Round Up of Major Breaches and Scams
Nearly 47 Service NSW staff email accounts were hacked after a ‘criminal attack’ in April, affecting the data of 186,000 customers. Service NSW revealed that a cyber-attack led to the compromise of 47 staff email accounts. Resultantly, hackers stole personal details of about 186,000 customers, which amounts to 738GB of data comprising of 3.8million documents. The findings result from a four-month-long investigation that the NSW government services’ one-stop-shop initiated in April.
Chinese hacker group Winnti attacked at least five Russian developers of banking software, as well as a construction company. According to Positive Technologies, the names of banks and developers are not disclosed. Positive Technologies noted that the implantation of special malicious code by hackers at the development stage potentially allows them to get access to Bank data. After the code is implemented onto the infected machine, a full-fledged backdoor is loaded to investigate the network and steal the necessary data.
Round Up of Major Malware and Ransomware Incidents
The French national cyber-security agency today published an alert warning of a surge in Emotet attacks targeting the private sector and public administration entities throughout the country. French public administration has three sub-sectors: central public administrations (APUC), local government (LUFA), and social security administrations (ASSO). Emotet, originally a run-of-the-mill banking Trojan first spotted in 2014, is now a malware botnet used by a threat group tracked as TA542 and Mummy Spider.
Argentina’s official immigration agency, Dirección Nacional de Migraciones, suffered a Netwalker ransomware attack that temporarily halted border crossing into and out of the country. While ransomware attacks against cities and local agencies have become all too common, this may be a first known attack against a federal agency that has interrupted a country’s operations. According to a criminal complaint published by Argentina’s cybercrime agency, the government first learned of the ransomware attack after receiving numerous tech support calls from checkpoints at approximately 7 AM on August 27th.
Round Up of Major Vulnerabilities and Patches
A team of academics from Columbia University has developed a custom tool to dynamically analyze Android applications and see if they’re using cryptographic code in an unsafe way. Named CRYLOGGER, the tool was used to test 1,780 Android applications, representing the most popular apps across 33 different Play Store categories, in September and October 2019. Researchers say the tool, which checked for 26 basic cryptography rules (see table below), found bugs in 306 Android applications. Some apps broke one rule, while others broke multiple.
A reverse engineer discovered a new zero-day vulnerability in most Windows 10 editions, which allows creating files in restricted areas of the operating system. Exploiting the flaw is trivial and attackers can use it to further their attack after initial infection of the target host, albeit it works only on machines with Hyper-V feature enabled. Reverse engineer Jonas Lykkegaard posted last week a tweet showing how an unprivileged user can create an arbitrary file in ‘system32,’ a restricted folder holding vital files for Windows operating system and installed software.
Specially crafted Windows 10 themes and theme packs can be used in ‘Pass-the-Hash’ attacks to steal Windows account credentials from unsuspecting users. Windows allows users to create custom themes that contain customized colors, sounds, mouse cursors, and the wallpaper that the operating system will use. Windows users can then switch between different themes as desired to change the appearance of the operating system.
Millions of WordPress sites are at cyber risk after researchers discovered a zero-day vulnerability in WordPress’s File Manager plugin. The threat intelligence team from cybersecurity firm Wordfence stated that the File Manager plugin has over 700,000 active installations, which could allow threat actors to execute commands and upload malicious files on a target site. File Manager is a plugin intended to help WordPress admins manage files on their websites. However, the researchers stated that a patch has been released to fix the vulnerability and asked users to update to the latest version 6.9 immediately.