Round Up of Major Breaches and Scams
The Financial Times was the first to break this story earlier today (29th December 2020. This breach occurred when GetSchooled (getschooled.com), a charity founded by the Bill & Melinda Gates Foundation in collaboration with Viacom left a database open and accessible to anyone with a browser and internet connection. According to TurgenSec: The breach impacts 930k individuals, composed of children (10-16y/o), some young adults and some college students.
The United States Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) has issued an alert to warn financial institutions of fraud and cyberattacks related to COVID-19 vaccines. As vaccination against the COVID-19 coronavirus is kicking off worldwide, fraudsters and other types of threat actors are attempting to capitalize on the situation by selling illegal or counterfeit goods, conducting phishing, targeting unsuspecting users with malware, and more.
Amid the rising number of text messaging scams this holiday season, the FTC has issued an advisory asking users to remain vigilant against these scammers posing as package delivery partners like FedEx and UPS. In a topsy-turvy year where everyone wished to just hit the skip button and roll on to the next year, the holiday season comes as a pleasant change. After a very long time, marketing and sales pundits are reporting positive shopping and buying sentiments. Since many countries, including Germany, Spain, France, and the U.K., are again going back under a forced lockdown, the physical shopping spree is not possible this season.
China’s public security agencies investigated and settled more than 3,100 criminal cases involving personal information breaches this year, with more than 9,700 suspects arrested, according to the Ministry of Public Security. By Dec 20, police across the country had dismantled more than 40 criminal gangs and arrested more than 860 suspects in 50 cases related to the theft and sale of the personal information of minors and senior citizens, said the ministry.
Round Up of Major Malware and Ransomware Incidents
Global pandemic and the easy availability of for-hire services and inexpensive tool sets gave adversaries more opportunities to attack. The large-scale shift to remote work and the increased reliance on online services as the result of the global pandemic this year gave threat actors new opportunities to use distributed denial-of-service (DDoS) attacks to harass and extort organizations.
Round Up of Major Vulnerabilities and Patches
CISA’s free detection tool, dubbed Sparrow, detects unusual intrusions and anomalies by verifying the unified Azure/M365 audit log for indicators of compromise (IoCs), lists Azure AD domains, and checks Azure service principals and their Microsoft Graph API permissions. The Cybersecurity and Infrastructure Security Agency (CISA) has launched a detection tool to identify any unusual or malicious activities in an Azure/Microsoft O365 environment. The agency stated the free detection tool, dubbed Sparrow, is created in response to the recent identity and authentication-based attacks targeting Azure users.