Breach CVE Cyber Security Data leak Hacking Malware Vulnerability

Malicious Office 365 OAuth apps part of phishing attacks, Clubillion leaks millions of users data, and more

Major cybersecurity events on 9th July 2020 (Morning Post): Microsoft will soon release security feature, Kernel Data Protection, blocking malware, malicious actors from corrupting OS memory. 240 subdomains hosted by Azure hacked to spread malware.

Round Up of Major Breaches and Scams

Microsoft warns of Office 365 phishing via malicious OAuth apps

Microsoft warns that with the shift to remote working, customers are exposed to additional security threats such as consent phishing, besides conventional credential theft and email phishing attacks. Consent phishing is a variant of application-based attack where the targets are tricked into providing malicious Office 365 OAuth applications access to their Office 365 accounts.

Casino App Clubillion Leaks PII on “Millions” of Users

An unsecured Elasticsearch database has been leaking data on millions of global gambling app users, according to researchers at vpnMentor. The group discovered the unsecured database hosted on AWS as part of a broader web mapping project. It was quickly traced back to casino app Clubillion, which was contacted on March 23. The database was finally secured on April 5, five days after AWS was also contacted.

Round Up of Major Malware and Ransomware Incidents

Microsoft’s new KDP tech blocks malware by making parts of the Windows kernel read-only

Microsoft has published today the first technical details about a new security feature that will soon be part of Windows 10. Named Kernel Data Protection (KDP), Microsoft says this feature will block malware or malicious threat actors from modifying (corrupting) the operating system’s memory. According to Microsoft, KDP works by giving developers access to programmatic APIs that will allow them to designate parts of the Windows kernel as read-only sections.

240 top Microsoft Azure-hosted subdomains hacked to spread malware

Cybercriminals have hijacked more than 240 websites, which belong to some of the most prominent organizations and brands worldwide, primarily to redirect users to download unexpected content such as malware, malicious Chrome extensions, online gambling, and adult content. The reason these websites were hijacked so easily was the way Microsoft Azure cloud was hosting them.

Round Up of Major Vulnerabilities and Patches

Nvidia fixes code execution vulnerability in GeForce Experience

Nvidia has released a security update fixing a bug in GeForce Experience that could be abused to conduct code execution attacks. This week, Nvidia said the security flaw, CVE‑2020‑5964, is found in the service host component of GeForce Experience, “in which the integrity check of application resources may be missed.”

Advertising Plugin for WordPress Threatens Full Site Takeovers

The Adning Advertising plugin for WordPress, a premium plugin with over 8,000 customers, contains a critical remote code-execution vulnerability with the potential to be exploited by unauthenticated attackers. The plugin’s author, Tunafish, has rolled out a patched version (v.1.5.6), which site owners should update to as soon as possible. No CVE was issued.

Google Patches Critical Android Vulnerabilities With July 2020 Updates

The most severe of the flaws impacts the system component and could allow an attacker to execute code with high privileges, via a specially crafted file. In fact, Google addressed two critical flaws in the system component, one impacting Android 8.0 and newer releases (CVE-2020-0224), and the other affecting Android 10 only (CVE-2020-0225).