Categories
APT Breach Bug Cyber Security Data leak Hacking Malware Phishing Ransomware Scam Skimming Trojan Vulnerability Zero-day

Hackers breach Warner Music Group websites, Criminals pilfer card data on Telegram through new skimming technique, and more

Major cybersecurity events on 7th September 2020 (Morning Post): Visa warns users of new e-skimmer dubbed Baka that exfiltrates payment card details, removes itself from memory. Ad scammers target TikTok’s #ForYou page. Zero-day vulnerability exploited to attack millions of WordPress sites.

Round Up of Major Breaches and Scams

Visa warns of new sophisticated credit card skimmer dubbed Baka

Visa issued a warning regarding a new credit card JavaScript skimmer, tracked as Baka, that implements new features to evade detection. Visa issued a warning regarding a new e-skimmer known as Baka that removes itself from memory after having exfiltrating payment card details. The e-skimmer was first spotted by experts with Visa’s Payment Fraud Disruption (PFD) initiative in February 2020 while analyzing a command and control (C2) server employed in another campaign and that hosted an ImageID e-skimming kit.

Banco Estado detected malicious software on its systems that would have affected its platforms

Banco Estado detected malicious software on its systems that would have affected its platforms. The following is a Google translation of an article that appears at biobiochile.cl. DataBreaches.net was tipped to the breach by @ chum1ng0. The Banco Estado published a press release this Sunday in which it acknowledges that it detected malicious software in its operating systems, a problem that the entity’s cybersecurity teams detected and that have already solved this situation.

Hackers breach e-commerce websites operated by Warner Music Group

The multinational entertainment and record label conglomerate Warner Music Group (WMG) has reported a cyberattack incident involving multiple e-commerce websites hosted and supported via an external service provider. This particular instance may have allowed an ‘unauthorized third party’ to have accessed sensitive and confidential customer information including names, email addresses, contact numbers, billing and shipping address, and credit card details (number, expiration date, CVC/CVV codes).

Prison phone service Telmate exposes messages, personal info of millions of inmates and their contacts

Telmate, a service used by incarcerated inmates at US prisons to communicate with their friends and loved ones, has exposed a database containing tens of millions of call logs, private messages, and personal information about inmates and their contacts. The database was exposed on the web without a password or any other authentication required to access it. Comparitech security researcher Bob Diachenko on August 13, 2020 discovered the unsecured database and immediately reported it to Global Tel Link, the company that owns and operates Telmate.

Skimming Actors Exploit Telegram to Exfiltrate Stolen Card Data

Cybercriminals constantly adopt new attack techniques to implement their malicious activities. Recently, Magecart attackers implemented a new web skimming technique by leveraging the popular messaging app Telegram to pilfer card data. According to Malwarebytes, hackers exploited the Telegram app to send stolen payment details from compromised websites. They used the messaging platform to exfiltrate sensitive data by deploying skimmer codes and traditional Trojans.

CNN-News18 allegedly hacked to deny PayTM hack claims

What a weird story about the lengths some folks will go to to deny that they were responsible for a hack. Ax Sharma reports: A hacker group that goes by the names “John Wick” and “Korean Hackers” have provided BleepingComputer with information on the hacking of the Indian Prime Minister’s Twitter account and the online systems of popular Indian news channel, News18. This same group had previously hacked the video-on-demand service ZEE5 and defaced multiple websites, seeking nothing but a “10 Ethereum ‘donation’ for their help.”

View Media’s Unsecured Database Exposes 38 Mn Users’ Data

Online marketing company View Media’s unsecured database, which held 38 million U.S. users’ data, was recently exposed online. According to researchers from CyberNews, the database was hosted on a misconfigured Amazon Web Services (AWS) server, allowing anyone to access users’ personal data like full names, email addresses, residence details, phone numbers, and ZIP codes.

TikTok’s ‘#ForYou’ Page Becomes a Habitat for Ad Scammers

The problems for the popular short-video app TikTok don’t seem to subside. After facing a complete ban in India and an impending ban in countries like the U.S. and New Zealand, TikTok is in the soup again over concerns surrounding scammers purchasing ads to promote fake mobile apps, diet pills, and other bogus products and services. According to a recent research by Tenable, TikTok’s popular ‘#ForYou’ page has become a habitat for ad scams.

Round Up of Major Malware and Ransomware Incidents

Netwalker Ransomware hit Argentina’s official immigration agency

Argentina’s official immigration agency, Dirección Nacional de Migraciones, is the last victim of the Netwalker ransomware operators. Argentina’s official immigration agency, Dirección Nacional de Migraciones, was hit by a Netwalker ransomware attack that caused the interruption of the border crossing into and out of the country for four hours. The ransomware operators also exfiltrated sensitive data from the agencies as reported by local media.

Malware gang uses .NET library to generate Excel docs that bypass security checks

A newly discovered malware gang is using a clever trick to create malicious Excel files that have low detection rates and a higher chance of evading security systems. Discovered by security researchers from NVISO Labs, this malware gang — which they named Epic Manchego — has been active since June, targeting companies all over the world with phishing emails that carry a malicious Excel document. But NVISO said these weren’t your standard Excel spreadsheets. The malicious Excel files were bypassing security scanners and had low detection rates.

FBI issued a second flash alert about ProLock ransomware in a few months

FBI issued a second flash alert about ProLock ransomware stealing data, four months after the first advisory published by the feds on the same threat. The FBI has issued the 20200901-001 Private Industry Notification about ProLock ransomware stealing data on September 1st. The fresh alert is the second one related to this threat, the first one (MI-000125-MW Flash Alert) was published on May 4th, 2020.

SunCrypt Ransomware behind North Carolina school district data breach

A school district in North Carolina disclosed a data breach after having unencrypted files stolen during a SunCrypt Ransomware attack. The Haywood County School district in North Carolina has suffered a data breach after having unencrypted files stolen during a SunCrypt Ransomware attack. The ransomware attack took place on August 24th, 2020, but at the time the family of malware that infected the school district was not revealed.

Thanos Ransomware adds Windows MBR locker that fails every time

A new Thanos ransomware strain is trying and failing to deliver the ransom note onto compromised systems by overwriting the computers’ Windows master boot record (MBR). The new Windows MBR locker module has been discovered by security researchers at Palo Alto Networks’ Unit 42 while analyzing two attacks were Thanos ransomware affiliates successfully encrypted devices of state-controlled organizations from the Middle East and North Africa during early July 2020.

Round Up of Major Vulnerabilities and Patches

Millions of WordPress sites are being probed & attacked with recent plugin bug

Millions of WordPress sites have been probed and attacked this week, Defiant, the company behind the Wordfence web firewall said on Friday. The sudden spike in attacks happened after hackers discovered and started exploiting a zero-day vulnerability in “File Manager,” a popular WordPress plugin installed on more than 700,000 sites. The zero-day was an unauthenticated file upload vulnerability that allowed an attacker to upload malicious files on a site running an older version of the File Manager plugin.

WhatsApp discloses six previously undisclosed flaws

WhatsApp addressed six previously undisclosed flaws in its app and disclosed them on a new dedicated security advisory site. WhatsApp announced more transparency about the vulnerabilities affecting its app and will publicly disclose them to the users. The company addressed six previously undisclosed flaws in its app and disclosed them on a new dedicated web site. Some of the vulnerabilities were reported through the Facebook bug-bounty program, while the others were discovered during code reviews.

Facebook Debuts Third-Party Vulnerability Disclosure Policy

If the social-media behemoth finds a bug in another platform’s code, the project has 90 days to remediate before Facebook goes public. Facebook has implemented a fresh security vulnerability disclosure policy (VDP) this week – in an effort to explain how it decides when and how to roll out details on various bugs that its team finds in third-party software and open-source projects.