Breach Bug CVE Cyber Security Data leak Hacking Malware Ransomware Vulnerability

Gothic Panda, Stone Panda attack Indian companies, Data of Avito, Yula users appear on the internet, and more

Major cybersecurity events on 27th July 2020 (Morning Post): Russia’s GRU military intel agency behind most aggressive hacking attacks on US govt. Cyber criminals target Airtel customers with eSIM swapping fraud. Researchers suggest that users patch ASUS routers, as they can be reflashed with malware.

Round Up of Major Breaches and Scams

Russia’s GRU hackers hit US government and energy targets

Russia’s GRU military intelligence agency has carried out many of the most aggressive acts of hacking in history: destructive worms, blackouts, and—closest to home for Americans—a broad hacking-and-leaking operation designed to influence the outcome of the 2016 US presidential election. Now it appears the GRU has been hitting US networks again, in a series of previously unreported intrusions that targeted organizations ranging from government agencies to critical infrastructure.

Gothic Panda and Stone Panda: Chinese Hackers that Launched Mass Cyber Attacks on Indian Companies

Two Hacking groups from China named Gothic Panda and Stone Panda have been identified for organizing the majority of the cyber attacks on Indian companies in June 2020. Mumbai Mirror reported was the first to know about the incident. On 20th June, it published a report on its website regarding the issue. As per the cybersecurity experts, the word is that both the hacking groups are likely to work independently and not state-sponsored; however, they work in the interests of the Chinese government.

Databases of users of Russian ad services Avito and Yula have appeared on the network

A representative of Yula said that the uploaded files do not contain personal data of users of the service. Six files with tables in CSV format are in the public domain, which means that anyone can download them. Each file contains the data of about 100 thousand users (three databases with information from Avito users, and three more from Yula users). Each record contains information about the user’s region of residence, phone number, address, product category, and time zone.

eSIM Swapping Fraud: Cyber Criminals Targeting Airtel Customers in Hyderabad

Hyderabad witnessed three back to back cases of cyberfraud wherein criminals targeted Airtel customers promising them eSIM connection that led to a fraud of more than 16 lakh Rs. In the wake of the frauds, the Hyderabad cyber crime police station issued an advisory alerting Airtel customers regarding the fraudsters befooling people in the name of the eSIM connection. S. Appalanaidu, a resident of Miyapur, Hyderabad received a message on 11th July informing him that if he fails to update his KYC details, his SIM card would get blocked.

Round Up of Major Malware and Ransomware Incidents

Garmin outage caused by confirmed WastedLocker ransomware attack

Wearable device maker Garmin shut down some of its connected services and call centers on Thursday following what the company called a worldwide outage, now confirmed to be caused by a WastedLocker ransomware attack. Garmin’s product line includes GPS navigation and wearable technology for the automotive, marine, aviation, marine, fitness, and outdoor markets.

Spanish state-owned railway infrastructure manager ADIF infected with ransomware

ADIF, a Spanish state-owned railway infrastructure manager under the responsibility of the Ministry of Development, was hit by REVil ransomware operators. Administrador de Infraestructuras Ferroviarias (ADIF), a Spanish state-owned railway infrastructure manager was hit by REVil ransomware operators. ADIF (Administrador de Infraestructuras Ferroviarias) is charged with the management of most of Spain’s railway infrastructure, that is the track, signaling and stations.

Round Up of Major Vulnerabilities and Patches

iOS14 shows Instagram opens camera even when users scroll photo feed

Just a few days ago reported that a “yet to be fixed bug” in Firefox browser’s Android app keeps their phone’s camera active when the app is in the background or even when the phone is locked. Now, Apple’s iOS14 beta mode has caught Instagram’s unexpected prying behavior. Users took to social media and shared snippets of their notification panel wherein, a green ‘camera on indicator’ showcased that the app accessed the camera even if they were only casually scrolling through the photo feed.

Cisco patches ASA/FTD firewall flaw actively exploited by hackers

Cisco fixed a high severity and actively exploited read-only path traversal vulnerability affecting the web services interface of two of its firewall products. If successfully exploited, the security vulnerability tracked as CVE-2020-3452 may allow unauthenticated attackers to read sensitive files on unpatched systems through directory traversal attacks. The impacted products are Cisco Adaptive Security Appliance (ASA) Software and the Cisco Firepower Threat Defense (FTD) Software.

ASUS routers could be reflashed with malware – patch now!

Well, if you have an ASUS RT-AC1900P home router – a high-end, high-bandwidth home device – then we recommend that you do an update check now. Researchers at Trustwave found security holes in this router’s firmware late in 2019, which ASUS duly patched, and those researchers have now gone public with a security advisory that details their findings. Ironically, the bugs related to the router’s firmware update process, so the update actually patches the update system itself.