Round Up of Major Breaches and Scams
Albion Online game maker discloses a data breach, hackers gained access to the company forum database by exploiting a known vulnerability. Albion Online (AO) is a free medieval fantasy MMORPG developed by Sandbox Interactive, a studio based in Berlin, Germany. A threat actor has breached the forum of Albion Online and stole usernames and password hashes from its database. According to Sandbox Interactive, the intrusion took place on Friday, October 16, and the hacker exploited a vulnerability in its forum platform, known as WoltLab Suite.
The last quarter of 2020 has seen a wave of web application attacks which have used ransom letters to target businesses across a number of industries. According to research from Akamai, the largest of these attacks sent over 200Gbps of traffic at their targets as part of a sustained campaign of higher Bits Per Second (BPS) and Packets Per Second (PPS) than similar attacks had displayed a few weeks prior.
The shift to remote working spurred Microsoft and Amazon to the top of the heap for cybercriminals to use as lures in the third quarter. Microsoft is top of the heap when it comes to hacker impersonations – with Microsoft products and services featuring in nearly a fifth of all global brand phishing attacks in the third quarter of this year. That’s according to Check Point, which found that the computing giant leapt from fifth place in the second quarter to first place for the quarter ended in September, as phishers continue to capitalize on remote workforces created by the coronavirus pandemic.
Google revealed last week that its infrastructure was targeted in a record-breaking distributed denial-of-service (DDoS) attack back in September 2017. When measuring DDoS attacks, Google looks at three main metrics: bits per second (bps) for attacks targeting network links, requests per second (rps) for attacks targeting application servers, and packets per second (pps) for attacks targeting DNS servers and network devices.
Round Up of Major Malware and Ransomware Incidents
Researchers have uncovered a new form of malware using remote overlay attacks to strike Brazilian bank account holders. The new malware variant, dubbed Vizom by IBM, is being utilized in an active campaign across Brazil designed to compromise bank accounts via online financial services. On Tuesday, IBM security researchers Chen Nahman, Ofir Ozer, and Limor Kessem said the malware uses interesting tactics to stay hidden and to compromise user devices in real-time — namely, remote overlay techniques and DLL hijacking.
A new threat report shows that APTs are switching up their tactics when exploiting Microsoft services like Exchange and OWA, in order to avoid detection. New, sophisticated adversaries are switching up their tactics in exploiting enterprise-friendly platforms — most notably Microsoft Exchange, Outlook Web Access (OWA) and Outlook on the Web – in order to steal business credentials and other sensitive data.
The UK’s data privacy watchdog on Friday slashed a fine imposed on British Airways over a cyber attack after taking into account coronavirus fallout on the embattled airline’s finances. The UK Information Commissioner’s Office said BA would be fined a “record” £20 million ($25 million, 22 million euros), considerably less that the proposed amount totalling £183 million.
After a short pause, a new Emotet malware campaign was spotted by the experts on October 14th, crooks began using a new ‘Windows Update’ attachment. After a short interruption, a new Emotet malware campaign was spotted by the experts in October. Threat actors began using new Windows Update attachments in a spam campaign aimed at users worldwide. The spam campaign uses a new malicious attachment that pretends to be a message from Windows Update and attempts to trick the victims recommending to upgrade Microsoft Word.
When it comes to stamping out the kind of surveillance software that domestic abusers use to spy on their romantic partners, there’s still a long way to go. Security firms, victim advocacy groups and anti-domestic abuse organizations combined forces roughly a year ago to bring an end to stalkerware, the kind of technology that people use to monitor their domestic partners’ devices. The group, known as the Coalition Against Stalkerware, has made progress in the past 12 months or so, though there’s still a long road ahead, said Eva Galperin, the director of cybersecurity at the Electronic Frontier Foundation, one of the founding members of the coalition.
Round Up of Major Vulnerabilities and Patches
A hacker collective claims to have hacked over 50,000 home security cameras and published their footage online, some of them on adult sites. A group of hackers claims to have compromised over 50,000 home security cameras and published their private footage online. Some footages were published on adult sites, experts reported that crooks are offering lifetime access to the entire collection for US$150.
As part of the October 2020 Patch Tuesday security updates, Microsoft has added a new option to Windows to let system administrators disable the JScript component inside Internet Explorer. The JScript scripting engine is an old component that was initially included with Internet Explorer 3.0 in 1996 and was Microsoft’s own dialect of the ECMAScript standard. Development on the JScript engine ended, and the component was deprecated with the release of Internet Explorer 8.0 in 2009, but the engine remained in all Windows OS versions as a legacy component inside IE.
Discord has patched a critical issue in the desktop version of the messaging app which left users vulnerable to remote code execution (RCE) attacks. Bug bounty hunter Masato Kinugawa developed an exploit chain leading to RCE several months ago and published a blog post over the weekend describing the technical details of the method, which combines multiple bugs.