Categories
Breach Bug Cyber Security Data leak DDoS Hacking Malware Phishing Ransomware Scam Vulnerability

GetSchooled breach impacts 930k individuals, Text messaging scams rise amid the holiday season, and more

Major cybersecurity events on 30th December 2020 (Evening Post): China settles over 3,100 personal data breach cases in 2020. U.S. Treasury warns financial institutions of COVID-19 vaccine-related cyberattacks, scams. DDoS attacks spiked, became more complex in 2020.

Round Up of Major Breaches and Scams

Bill & Melinda Gates Foundation’s Charity GetSchooled Breaches 900k Children’s Details

The Financial Times was the first to break this story earlier today (29th December 2020. This breach occurred when GetSchooled (getschooled.com), a charity founded by the Bill & Melinda Gates Foundation in collaboration with Viacom left a database open and accessible to anyone with a browser and internet connection. According to TurgenSec: The breach impacts 930k individuals, composed of children (10-16y/o), some young adults and some college students.

U.S. Treasury Warns Financial Institutions of COVID-19 Vaccine-Related Cyberattacks, Scams

The United States Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) has issued an alert to warn financial institutions of fraud and cyberattacks related to COVID-19 vaccines. As vaccination against the COVID-19 coronavirus is kicking off worldwide, fraudsters and other types of threat actors are attempting to capitalize on the situation by selling illegal or counterfeit goods, conducting phishing, targeting unsuspecting users with malware, and more.

Text Messaging Scams Rise Amid the Holiday Season: FTC

Amid the rising number of text messaging scams this holiday season, the FTC has issued an advisory asking users to remain vigilant against these scammers posing as package delivery partners like FedEx and UPS. In a topsy-turvy year where everyone wished to just hit the skip button and roll on to the next year, the holiday season comes as a pleasant change. After a very long time, marketing and sales pundits are reporting positive shopping and buying sentiments. Since many countries, including Germany, Spain, France, and the U.K., are again going back under a forced lockdown, the physical shopping spree is not possible this season.

China settles over 3,100 personal data breach cases in 2020

China’s public security agencies investigated and settled more than 3,100 criminal cases involving personal information breaches this year, with more than 9,700 suspects arrested, according to the Ministry of Public Security. By Dec 20, police across the country had dismantled more than 40 criminal gangs and arrested more than 860 suspects in 50 cases related to the theft and sale of the personal information of minors and senior citizens, said the ministry.

Round Up of Major Malware and Ransomware Incidents

DDoS Attacks Spiked, Became More Complex in 2020

Global pandemic and the easy availability of for-hire services and inexpensive tool sets gave adversaries more opportunities to attack. The large-scale shift to remote work and the increased reliance on online services as the result of the global pandemic this year gave threat actors new opportunities to use distributed denial-of-service (DDoS) attacks to harass and extort organizations.

Round Up of Major Vulnerabilities and Patches

Sparrow: CISA’s Free Anomalies Detection Tool for Azure/M365 Environment

CISA’s free detection tool, dubbed Sparrow, detects unusual intrusions and anomalies by verifying the unified Azure/M365 audit log for indicators of compromise (IoCs), lists Azure AD domains, and checks Azure service principals and their Microsoft Graph API permissions. The Cybersecurity and Infrastructure Security Agency (CISA) has launched a detection tool to identify any unusual or malicious activities in an Azure/Microsoft O365 environment. The agency stated the free detection tool, dubbed Sparrow, is created in response to the recent identity and authentication-based attacks targeting Azure users.