APT Breach Bug CVE Cyber Security Data leak Emotet Espionage Hacking Malware Phishing Ransomware Scam Spying Virus Vulnerability

Iranian govt. domains masquerade as news outlets, SilentFade steals millions through Facebook ads, and more

Major cybersecurity events on 8th October 2020 (Evening Post): Amazon Prime Day causes a spike in phishing, fraud attacks since August. Data from Airlink International UAE leaked on multiple dark web forums. Waterbear malware used in attacks against Taiwanese government agencies.

Round Up of Major Breaches and Scams

US seizes Iranian government domains masked as legitimate news outlets

US law enforcement has seized 92 domains used to spread propaganda and fake news by Iran’s Islamic Revolutionary Guard Corps (IRGC). The Department of Justice (DoJ) said on Wednesday that the IRGC has used the domains to “unlawfully engage in a global disinformation campaign.” Four of the domains were used to create news outlets that appeared legitimate but the flow of ‘news’ articles and contents hosted by the websites were controlled by the IRGC.

Amazon Prime Day Spurs Spike in Phishing, Fraud Attacks

Cybercriminals are tapping into Amazon’s annual discount shopping campaign for subscribers, Prime Day, with researchers warning of a recent spike in phishing and malicious websites that are fraudulently using the Amazon brand. There has been a spike in the number of new monthly phishing and fraudulent sites created using the Amazon brand since August, the most significant since the COVID-19 pandemic forced people indoors in March, according to a Thursday report from Bolster Research.

CPS Under Fire Again After Data Breach Cases Jump 18%

The UK’s Crown Prosecution Service (CPS) has recorded over 1600 data breaches over the course of a year, including scores of unauthorized disclosures classed as “severe,” it has emerged. The data featured in the CPS annual report revealed a total of 1627 recorded data breaches in the 2019-20 financial year, up 18% from the previous year. These included 59 incidents that were serious enough to be reported to the Information Commissioner’s Office (ICO).

How SilentFade group steals millions from Facebook ad spend accounts

Facebook is a magnet for scammers, thieves and other bad actors looking to swindle and manipulate the social media giant’s vast pool of users. One group discovered by Facebook’s in-house researchers took such a sophisticated approach to bilking Facebook users that it walked away with $4 million in an elaborate ad fraud scheme that went undetected by its victims. Sachit Karve, speaking both for himself and fellow Facebook security researcher Jennifer Urgilez, offered more details about this scheme at the VB 2020 conference last week.

RainbowMix apps generate $150,000 in daily ad fraud profit

A massive fraudulent advertising business disrupted recently perpetrated through more than 240 apps in Google Play generated profits that could amount to more than $150,000 per day. For months, the army of deceptive apps, mostly low-quality games or stolen Nintendo Entertainment System (NES) emulators, was present in the official Android store, raking over 14 million installations. While their behavior was not malicious, they disrupted the user experience by displaying out of context (OOC) ads, which appear to come from legitimate apps on the phone.

Data from Airlink International UAE leaked on multiple dark web forums

Cybersecurity researchers from Cyble have spotted a threat actor sharing leaked data of Airlink International UAE for free on two different platforms. Cybersecurity researchers from Cyble have found a threat actor sharing leaked data of Airlink International UAE for free on two platforms on the dark web. The availability of the data on the dark web could pose organizations to serious risk, threat actors could use this data to carry out multiple malicious attacks.

Round Up of Major Malware and Ransomware Incidents

Hackers disguise malware attack as new details on Donald Trump’s COVID-19 illness

The confirmation that US President Donald Trump has been infected by the Coronavirus, and had to spend time this weekend in hospital, has – understandably – made headlines around the world. And there are plenty of people, on both sides of the political divide, who are interested in learning more about his health status. It’s no surprise, therefore, to discover that cybercriminals are exploiting that interest with the intention of infecting users’ computers.

MontysThree: Industrial espionage with steganography and a Russian accent on both sides

In summer 2020 we uncovered a previously unknown multi-module C++ toolset used in highly targeted industrial espionage attacks dating back to 2018. Initially the reason for our interest in this malware was its rarity, the obviously targeted nature of the campaign and the fact that there are no obvious similarities with already known campaigns at the level of code, infrastructure or TTPs. To date, we consider this toolset and the actor behind it to be new. The malware authors named the toolset “MT3”; following this abbreviation we have named the toolset “MontysThree”.

Waterbear malware used in attack wave against government agencies

Researchers have spotted a fresh Waterbear campaign in which Taiwanese government agencies have been targeted in sophisticated attacks. According to CyCraft researchers, the attacks took place in April 2020, but in an interesting twist, the threat group responsible leveraged malware already present on compromised servers — due to past attacks — in order to deploy malware.

Round Up of Major Vulnerabilities and Patches

Google Rolls Out Fixes for High-Severity Android System Flaws

The most serious bugs are elevation-of-privilege issues in the Android System component (CVE-2020-0215 and CVE-2020-0416). Google has released patches addressing high-severity flaws in its System component. The flaws could be remotely exploited to gain access to additional permissions. Overall, 50 flaws were patched as part of Google’s October security update for the Android operating system, released on Monday. As part of this, Qualcomm, whose chips are used in Android devices, patched a mix of high- and critical-severity vulnerabilities tied to 22 CVEs.

Researchers Find Vulnerabilities in Microsoft Azure Cloud Service

As businesses are increasingly migrating to the cloud, securing the infrastructure has never been more important. Now according to the latest research, two security flaws in Microsoft’s Azure App Services could have enabled a bad actor to carry out server-side request forgery (SSRF) attacks or execute arbitrary code and take over the administration server. “This enables an attacker to quietly take over the App Service’s git server, or implant malicious phishing pages accessible through Azure Portal to target system administrators,” cybersecurity firm Intezer said in a report published today and shared with The Hacker News.