Round Up of Major Breaches and Scams
The Federal court for the Northern District of California in San Francisco sentenced Russian Yevgeny Nikulin to seven years and four months in prison for computer fraud. According to the Americans, Nikulin hacked the databases of LinkedIn, Dropbox and Formspring, as a result of which about 117 million account login codes were stolen.
A user enumeration technique discovered by security researcher Carlo Di Dato demonstrates how Gravatar can be abused for mass data collection of its profiles by web crawlers and bots. Gravatar is an online avatar service that lets users set and use a profile picture (avatar) across multiple websites that support Gravatar. The most recognizable use cases of Gravatar are perhaps WordPress websites integrated with the service and GitHub.
An investigation into the top 10,000 Alexa sites reveals that many of these popular sites were infected with cryptocurrency miners and credit card skimming scripts. Alexa is an online service that scores websites and ranks them based on their popularity, traffic earned, and various other factors. In a shocking revelation made by Palo Alto Networks, some of these top sites that receive the highest amounts of internet traffic had ongoing malicious activity resulting from crypto miners and credit card stealing skimmers.
The world’s second-biggest fashion retailer was today handed a monumental fine for violating the European Union’s General Data Protection Regulation (GDPR). A German subsidiary of Hennes & Mauritz AB (H&M) was fined €35,258,707.95 by regulatory body the Hamburg Data Protection Authority (HmbBfDI) for excessive use of employee data. H&M employs around 126,000 people globally.
Security researchers from SafetyDetectives discovered an unsecured Elasticsearch server belonging to an Indian e-learning platform Edureka, which exposed the personal information of around 2 million users. The researchers stated that the server was left online without password protection, allowing open access to the information in it.
Round Up of Major Malware and Ransomware Incidents
A new ransomware vaccine program has been created that terminates processes that try to delete volume shadow copies using Microsoft’s vssadmin.exe program. Every day, Windows will create backups of your system and data files and store them in Shadow Volume Copy snapshots. These snapshots can then be used to recover files if they are mistakenly changed or deleted.
Visa revealed that two unnamed North American hospitality merchants have been infected with some strains of point-of-sale (POS) malware. US payments processor Visa revealed that two North American hospitality merchants have been hacked, threat actors infected the systems of the two unnamed organizations with some strains of point-of-sale (POS) malware.
University Hospital New Jersey in Newark, New Jersey, paid a $670,000 ransomware demand this month to prevent the publishing of 240 GB of stolen data, including patient info. The attack on the hospital occurred in early September by a ransomware operation known as SunCrypt, who infiltrates a network, steals unencrypted files, and then encrypts all of the data.
A freshly discovered family of ransomware called Egregor has been spotted in the wild, using a tactic of siphoning off corporate information and threatening a “mass-media” release of it before encrypting all files. Egregor is an occult term meant to signify the collective energy or force of a group of individuals, especially when the individuals are united toward a common purpose, a link that was also noted by other researchers.
More often than not, we come across infamous malicious groups who target different victims using the same piece of malware. In such circumstances, the focus is usually on the group and the different evolving versions of their exploits. A recent example is a variant of InterPlanetary Storm malware that has recently evolved from targeting Windows and Linux to infect Android and macOS.
A Philadelphia company that sells software used in hundreds of clinical trials, including the crash effort to develop tests, treatments and a vaccine for the coronavirus, was hit by a ransomware attack that has slowed some of those trials over the past two weeks. The attack on eResearchTechnology Inc., which has not previously been reported, began two weeks ago when employees discovered that they were locked out of their data by ransomware.
Threat researchers have spotted a new kind of cyber-attack that uses a variant of Mirai malware to target a port used by IoT devices. The attack, orchestrated by someone using the alias “Priority,” was detected by a team at Juniper Threat Labs. Priority appears to have been up to no good since September 10. Researchers noted that this new malicious kid on the block is hitting port 60001 using the Demonbot variant of Mirai together with a second variant developed by Scarface.
Emotet is now taking part in the United States 2020 Presidential election with a new spam campaign pretending to be from the Democratic National Convention’s Team Blue initiative. When the Emotet gang sends out spam, their main goal is to convince recipients to open the attached malicious document. This is usually done through email themes that pretend to be shipping documents, invoices, payment receipts, and voicemails.
Facebook on Thursday released a detailed technical report on a malware campaign that targeted its ad platform for years. Referred to as SilentFade (Silently running Facebook ADs with Exploits), the malware was identified in late 2018 and the vulnerability it was exploiting to stay undetected was patched soon after. Facebook took legal action against the malware operators in December 2019.
Round Up of Major Vulnerabilities and Patches
Let’s not beat around the bush – Google is pretty fed up with people believing that the Android ecosystem might not be as secure as it should be. And it must be particularly galling for those residing in the Googleplex that sometimes these flaws are not present in up-to-date versions of Google’s Pixel smartphone, but in those manufactured by other vendors.
For almost a year, a threat actor has been using zero-day vulnerabilities to install malware on Tenda routers and build a so-called IoT (Internet of Things) botnet. Named Ttint, this botnet was first detailed in a report published on Friday by Netlab, the network security division of Chinese tech giant Qihoo 360.
Microsoft has released a new optional preview update that fixes two bugs that prevent Windows 10 2004 users from connecting to the Internet. In July, we reported that Windows 10 users saw ‘No Internet’ message in the Network Connectivity Status Indicator (NCSI), even though their Internet worked fine. For most users, the above error is more annoying than anything else, but apps that utilize the Windows APIs to detect Internet connection status could run into problems.
Smart watches that have become widespread among Russians may pose a threat to their personal data. Smart watches, which are gaining popularity among Russians, are among the Internet of things (IoT) devices, which means that by hacking them, an attacker can get confidential user information, listen to their conversations and track their movement, said Ilyas Kireev, a leading promotion Manager at Crosstech Solutions Group.