Round Up of Major Breaches and Scams
The Jamesville-DeWitt High School email listserv was breached, and three “explicit” messages were sent to students, according to a notification the district sent to families. The messages were each one line, and contained vulgar language directed at school administrators, according to copies obtained by syracuse.com, The Post-Standard. They were all from the same email address and addressed to high school students.
Asian media firm E27 has been hacked, and attackers ask for a small “donation” to provide information on the vulnerabilities used in the attack. E27 is a media company that offers Asian technology startup news and a community where members can communicate and learn from each other.
The Brazilian federal police reported advances around an investigation into a cybercrime organization supposedly responsible for exposing personal details of senior government officials including president Jair Bolsonaro. The investigation follows a leak earlier this month, claimed by hacker group Anonymous Brazil, involving personal information relating to Bolsonaro, his sons and supporters, as well as various ministers.
The Maine Information and Analysis Center (MIAC), a unit of the Maine State Police, has suffered a significant data breach. MaineBeacon.com reports that the documents from MIAC have been leaked online. They include personal information about subjects of police investigations across the state of Maine and reveal details of the center’s operational practices, which apparently include monitoring Black Lives Matter protests and activists.
Round Up of Major Malware and Ransomware Incidents
Although image files have been long used to carry malicious code and exfiltrate data, it’s unusual to have web skimmers hidden in image files. Such scripts are designed to identify and steal credit card data and other sensitive information that unsuspecting users enter on compromised ecommerce websites, and to send the harvested data to campaign operators.
A new ransomware called Ransom X is being actively used in human-operated and targeted attacks against government agencies and enterprises. May 2020 was not a good month for Texas as both the Texas Courts and the Texas Department of Transportation (TxDOT) were hit with ransomware attacks.
The Evil Corp gang was blocked from deploying WastedLocker ransomware payloads in dozens of attacks against major US corporations, including Fortune 500 companies. The group was involved in the past in the distribution of the Dridex malware toolkit later used to also deliver other threat actors’ malware payloads, as well as of Locky ransomware and their own ransomware known as BitPaymer until 2019.
The hackers-for-hire group DarkCrewFriends has resurfaced and is targeting content management systems to build a botnet. The botnet can be marshalled into service to carry out a variety of criminal activities, including distributed denial-of-service (DDoS) attacks, command execution, information exfiltration or sabotage of an infected system.
Researchers are warning that the websites of eight U.S. cities – across three states – have been compromised with payment card-stealing Magecart skimmers. The websites all utilize Click2Gov municipality payment software, which was previously involved in data breaches.
The threat was designed to drop XMRig for mining Monero, it can propagate on its own by targeting various vulnerabilities, is capable of command and control (C&C) operations, and drops and runs EternalBlue, EternalRomance, and the DoublePulsar backdoor on vulnerable targets for intranet infections.
Round Up of Major Vulnerabilities and Patches
The most severe of the bugs affecting the GPU drivers include CVE‑2020‑5962, which was found in the NVIDIA GPU display driver, and CVE‑2020‑5963, which resides in the CUDA driver. Both feature a CVSS score of 7.8. Discovered in the Control Panel component of the GPU driver, the first of the issues could allow a local attacker to elevate privileges or cause a denial of service (DoS) condition.
A simple VBScript may be enough to allow users to gain administrative privileges and bypass UAC entirely on Windows 10. In a new report from a PwC UK security researcher Wietze Beukema, we learn that almost 300 Windows 10 executables are vulnerable to DLL hijacking.
The Visa and Mastercard payment processors, along with Adobe, have tried last-ditch efforts this month to get online store owners to update their platforms. In three days, on June 30, the Magento 1.x platform is set to reach its official end-of-life (EOL) date, after which Adobe plans to stop offering security updates