Categories
Breach CVE Cyber Security DDoS Malware Ransomware TrickBot Vulnerability

iPhone looters get a surprise from Apple, Mobile phishing attacks skyrocket, Voila reports attacks on servers, and more

Major cybersecurity events on 4th June 2020 (Morning Post): New phishing campaign targets Microsoft Office 365 remote workers with fake VPN configurations. Maze Ransomware operators switches mode of attack to data breaches after victim denied to pay ransom. TrickBot releases new malware, BazarBackdoor.

Round Up of Major Breaches and Scams

iPhone looters find devices disabled, with a warning they’re being tracked

Along with other retailers big and small, Apple Stores have been subject to looting by opportunists amid the ongoing protests around the United States. In response, Apple has again closed all of its stores in the US. Stores had only recently reopened after closures related to the COVID-19 pandemic. It appears that the stolen iPhones don’t work and may even be tracked by Apple or authorities.

Office 365 phishing baits remote workers with fake VPN configs

Microsoft Office 365 customers are targeted by a phishing campaign using bait messages camouflaged as notifications sent by their organization to update the VPN configuration they use to access company assets while working from home. The phishing emails impersonating VPN configuration update requests sent by their company’s IT support department have so far landed in the inboxes of up to 15,000 targets.

San Francisco retirement program SFERS suffers data breach

The San Francisco Employees’ Retirement System (SFERS) has suffered a data breach after an unauthorized person gained access to a database hosted in a test environment. SFERS manages the benefits program for active and retired employees of San Francisco, California. In a data breach notification filed today, SFERS stated that one of their vendors had set up a test environment that included a database containing the information for approximately 74,000 SFERS members.

Enterprise Mobile Phishing Attacks Skyrocket Amidst Pandemic

The rate of mobile phishing rose sharply between the last quarter of 2019 and the first quarter of 2020, a boost most likely due to the increased number of people working from home due to COVID-19 stay-at-home orders, new research has found.

Ransomware gangs team up to form extortion cartel

Ransomware gangs are teaming up to extort victims through a shared data leak platform, and the exchange of tactics and intelligence. In November 2019, the Maze Ransomware operators transformed ransomware attacks into data breaches after they released unencrypted data of a victim who refused to pay. Soon after, they launched a dedicated “Maze News” site used to shame their unpaid victims by publicly releasing stolen data.

Round Up of Major Malware and Ransomware Incidents

Kaspersky IDs Sophisticated New Malware Targeted at Air-Gapped Systems

A likely China-based threat actor called Cycldek, which security researchers have previously dismissed as a somewhat marginal group with relatively unsophisticated capabilities, may be considerably more dangerous than previously thought. That’s security vendor Kaspersky’s analysis after a new examination of the threat group’s malware toolset and operations.

TrickBot Adds BazarBackdoor to Malware Arsenal

A new module for the infamous trojan known as TrickBot has been deployed: A stealthy backdoor that researchers call “BazarBackdoor.” The binary was first spotted being delivered as part of a phishing campaign that began in March, according to an analysis from Panda Security this week. The campaign used the legitimate marketing platform Sendgrid to reach targets in a mass-mailing fashion.

Denial of service attacks against advocacy groups skyrocket

Distributed denial-of-service attacks against advocacy organizations increased by 1,120% since a Minneapolis police officer killed George Floyd by kneeling on his neck, sparking demonstrations throughout the U.S. In figures published Tuesday, the internet security firm Cloudflare said it blocked more than 135 billion malicious web requests against advocacy sites, compared to less than 30 million blocked requests against U.S. government websites.

Provider Voila reported to the cyber police about the intense cyberattacks on the server

Cable provider Volia appealed to the Cyber Police on the fact of fixing a DDoS attack on the Kharkov servers of the company, which has been ongoing since May 31. In total, the complete lack of access to Volia’s services, according to the provider, lasted 12 minutes on May 31, 45 minutes on June 1. There was also an attack on the website volia.com, but it was managed to neutralize.

Researchers Dive Into Evolution of Malicious Excel 4.0 Macros

A central part of many organizations’ productivity tools, Excel opens the door for phishing attacks where victims are tricked into enabling macros in malicious documents, which can results in the attackers gaining a foothold on the network, in preparation for additional activities. During their five-month research, Lastline observed thousands of malicious samples, clustered into waves that provide a comprehensive picture of how the threat has evolved in both sophistication and evasiveness.

Round Up of Major Vulnerabilities and Patches

Two issues in Zoom could have allowed code execution

Zoom is one of the most popular video-conferencing software, every day it is used by millions of users, especially during the COVID outbreak. Cybersecurity researchers from Cisco Talos have disclosed two critical vulnerabilities in the video conferencing software Zoom that could have allowed remote attackers to hack into the systems of participants at a group chat or an individual recipient.

Many Exchange Servers Are Still Vulnerable to Remote Exploit

While Microsoft patched the issue (CVE-2020-0688) in February, more than 80% of Internet-connected Microsoft Exchange servers remain vulnerable to the privilege escalation flaw, requiring attackers to find or phish only a single valid credential to completely compromise a company’s email system, threat-protection firm Rapid7 stated in its “2020: Q1 Threat Report.”