Round Up of Major Breaches and Scams
The hacker group Lazarus attacked the developers of the coronavirus vaccine: the Ministry of Health and a pharmaceutical company in one of the Asian countries. Kaspersky Lab reported that the hacker group Lazarus has launched two attacks on organizations involved in coronavirus research. The targets of the hackers, whose activities were discovered by the company, were the Ministry of Health in one of the Asian countries and a pharmaceutical company.
Earlier today in federal court in Brooklyn, Ticketmaster L.L.C. (Ticketmaster or the Company) agreed to pay a $10 million fine to resolve charges that it repeatedly accessed without authorization the computer systems of a competitor. The fine is part of a deferred prosecution agreement that Ticketmaster has entered with the United States Attorney’s Office for the Eastern District of New York to resolve a five-count criminal information filed today charging computer intrusion and fraud offenses.
The Lavarious Gardiner v. Walmart Inc. et al. case is anything but typical. As a re-cap, back in July 2020, plaintiff filed a class action complaint against Walmart alleging that Walmart suffered a data breach which they never disclosed. As evidence of the breach, plaintiff presented claims that the personal information associated with his Walmart account had been discovered on the dark web and presented the results of security scans performed on Walmart’s website, which allegedly show certain vulnerabilities.
T-Mobile has announced a data breach exposing customers’ proprietary network information (CPNI), including phone numbers and call records. Starting yesterday, T-Mobile began texting customers that a “security incident” exposed their account’s information. According to T-Mobile, its security team recently discovered “malicious, unauthorized access” to their systems. After bringing in a cybersecurity firm to perform an investigation, T-Mobile found that threat actors gained access to the telecommunications information generated by customers, known as CPNI.
A federal judge dismissed Apple’s claim that virtualization startup Corellium was involved in copyright infringement and violated the DMCA. On Tuesday, Apple Inc. received a big setback. The company had filed a lawsuit against the virtualization software provider and cybersecurity firm Corellium back in August 2019. The iPhone maker claimed that Corellium’s product infringed its copyright. Later, the company added that Corellium’s product also violated the Digital Millenium Copyright Act (DMCA).
US Cybersecurity and Infrastructure Security Agency (CISA) urges US federal agencies to update the SolarWinds Orion software by the end of the year. The US Cybersecurity and Infrastructure Security Agency (CISA) has updated its official guidance to order US federal agencies to update the SolarWinds Orion platforms by the end of the year. According to the CISA’s Supplemental Guidance to Emergency Directive 21-01, all US government agencies running the SolarWinds Orion app must update to the latest 2020.2.1HF2 version by the end of the year or take them offline.
What sounds like a nightmare for a company? Waking up to the news that the data of their customers is being sold online. That’s exactly what has happened to Ho-Mobile, an Italian phone service provider owned by Vodafone Italy. Apparently, the personal data of over 2.5 million Ho-Mobile’s customers is being sold on a dark web hacker forum. The data includes personally identifiable information such as date of births, phone numbers, fiscal codes physical addresses, and email addresses.
Round Up of Major Malware and Ransomware Incidents
The internal networks of Lithuania’s National Center for Public Health (NVSC) and several municipalities have been infected with Emotet malware following a large campaign targeting the country’s state institutions. “When infected recipients opened infected messages, the virus entered the internal networks of the institutions,” NVSC officials said in a statement published today. “Infected computers, after downloading additional files, began sending fake emails or engaging in other types of malicious activity.”
And here we go… yet another French city and agglomeration have been hit by malware Is any French news outlet going to find out and tell us what kind of malware and what the ransom demands are, if there are demands? Translation from Le Dauphiné follows: During the night of December 27 to 28, the Greater Annecy agglomeration was the victim of a computer attack which required the shutdown of its servers and applications, making activities requiring the Internet impossible.
The City of Cornelia is dealing with a ransomware incident that began on December 26. We have anticipated situations such as this and, out of an abundance of caution, we have taken down our network while we investigate and restore our data. We have alerted law enforcement and we are cooperating with their investigation. First responders and emergency phone lines are unaffected. City operations such as garbage pickup and utility work are proceeding normally. City Hall phones and emails are currently working.
A newly discovered and self-spreading Golang-based malware has been actively dropping XMRig cryptocurrency miners on Windows and Linux servers since early December. This multi-platform malware also has worm capabilities that allow it to spread to other systems by brute-forcing public-facing services (i.e., MySQL, Tomcat, Jenkins and WebLogic) with weak passwords as revealed by Intezer security researcher Avigayil Mechtinger.
Round Up of Major Vulnerabilities and Patches
Google has addressed a bug in its feedback tool incorporated across its services that could have allowed attackers to view users’ private docs. Google has addressed a flaw in its feedback tool that is part of multiple of its services that could be exploited by attackers to take screenshots of sensitive Google Docs documents by embedding them in a malicious website. The vulnerability was discovered by the security researcher Sreeram KL, he demonstrated how to exploit it to hijack Google Docs screenshot of any document due to postmessage misconfiguration and browser behavior.