Categories
Breach Bug Cyber Security Data leak DDoS Hacking Phishing Ransomware Scam Vulnerability

Dunzo hacked, 11GB worth data leaked, Tesco phishing scam targets litigation firm, and more

Major cybersecurity events on 22nd July 2020 (Evening Post): US Department of Justice accuses Chinese hackers of stealing trade secrets, targeting COVID-19 research. Sawfish phishing scam targets DeepSource, resets logins. Blackbaud pays ransom following data breach.

Round Up of Major Breaches and Scams

US DoJ charges Chinese hackers for targeting COVID-19 research

US Justice Department accused two Chinese hackers of stealing trade secrets from companies worldwide and targeting firms developing a COVID-19 vaccine. This week, the US Justice Department accused two Chinese hackers of stealing trade secrets from companies worldwide and recently involved in attacks against firms developing a vaccine for the COVID-19. According to the indictment, Chinese hackers were probing computer networks of companies working on the development of vaccines and treatments.

Software firm leaks 25GB worth of subscription & Ancestry.com user data

Researchers at cybersecurity firm WizCase discovered a misconfigured cloud server that exposed exclusive customers data of a US-based tech firm that manages the famous Family Tree Maker software, also called FTM. The research team led by Avishai Efrat claims that the database contained around 25GB worth of data belonging to “The Software MacKiev Company,” which syncs Ancestry.com’s user data, a popular platform for family history search.

Google funded delivery service Dunzo hacked; 11GB worth of data leaked

The exact date of Dunzo data breach is unclear however its database was leaked last week. A Google-sponsored hyperlocal delivery service startup Dunzo has confirmed to have suffered a data breach affecting one of its databases containing customer records. It is worth noting that Dunzo acknowledged the data breach last week. However, this article includes additional details including a screenshot that shows what was stolen and leaked by the hacker.

DeepSource resets logins after employee falls for Sawfish phishing

GitHub notified DeepSource earlier this month of detecting malicious activity related to the startup’s GitHub app after one of their employees fell victim to the Sawfish phishing campaign. DeepSource provides developers with automated static code analysis tools for GitHub, GitLab, and Bitbucket repositories that help spot and fix issues during code review. According to its website, the startup’s client list includes Intel, NASA, Slack, and Uber.

Litigation Firm Discovers a New Phishing Scam Falsely Purporting To Be From Leading UK Supermarket

A litigation firm discovered a new phishing scam falsely indicating to be from a leading UK supermarket Tesco. The scam had utilized SMS and email communication planned to fool customers into handling over their subtleties, and steal classified and payment data. The fraud started through an official-looking but fake Facebook page entitled ‘Tesco UK’ which shared images implying to be from a Tesco warehouse, showing stuffed boxes of HD television sets.

Phishing campaign uses Google Cloud Services to steal Office 365 logins

Fraudsters looking to collect login details are increasingly turning to public cloud services to host lure documents and phishing pages, making it more difficult for targets to detect the attack. The trend has gained traction among cybercriminals, who rely on multiple cloud services to host phishing landing pages and the lure documents redirecting to them. Fraudsters set up a clever scenario that involves multiple legitimate elements to hide the theft of Office 365 credentials.

Round Up of Major Malware and Ransomware Incidents

Cloud computing provider Blackbaud paid a ransom after data breach

Cloud software provider Blackbaud revealed to have paid crooks to decrypt its data following a ransomware attack that took place in May 2020. Blackbaud is a cloud computing provider that serves the social good community — nonprofits, foundations, corporations, education institutions, healthcare organizations, religious organizations, and individual change agents. Its products focus on fundraising, website management, CRM, analytics, financial management, ticketing, and education administration.

Round Up of Major Vulnerabilities and Patches

Camera privacy bug found in Firefox Android in 2019 hasn’t been fixed yet

The issue was originally raised in July 2019 by a Firefox Android user stating that their phone’s camera remains active when the app is in the background or even when the phone is locked. Last year, a bug was found in Mozilla Firefox that hasn’t been fixed yet and is now distressing Android users’ ensuing privacy concerns. Courtesy of an Appear TV (video delivery platform) employee who brought the issue to light in July 2019.