Categories
Adware BEC Bug CVE Cyber Security Cybersquatting Phishing Ransomware RAT RCE Scam Skimming Spam Trojan Vulnerability Zero-day

Facebook, Twitter suspends Russian propaganda accounts, Russia’s IRA discusses QAnon on Facebook, and more

Major cybersecurity events on 2nd September 2020 (Morning Post): Russian engineer, Pavel Zhovner, raised $5 million for Tamagotchi for Flipper Zero hackers. Cybercriminals launch new scams targeting global brand domain names. Magecart credit-card skimmer adds Telegram as C2 channel.

Round Up of Major Breaches and Scams

Russian engineer raised $5 million for Tamagotchi for hackers

Russian techno enthusiast Pavel Zhovner raised almost $5 million for the production of Tamagotchi for hackers Flipper Zero.  The project attracted 37,987 users of the Kickstarter crowdfunding platform. Zhovner launched the campaign in early August and expected to be able to raise at least $60,000 within a month — the minimum amount needed to start production in China. However, the enthusiast received this money within 8 minutes after the start of the collection.

Facebook and Twitter suspend Russian propaganda accounts following FBI tip

Following investigations started by both platforms, Facebook said it removed 13 accounts and two pages, while Twitter said it banned five accounts, all of which were used to promote news articles hosted on the PeaceData.net website. In a report published today analyzing PeaceData’s operations, social media research group Graphika said the news site focused on publishing news articles in both English and Arabic, critical of the US, the UK, and France.

Anti-Phishing Startup Pixm Aims to Hook Browser-Based Threats

An anti-phishing startup is rethinking its approach to protecting consumers and businesses from malicious websites with computer vision technology. Pixm’s browser plug-in uses artificial intelligence to analyze websites and determine if they’re impersonating a legitimate company. Pixm was founded in 2015 to protect users from browser-based phishing attacks that appear in emails, chats, and social media.

Norway ‘s Parliament, Stortinget, discloses a security breach

Norway’s parliament announced Tuesday that it was the target of a major cyber-attack that allowed hackers to access emails and data of a small number of parliamentary representatives and employees. Stortinget director Marianne Andreassen confirmed that an investigation into the incident is ongoing, for this reason, he did not provide any detail on the possible origin of the attackers.

State voter registration systems have not been hacked, officials say

Federal and state officials said Tuesday that despite fears to the contrary, there’s no evidence that any state’s voter registration database has been hacked this year. A viral article in the Russian newspaper Kommersant claimed that a user on a Russian hacker forum had acquired the personal information of 7.6 million voters in Michigan and other voters in several other states, prompting claims that they had recently been hacked.

Russia’s IRA used phony news accounts on Facebook to discuss QAnon, coronavirus

Russia’s troll farm again is trying to use Facebook to inflame divisions in the U.S. ahead of a presidential election. Facebook on Tuesday said it removed 13 accounts and two pages, which had 14,000 followers, affiliated with the Internet Research Agency, a Russian organization with a long history of using fake social media accounts to exploit political tension. The accounts impersonated independent news outlets to create discussions about the coronavirus pandemic, Joe Biden’s political candidacy and the right-wing conspiracy QAnon, among other topics.

Cyber-Criminals Mimicking Global Brand Domain Names to Launch Scams

Cyber-criminals are regularly mimicking the domain names of mainstream global brands to scam consumers, a practice known as cyber-squatting, according to a new study by Palo Alto Networks. It found that the types of domains most commonly impersonated for malicious purposes relate to the most profitable companies worldwide, such as mainstream search engines and social media, financial, shopping, and banking websites. The primary purpose is to launch phishing attacks and scams on users in order to steal credentials or money.

Magecart Credit-Card Skimmer Adds Telegram as C2 Channel

The e-commerce card-skimming landscape has a new wrinkle: Cybercriminals affiliated with the Magecart collective are using encrypted messaging service Telegram as a channel for sending stolen credit-card information back to its command-and-control (C2) servers. That’s according to researchers who pointed out that card-skimmers typically harvest data from online checkout pages and then send the information back to a domain or IP address controlled by the attackers.

Round Up of Major Malware and Ransomware Incidents

Apple mistakenly approved malware camouflaged as Adobe Flash Player

Security researcher Patrick Wardle reports that Apple accidentally approved an app for its macOS that contained what Kaspersky regarded as the biggest threat to Macs in 2019, a trojan downloader called Shlayer. It has the capability of spreading via fake applications and bombards the device with adware. macOS is considered a secure operating system when compared to Windows. However, lately, the number of malware campaigns targeting macOS increased considerably, prompting Apple to mitigate the threat through notarization.

Iranian Rookie Cybercriminals Target Global Corporates with Dharma Ransomware

Group-IB researchers have detected attacks on multiple companies across the globe that are carried out by Iranian newbie threat actors for financial gain. These attacks have been actively orchestrated since at least June 2020. The threat actors are using Dharma ransomware along with a set of other publicly available tools to target companies specifically in Russia, Japan, China, and India.

Round Up of Major Vulnerabilities and Patches

Hackers Are Attempting to Cripple Cisco Networking Kit via New 0Day

Hackers are actively trying to exploit several high-severity memory exhaustion weaknesses in Cisco software that runs carrier-class routers, the company has warned. Multiple vulnerabilities have been detected in the distance vector multicast routing protocol (DVMRP) feature of Cisco IOS XR Software, which runs routers and other network devices. If it exploited they “could allow an unauthenticated, remote attacker to exhaust process memory of an affected device,” the company said.

Magento Sites Vulnerable to RCE Stemming From Magmi Plugin Flaws

Researchers have disclosed two flaws that could enable remote code execution attacks on the Magento Mass Import (Magmi) plugin, an open source database client that imports data into Magento. Magmi is a Magento database client written in PHP, which is used to perform raw bulk operations on the models of an online store. A patch has only been published for one of the two flaws (CVE-2020-5777), in Magmi version 0.7.24, Sunday.

Valorant update causes VCRUNTIME140.dll is missing error, how to fix

After installing today’s Valorant 1.07 update, Windows users are reporting that they are unable to launch the game and are shown either a ‘VCRUNTIME140.dll is missing’ or ‘VCRUNTIME140_1.dll is missing’ error. When building today’s update, Riot Games forgot to include a Windows dynamic link library (DLL) that is required to run the game. As these required DLLs are not installed in Windows, when you start Valorant, the game was displaying a ‘VCRUNTIME140.dll is missing’  or ‘VCRUNTIME140_1.dll is missing’ error.

Google now pays for bugs used to bypass its anti-fraud systems

Google today announced that the company’s Vulnerability Reward Program has expanded to also include bug reports on methods threat actors can use to bypass the company’s abuse, fraud, and spam systems. Reports highlighting such abuse techniques submitted to the Google Vulnerability Reward Program (VRP) will be reviewed by the company’s Trust & Safety team whose experts are specialized in preventing and mitigating abuse, fraud, and spam activity across Google’s product platforms.