Categories
APT Botnet Breach CVE Cyber Security Malware MiTM Phishing Ransomware RAT TrickBot Trojan Vulnerability

Interserve hacked, details of 100000 employees leaked, Massive data leak exposes 115M Pakistani users’ data, and more

Major cybersecurity events on 18th May 2020: Turla APT target diplomatic entities. Naikon returns, targets foreign affairs, science and technology ministries, with new malware. Wannabe ransomware operators arrested before hospital attacks. Several supercomputers across Europe hacked.

Round Up of Major Breaches and Scams

Brit defense contractor hacked, up to 100,000 past and present employees’ details siphoned off – report

Britain’s Ministry of Defence contractor Interserve has been hacked, reportedly leaking the details of up to 100,000 of past and current employees, including payment information and details of their next of kin. The Daily Telegraph reports that up to 100,000 employee details were stolen, dating back across a number of years. Interserve currently employs around 53,000 people.

Data breach in new Illinois online unemployment system exposes private information

A glitch in a newly launched state system for processing unemployment claims for gig workers publicly exposed personal information, a spokeswoman for Democratic Gov. J.B. Pritzker said Sunday.

Likely breach shuts down Arkansas unemployment program

A state program that was created to process unemployment applications in Arkansas for self-employed individuals or gig economy workers appears to have been illegally accessed and has been shut down, officials announced Saturday.

Stop & Shop Warns Customers Of Potential Data Security Issue At Five Stores

Illegal skimming devices known as “shimmers” were identified as part of routine security scans at the locations. Only customers who visited those Stop & Shop locations may have potentially been affected. One self-checkout lane was impacted at each store, and transaction data was found on the devices only for that five-day period.

EU data leak: ‘Huge security breach at European Parliament – hundreds of MEPs compromised’

Yash Kadakia, founder of Security Brigade and Shadow Map, said his group had found a major data breach. The security expert, a self-proclaimed “Code Monkey”, was able to easily access data and passwords from members. After Brussels denied the claims, Mr. Kadakia doubled down and revealed more details of the alleged breach.

The database of Russian car owners is sold for bitcoins

According to the description of the database, it contains 129 million leads obtained from the traffic police register. This is information about vehicles registered in Russia: the place of registration, make and model of the car, date of initial and last registration.

U.S. Secret Service: “Massive Fraud” Against State Unemployment Insurance Programs

A well-organized Nigerian crime ring is exploiting the COVID-19 crisis by committing large-scale fraud against multiple state unemployment insurance programs, with potential losses in the hundreds of millions of dollars, according to a new alert issued by the U.S. Secret Service.

Information of Over 115 Million Pakistani Mobile Subscribers Exposed in a Massive Data Leak

Details of Pakistani mobile subscribers have surfaced online after a hacker tried to sell the package for 300 bitcoins equivalent to $2.1 million. The data leak exposed personally identifiable information (PII) for 115 million subscribers. The exposure took place in two subsequent breaches that exposed the details of 44 million and 55 million subscribers, respectively.

Threat actors are offering for sale 550 million stolen user records

Security experts from Cyble reported that a threat actor is attempting to sell twenty-nine databases on a hacker forum since May 7. Forum members could also buy each database individually. The archives allegedly contain a total of 550 million stolen user records.

Round Up of Major Malware and Ransomware Incidents

Supercomputers hacked across Europe to mine cryptocurrency

Multiple supercomputers across Europe have been infected this week with cryptocurrency mining malware and have shut down to investigate the intrusions. Security incidents have been reported in the UK, Germany, and Switzerland, while a similar intrusion is rumored to have also happened at a high-performance computing center located in Spain.

Sophos found the group abusing NSIS installers and deploying remote access tools (RATs)

Security Researchers at Sophos have found the hacking group that hacked industrial companies using NSIS installers in order to deploy remote access tools (RATs) and info- stealing malwares. The hacking group was “RATicate’s” which has been targeting companies from Europe, the Middle East, and the Republic of Korea in not one but five campaigns between November 2019 and January 2020.

Cybercriminals Spreading Node.js Trojan Promising Relief from the Outbreak of COVID-19

A java downloader going by the extension “Company PLP_Tax relief due to Covid-19 outbreak CI+PL.jar” has been recently detected. Drawing inferences from its name, researchers suspected it to be associated with COVID-19 themed phishing attacks.

Ransomware gang asks $42m from NY law firm, threatens to leak dirt on Trump

The criminal group behind the REvil (Sodinokibi) ransomware is extorting a New York-based law firm, threatening to release sensitive files on the company’s celebrity clients unless the the firm pays a whopping $42 million ransom demand.

WordPress malware finds WooCommerce sites for Magecart attacks

Researchers at website security firm Sucuri have discovered a new WordPress malware used by threat actors to scan for and identify WooCommerce online shops with a lot of customers to be targeted in future Magecart attacks.

Wannabe ransomware operators arrested before hospital attacks

Law enforcement in Romania today arrested a group of individuals that were planning ransomware attacks against healthcare institutions in the country. Three were arrested in Romania and a fourth in the Republic of Moldova after executing home search warrants. Ironically, the group operated under the name PentaGuard Hackers Crew.

RATicate Group Hits Industrial Firms With Revolving Payloads

Researchers have unearthed a new cybercrime group, RATicate, which is behind several waves of malspam attacks targeting industrial companies with various information-stealing payloads – from LokiBot to Agent Tesla.

Mikroceen RAT backdoors Asian government networks in new attack wave

Researchers examining a Trojan currently being used in attacks against an Asian government and other organizations believe it may be connected to past high-profile attacks in Russia, Belarus, and Mongolia.

Cyber Espionage, Naikon is back with a new malware

Naikon APT has launched a fresh cyber espionage operation against several national government entities in the Asia Pacific (APAC) region. It has been discovered by Check Point cyber security experts. The China-linked malicious hackers exploit a new malware, a backdoor named Aria-body, in order to take control of the victims’ networks. The targeted government entities include ministries of foreign affairs, science and technology ministries, as well as government-owned companies.

Turla APT targets diplomatic entities in Europe with new malware

Kaspersky researchers uncovered a new cyber espionage operation with a focus on diplomatic bodies in Europe that uses spoofed visa applications to deliver a new malware trojan. The new malware is built from the same code base as the stealthy COMPFun remote access trojan (RAT) and may be the work of the Turla APT, a group that has a long history of using innovative methods to build malware and launch stealthy attacks.

Round Up of Major Vulnerabilities and Patches

Cisco and Palo Alto Networks appliances impacted by Kerberos authentication bypass

Cisco Systems and Palo Alto Networks have fixed similar high-risk authentication bypass vulnerabilities in their network security devices that were caused by an oversight in the implementation of the Kerberos protocol. Man-in-the-middle (MitM) attackers could exploit these weaknesses to get administrative control over the appliances.

Edison Mail rolls back update after iOS users reported they could see strangers’ emails

Edison Mail has rolled back a software update that apparently let some users of its iOS app see emails from strangers’ accounts. Several Edison users contacted The Verge to report seeing the glitch after they applied the update, which was meant to allow users to sync data across devices.

Flaws in cyber security firm’s firewall & VPN tech exposed 100k+ devices

Just recently, vpnMentor has released a new report detailing 2 vulnerabilities in an Indian based security company called Cyberoam. Affecting the firm’s firewall and VPN technology; the first of these was discovered back in 2019 while the second earlier this year on 1 January due to a report by an anonymous ethical hacker with both of them affecting Cyberoam’s email quarantine system.

Hoaxcalls Botnet Exploits Symantec Secure Web Gateways

Cyberattackers are targeting a post-authentication remote code-execution vulnerability in Symantec Secure Web Gateways as part of new Mirai and Hoaxcalls botnet attacks. Hoaxcalls first emerged in late March, as a variant of the Gafgyt/Bashlite family; it’s named after the domain used to host its malware, Hoaxcalls.pw. Two new Hoaxcalls samples showed up on the scene in April, incorporating new commands from its command-and-control (C2) server.

Critical WordPress plugin bug allows for automated takeovers

Attackers can exploit a critical vulnerability in the WP Product Review Lite plugin installed on over 40,000 WordPress sites to inject malicious code and potentially take over vulnerable websites. WP Product Review Lite helps site owners to quickly create custom review articles using pre-defined templates.

Chinese Hackers Target Air-Gapped Military Networks

Tracked as Tropic Trooper and KeyBoy, and active since at least 2011, the threat actor is known for the targeting of government, military, healthcare, transportation, and high-tech industries in Taiwan, the Philippines, and Hong Kong. Previously, the group was observed targeting victims with spear-phishing emails containing malicious attachments designed to exploit known vulnerabilities, such as CVE-2017-0199.

Vulnerabilities in SoftPAC Virtual Controller Expose OT Networks to Attacks

Vulnerabilities discovered by a researcher at industrial cybersecurity firm in Opto 22’s SoftPAC virtual programmable automation controller (PAC) expose operational technology (OT) networks to attacks.