Categories
Breach CVE Cyber Security Data leak DDoS Hacking Malware Ransomware RCE Scam Skimming Vulnerability Zero-day

Digital Forum exposes 800,000 user records, Charing Cross Gender Identity Clinic data leak victims claim £30,000, and more

Major cybersecurity events on 7th September 2020 (Evening Post): ACSC’s First Annual Cyber Threat Report records 59,806 cybercrimes in a year. Russian indicted for attempting to recruit Tesla employee to install malware. DDoS attacks e-learning platforms increased by 80% in 2020.

Round Up of Major Breaches and Scams

New Wave of Cryptocurrency Misappropriation, Hacking, Theft and Fraud Targeting Users Massively in 2020

Crypto criminals have ramped up cryptocurrency theft, hacking, and fraud by a significant margin in the year 2020. They have amassed a sum of $1.36 billion in ill-gotten crypto from January 2020 to May 2020, according to the blockchain analytics firm. The year 2020 is recorded being on the track to become the second-costliest year of all in the history of crypto; only behind 2019’s record of $4.5 billion. The largest contribution in the year’s ongoing standings came from Chinese scam ‘WOTOKEN’ that allegedly scammed more than 700,000 users and stole over $1 billion worth of cryptocurrencies.

New PIN Verification Bypass Flaw Affects Visa Contactless Payments

Even as Visa issued a warning about a new JavaScript web skimmer known as Baka , cybersecurity researchers have uncovered a new flaw in the company’s EMV enabled cards that enable cybercriminals to obtain funds and defraud cardholders as well as merchants illicitly. The research, published by a group of academics from the ETH Zurich, is a PIN bypass attack that allows the adversaries to leverage a victim’s stolen or lost credit card for making high-value purchases without knowledge of the card’s PIN.

Webmaster forum database exposed data of 800,000 users

A database belonging to the Digital Point webmaster forum leaked the records of over 800,000 users. San Diego, California-based Digital Point describes itself as the “largest webmaster community in the world,” bringing together freelancers, marketers, coders, and other creative professionals. On July 1, the WebsitePlanet research team and cybersecurity researcher Jeremiah Fowler uncovered an unsecured Elasticsearch database containing over 62 million records. In total, data belonging to 863,412 Digital Point users was included in the leak.

Hackers broke into the system of the Georgian Ministry of Health to steal data on the Russian nerve agent Novichok

According to the Georgian Ministry of Internal Affairs, the purpose of infiltrating the Ministry of Health’s database was to get hold of important medical records. The Ministry of Internal Affairs reported that the Cyber Crimes Department of the Criminal Police Department of the Ministry of Internal Affairs of Georgia has begun an investigation into the fact of unauthorized entry into the computer system of the Ministry of Health of Georgia.

Newcastle University says it will take “several weeks” to recover from cyber attack 

Newcastle University, in the North East of England, has suffered a cyber attack which has already caused several days of disruption to its IT services. And, the university warns, it will “take several weeks” to get systems up and running again: Our teams are working with a number of agencies to address the current issues and are taking further measures to secure the IT estate. The nature of the problem means this will be an on-going situation for some time and it will take several weeks to address.

Charing Cross Gender Identity Clinic Data Leak Victims Could Claim £30,000 in Damages

Victims of the Charing Cross Gender Identity Clinic data breach – which occurred a year to the day yesterday – could be eligible to claim up to £30,000 each in damages, according to consumer action and data breach law firm Your Lawyers. As was reported last year, the Charing Cross Gender Identity Clinic sent out mass emails to people using the CC function instead of the BCC function, mistakenly revealing the names and email addresses of close to 2000 people on its email list.

ACSC’s First Annual Cyber Threat Report Records 59,806 Cybercrimes in One Year

The Australian Cyber Security Centre (ACSC) recorded 59,806 cybercriminal complaints in the past 12 months (From July 2019 to June 2020) and responded to 2,266 legitimate ones at an average of 164 reports per day, or one report every 10 minutes. The First Annual Cyber Threat Report was jointly produced by the ACSC, the Australian Criminal Intelligence Commission (ACIC) and the Australian Federal Police (AFP). The report underlines Australia’s growing concerns about the frequency, scale, and sophistication of cyberthreats targeted at its digital and now critical infrastructure.

Round Up of Major Malware and Ransomware Incidents

Russian Indicted for Attempting to Recruit Tesla Employee to Install Malware

A Russian national has been indicted in the United States for conspiring to recruit a Tesla employee to install malware onto the company’s network. The man, Egor Igorevich Kriuchkov, 27, was arrested on August 22, when the U.S. Department of Justice announced that he had attempted to recruit an employee of a company in Nevada, offering them $1 million to install malware within the enterprise environment.

DDoS Attacks E-Learning Platforms Increased by 80% in 2020

With organizations across the world continuing their operations remotely, opportunistic cybercriminals are taking advantage of this situation by targeting online e-learning platforms. Hackers have set their sight on the education industry with various kinds of phishing attacks, fake domains, and other malicious activities. A survey from Kaspersky revealed that there has been a surge in distributed denial-of-service (DDoS) attacks on online educational services in 2020, compared to 2019.

Round Up of Major Vulnerabilities and Patches

Cisco Patches Critical Vulnerability in Jabber for Windows

Cisco last week released patches to address a critical remote code execution vulnerability in Jabber for Windows. Tracked as CVE-2020-3495 and featuring a CVSS score of 9.9, the flaw can be exploited remotely without authentication through sending a specially crafted Extensible Messaging and Presence Protocol (XMPP) message to a vulnerable application. The issue exists because the software fails to properly validate message contents.