APT Breach Data leak Hacking Misinformation Ransomware Scam Vulnerability

FBI warns over election disinformation campaign, Indian COVID-19 monitoring tool exposes 8M users data, and more

Major cybersecurity events on 23rd September 2020 (Evening Post): OldGremlin hacking group strikes Russian companies with ransomware. New Zebrocy campaign, associated with Russian state-linked threat actor APT28, targets countries affiliated with NATO.

Round Up of Major Breaches and Scams

FBI Issues Warning Over US Election Disinformation Campaigns

The US government has been forced to sound the alarm over anticipated attempts by hostile nations and cyber-criminals to spread disinformation around the results of the 2020 elections. In a new Public Service Announcement on Tuesday, the FBI and Cybersecurity and Infrastructure Security Agency (CISA) warned that “foreign actors and cyber-criminals” could use several channels to undermine confidence in the democratic process, including new and defaced websites and social media posts.

India’s COVID-19 surveillance tool exposed millions of user data

The COVID-19 surveillance tool built by the Uttar Pradesh state government has put data of approx. 8 million Indian citizens at risk. A research report from VPNmentor revealed that a COVID-19 surveillance tool dubbed Surveillance Platform Uttar Pradesh COVID-19 was compromised on August 1st, leading to a massive data breach. According to researchers, various vulnerabilities were exploited to compromise the surveillance platform, but the primary reason behind the breach was a severe lack of security.

Facebook wipes out Chinese, Filipino misinformation campaigns

Facebook has eradicated two separate networks that have covertly spread content concerning hot political topics and propaganda. On Tuesday, Facebook Head of Security Policy Nathaniel Gleicher said in a blog post that the networks, one originating in China and the other in the Philippines, violated the firm’s coordinated inauthentic behavior (CIB) policies, which ban accounts, pages, and groups from “misleading others about who they are or what they are doing.”

Airbnb Accounts Exposed to Hijacking Due to Phone Number Recycling

A cybersecurity enthusiast learned recently that Airbnb accounts can be easily hijacked by creating a new account on the home-rental service with a phone number that in the past belonged to another Airbnb customer. The security risk posed by recycled phone numbers has been known for years, and the services of several major companies were found to be impacted in the past. It seems that Airbnb is affected as well, but the company says only a very small number of users are impacted.

Round Up of Major Malware and Ransomware Incidents

A New Hacking Group Hitting Russian Companies With Ransomware

As ransomware attacks against critical infrastructure continue to spike in recent months, cybersecurity researchers have uncovered a new entrant that has been actively trying to conduct multistage attacks on large corporate networks of medical labs, banks, manufacturers, and software developers in Russia.The ransomware gang, codenamed “OldGremlin” and believed to be a Russian-speaking threat actor, has been linked to a series of campaigns at least since March, including a successful attack against a clinical diagnostics laboratory that occurred last month on August 11.

New Zebrocy Campaign Suggests Russia Continues Attacks on NATO

QuoINT security researchers have identified a new Zebrocy campaign targeting countries associated with the North Atlantic Treaty Organization (NATO). Detailed for the first time in 2018, Zebrocy has been associated with the Russia-linked state-sponsored threat actor APT28 (also known as Fancy Bear, Pawn Storm, Sednit, and Strontium), which has been active since at least 2007. While some security researchers see Zebrocy as a separate adversary, others have shown connections between various threat actors operating out of Russia, including a link between GreyEnergy and Zebrocy attacks.

Round Up of Major Vulnerabilities and Patches

Microsoft leaks 6.5TB in Bing search data via unsecured Elastic server.

Microsoft exposed a 6.5TB Elastic server to the world, including search terms, location coordinates, device ID data, and a partial list of which URLs were visited, earlier this month. According to a report from security site WizCase, the server was password-protected until around 10 September, when “the authentication was removed”. WizCase code-prober Ata Hakcil discovered the leak on 12 September. The data appears to be generated by the Bing mobile app, which promises users “Getting rewarded is easy, just search with the Bing,” and has been downloaded more than 10 million times from Google’s Play Store.