Categories
Breach Cryptojacking CVE Cyber Security DDoS Hacking Malware Phishing Ransomware Spearphishing Vulnerability

Hackers sent explicit messages to breached list of students, Hidden Web Skimmers used to target ecommerce sites, and more

Major cybersecurity events on 29th June 2020 (Evening Post): Attackers hack E27, asks for donation in exchange for details about vulnerabilities. Maine Information and Analysis Center suffers data breach, leaks data. Evil Corp stopped from spreading ransomware, preventing attack on 30 major firms.

Round Up of Major Breaches and Scams

Jamesville-DeWitt High School student email list breached; explicit messages sent

The Jamesville-DeWitt High School email listserv was breached, and three “explicit” messages were sent to students, according to a notification the district sent to families. The messages were each one line, and contained vulgar language directed at school administrators, according to copies obtained by syracuse.com, The Post-Standard. They were all from the same email address and addressed to high school students.

Hackers breach E27, want “donation” to reveal vulnerabilities

Asian media firm E27 has been hacked, and attackers ask for a small “donation” to provide information on the vulnerabilities used in the attack. E27 is a media company that offers Asian technology startup news and a community where members can communicate and learn from each other.

Brazilian federal police investigates presidential data leak

The Brazilian federal police reported advances around an investigation into a cybercrime organization supposedly responsible for exposing personal details of senior government officials including president Jair Bolsonaro. The investigation follows a leak earlier this month, claimed by hacker group Anonymous Brazil, involving personal information relating to Bolsonaro, his sons and supporters, as well as various ministers.

Data breach exposes information, activities of Maine Information and Analysis Center

The Maine Information and Analysis Center (MIAC), a unit of the Maine State Police, has suffered a significant data breach. MaineBeacon.com reports that the documents from MIAC have been leaked online. They include personal information about subjects of police investigations across the state of Maine and reveal details of the center’s operational practices, which apparently include monitoring Black Lives Matter protests and activists.

Round Up of Major Malware and Ransomware Incidents

Hackers Target Online Stores With Web Skimmer Hidden in Image Metadata

Although image files have been long used to carry malicious code and exfiltrate data, it’s unusual to have web skimmers hidden in image files. Such scripts are designed to identify and steal credit card data and other sensitive information that unsuspecting users enter on compromised ecommerce websites, and to send the harvested data to campaign operators.

New Ransom X Ransomware used in Texas TxDOT cyberattack

A new ransomware called Ransom X is being actively used in human-operated and targeted attacks against government agencies and enterprises. May 2020 was not a good month for Texas as both the Texas Courts and the Texas Department of Transportation (TxDOT) were hit with ransomware attacks.

Evil Corp blocked from deploying ransomware on 30 major US firms

The Evil Corp gang was blocked from deploying WastedLocker ransomware payloads in dozens of attacks against major US corporations, including Fortune 500 companies. The group was involved in the past in the distribution of the Dridex malware toolkit later used to also deliver other threat actors’ malware payloads, as well as of Locky ransomware and their own ransomware known as BitPaymer until 2019.

DarkCrewFriends Returns with Botnet Strategy

The hackers-for-hire group DarkCrewFriends has resurfaced and is targeting content management systems to build a botnet. The botnet can be marshalled into service to carry out a variety of criminal activities, including distributed denial-of-service (DDoS) attacks, command execution, information exfiltration or sabotage of an infected system.

8 U.S. City Websites Targeted in Magecart Attacks

Researchers are warning that the websites of eight U.S. cities – across three states – have been compromised with payment card-stealing Magecart skimmers. The websites all utilize Click2Gov municipality payment software, which was previously involved in data breaches.

Hybrid Malware ‘Lucifer’ Includes Cryptojacking, DDoS Capabilities

The threat was designed to drop XMRig for mining Monero, it can propagate on its own by targeting various vulnerabilities, is capable of command and control (C&C) operations, and drops and runs EternalBlue, EternalRomance, and the DoublePulsar backdoor on vulnerable targets for intranet infections.

Round Up of Major Vulnerabilities and Patches

NVIDIA Patches Code Execution Flaws in GPU Drivers

The most severe of the bugs affecting the GPU drivers include CVE‑2020‑5962, which was found in the NVIDIA GPU display driver, and CVE‑2020‑5963, which resides in the CUDA driver. Both feature a CVSS score of 7.8. Discovered in the Control Panel component of the GPU driver, the first of the issues could allow a local attacker to elevate privileges or cause a denial of service (DoS) condition.

Almost 300 Windows 10 executables vulnerable to DLL hijacking

A simple VBScript may be enough to allow users to gain administrative privileges and bypass UAC entirely on Windows 10. In a new report from a PwC UK security researcher Wietze Beukema, we learn that almost 300 Windows 10 executables are vulnerable to DLL hijacking.

Adobe, Mastercard, Visa warn online store owners of Magento 1.x EOL

The Visa and Mastercard payment processors, along with Adobe, have tried last-ditch efforts this month to get online store owners to update their platforms. In three days, on June 30, the Magento 1.x platform is set to reach its official end-of-life (EOL) date, after which Adobe plans to stop offering security updates