Round Up of Major Breaches and Scams
The Illinois Department of Employment Security (IDES) has acknowledged a security lapse that exposed the private information of independent contractors and the self-employed. IDES blamed the security incident on a “glitch” in a new system rolled out to process the claims of citizens in the state of Illinois who need to file for unemployment benefits.
Over the past two months, Moscow has issued tens of thousands of fines to local residents for violating the city’s coronavirus self-isolation restrictions. Thanks to weak cryptographic security, the personal data of those ticketed is now available online.
Security researcher Troy Hunt has revealed details of a massive, open Elasticsearch database he found online. Dubbed db8151dd; the database contains exclusive private details of around 22 million people including their names, email IDs, phone numbers, physical addresses, social media profiles, and job titles. The HaveIBeenPwned fame Troy Hunt claims that he was informed about the db8151dd database back in February.
BlueScope, an Australian steel products manufacturer, reported a cyber incident that affected its manufacturing and sales operations in Australia. The type or source of the cyberattack is still unknown, but as per the company’s official statement, operations only in Australia were affected.
Round Up of Major Malware and Ransomware Incidents
The FBI has issued a security alert earlier this month about a new ransomware strain named ProLock that has been deployed in intrusions at healthcare organizations, government entities, financial institutions, and retail organizations. First spotted in March 2020, ProLock is part of the category of “human-operated ransomware.”
Dubbed Mandrake, the platform targets only specific devices, as its operators are keen on remaining undetected for as long as possible. Thus, the malware avoids infecting devices in countries that might bring no benefit for the attackers.
Taiwanese authorities have suggested that Chinese hackers were behind a ransomware attack against Taiwan’s state oil company, an aggressive assault on one of the island nation’s strategic assets. Data left behind in the attack, such as a configuration file and domain name, point to the involvement of a group known as Winnti, or something “closely related” to it, Taiwan’s Ministry of Justice said in a statement Friday.
The Texas Department of Transportation (TxDOT) has been hit by ransomware just days after the state’s judiciary system suffered the same fate. According to a May 15 message posted on Twitter by TxDOT, the attack struck on May 14, when a threat actor gained unauthorized access to the department’s computer network.
The REvil/Sodinokibi ransomware hackers that struck celebrity law firm Grubman, Shire, Meiselas and Sacks and threatened to release information on clients like Lady Gaga and Madonna as well as President Trump likely exploited an unpatched Citrix vulnerability, and have now turned their sights to a major food company, Sherwood Forest and Harvest Distributors.
Round Up of Major Vulnerabilities and Patches
Attackers could exploit a critical vulnerability in the WP Product Review Lite WordPress plugin to inject malicious code and potentially take over vulnerable websites. The WP Product Review Lite plugin allows site owners to quickly create custom review articles using pre-defined templates, it is currently installed on over 40,000 WordPress sites.
The source code for “smart car” components installed in Mercedez-Benz vans has been leaked online over the weekend, ZDNet has learned. The leak occurred after Till Kottmann, a Swiss-based software engineer, discovered a Git web portal belonging to Daimler AG, the German automotive company behind the Mercedes-Benz car brand.