Round Up of Major Breaches and Scams
Microsoft warns that with the shift to remote working, customers are exposed to additional security threats such as consent phishing, besides conventional credential theft and email phishing attacks. Consent phishing is a variant of application-based attack where the targets are tricked into providing malicious Office 365 OAuth applications access to their Office 365 accounts.
An unsecured Elasticsearch database has been leaking data on millions of global gambling app users, according to researchers at vpnMentor. The group discovered the unsecured database hosted on AWS as part of a broader web mapping project. It was quickly traced back to casino app Clubillion, which was contacted on March 23. The database was finally secured on April 5, five days after AWS was also contacted.
Round Up of Major Malware and Ransomware Incidents
Microsoft has published today the first technical details about a new security feature that will soon be part of Windows 10. Named Kernel Data Protection (KDP), Microsoft says this feature will block malware or malicious threat actors from modifying (corrupting) the operating system’s memory. According to Microsoft, KDP works by giving developers access to programmatic APIs that will allow them to designate parts of the Windows kernel as read-only sections.
Cybercriminals have hijacked more than 240 websites, which belong to some of the most prominent organizations and brands worldwide, primarily to redirect users to download unexpected content such as malware, malicious Chrome extensions, online gambling, and adult content. The reason these websites were hijacked so easily was the way Microsoft Azure cloud was hosting them.
Round Up of Major Vulnerabilities and Patches
Nvidia has released a security update fixing a bug in GeForce Experience that could be abused to conduct code execution attacks. This week, Nvidia said the security flaw, CVE‑2020‑5964, is found in the service host component of GeForce Experience, “in which the integrity check of application resources may be missed.”
The Adning Advertising plugin for WordPress, a premium plugin with over 8,000 customers, contains a critical remote code-execution vulnerability with the potential to be exploited by unauthenticated attackers. The plugin’s author, Tunafish, has rolled out a patched version (v.1.5.6), which site owners should update to as soon as possible. No CVE was issued.
The most severe of the flaws impacts the system component and could allow an attacker to execute code with high privileges, via a specially crafted file. In fact, Google addressed two critical flaws in the system component, one impacting Android 8.0 and newer releases (CVE-2020-0224), and the other affecting Android 10 only (CVE-2020-0225).