Categories
Breach Cyber Security Malware Ransomware RAT Spyware Trojan Vulnerability

Mercedes-Benz source code leaks, REvil strikes again, Payment portals leak Muscovites passport numbers, and more

Major cybersecurity events of 19th May 2020 (morning post): Massive Elasticsearch leaked database, db8151dd, exposes 22 million emails. Unknown cyberattack targets BlueScope, affects manufacturing, sales operations in Australia. “Human operated ransomware”- ProLock targets government, healthcare organizations.

Round Up of Major Breaches and Scams

Illinois blames ‘glitch’ for exposure of PUA applicant Social Security numbers, private data

The Illinois Department of Employment Security (IDES) has acknowledged a security lapse that exposed the private information of independent contractors and the self-employed. IDES blamed the security incident on a “glitch” in a new system rolled out to process the claims of citizens in the state of Illinois who need to file for unemployment benefits.

Payment portals leak the passport numbers of the tens of thousands of Muscovites ticketed for quarantine violations 

Over the past two months, Moscow has issued tens of thousands of fines to local residents for violating the city’s coronavirus self-isolation restrictions. Thanks to weak cryptographic security, the personal data of those ticketed is now available online.

db8151dd breach- Contact management firm leaks 22 million emails

Security researcher Troy Hunt has revealed details of a massive, open Elasticsearch database he found online. Dubbed db8151dd; the database contains exclusive private details of around 22 million people including their names, email IDs, phone numbers, physical addresses, social media profiles, and job titles. The HaveIBeenPwned fame Troy Hunt claims that he was informed about the db8151dd database back in February.

Cyberattack on BlueScope Steel Derails Australia Operations

BlueScope, an Australian steel products manufacturer, reported a cyber incident that affected its manufacturing and sales operations in Australia. The type or source of the cyberattack is still unknown, but as per the company’s official statement, operations only in Australia were affected.

Round Up of Major Malware and Ransomware Incidents

FBI: ProLock ransomware gains access to victim networks via Qakbot infections

The FBI has issued a security alert earlier this month about a new ransomware strain named ProLock that has been deployed in intrusions at healthcare organizations, government entities, financial institutions, and retail organizations. First spotted in March 2020, ProLock is part of the category of “human-operated ransomware.”

‘Mandrake’ Android Spyware Remained Undetected for 4 Years

Dubbed Mandrake, the platform targets only specific devices, as its operators are keen on remaining undetected for as long as possible. Thus, the malware avoids infecting devices in countries that might bring no benefit for the attackers.

Taiwan suggests China’s Winnti group is behind ransomware attack on state oil company

Taiwanese authorities have suggested that Chinese hackers were behind a ransomware attack against Taiwan’s state oil company, an aggressive assault on one of the island nation’s strategic assets. Data left behind in the attack, such as a configuration file and domain name, point to the involvement of a group known as Winnti, or something “closely related” to it, Taiwan’s Ministry of Justice said in a statement Friday.

Texas Takes Second Ransomware Hit

The Texas Department of Transportation (TxDOT) has been hit by ransomware just days after the state’s judiciary system suffered the same fate. According to a May 15 message posted on Twitter by TxDOT, the attack struck on May 14, when a threat actor gained unauthorized access to the department’s computer network.

REvil attackers who threatened celebrity law firm, Trump, strike food distributor

The REvil/Sodinokibi ransomware hackers that struck celebrity law firm Grubman, Shire, Meiselas and Sacks and threatened to release information on clients like Lady Gaga and Madonna as well as President Trump likely exploited an unpatched Citrix vulnerability, and have now turned their sights to a major food company, Sherwood Forest and Harvest Distributors.

Round Up of Major Vulnerabilities and Patches

Stored XSS in WP Product Review Lite plugin allows for automated takeovers

Attackers could exploit a critical vulnerability in the WP Product Review Lite WordPress plugin to inject malicious code and potentially take over vulnerable websites. The WP Product Review Lite plugin allows site owners to quickly create custom review articles using pre-defined templates, it is currently installed on over 40,000 WordPress sites.

Mercedes-Benz onboard logic unit (OLU) source code leaks online

The source code for “smart car” components installed in Mercedez-Benz vans has been leaked online over the weekend, ZDNet has learned. The leak occurred after Till Kottmann, a Swiss-based software engineer, discovered a Git web portal belonging to Daimler AG, the German automotive company behind the Mercedes-Benz car brand.