Breach Cyber Security Malware Ransomware Vulnerability

Hacker sells 40M Wishbone user records, Japan suspects Mitsubishi cyberattack could have leaked missile data, and more

Major cybersecurity events on 21st May 2020 (evening post): China’s NUDT data leak indicates potentially under-reported Coronavirus death toll. Access to corporate network sold on the dark web. White-hat hackers target scammer with DDoS, ransomware attacks.

Round Up of Major Breaches and Scams

Hacker selling 40 million user records from popular Wishbone app

A hacker has put up for sale today the details of 40 million users registered on Wishbone, a popular mobile app that lets users compare two items in a simple voting poll. The data is being advertised across multiple hacking forums and being sold for 0.85 bitcoin (~$8000), according to ads seen by ZDNet.

Data Leak Suggests China Had Hundreds of Thousands of Coronavirus Cases in 230 Cities

A dataset of coronavirus cases and deaths from the military’s National University of Defense Technology, leaked to 100Reporters, offers insight into how Beijing has gathered coronavirus data on its population. The source of the leak, who asked to remain anonymous because of the sensitivity of sharing Chinese military data, said that the data came from the university.

Bank of America blames PPP applications leak on faulty SBA test server

Bank of America disclosed this week a security incident that impacted its online platform for processing loan requests filed by US companies for the Paycheck Protection Program (PPP), a COVID-19 relief fund set up by the US government. The bank says that information for some companies might have been viewed by other lenders (banks) or organizations.

Japan Suspects Missile Data Leak in Mitsubishi Cyberattack

The suspected leak involves sensitive information about a prototype of a cutting-edge high speed gliding missile intended for deployment for the defense of Japan’s remote islands amid China’s military assertiveness in the region. Chief Cabinet Secretary Yoshihide Suga told reporters that the Defense Ministry is investigating “the possible impact of the information leak on national security.”

Dark Web sees rise in postings selling access to corporate networks

The Dark Web is an underground marketplace where criminals trade in all sorts of illegal or malicious items. One valuable product up for sale consists of information that can help hackers break into corporate networks. Comprised of malware and services, this type of information has seen an increase in Dark Web postings over the past couple of years.

Round Up of Major Malware and Ransomware Incidents

Vigilante hackers target ‘scammers’ with ransomware, DDoS attacks

A hacker has been taking justice into their own hands by targeting “scam” companies with ransomware and denial of service attacks. Last week a new ransomware was discovered called MilkmanVictory that a hacking group stated they created to attack scammers.

Snake ransomware leaks patient data from Fresenius Medical Care

Medical data and personally identifiable information belonging to patients at a Fresenius Medical Care unit are currently available online on a paste website. Fresenius is a large private hospital operator in Europe and its systems were compromised as part of a massive campaign from Snake ransomware that targeted organizations across all verticals.

Round Up of Major Vulnerabilities and Patches

Microsoft issues mitigation for the NXNSAttack DNS DDoS attack

Microsoft has released a security advisory to mitigate the NXNSAttack vulnerability in DNS servers that could be used to amplify a single DNS request into a DDoS attack against authoritative DNS servers. In a new paper, researchers from Tel Aviv University and The Interdisciplinary Center have revealed a new vulnerability called NXNSAttack.

Source code analysis reveals seven security holes in UK contact tracing app

Analysis of the source code for the UK contact tracing app has revealed no fewer than seven security flaws. One of these is that the random code assigned to users is only changed once a day, making it much easier to de-anonymize individuals.

Vulnerability in Signal messaging app could let hackers track your location

A vulnerability in the secure messaging app Signal could let a bad actor track a user’s location, according to findings from cybersecurity firm Tenable. Researcher David Wells found that he could track a user’s movements just by calling their Signal number — whether or not the user had his contact information.