Round Up of Major Breaches and Scams
Customers who used the Home Chef delivery service won’t be the first to know their data was stolen and put up for sale. Nearly two weeks after security researchers said they found usernames and passwords belonging to Home Chef users for sale, the Chicago-based company said a security incident has resulted in the compromise of information about an undisclosed number of its customers.
Virtual shelves in the shops are stocked with new products, from disinfectants to masks at $10 each (almost certainly a scam), and even coronavirus vaccines (certainly a scam). At least two vaccines were found. One, from a current stock of five, was offered for $120. The second was offered for ‘only’ $5,000 (with a ‘cure’ offered at $25,000).
Researchers who tracked the fraudulent activity said cybercriminals may have made millions so far from the fraudulent activity. Behind the attacks is Scattered Canary, a highly-organized Nigerian cybergang that employs dozens of threat actors to target U.S. enterprise organizations and government institutions.
Infamous Israeli surveillance firm NSO Group created a web domain that looked as if it belonged to Facebook’s security team to entice targets to click on links that would install the company’s powerful cell phone hacking technology, according to data analyzed by Motherboard.
A hacker accused of selling hundreds of millions of stolen credentials from last year’s “Collection 1” data dump on the dark web has been arrested in the Ukraine. The Security Service of Ukraine (SSU) took into custody a threat actor known as “Sanix,” who they claim posted 773 million e-mail addresses and 21 million unique passwords on a hacker forum last year, according to a press release.
E-mail addresses of 300 contact tracers have been shared accidentally by Serco in what could be a breach of data protection rules. The government is using the outsourcing firm to help with its tracing strategy aimed at monitoring Covid-19 cases. The company has been training people to track cases of coronavirus in the UK and has so far recruited 21,000 staff, some of whom are healthcare professionals, according to health secretary Matt Hancock.
Round Up of Major Malware and Ransomware Incidents
The NetWalker ransomware – the scourge behind one of the recent Toll Group attacks – has transitioned to a ransomware-as-a-service (RaaS) model, and its operators are placing a heavy emphasis on targeting and attracting technically advanced affiliates, according to researchers.
Malware analysts received unrestricted access to the components of GhostDNS exploit kit after the malware package essentially fell into their lap. GhostDNS is a router exploit kit that uses cross-site request forgery (CSRF) requests to change the DNS settings and send users to phishing pages to steal their login credentials, for various online services (banking, news, video streaming).
The Netfilim ransomware operators have leaked the first installment of data from a massive 200 GB worth data of the global logistics company Toll Group. The operators have hacked the Toll network via its ransomware at the beginning of this month and breached a massive volume of data before encrypting the Toll network. The ransomware operators have leaked the data consolidated in compressed files along with a note.
Round Up of Major Vulnerabilities and Patches
Adobe has released an out-of-band security update for Adobe Character Animator that fixes a critical remote code execution vulnerability. Security updates for information disclosure vulnerabilities in Adobe Premiere Pro, Adobe Audition, and Adobe Premiere Rush were also released.
VMware has patched a high-severity remote code execution vulnerability, tracked as CVE-2020-3956, in its Cloud Director product. The vulnerability is a code injection issue that could be exploited by an authenticated attacker to send malicious traffic to Cloud Director, which could allow executing arbitrary code.