Breach CVE Cyber Security Data leak Hacking Malvertise Malware Ransomware RCE Scam Vulnerability

Hackers slip into Donald Trump’s Twitter, Small business accounts cloned on Instagram, and more

Major cybersecurity events on 11th September 2020 (Evening Post): Companies based in India report more cyberattacks than any other country. US Criminal Court hit by Conti ransomware, expose critical data. Researchers report Chrome sandbox escape vulnerability, earns $20,000.

Round Up of Major Breaches and Scams

Three middle-aged Dutch hackers slipped into Donald Trump’s Twitter account days before 2016 US election

Three “grumpy old hackers” in the Netherlands managed to access Donald Trump’s Twitter account in 2016 by extracting his password from the 2012 Linkedin hack. The pseudonymous, middle-aged chaps, named only as Edwin, Mattijs and Victor, told reporters they had lifted Trump’s particulars from a database that was being passed about hackers, and tried it on his account. To their considerable surprise, the password worked the first time they tried it, with Twitter’s login process confirming the password was correct.

CISA Warns Election-Related Entities to Be on Watch for Phishing Attacks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned election-related entities to be on the lookout for phishing attacks. In an insight piece published on September 10, CISA highlighted malicious actors’ preference for phishing attacks in their efforts to target political parties, think tanks and other entities that might be involved in an election. The security agency noted that malicious actors could use a successful phish to lay the groundwork for secondary attacks.

Spear-Phishers Leverage Office 365 Ecosystem to Validate Stolen Creds in Real Time

New attack technique uses Office 365 APIs to cross-check credentials against Azure Active Directory as victim types them in. Serving as yet another proof point of the creativity with which attackers are targeting Office 365 users with new phishing schemes, Armorblox researchers yesterday detailed a new attack technique they found that validates stolen credentials in real time as the victim enters them into the login lure.

Small businesses being scammed on Instagram

Emma Heathcote-James who owns and runs “The Little Soap Co.’ on Instagram was made aware of a clone account selling the same products and acting as her when she was mistakably tagged in images on the fake account. Alarmingly the page looked exactly the same with the only difference being an extra ‘o’ added to the end of the ‘Co’. The cloned account was seemingly set up to scam Heathcote-Jame’s customers into sending them money instead.

Political Disruptor Charged with Wire Fraud Conspiracy

A member of an organization dedicated to disrupting America’s political system has been charged with wire fraud conspiracy. Project Lakhta manager Artem Mikhaylovich Lifshits of St. Petersburg, Russia, is accused of using IDs stolen from US citizens to open fraudulent accounts at banking and cryptocurrency exchanges. According to a criminal complaint filed yesterday in the Eastern District of Virginia, the 27-year-old used the accounts to both promote Project Lakhta’s influence operations and for his own personal enrichment.

Companies based in India report more cyberattacks than any other country

Since the COVID-19 pandemic, Indian companies have reported more cyberattacks than any other country, with 56% reporting a rise in their IT costs in recent months. This is two times the global average, according to the Acronis Cyber Readiness Report 2020. The report also provides some key findings which highlight that 92% of companies globally have begun using technology which enables them to work remotely, with technology covering areas such as privacy solutions, endpoint security and workplace collaboration tools.

Round Up of Major Malware and Ransomware Incidents

Porn site users targeted with malicious ads redirecting to exploit kits, malware

A cybercrime group has been busy over the past months placing malicious ads on adult-themed websites in order to redirect users to exploit kits and infect them with malware. Named Malsmoke, the group has operated on a scale far above similar other cybercrime operations and has abused “practically all adult ad networks.” According to cyber-security firm Malwarebytes, which has been tracking Malsmoke’s attacks, for most of the time, the group has managed to place malicious ads (malverts) on mid-tier adult portals.

US Criminal Court hit by Conti ransomware; critical data at risk

Conti ransomware operators attacked the Fourth District Court of Louisiana and posted proof of attack on their Dark Web site accessible through the Tor browser. A US criminal court has become the victim of Conti ransomware strain, operated by a hacking group of the same name. The hackers have also published several court documents online. Reportedly, the Fourth District Court of Louisiana’s website was targeted in the attack.

Round Up of Major Vulnerabilities and Patches

Chrome Sandbox Escape Vulnerability Earns Researchers $20,000

Two researchers have earned $20,000 from Google for reporting a sandbox escape vulnerability affecting the Chrome web browser. The flaw, tracked as CVE-2020-6573, has been described by Google as a high-severity use-after-free bug affecting Chrome’s “video” component. Google said this week that it patched the vulnerability with the release of a Chrome 85 update for Windows, Mac and Linux.

Zoom Rolls Out 2FA Support for All Accounts

Video conferencing platform Zoom this week announced that all user accounts can now benefit from improved protection, courtesy of support for Two-Factor Authentication (2FA). With 2FA enabled on their accounts, users should be protected from security breaches, including those that originate from the Zoom platform itself, the company claims. For 2FA, Zoom supports authentication apps that use a Time-Based One-Time Password (TOTP) protocol but can also deliver authentication codes via SMS or phone calls.