Round Up of Major Breaches and Scams
Russian interference has been minimal so far in the most tempestuous U.S. presidential election in decades. But that doesn’t mean the Kremlin can’t inflict serious damage. The vulnerability of state and local government networks is a big worry. One troubling wildcard is the potential for the kind of ransomware attacks now affecting U.S. hospitals. Russian-speaking cybercriminals are demanding ransoms to unscramble data they’ve locked up. It’s uncertain whether they are affiliated with the Kremlin or if the attacks are timed to coincide with the election.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have issued an alert to warn that an Iranian threat actor recently accessed voter registration data. The warning comes roughly one week after the United States revealed that the same adversary targeted Democratic voters in multiple states with emails seeking to intimidate them into voting for President Donald Trump.
A security lapse at the privacy-focused social networking app True exposed one of its servers, leading to private user data exposure. It is quite ironic that a social networking app that proudly claims to protect user privacy has exposed hundreds of thousands of users’ sensitive data. True social networking app, which was launched in 2017 by Hello Mobile, has suffered a massive data breach due to a configuration error that left one of its servers exposed.
Reports emerged of phishers having abused a feature in Google Drive in an attempt to trick users into visiting malicious websites. In this scam wave, users reported having received Google Drive notifications in Russian or English asking them to collaborate on unfamiliar documents. Those documents contained links to scam websites. Some of those links tried to entice recipients into reviewing their bank account activity or accepting a cash prize. Others bombarded users with links advertising deals and/or prize selections.
Texas-based precious metals dealer JM Bullion has informed some customers that their payment card information may have been stolen by cybercriminals, but the disclosure came months after the breach was discovered. Founded in 2011, JM Bullion sells gold, silver, platinum and other precious metals, and it allows customers to pay with cryptocurrency. According to its website, the company reached 500,000 customers in March 2018 and it claims to ship over 30,000 orders per month.
A survey from Risk Based Security revealed that the number of records exposed in 2020 has increased to 36 billion globally. The survey “2020 Q3 Data Breach QuickView Report” stated that there were 2,953 publicly reported breaches in the first three quarters of 2020, a 51% decrease compared to the same period in 2019. The most exposed data types in the year included names and access credentials in the form of email addresses and passwords. Most data breaches occurred due to hacking, with 77.5% of events originating outside of the victim organization, 17% of breaches originating within the organization, and 67% due to errors.
Round Up of Major Malware and Ransomware Incidents
The Maze ransomware gang announced today that they have officially closed down their ransomware operation and will no longer be leaking new companies’ data on their site. Last week, BleepingComputer reported that Maze had stopped encrypting new victims since the middle of September, cleaned up their data leak site, and was extorting their final victims. Today, Maze released a press release titled “The Project is closed,” where they state that they are closed and any other ransomware operation that uses its name is a scam.
Security experts at the CERT Coordination Center (CERT/CC) have begun a new initiative designed to tackle the rise in sensationalist naming of vulnerabilities. Its “vulnonym” project will publish to Twitter neutral names associated with CVEs as they are issued. CERT researcher, Leigh Metcalf, argued that although humans find it easier to relate to and remember names rather than numbers, threat researchers and their marketing teams often go too far with names like “Spectre” and “Heartbleed.
Security researchers have discovered new North Korean malware being used to drive information-stealing attacks against COVID-19 vaccine makers and other targets. Cybereason Nocturnus said it had been able to track new attack infrastructure linked to the prolific Kimsuky group via BabyShark and AppleSeed malware previously attributed to it. The new domains created as part of this push were all registered to the same IP address responsible for BabyShark attacks, the vendor said.
Round Up of Major Vulnerabilities and Patches
In brief Bad news for those who have bought into the Nest Secure home surveillance system – Google has surprised many by halting further deployments. The Secure package consists of motion sensors for doors and windows that communicate with the Hub, a modern-day version of the traditional home alarm keypad but with NFC Tag key fobs and smartphone alerts. The Register thought it was a pretty good system, but it’s now deader than corduroy flares with satin lining, although it is still being supported.
In the U.S., health care providers and medical research companies are required to protect personally identifiable information (PII) and electronic health information (EHR/EMR) under the compliance guidelines issued by the Health Insurance Portability and Accountability Act (HIPAA). Alternatively, the researchers at SonarSource, a security solutions company, discovered four vulnerabilities, in the backend code of one such medical management solution provider, Open EMR, which could have potentially allowed threat actors remote access into the health records of thousands of its users.
Improper access control, information disclosure, and SSRF are among the most impactful, and most awarded, security flaws found this year. Organizations are rethinking vulnerability disclosure programs to match a mostly remote staff and increasingly cloud-based infrastructure. As hackers take aim at new targets, they’re finding more improper access control, information disclosure, and server-side request forgery flaws.