Categories
Bug CVE Cyber Security Data leak Malware Ransomware Vulnerability

FBI Issues Warning of Hackers Spoofing Its Internet Domain, TikTok fixes bugs allowing account takeover with one click, and more

Major cybersecurity events on 24th November 2020 (Evening Post): FBI Issues Warning of Hackers Spoofing Its Internet Domain, TikTok fixes bugs allowing account takeover with one click, VMware discloses critical zero-day in Workspace One.

Round Up of Major Breaches and Scams

NCSC Issues Warning About Expected #BlackFriday Scams

The National Cyber Security Centre (NCSC) has issued refreshed guidance for online shopping ahead of this week’s Black Friday. The NCSC said that cyber-criminals are seeking to exploit an increased number of online shopping transactions in the run-up to Christmas and anticipated that consumers may slightly lower their guards during the rush to bag the best deals.

Louisiana Hospitals Report Data Breach

The data of thousands of patients has been exposed following a cyber-attack on Louisiana State University medical centers. LSU Health New Orleans issued a HIPAA breach notification on November 20 after detecting a cyber-intrusion into an employee’s electronic mailbox.

FBI Issues Warning of Hackers Spoofing Its Internet Domain

The FBI has issued a warning about a series of spoofed domains that are being used by cybercriminals in an attempt to steal user information. Spoofed domains typically look like real domains, only that malicious actors turn to a very simple trick: they change one letter, the Internet domain, or add more words that make sense for each target, all in an attempt to trick users into thinking they’re loading the legitimate site.

Round Up of Major Malware and Ransomware Incidents

FBI issued an alert on Ragnar Locker ransomware activity

The U.S. Federal Bureau of Investigation (FBI) issued a flash alert (MU-000140-MW) to warn private industry partners of an increase of the Ragnar Locker ransomware activity following a confirmed attack from April 2020.

Malware creates scam online stores on top of hacked WordPress sites

A new cybercrime gang has been seen taking over vulnerable WordPress sites to install hidden e-commerce stores with the purpose of hijacking the original site’s search engine ranking and reputation and promote online scams.

Attack on Vendor Affects Website of Arizona Court System

An internet interruption resulting from a ransomware attack on a hosting provider has limited functionality of the Arizona state court system’s webpage for most of this week, according to the vendor and court officials.

Round Up of Major Vulnerabilities and Patches

TikTok fixes bugs allowing account takeover with one click

TikTok has addressed two vulnerabilities that could have allowed attackers to take over accounts with a single click when chained together for users who signed-up via third-party apps. TikTok’s Android app currently has over 1 billion installs according to official Google Play Store stats.

VMware discloses critical zero-day CVE-2020-4006 in Workspace One

VMware has released a workaround to address a critical zero-day vulnerability, tracked as CVE-2020-4006, that affects multiple VMware Workspace One components. The flaw could be exploited by attackers to execute commands on the host Linux and Windows operating systems using escalated privileges.