and whatnot. Today though, the reason is much more serious. It has been found out that a worm has been infecting the AWS cloud while simultaneously scanning the internet to identify vulnerable Docker platforms as well. Reported by researchers from Cado Security, the malware steals AWS user credentials with the help of a simple code.

Round Up of Major Vulnerabilities and Patches

Google Researcher Reported 3 Flaws in Apache Web Server Software

If your web-server runs on Apache, you should immediately install the latest available version of the server application to prevent hackers from taking unauthorized control over it. Apache recently fixed multiple vulnerabilities in its web server software that could have potentially led to the execution of arbitrary code and, in specific scenarios, even could allow attackers to cause a crash and denial of service.

Unpatched Safari Vulnerability Allows Theft of Local Files

The issue was discovered in April by Pawel Wylecial, a Poland-based security researcher and founder of cybersecurity services companies REDTEAM.PL and BlackOwlSec. Apple said at the time that it had started investigating the issue, but the tech giant told Wylecial in mid-August that it would only address it with a security update in the spring of 2021. Apple asked the researcher to hold off disclosure until then, but Wylecial decided that it was too long and made his findings public this week.

Multiple Vulnerabilities in IBM Security Guardium Insights Could Allow for Program Compromise

Multiple vulnerabilities have been discovered in IBM Security Guardium Insights, the most severe of which could allow for the program to become compromised. IBM Security Guardium Insights is a program developed to monitor traffic traveling across the network to protect against data leakage and maintain data integrity. Successful exploitation of the most severe of these vulnerabilities could allow for a remote attacker to compromise the application.