Breach CVE Cyber Security Malware Phishing Ransomware Vulnerability

Home Chef finally confirms breach, BEC profiteers millions from unemployment, COVID scams, and more

Major cybersecurity events on 21st May 2020 (morning post): Netfilim leaks 200 GB Toll Group data. Serco accidentally shares email addresses of 300 contact tracers. “Collection 1” hacker arrested. Adobe releases an out-of-band security update.

Round Up of Major Breaches and Scams

Home Chef food delivery service confirms breach, two weeks after stolen data went for sale

Customers who used the Home Chef delivery service won’t be the first to know their data was stolen and put up for sale. Nearly two weeks after security researchers said they found usernames and passwords belonging to Home Chef users for sale, the Chicago-based company said a security incident has resulted in the compromise of information about an undisclosed number of its customers.

Pandemic-related Supply Chain and Money Laundering Woes in the Dark Web

Virtual shelves in the shops are stocked with new products, from disinfectants to masks at $10 each (almost certainly a scam), and even coronavirus vaccines (certainly a scam). At least two vaccines were found. One, from a current stock of five, was offered for $120. The second was offered for ‘only’ $5,000 (with a ‘cure’ offered at $25,000).

Fraudulent Unemployment, COVID-19 Relief Claims Earn BEC Gang Millions

Researchers who tracked the fraudulent activity said cybercriminals may have made millions so far from the fraudulent activity. Behind the attacks is Scattered Canary, a highly-organized Nigerian cybergang that employs dozens of threat actors to target U.S. enterprise organizations and government institutions.

NSO Group Impersonated Facebook to Help Clients Hack Targets

Infamous Israeli surveillance firm NSO Group created a web domain that looked as if it belonged to Facebook’s security team to entice targets to click on links that would install the company’s powerful cell phone hacking technology, according to data analyzed by Motherboard.

Alleged Hacker Behind Massive ‘Collection 1’ Data Dump Arrested

A hacker accused of selling hundreds of millions of stolen credentials from last year’s “Collection 1” data dump on the dark web has been arrested in the Ukraine. The Security Service of Ukraine (SSU) took into custody a threat actor known as “Sanix,” who they claim posted 773 million e-mail addresses and 21 million unique passwords on a hacker forum last year, according to a press release.

Coronavirus: Serco shares email addresses of hundreds of contact tracers in ‘privacy breach’

E-mail addresses of 300 contact tracers have been shared accidentally by Serco in what could be a breach of data protection rules. The government is using the outsourcing firm to help with its tracing strategy aimed at monitoring Covid-19 cases. The company has been training people to track cases of coronavirus in the UK and has so far recruited 21,000 staff, some of whom are healthcare professionals, according to health secretary Matt Hancock.

Round Up of Major Malware and Ransomware Incidents

NetWalker Ransomware Gang Hunts for Top-Notch Affiliates

The NetWalker ransomware – the scourge behind one of the recent Toll Group attacks – has transitioned to a ransomware-as-a-service (RaaS) model, and its operators are placing a heavy emphasis on targeting and attracting technically advanced affiliates, according to researchers.

GhostDNS exploit kit source code leaked to antivirus company

Malware analysts received unrestricted access to the components of GhostDNS exploit kit after the malware package essentially fell into their lap. GhostDNS is a router exploit kit that uses cross-site request forgery (CSRF) requests to change the DNS settings and send users to phishing pages to steal their login credentials, for various online services (banking, news, video streaming).

Netfilim Ransomware Operators Leak Massive Data From a Global Logistic Group

The Netfilim ransomware operators have leaked the first installment of data from a massive 200 GB worth data of the global logistics company Toll Group. The operators have hacked the Toll network via its ransomware at the beginning of this month and breached a massive volume of data before encrypting the Toll network. The ransomware operators have leaked the data consolidated in compressed files along with a note.

Round Up of Major Vulnerabilities and Patches

Adobe releases critical out-of-band security update

Adobe has released an out-of-band security update for Adobe Character Animator that fixes a critical remote code execution vulnerability. Security updates for information disclosure vulnerabilities in Adobe Premiere Pro, Adobe Audition, and Adobe Premiere Rush were also released.

VMware fixes CVE-2020-3956 Remote Code Execution issue in Cloud Director

VMware has patched a high-severity remote code execution vulnerability, tracked as CVE-2020-3956, in its Cloud Director product. The vulnerability is a code injection issue that could be exploited by an authenticated attacker to send malicious traffic to Cloud Director, which could allow executing arbitrary code.