Round Up of Major Breaches and Scams
The personal details of more than 538 million users of Chinese social network Weibo are currently available for sale online. In ads posted on the dark web and other places, a hacker claims to have breached Weibo in mid-2019 and obtained a dump of the company’s user database. The database allegedly contains the details for 538 million Weibo users. Personal details include the likes of real names, site usernames, gender, location, and — for 172 million users — phone numbers.
An HHS.gov open redirect is currently being used by attackers to push malware payloads onto unsuspecting victims’ systems with the help of coronavirus-themed phishing emails. The open redirect (https://dcis.hhs.gov/cas/login?service=MALICIOUSURL&gateway =true) is present on the subdomain of HHS’s Departmental Contracts Information System.
Fortune 500 technology giant General Electric (GE) disclosed that personally identifiable information of current and former employees, as well as beneficiaries, was exposed in a security incident experienced by one of GE’s service providers.
Sites promoting a bogus Corona Antivirus are taking advantage of the current COVID-19 pandemic to promote and distribute a malicious payload that will infect the target’s computer with the BlackNET RAT and add it to a botnet. The two sites promoting the fake antivirus software can be found at antivirus-covid19[.]site and corona-antivirus[.]com as discovered by the Malwarebytes Threat Intelligence team and researchers at MalwareHunterTeam, respectively.
The research and teaching hospital, located on the campus of the University of Utah, said the intrusion was the result of a phishing attack, and it took place sometime between January 7 and February 21, 2020. University of Utah Health says it immediately secured the compromised accounts and launched an investigation, which revealed that the email accounts included some patient information, such as names, dates of birth, medical record numbers, and clinical information about received care.
Round Up of Major Malware and Ransomware Incidents
Researchers discovered a new Coronavirus safety Android App that infects Android users via malware, as a result, it hefty usage charges for victims. Attackers taking advantage of the Coronavirus fear to continuously exploit online users by infecting their mobile with various tactics and techniques. An App called “Corona Safety Mask” that is spread via the malicious domain ” hxxp://coronasafetymask.tk” and force users to install the APK in their Android to receive a Free Corona safety mask.
As if people did not have enough to worry about, attackers are now targeting them with Coronavirus (COVID-19) phishing emails that install ransomware. While we do not have access to the actual phishing email being sent, MalwareHunterTeam was able to find an attachment used in a new Coronavirus phishing campaign that installs the Netwalker Ransomware.
A new cyber-attack is hijacking router’s DNS settings so that web browsers display alerts for a fake COVID-19 information app from the World Health Organization that is the Vidar information-stealing malware. These alerts were being caused by an attack that changed the DNS servers configured on their home D-Link or Linksys routers to use DNS servers operated by the attackers.
The ransomware attacks occurred between January 2018 and February 2020, and have put school districts and agencies on edge amid warnings of more technology terror, the Albuquerque Journal reports. The New Mexico victims were not targeted because they were perceived to have an abundance of cash. Instead, they were the victims of phishing.
Round Up of Major Vulnerabilities and Patches
At least three botnet operators have secretly exploited three zero-day vulnerabilities in LILIN digital video recorders (DVRs) for more than six months before the vendor finally patched the bugs last month, in February 2020.
There is a missing authorization check in the WPvivid plugin that can lead to the exposure of the database and all files of the WordPress site. The WPvivid Backup Plugin is described as “Migrate a copy of WP site to a new host (a new domain), schedule backups, send backups to leading remote storage. All in one backup&migration plugin”.
Hackers are exploiting a zero-day vulnerability in the Windows OS to take over systems, Microsoft said in a security alert today. The zero-day is located in the Adobe Type Manager Library (atmfd.dll), a library that Microsoft uses to render PostScript Type 1 fonts inside Windows. Microsoft says there are two remote code execution (RCE) vulnerabilities in this built-in library that allow attackers to run code on a user’s system and take actions on their behalf.
Password managers are encrypted vaults employed to store credentials and other sensitive information, and they allow the use of strong, unique credentials for each of the applications and online services an individual uses. Many security experts encourage the use of these password managers, although they also recommend the adoption of multi-factor authentication (MFA), to ensure that attackers can’t access a user’s account even if the credentials protecting it are compromised.
Hackers could have caused a Tesla Model 3’s central touchscreen to become unusable simply by getting the targeted user to visit a specially crafted website. The car maker has released a software update that patches the vulnerability.
According to Microsoft, the vulnerabilities exist due to the way the Windows Adobe Type Manager library handles a “specially-crafted multi-master font – Adobe Type 1 PostScript format.” Adobe told SecurityWeek that the impacted library is exclusively supported by Microsoft and Adobe product users are not at risk. An attacker can exploit the flaws by convincing the targeted user to open a specially crafted document or viewing it in the Windows Preview pane, which has been described as an attack vector for these vulnerabilities.
A vulnerability in the popular Apache Tomcat web server is ripe for active attack, thanks to a proof-of-concept (PoC) exploit making an appearance on GitHub. The now-patched bug affects Tomcat versions 7.0, 8.5 and 9.0. Researchers said that a working exploit for CVE-2020-1938 leaked on GitHub makes is a snap to compromise webservers.