Round Up of Major Breaches and Scams
Britain’s Ministry of Defence contractor Interserve has been hacked, reportedly leaking the details of up to 100,000 of past and current employees, including payment information and details of their next of kin. The Daily Telegraph reports that up to 100,000 employee details were stolen, dating back across a number of years. Interserve currently employs around 53,000 people.
A glitch in a newly launched state system for processing unemployment claims for gig workers publicly exposed personal information, a spokeswoman for Democratic Gov. J.B. Pritzker said Sunday.
A state program that was created to process unemployment applications in Arkansas for self-employed individuals or gig economy workers appears to have been illegally accessed and has been shut down, officials announced Saturday.
Illegal skimming devices known as “shimmers” were identified as part of routine security scans at the locations. Only customers who visited those Stop & Shop locations may have potentially been affected. One self-checkout lane was impacted at each store, and transaction data was found on the devices only for that five-day period.
Yash Kadakia, founder of Security Brigade and Shadow Map, said his group had found a major data breach. The security expert, a self-proclaimed “Code Monkey”, was able to easily access data and passwords from members. After Brussels denied the claims, Mr. Kadakia doubled down and revealed more details of the alleged breach.
According to the description of the database, it contains 129 million leads obtained from the traffic police register. This is information about vehicles registered in Russia: the place of registration, make and model of the car, date of initial and last registration.
A well-organized Nigerian crime ring is exploiting the COVID-19 crisis by committing large-scale fraud against multiple state unemployment insurance programs, with potential losses in the hundreds of millions of dollars, according to a new alert issued by the U.S. Secret Service.
Details of Pakistani mobile subscribers have surfaced online after a hacker tried to sell the package for 300 bitcoins equivalent to $2.1 million. The data leak exposed personally identifiable information (PII) for 115 million subscribers. The exposure took place in two subsequent breaches that exposed the details of 44 million and 55 million subscribers, respectively.
Security experts from Cyble reported that a threat actor is attempting to sell twenty-nine databases on a hacker forum since May 7. Forum members could also buy each database individually. The archives allegedly contain a total of 550 million stolen user records.
Round Up of Major Malware and Ransomware Incidents
Multiple supercomputers across Europe have been infected this week with cryptocurrency mining malware and have shut down to investigate the intrusions. Security incidents have been reported in the UK, Germany, and Switzerland, while a similar intrusion is rumored to have also happened at a high-performance computing center located in Spain.
Security Researchers at Sophos have found the hacking group that hacked industrial companies using NSIS installers in order to deploy remote access tools (RATs) and info- stealing malwares. The hacking group was “RATicate’s” which has been targeting companies from Europe, the Middle East, and the Republic of Korea in not one but five campaigns between November 2019 and January 2020.
A java downloader going by the extension “Company PLP_Tax relief due to Covid-19 outbreak CI+PL.jar” has been recently detected. Drawing inferences from its name, researchers suspected it to be associated with COVID-19 themed phishing attacks.
The criminal group behind the REvil (Sodinokibi) ransomware is extorting a New York-based law firm, threatening to release sensitive files on the company’s celebrity clients unless the the firm pays a whopping $42 million ransom demand.
Researchers at website security firm Sucuri have discovered a new WordPress malware used by threat actors to scan for and identify WooCommerce online shops with a lot of customers to be targeted in future Magecart attacks.
Law enforcement in Romania today arrested a group of individuals that were planning ransomware attacks against healthcare institutions in the country. Three were arrested in Romania and a fourth in the Republic of Moldova after executing home search warrants. Ironically, the group operated under the name PentaGuard Hackers Crew.
Researchers have unearthed a new cybercrime group, RATicate, which is behind several waves of malspam attacks targeting industrial companies with various information-stealing payloads – from LokiBot to Agent Tesla.
Researchers examining a Trojan currently being used in attacks against an Asian government and other organizations believe it may be connected to past high-profile attacks in Russia, Belarus, and Mongolia.
Naikon APT has launched a fresh cyber espionage operation against several national government entities in the Asia Pacific (APAC) region. It has been discovered by Check Point cyber security experts. The China-linked malicious hackers exploit a new malware, a backdoor named Aria-body, in order to take control of the victims’ networks. The targeted government entities include ministries of foreign affairs, science and technology ministries, as well as government-owned companies.
Kaspersky researchers uncovered a new cyber espionage operation with a focus on diplomatic bodies in Europe that uses spoofed visa applications to deliver a new malware trojan. The new malware is built from the same code base as the stealthy COMPFun remote access trojan (RAT) and may be the work of the Turla APT, a group that has a long history of using innovative methods to build malware and launch stealthy attacks.
Round Up of Major Vulnerabilities and Patches
Cisco Systems and Palo Alto Networks have fixed similar high-risk authentication bypass vulnerabilities in their network security devices that were caused by an oversight in the implementation of the Kerberos protocol. Man-in-the-middle (MitM) attackers could exploit these weaknesses to get administrative control over the appliances.
Edison Mail has rolled back a software update that apparently let some users of its iOS app see emails from strangers’ accounts. Several Edison users contacted The Verge to report seeing the glitch after they applied the update, which was meant to allow users to sync data across devices.
Just recently, vpnMentor has released a new report detailing 2 vulnerabilities in an Indian based security company called Cyberoam. Affecting the firm’s firewall and VPN technology; the first of these was discovered back in 2019 while the second earlier this year on 1 January due to a report by an anonymous ethical hacker with both of them affecting Cyberoam’s email quarantine system.
Cyberattackers are targeting a post-authentication remote code-execution vulnerability in Symantec Secure Web Gateways as part of new Mirai and Hoaxcalls botnet attacks. Hoaxcalls first emerged in late March, as a variant of the Gafgyt/Bashlite family; it’s named after the domain used to host its malware, Hoaxcalls.pw. Two new Hoaxcalls samples showed up on the scene in April, incorporating new commands from its command-and-control (C2) server.
Attackers can exploit a critical vulnerability in the WP Product Review Lite plugin installed on over 40,000 WordPress sites to inject malicious code and potentially take over vulnerable websites. WP Product Review Lite helps site owners to quickly create custom review articles using pre-defined templates.
Tracked as Tropic Trooper and KeyBoy, and active since at least 2011, the threat actor is known for the targeting of government, military, healthcare, transportation, and high-tech industries in Taiwan, the Philippines, and Hong Kong. Previously, the group was observed targeting victims with spear-phishing emails containing malicious attachments designed to exploit known vulnerabilities, such as CVE-2017-0199.
Vulnerabilities discovered by a researcher at industrial cybersecurity firm in Opto 22’s SoftPAC virtual programmable automation controller (PAC) expose operational technology (OT) networks to attacks.