Categories
Adware APT Blackmail Botnet Breach Bug CVE Cyber Security Data leak Deepfake Emotet Hacking Malware Misinformation Phishing Ransomware Scam Vulnerability Zero-day

Microsoft kills Internet Explorer for new Edge browser, Deepfake Bots on Telegram display nudity, and more

Major cybersecurity events on 27th October 2020 (Morning Post): WastedLocker ransomware hits ski resort operator Boyne Resorts, impacts company wide reservation systems. After Haldiram’s was targeted in a vicious ransomware attack last month, office of Mithaas sweets, Noida suffered a similar attack.

Round Up of Major Breaches and Scams

‘Among Us’ Mobile Game Under Siege by Attackers

Ongoing attacks on the wildly popular game Among Us are testing developers’ ability to keep up. The meteoric rise of the game Among Us appears to be outpacing its developer’s ability to keep up with malicious actors. On Sunday night, a specific ongoing attack forced InnerSloth, the company behind the game, to hastily roll out an update designed to kick bad actors off the game’s servers — likely along with some innocent players as well.

Cybercriminals Extort Psychotherapy Patients Following Vastaamo Breach

An attacker is running a Tor site to leak the session notes of 300 patients at Vastaamo, a Finnish psychotherapy facility. Cybercriminals behind a data breach at Finnish psychotherapy facility Vastaamo have begun to blackmail patients hundreds of euros and threaten to publish their personal health data online. Vastaamo, which has branches throughout Finland, said in a statement its systems were likely hacked between the end of November 2018 and March 2019, ABC News reports.

Google employees personal info exposed in law firm data breach

Immigration law firm Fragomen, Del Rey, Bernsen & Loewy, LLP has disclosed a data breach that exposed current and former Google employees’ personal information. Fragomen is one of the USA’s largest law firms covering immigration law, with over 582 attorneys in 47 locations worldwide. In a “Notice of Data Breach” sent to Googlers impacted by the breach, Fragomen states that they are responsible for providing I-9 employment verification services to Google.

Nitro PDF data breach might impact major companies, including Microsoft, Google, and Apple

Nitro PDF suffered a massive data breach that impacts many major organizations, including Apple, Chase, Citibank, Google, and Microsoft. A massive data breach suffered by the Nitro PDF might have a severe impact on well-known organizations, including Google, Apple, Microsoft, Chase, and Citibank. Nitro Software, Inc. develops commercial software used to create, edit, sign, and secure Portable Document Format (PDF) files and digital documents. The company has over 650,000 business customers worldwide, and claims millions of users across the globe.

Hacker steals $24 million from cryptocurrency service ‘Harvest Finance’

A hacker has stolen roughly $24 million worth of cryptocurrency assets from decentralized finance (DeFi) service Harvest Finance, a web portal that lets users invest cryptocurrencies and then farm the price variations for small profit yields. The hack took place earlier today and was almost immediately confirmed by Harvest Finance administrators in messages posted on the company’s Twitter account and Discord channel.

Over 100 irrigation systems left exposed online without a password

More than 100 smart irrigation systems were left exposed online without a password last month, allowing anyone to access and tamper with water irrigation programs for crops, tree plantations, cities, and building complexes. The exposed irrigation systems were discovered by Security Joes, a small boutique security firm based in Israel. All were running ICC PRO, a top-shelf smart irrigation system designed by Motorola for use with agricultural, turf, and landscape management.

Twitter introduces banner debunking voter misinformation

Twitter launched a feature on its platform Monday that seeks to debunk misinformation about voting in a last minute effort to inform users of weaponized information operations. The feature, which appears as a a banner that greets Twitter users at the top of their feeds, already had a message for American voters Monday: People are spreading misinformation about election fraud and voting by mail.

Feds Say 19-Year-Old With a Van Full of Rifles Plotted to Kill Joe Biden, Posted About It on iFunny

Among the reasons a federal judge ruled that 19-year-old Alexander Hillel Treisman should remain in custody while he awaits trial on child pornography charges: He conveyed his intent to assassinate Democratic presidential nominee and former Vice President Joe Biden in a meme he posted online, according to prosecutors. Per the Washington Post, court documents relaying the order state that Treisman searched online in May 2020 for “information about Joe Biden’s home address, state gun laws, rifle parts, and night vision goggles.”

Round Up of Major Malware and Ransomware Incidents

Adware found in 21 Android apps with more than 7 million downloads

Google has removed 15 of 21 Android applications from the official Play Store over the weekend following a report from Czech antivirus maker Avast. The security firm said the apps were infected with a type of malware known as HiddenAds. Discovered in 2019, this Android adware strain operates by showing excessive and intrusive ads and by opening mobile browsers on ad-heavy or promotional pages.

Another Noida sweets manufacturer attacked by ransomware

Merely a month after Haldiram Snacks Private Limited corporate office in Noida suffered a ransomware attack, the servers of another Noida-based sweets manufacturing company were hacked and their data was encrypted in a different format that that which the company uses. According to the company, the incident took place on the afternoon of August 22 at the corporate office of Mithaas sweets in Noida’s Sector 63.

KashmirBlack botnet behind attacks on CMSs like WordPress, Joomla, Drupal, others

A highly sophisticated botnet is believed to have infected hundreds of thousands of websites by attacking their underlying content management system (CMS) platforms. Named KashmirBlack, the botnet started operating in November 2019. Security researchers from Imperva —who analyzed the botnet last week in a two-part series— said the botnet’s primary purpose appears to be to infect websites and then use their servers for cryptocurrency mining, redirecting a site’s legitimate traffic to spam pages, and to a lesser degree, showing web defacements.

Ransomware attack disabled Georgia County Election database

A ransomware attack recently hit Georgia county government and reportedly disabled a database used to verify voter signatures. A ransomware attack hit a Georgia county government early this month and disabled a database used to verify voter signatures in the authentication of absentee ballots. It is a common process to validate absentee ballots sent by mail by analyzing signatures. The media pointed out that this is the first reported case of a ransomware attack against a system used in the incoming 2020 Presidential election.

New Emotet attacks use a new template urging recipients to upgrade Microsoft Word

Emotet operators have started using a new template this week that pretends to be a Microsoft Office message urging a Microsoft Word update. Researchers this week observed Emotet attacks employing a new template that pretends to be a Microsoft Office message urging the recipient to update their Microsoft Word to add a new feature. Emotet spam messages leverage templates to trick the victims into enabling macros to start the infection.

Deepfake Bots on Telegram, Italian Authorities Investigating

The bots are programmed to create fake nudes having watermarks or displaying nudity partially. Users upon accessing the partially nude image, pay for the whole photo to be revealed to them. They can do so by simply submitting a picture of any woman to the bot and get back a full version wherein clothes are digitally removed using the software called “DeepNude”, which uses neural networks to make images appear “realistically nude”. Sometimes, it’s done for free of cost as well.

WastedLocker ransomware hits Boyne Resorts ski resort operator

US-based ski and golf resort operator Boyne Resorts has suffered a cyberattack by the WastedLocker operation that has impacted company-wide reservation systems. Boyne Resorts owns and operates eleven properties located in the USA and Canada and has 11,000 employees. Many of these properties are situated on well-known ski mountains, including Big Sky, Montana, Sugarloaf, Maine, and Brighton, Utah.

Round Up of Major Vulnerabilities and Patches

Microsoft is throttling Windows 10 20H2 availability for all users

Microsoft is currently throttling Windows 10, version 20H2 availability to provide all users who want to upgrade with a positive experience while downloading and upgrading the OS. After Windows 10 20H2 (aka the October 2020 Update) was released on October 20, it immediately started rolling out to users who manually check for updates via Windows Update (seekers) on devices running Windows 10 1903 or later.

HPE Patches Two Critical, Remotely Exploitable Vulnerabilities

Hewlett Packard Enterprise has released patches for two critical vulnerabilities, one identified in StoreServ Management Console and the other affecting BlueData EPIC Software Platform and Ezmeral Container Platform. The most severe of these issues was identified in HPE StoreServ Management Console (SSMC) 3.7.0.0 and could be exploited to remotely bypass authentication protections. Tracked as CVE-2020-7197, the vulnerability features a CVSS score of 10.

Google patches actively exploited zero-day bug that affects Chrome users

Update your Chrome browser to its latest version—86.0.4240.111—to protect yourself from a vulnerability that Google says is being actively exploited. Google has recently released Chrome version 86.0.4240.111 to patch several holes. One is for a zero-day flaw – that means a vulnerability that is being actively exploited in the wild. The flaw, which is officially designated as CVE-2020-15999, occurs in the way FreeType handles PNG images embedded in fonts using the Load_SBit_Png function.

Microsoft begins to finally kill off Internet Explorer

Microsoft is taking further steps to kill off the antiquated Internet Explorer in favor of its new Chromium-based Microsoft Edge browser. Microsoft has been recommending users switch from Internet Explorer for years, yet it still has an almost 5% market share in browser use. Starting soon, if not already started for many, Microsoft will be taking more active measures to push people away from Internet Explorer.