Round Up of Major Breaches and Scams
Slack credentials are abundant on hacking forums and the dark web; however, an analysis of the cybercrime underworld shows there’s little interest in the platform among hacker groups. The conclusion belongs to cybersecurity firm KELA, who scoured the cybercrime market for Slack credentials following last week’s Twitter hack and shared their findings with ZDNet this week. KELA went looking for Slack credentials on cybercrime markets because of a New York Times report detailing last week’s Twitter hack.
Round Up of Major Malware and Ransomware Incidents
A new botnet has been spotted in the wild which exploits the Microsoft Windows SMB protocol to move laterally across systems while covertly mining for cryptocurrency. In a report shared with ZDNet, on Wednesday, Cisco Talos explained that the Prometei malware has been making the rounds since March 2020. The new botnet is considered noteworthy as it uses an extensive modular system and a variety of techniques to compromise systems and hide its presence from end users in order to mine for Monero (XMR).
Dozens of unsecured databases exposed online web wiped by threat actors as part of a campaign tracked as Meow attack. Experts observed dozens of unsecured Elasticsearch and MongoDB instances exposed online that were inexplicably wiped by threat actors as part of a campaign tracked as Meow attack. The Meow attack began recently and attackers did not leave any ransom note or disclaimer after the hack of the install.
ESET researchers believe that the attack is part of or a renewal of a malicious campaign that was identified by Trend Micro back in September 2019. Today, one of the biggest reasons for mixed feelings being associated with cryptocurrencies can be attributed to threat actors trying to use the technology to scam innocent users from the very start. A recent report by ESET has identified yet another such case where malware in the form of malicious cryptocurrency trading applications was found being distributed for Mac devices.
A series of cyberattacks on a telecom company in the Middle East has signaled the return of the OilRig APT. The attacks also revealed a revised backdoor tool in the group’s arsenal, called RDAT. The attacks were observed in April by Palo Alto Networks’ Unit 42. Researchers there said that the version of RDAT in question was uncovered during the course of its investigation, standing out by using a unique command-and-control (C2) channel.
Round Up of Major Vulnerabilities and Patches
Details are now available for exploiting a critical security vulnerability that affects Microsoft SharePoint, increasing the risk of attacks on unpatched systems. A technical blog post this week explains how the bug works and how a low-privileged user can leverage it to run arbitrary code remotely on a target SharePoint server. The flaw received the tracking number CVE-2020-1147 (severity 9.8 out of 10) and also impacts .NET Framework and Visual Studio.
In order to make it easier for security researchers to find vulnerabilities in iPhones, Apple is launching an iPhone Research Device Program that will provide certain hackers with special devices to conduct security research, the company announced Wednesday. Beyond enhancing security for iOS users and making it easier to unearth flaws in iPhones, the program also aims to improve the efficiency of ongoing security research on iOS, Apple said.