Round Up of Major Breaches and Scams
A multi-billion dollar company based in Sao Paulo, Brazil has been found exposing highly sensitive, personal, and financial data of its customers. What’s worse is that the data was hosted on two misconfigured databases publicly available for anyone to access without any security authentication.
Microsoft is warning of an ongoing COVID-19 themed phishing campaign that installs the NetSupport Manager remote administration tool. In a series of tweets, the Microsoft Security Intelligence team outlines how this “massive campaign” is spreading the tool via malicious Excel attachments. The attack starts with emails pretending to be from the Johns Hopkins Center, which is sending an update on the number of Coronavirus-related deaths there are in the United States.
A group of business email compromise (BEC) Nigerian scammers has been targeting U.S. unemployment systems and COVID-19 relief funds provided through the CARES Act. The threat actor, which researchers call Scattered Canary, used the IRS and state unemployment websites to file hundreds of fraudulent claims on behalf of U.S. citizens, and receive benefit payments.
For the past several months, suspected Iranian hackers have been rooting around the IT systems of at least three telecommunications companies in Pakistan, accessing data servers when it suits them, according to cybersecurity company Symantec. The report, published Tuesday, points the finger at a group called Greenbug, which used virtual “tunnels” to quietly stay connected to victim machines.
In January 2019, dozens of media outlets raised the alarm about a new “megabreach” involving the release of some 773 million stolen usernames and passwords that was breathlessly labeled “the largest collection of stolen data in history.” A subsequent review by KrebsOnSecurity quickly determined the data was years old and merely a compilation of credentials pilfered from mostly public data breaches. Earlier today, authorities in Ukraine said they’d apprehended a suspect in the case.
Round Up of Major Malware and Ransomware Incidents
A threat group that claims to have stolen nearly a terabyte of data from a prominent entertainment law firm has said it will put sensitive information relating to Madonna up for auction. REvil allegedly made off with 756GB of data from New York lawyers Grubman Shire Meiselas & Sack in a ransomware attack earlier this month.
A new Trojan has been caught targeting Thai users of Whatsapp, Facebook Messenger, and Line messaging apps on the Android mobile platform. On Tuesday, Cisco Talos researchers said the malware, dubbed WolfRAT, is a new variant of DenDroid, a mobile Remote Access Trojan (RAT) that had its source code leaked in 2015.
Seqrite, an enterprise arm of security firm Quick Heal Technologies, detected a new wave of Adwind Java Remote Access Trojan (RAT) campaign targeting Indian co-operative banks by taking advantage of COVID-19 pandemic.
NetWalker ransomware group is moving away from phishing for malware distribution and has adopted a network-intrusion model focusing on huge businesses only. Being a ransomware-as-a-service (RaaS) operation, NetWalker relies on partners to disseminate the malware.
Round Up of Major Vulnerabilities and Patches
A team of academics from Israel has disclosed today details about NXNSAttack, a vulnerability in DNS servers that can be abused to launch DDoS attacks of massive proportions. According to the research team, NXNSAttack impacts recursive DNS servers and the process of DNS delegation.
Adobe has issued an out-of-band patch for a critical flaw in Adobe Character Animator, its application for creating live motion-capture animation videos. The flaw can be exploited by a remote attacker to execute code on affected systems. The flaw (CVE-2020-9586) is found in versions 3.2 and earlier and exists within the parsing of the BoundingBox element in PostScript.
Security researchers working with Trend Micro’s Zero Day Initiative (ZDI) have published information on five unpatched vulnerabilities in Microsoft Windows, including four considered high risk. Tracked as CVE-2020-0916, CVE-2020-0986, and CVE-2020-0915, and featuring a CVSS score of 7.0, the first three of these zero-day vulnerabilities could allow an attacker to escalate privileges on the affected system.
Whatsa has released Chrome 83 today, May 19th, 2020, to the Stable desktop channel, and it includes massive security and privacy enhancments as well as some long awaited features. In this massive release, users are getting a redesigned Privacy and security settings section, better control over cookies, a new Safety Check feature, improved DoH settings, new Enhanced Safe Browsing feature. Tab Groups, and more.