Round Up of Major Breaches and Scams
Seemingly, due to the ongoing COVID-19 pandemic, the year’s wrap and the holiday season is busier than usual for Apple, which delayed the release of its newest iPhone 12 series by a month. While explaining the issue in-depth, BeatCrazy further told, “I’m able to start the pairing process using my iPhone, sign into their Apple IDs with their passwords, but I keep getting hung when Apple wants me to enter the passcode of another device.”
A breach granting access to documents containing the personal information of hundreds of thousands of residents was found and repaired in the Jerusalem Municipality’s website, the tech website Geektime reported on Wednesday. The breach was discovered by Hezkiyahu Raful, a programmer, while he was trying to help his uncle file an appeal to a parking ticket. When they attempted to look at photos taken by the municipal inspector who issued the ticket, there was no download button, so Raful pressed F12 to show the source code of the page.
GoDaddy made the headlines for an initiative that is dividing cybersecurity community, it sent phishing messages offering bonuses to its employees. GoDaddy sent an email to its employee that promised a Christmas bonus to help them to face economic problems caused by the ongoing COVID-19 pandemic. The web provider apologized Thursday for the cyber security test aimed at verifying the response of its personnel to a phishing campaign.
A misconfigured cloud storage bucket has exposed the personal details of hundreds of social media influencers, potentially putting them at risk of fraud and harassment, according to researchers. A team at vpnMentor discovered the AWS S3 bucket wide open with no encryption or password protection, back in early November. Action has apparently yet to be taken by the company responsible, Barcelona-based “social commerce” company 21 Buttons.
The NetGalley book promotion site has suffered a data breach that allowed threat actors to access a database with members’ personal information. NetGalley is a website that allows authors and publishers to promote digital review copies of their books (galleys) to book advocates, influential readers, and industry professionals in the hopes that they will recommend the books to their audience. On Monday, December 21st, NetGalley’s website was hacked and defaced. After further investigations, it was determined that the threat actors also accessed a backup for the site’s database containing members’ data.
Round Up of Major Malware and Ransomware Incidents
Kaspersky Lab and Yandex experts have identified potentially malicious code that pulls more than twenty browser extensions, including Frigate Light, Frigate CDN and SaveFrom. Through extensions, cybercriminals could, unnoticed by the user, gain access to his VKontakte account, and increase video views on various sites. Extensions received tasks from their own server, generated fraud traffic by playing videos in hidden tabs, and intercepted a token for access to the social network.
Emotet is back on Christmas Eve, cybercrime operators are sending out spam messages to deliver the infamous Trickbot Trojan. Emotet is back on Christmas Eve, after two months of silence, cybercrime operators are sending out spam messages to deliver the infamous Trickbot Trojan. The recent Emotet campaign uses updated payloads and is targeting over 100,000 recipients per day.
REvil ransomware gang, aka Sodinokibi, hacked The Hospital Group and threatens to release before-and-after pictures of celebrity clients. The Hospital Group has 11 clinics and has a celebrity clientele, but it made the headlines because the REvil ransomware gang, aka Sodinokibi, claims to have hacked its systems and threatens to release before-and-after pictures of celebrity clients. Its clinics specializing in bariatric weight loss surgery, breast enlargements, nipple corrections, and nose adjustments.
The Dridex malware gang is delivering a nasty gift for the holidays using a spam campaign pretending to be Amazon Gift Cards. Dridex is a modular banking trojan that can perform various malicious activities, including stealing login information, logging keystrokes, taking screenshots, and downloading and installing further malware. Dridex is particularly dangerous because it is known to give the DoppelPaymer and BitPaymer threat actors access to compromised networks to deploy their ransomware.
The North Korea-linked Lazarus APT group has recently launched cyberattacks against at least two organizations involved in COVID-19 research. The North Korea-linked APT group Lazarus has recently launched cyberattacks against two entities involved in COVID-19 research. The activity of the Lazarus APT group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks. This threat actor has been active since at least 2009, possibly as early as 2007, and it was involved in both cyber espionage campaigns and sabotage activities aimed to destroy data and disrupt systems.
Round Up of Major Vulnerabilities and Patches
The LPE bug could allow an attacker to install programs; view, change, or delete data; or create new accounts with full user rights. A high-severity Windows zero-day that could lead to complete desktop takeover remains dangerous after a “fix” from Microsoft failed to adequately patch it. The local privilege-escalation bug in Windows 8.1 and Windows 10 (CVE-2020-0986) exists in the Print Spooler API. It could allow a local attacker to elevate privileges and execute code in the context of the current user, according to Microsoft’s advisory issued in June.
Apparently, Microsoft released a patch to fix the vulnerability in June but it did not work the way it was supposed to and remains unpatched to date. While we expect large companies to effectively deal with bugs and patch them in time, sometimes they too can disappoint especially in Microsoft’s case which is something not surprising. In the latest, it has been found that Google has publicly released the details of a zero-day vulnerability that Microsoft did not patch in time.