Round Up of Major Breaches and Scams
Threat actors are scanning the internet for API tokens, passwords, and database logins that are usually used to store ENV files (Environment files) accidentally left exposed online. Environment files are configuration files that usually contain user environment variables for multiple frameworks and development tools such as Docker, Node.js, Django, and Symfony.
This week, the Vote Joe site set up by the Biden-Harris Presidential campaign had been hacked and defaced by a Turkish hacker called RootAyyildiz. Based on the evidence and the archived snapshots of the site, it appears the breach and defacement had lasted for over 24 hours.
The Christian faith app Pray.com has leaked private data for up to 10 million people, according to researchers. The app offers “daily prayer and Bible stories to inspire, educate and help you sleep” on a subscription basis. Subscriptions run anywhere from $50 to $120.
Mitsubishi Electric Corp. was hit again by a massive cyberattack that may have caused the leakage of information related to its business partners. “Company officials on Nov. 20 said they were checking the 8,653 accounts of those it has business transactions with to determine if information related to bank accounts of the other parties as well as other information leaked,” reads a post published on the Asahi Shimbun website.
Fraudsters redirected email and web traffic destined for several cryptocurrency trading platforms over the past week. The attacks were facilitated by scams targeting employees at GoDaddy, the world’s largest domain name registrar, KrebsOnSecurity has learned. The incident is the latest incursion at GoDaddy that relied on tricking employees into transferring ownership and/or control over targeted domains to fraudsters.
Round Up of Major Malware and Ransomware Incidents
In mid-November 2020, the hospital’s website was taken offline after ransomware attack against the website’s administrator Managed.com. “Derby’s Griffin Hospital is the indirect victim of a ransomware attack, with its website going offline this week but patient information not exposed,” officials said.
The notorious TrickBot gang has released a new lightweight reconnaissance tool used to scope out an infected victim’s network for high-value targets. Over the past week, security researchers began to see a phishing campaign normally used to distribute TrickBot’s BazarLoader malware switch to installing a new malicious PowerShell script. Like BazarLoader phishing campaigns, LightBot phishing emails pretend to be from human resources or the legal department about a customer complaint or the termination of the recipient’s employment.
Round Up of Major Vulnerabilities and Patches
Another liquidity mining project fell victim to the hack attack and lost about $20 million of users’ funds in DAI tokens. The attacker exploited the vulnerability of Pickle Finance smart contract called DAI PickleJar using fake swaps. Notably, the hacker chose to avoid a flash loan scheme used in most similar incidents recently. Instead, they deployed a malicious jar and passed in fake swaps.