Categories
Breach CVE Cyber Security Data leak DDoS Hacking Malware MiTM Phishing Ransomware Scam Spying Spyware Trojan Vulnerability

Hackers drain KuCoin wallets of $150 million, Hungarian banks, telecom services targeted by DDoS attacks, and more

Major cybersecurity events on 28th September 2020 (Morning Post): Ministry of Internal Affairs of Belarus resumes its work after 19 days, resolved technical issues. Google removes 17 Joker-infected apps from the Play Store. Free decryptor released to combat ThunderX ransomware.

Round Up of Major Breaches and Scams

The official website of the Ministry of Internal Affairs of Belarus resumed its work after 19 days

The press secretary of the department Olga Chemodanova previously reported that the site is down for technical reasons. The official website of the Ministry of Internal Affairs of Belarus, which has not worked for 19 days, is again available for Internet users, reported the press service of the Ministry of Internal Affairs. Interruptions on the department’s website began on September 3. At the same time, screenshots of the website of the Ministry of Internal Affairs appeared in various Telegram channels, which show that the data of the President of Belarus and the Minister of Internal Affairs were posted in the wanted notice.

Research Finds Multiple Cyberattacks on Video Game Industry

Even after the improved security measures, cyberattacks have become common in the online gaming industry. Attackers often target online video games and gamers by compromising their accounts and launching attacks. A research from Akamai Technologies revealed that the gaming industry suffered high volumes of attacks between 2018 and 2020. The research “State of the Internet/Security report, Gaming: You Can’t Solo Security” highlighted that the COVID-19 lockdown resulted in the increase of attack traffic through credential stuffing and phishing attacks.

KuCoin crypto exchange loses $150m after hackers drain its hot wallets

KuCoin confirmed a security breach on September 26, affecting its Bitcoin, Ether, and ERC20 hot wallets, but cryptocurrency prices remained unfazed. KuCoin, a major cryptocurrency exchange based in Singapore, has confirmed a security breach of its ERC20, Ethereum, and Bitcoin hot wallets. Reportedly, hackers withdrew and stole over $150m worth of crypto and transferred funds to an unknown wallet.

A powerful DDoS attack hit Hungarian banks and telecoms services

Hungarian financial institutions and telecommunications infrastructure were hit by a powerful DDoS attack originating from servers in Russia, China and Vietnam. A powerful DDoS attack hit some Hungarian banking and telecommunication services that briefly disrupted them. According to telecoms firm Magyar Telekom, the attack took place on Thursday and was launched from servers in Russia, China and Vietnam.

Student Arrested Over Cyber-attacks on Indiana Schools

A 13-year-old boy has been arrested in the United States after allegedly hacking into an Indiana school district’s computer system. The unnamed teen was arrested after repeated cyber-attacks were launched against Valparaiso Community Schools. School officials reported regular assaults on the district’s e-learning systems that disrupted instruction by causing students to become disconnected from their virtual classrooms.

Round Up of Major Malware and Ransomware Incidents

Google removes 17 Joker -infected apps from the Play Store

Google removed this week 17 Android apps from its Play Store because they were infected with the Joker (aka Bread) malware, Zscaler revealed. Security researchers from Zscaler spotter 17 apps in the Play Store that were infected with the Joker (Bread) malware. The Joker malware is a malicious code camouflaged as a system app and allows attackers to perform a broad range of malicious operations, including disable the Google Play Protect service, install malicious apps, generate fake reviews, and show ads.

CISA Released A New Advisory on LokiBot Trojan

LokiBot, a trojan-type malware first identified in 2015 is popular amid cybercriminals as a means of creating a backdoor into compromised Windows systems to allow the attacker to install additional payloads.It is an information stealer that uses a stealthy trick to evade detection from security software and steal personal data of victims including their usernames, passwords, bank details, and contents of cryptocurrency wallets – using a keyblogger that would monitor browser and desktop activities.

ThunderX ransomware silenced with release of a free decryptor

A decryptor for the ThunderX ransomware has been released by cybersecurity firm Tesorion that lets victims recover their files for free. ThunderX is a relatively new ransomware that became active towards the end of August 2020. This week, Tesorion was able to find a flaw in the ransomware’s encryption so that victims can decrypt their files without paying a ransom. This decryptor can decrypt files encrypted by the ransomware’s current version and have the .tx_locked extension, as shown below.

Tyler Technologies warns clients to change remote support passwords

Tyler Technologies is warning clients to change the passwords for the technology provider’s remote access accounts after suspicious logins have been reported. Earlier this week, we reported that government technology services provider Tyler Technologies suffered a ransomware attack this past Sunday. This attack was performed by the RansomExx/Defray777 operation, who encrypted the company’s devices and disrupted operations.

When coffee makers are demanding a ransom, you know IoT is screwed

With the name Smarter, you might expect a network-connected kitchen appliance maker to be, well, smarter than companies selling conventional appliances. But in the case of the Smarter’s Internet-of-things coffee maker, you’d be wrong. As a thought experiment, Martin Hron, a researcher at security company Avast, reverse engineered one of the $250 devices to see what kinds of hacks he could do. After just a week of effort, the unqualified answer was: quite a lot.

Customers’ bank details stolen as hackers target Staffordshire firm

Customers at an IT company say they have lost thousands of pounds after the firm’s website was hacked and their bank details stolen. Police are investigating following a data breach at Stone Refurb, formerly Encore PC, based in Stafford, which led to customers’ cash being taken. One said they lost more than £2,300. Customers were targeted between March and May and payments are said to have been made using their bank details.

Health Insurer Pays $6.85 Million to Settle Data Breach Affecting Over 10.4 Million People

HHS has announced another big settlement and corrective action plan. This one stems from a hack of Premera Blue Cross (PBC) in 2014 that went undetected until March of 2015. DataBreaches.net had covered this incident at the time and the follow-ups that included a class action lawsuit that settled, a settlement with state attorneys general, and news that federal auditors had warned Premera of security issues three weeks before the hack.

Round Up of Major Vulnerabilities and Patches

Unknown FinSpy Mac and Linux versions found in Egypt

Experts from Amnesty International uncovered a surveillance campaign that targeted Egyptian civil society organizations with a new version of FinSpy spyware. Amnesty International uncovered a new surveillance campaign that targeted Egyptian civil society organizations with previously undisclosed versions of the infamous FinSpy surveillance spyware. The new versions employed in this campaign allow its operators to spy on both Linux and macOS systems.

Chrome Vulnerabilities Expose Users to Attacks Via Malicious Extensions

A Chrome 85 update released by Google this week patches several high-severity vulnerabilities, including ones that can be exploited to hack users by convincing them to install malicious extensions. The extension-related vulnerabilities, described by Google as “insufficient policy enforcement in extensions,” were discovered by researcher David Erceg in August. He identified three vulnerabilities of this type: CVE-2020-15961, a high-severity issue for which he received a $15,000 bug bounty.

FortiGate VPN Default Config Allows MitM Attacks

Default configurations of Fortinet’s FortiGate VPN appliance could open organizations to man-in-the-middle (MitM) attacks, according to researchers, where threat actors could intercept important data. According to the SAM IoT Security Lab, the FortiGate SSL-VPN client only verifies that the certificate used for client authentication was issued by Fortinet or another trusted certificate authority.

Louis Vuitton fixes data leak and account takeover vulnerability

Louis Vuitton has quietly patched a security vulnerability on its website that allowed for user account enumeration and even allowed account takeover via password resets. Founded in 1854, Louis Vuitton is a prominent luxury French fashion brand and merchandise company with over 121,000 employees and a $15 billion annual revenue. The easily exploitable flaw resided within the MyLV account section of the website.

Twitter warns developers of possible API keys leak

Twitter is warning developers that their API keys, access tokens, and access token secrets may have been exposed in a browser’s cache. Twitter is sending emails to developers to warn them that their API keys, access tokens, and access token secrets may have been exposed in a browser’s cache. According to the social media firm, the browser used by developers may have cached the sensitive data while accessing certain pages on developer.twitter.com.

Cisco fixes 34 High-Severity flaws in IOS and IOS XE software

Cisco patched 34 high-severity flaws affecting its IOS and IOS XE software, some of them can be exploited by a remote unauthenticated attacker. Cisco on Thursday released security patches for 34 high-severity vulnerabilities affecting its IOS and IOS XE software. The IT giant issued 25 advisories as part of the September 2020 semiannual IOS and IOS XE Software Security Advisory Bundled Publication.

You can bypass TikTok’s MFA by logging in via a browser

A month after TikTok rolled out multi-factor authentication (MFA) for its users, a ZDNet reader discovered that the company’s new security feature was only enabled for the mobile app but not its website. This lapse in TikTok’s MFA implementation opens the door for scenarios where a malicious threat actor could bypass MFA by logging into an account with compromised credentials via its website, rather than the mobile app.