Categories
Breach CVE Cyber Security DDoS Malware Phishing Ransomware RAT RCE TrickBot Vulnerability

Greenbug hacks Pakistan telecom firms, Microsoft warns of massive Excel phishing campaign, and more

Major cybersecurity events on 20th May 2020: Cosmetic giant leaks 192 million payment data records. 773 million password breach suspect arrested. WolfRAT targets Whatsapp, Messenger. REvil all set to auction Madonna’s data. Adobe patches Character Animator critical flaw.

Round Up of Major Breaches and Scams

Brazil’s cosmetic giant Natura leaked 192 million records with payment data

A multi-billion dollar company based in Sao Paulo, Brazil has been found exposing highly sensitive, personal, and financial data of its customers. What’s worse is that the data was hosted on two misconfigured databases publicly available for anyone to access without any security authentication.

Microsoft warns of ‘massive’ phishing attack pushing legit RAT

Microsoft is warning of an ongoing COVID-19 themed phishing campaign that installs the NetSupport Manager remote administration tool. In a series of tweets, the Microsoft Security Intelligence team outlines how this “massive campaign” is spreading the tool via malicious Excel attachments. The attack starts with emails pretending to be from the Johns Hopkins Center, which is sending an update on the number of Coronavirus-related deaths there are in the United States.

BEC Scammers target unemployment and CARES Act claims

A group of business email compromise (BEC) Nigerian scammers has been targeting U.S. unemployment systems and COVID-19 relief funds provided through the CARES Act. The threat actor, which researchers call Scattered Canary, used the IRS and state unemployment websites to file hundreds of fraudulent claims on behalf of U.S. citizens, and receive benefit payments.

‘Greenbug’ hacking group hits three telecom firms in Pakistan

For the past several months, suspected Iranian hackers have been rooting around the IT systems of at least three telecommunications companies in Pakistan, accessing data servers when it suits them, according to cybersecurity company Symantec. The report, published Tuesday, points the finger at a group called Greenbug, which used virtual “tunnels” to quietly stay connected to victim machines.

Ukraine Nabs Suspect in 773M Password ‘Megabreach’

In January 2019, dozens of media outlets raised the alarm about a new “megabreach” involving the release of some 773 million stolen usernames and passwords that was breathlessly labeled “the largest collection of stolen data in history.” A subsequent review by KrebsOnSecurity quickly determined the data was years old and merely a compilation of credentials pilfered from mostly public data breaches. Earlier today, authorities in Ukraine said they’d apprehended a suspect in the case.

Round Up of Major Malware and Ransomware Incidents

REvil to Auction Stolen Madonna Data

A threat group that claims to have stolen nearly a terabyte of data from a prominent entertainment law firm has said it will put sensitive information relating to Madonna up for auction. REvil allegedly made off with 756GB of data from New York lawyers Grubman Shire Meiselas & Sack in a ransomware attack earlier this month.

WolfRAT targets WhatsApp, Facebook Messenger app users on Android devices

A new Trojan has been caught targeting Thai users of Whatsapp, Facebook Messenger, and Line messaging apps on the Android mobile platform. On Tuesday, Cisco Talos researchers said the malware, dubbed WolfRAT, is a new variant of DenDroid, a mobile Remote Access Trojan (RAT) that had its source code leaked in 2015.

Hackers Target Indian banks Using Adwind Java RAT Campaign Amidst COVID-19

Seqrite, an enterprise arm of security firm Quick Heal Technologies, detected a new wave of Adwind Java Remote Access Trojan (RAT) campaign targeting Indian co-operative banks by taking advantage of COVID-19 pandemic.

NetWalker adjusts ransomware operation to only target enterprise

NetWalker ransomware group is moving away from phishing for malware distribution and has adopted a network-intrusion model focusing on huge businesses only. Being a ransomware-as-a-service (RaaS) operation, NetWalker relies on partners to disseminate the malware.

Round Up of Major Vulnerabilities and Patches

NXNSAttack technique can be abused for large-scale DDoS attacks

A team of academics from Israel has disclosed today details about NXNSAttack, a vulnerability in DNS servers that can be abused to launch DDoS attacks of massive proportions. According to the research team, NXNSAttack impacts recursive DNS servers and the process of DNS delegation.

Adobe Patches Critical RCE Flaw in Character Animator App

Adobe has issued an out-of-band patch for a critical flaw in Adobe Character Animator, its application for creating live motion-capture animation videos. The flaw can be exploited by a remote attacker to execute code on affected systems. The flaw (CVE-2020-9586) is found in versions 3.2 and earlier and exists within the parsing of the BoundingBox element in PostScript.

Researchers Divulge Details on Five Windows Zero Days

Security researchers working with Trend Micro’s Zero Day Initiative (ZDI) have published information on five unpatched vulnerabilities in Microsoft Windows, including four considered high risk. Tracked as CVE-2020-0916, CVE-2020-0986, and CVE-2020-0915, and featuring a CVSS score of 7.0, the first three of these zero-day vulnerabilities could allow an attacker to escalate privileges on the affected system.

Chrome 83 released with massive security and privacy upgrades

Whatsa has released Chrome 83 today, May 19th, 2020, to the Stable desktop channel, and it includes massive security and privacy enhancments as well as some long awaited features. In this massive release, users are getting a redesigned Privacy and security settings section, better control over cookies, a new Safety Check feature, improved DoH settings, new Enhanced Safe Browsing feature. Tab Groups, and more.