Round Up of Major Breaches and Scams
The Turkish data protection authority (‘KVKK’) announced, on 9 July 2020, a data breach suffered by Doctor Atadan Egemen Koyuncu. In particular, the KVKK highlighted that the data controller suffered a cyber attack on 5 July 2020 which affected the patient information system and that the violation was detected on the 6 July 2020. In addition, the KVKK noted that the number of people affected by the violation is estimated to be 10,000.
A member of a hacker forum is looking to make over $30,000 from selling a huge collection of more than 1,300 phishing kits. The malicious trove is part of the seller’s collection and covers top-rated websites, banks, and financial organizations. At $25 per phishing kit, the seller is looking to make at least $32,500 if they manage to sell the entire cache. They could make more if there are multiple buyers.
An investigation into a cyberattack at Vancouver Coastal Health turned up “no evidence” that data was stolen, according to officials. The health authority said malicious ransomware was discovered in data related to its Employee and Family Assistance Program on May 21, and that officials responded by bringing in external cybersecurity experts to investigate. The Employee and Family Assistance Program offers counselling and other services to workers and their family members.
Swvl, a bus-booking app and operator of bus routes in Egypt, Kenya, and Pakistan, has been struck by a data breach. The company became aware of “unauthorized access to its IT infrastructure” on the evening of July 3. An ongoing investigation has so far concluded that the compromised data “is restricted to names, email addresses, and phone numbers” and that “passwords and credit card information were not affected or exposed”.
Google-backed Indian hyperlocal delivery service Dunzo said it suffered a data breach that left customer data including email IDs and phone numbers exposed. Dunzo provides pick up and deliver services in over seven cities in India. Given the majority of India’s business relies on offline commerce, through Dunzo, you can ask a delivery person to visit a shop to purchase something and deliver it to you for nominal fees.
However recently Microsoft Office 365 users are being targeted by a brand new phishing campaign that utilizes fake Zoom notifications to caution the users who work in corporate environments that their Zoom accounts have been suspended, with the ultimate goal of stealing Office 365 logins. Reports are such that those targeted by this campaign believe in such emails during this time since the number of remote workers participating has definitely increased.
Data containing personal information of 25,000 UAE police officers is up for sale on the web, according to security company CloudSek. The report comes at a time of heightened alert for security issues, as online scams and data breaches proliferate throughout the Gulf and broader Middle East region. CloudSek has reported that it has seen a post, dated 7 July, on a web database marketplace advertising the sale of data for UAE police officers.Sxxssssssss
Round Up of Major Malware and Ransomware Incidents
A threat actor tracked as Evilnum targeted financial technology companies, mainly the British and European ones, ESET researchers reported. Evilnum threat actor was first spotted in 2018 while using the homonym malware. Over the years, the group added new tools to its arsenal, including custom and homemade malware along with software purchased from the Golden Chickens malware-as-a-service (MaaS) provider.
The Indian government recently blocked the Chinese video-sharing app TikTok, a decision that received mixed reviews from the general public. Naturally, people who want to use the famous app resort to different methods of accessing TikTok. Reportedly, Indian authorities issued a warning informing users about fake links promising to redirect to the ‘professional version’ of TikTok but, in reality, downloading malware on the device to steal sensitive data.
The notorious TrickBot malware mistakenly left a test module that is warning victims that they are infected and should contact their administrator. TrickBot is a malware infection that is commonly distributed via malicious spam emails. When installed, the malware will run quietly on a victim’s machine while it downloads various modules that perform different tasks on the infected computer.
Malware developers are now checking if their malware is running in the Any.Run malware analysis service to prevent their malware from being easily analyzed by researchers. Any.Run is a malware analysis sandbox service that lets researchers and users safely analyze malware without risk to their computers. When an executable is submitted to Any.Run, the sandbox service will create a Windows virtual machine with an interactive remote desktop.
Round Up of Major Vulnerabilities and Patches
A reflected cross-site scripting (XSS) vulnerability impacting 100,000 websites has been patched in the KingComposer WordPress plugin. KingComposer is a drag-and-drop page builder for WordPress-based domains that removes the need to program or directly code websites powered by the content management system (CMS). The Wordfence Threat Intelligence team discovered the XSS bug on June 25.
Following vulnerability disclosure in the Mitron app , another viral TikTok clone in India has now been found vulnerable to a critical but easy-to-exploit authentication bypass vulnerability. The Indian video sharing app, called Chingari, is available for Android and iOS smartphones through official app stores, designed to let users record short-form videos, catch up on the news, and connect with other users via a direct message feature.
Researcher warns the highly-rated Kasa family of security cameras have bugs that gives hackers access to private video feeds and settings. A popular consumer-grade security camera made by TP-Link and sold under the Kasa brand has bevy of bugs that open the hardware to remote attacks, such as giving hackers access to private video feeds and the ability to change device settings. The researcher Jason Kent, with Cequence Security, reported the flaws to TP-Link on March 2.
Update: Zoom confirmed it has patched the vulnerability in Zoom client version 5.1.3. An unpatched and previously unknown security vulnerability has been discovered in the Zoom Client for Windows. The vulnerability enables a remote attacker to execute arbitrary code on a victim’s machine where Zoom Client for Windows. The flaw could be exploited by tricking a user into performing a typical action, such as opening a document file.