Categories
APT Botnet Breach Cyber Security Data leak Hacking Malware Phishing Ransomware Scam Spying Trojan Vulnerability

Microsoft worker gets 9 years in prison over fraud scheme, Npm package steals sensitive Discord files, and more

Major cybersecurity events on 10th November 2020 (Morning Post): Pro-Trump site, dontpressthegreenbutton.com, claiming Arizona election fraud exposes voter data. DoppelPaymer ransomware gang targets laptop manufacturer Compal, demands $17m in Bitcoins. WordPress bugs let attackers hijack 100K sites.

Round Up of Major Breaches and Scams

Former Microsoft Worker Gets 9 Years in $10M Fraud Scheme

A former Microsoft worker was sentenced Monday to nine years in prison for a scheme to steal $10 million in digital currency — money authorities said he used to buy a $160,000 car and a lakefront home. Volodymyr Kvashuk, a 26-year-old Ukrainian citizen living in Renton, Washngton, was responsible for helping test Microsoft’s online retail sales platform. Prosecutors said he stole digital currency such as gift cards or codes that could be redeemed for Microsoft products or gaming subscriptions, then resold them on the internet.

Npm package caught stealing sensitive Discord and browser files

Security researchers at Sonatype have discovered today an npm package (JavaScript library) that contains malicious code designed to steal sensitive files from a user’s browsers and Discord application. Named discord.dll, the malicious JavaScript library is still available via npm, a web portal, command-line utility, and package manager for JavaScript programmers. Developers use npm to load and then update libraries (npm packages) inside their JavaScript projects — may them be websites, desktop apps, or server applications.

Trump Site Alleging AZ Election Fraud Exposes Voter Data

A security flaw on a website set up to gather evidence of in-person voter fraud in Arizona would have opened the door for SQL injection and other attacks. The bug, found on a site set up by Trump campaign called dontpressthegreenbutton.com, was discovered by cybersecurity pro Todd Rossin, almost by accident. The researcher saw a news story about alleged voter fraud in Maricopa County, which is home to Phoenix, Scottsdale and the main bulk of Arizona’s population.

Mashable Customer Data Leaked Online

Data belonging to users of American culture and technology news website Mashable has been leaked on the internet. In a statement released Sunday, November 8, Mashable confirmed that a hacker had obtained a copy of one of its databases and published it online. The site launched an investigation after learning of the attack on November 4. Mashable has temporarily disabled access to all accounts impacted by the security breach as a cautionary measure.

Round Up of Major Malware and Ransomware Incidents

Laptop mega-manufacturer Compal hit by DoppelPaymer ransomware – same one that hit German hospital

Compal, the world’s second-largest white-label laptop manufacturer, has been hit by the file-scrambling DoppelPaymer ransomware gang – and the hackers want $17m in cryptocurrency before they’ll hand over the decryption key. The Taiwanese factory giant, which builds systems for Apple, Lenovo, Dell, and HP, finally admitted malware infected its computers and encrypted its documents after first insisting it had suffered no more than an IT “abnormality” and that its staff had beaten off a cyber-attack.

New Brazilian Banking Trojan Targets Mobile Users in Multiple Countries

Ghimob is a full-fledged spy in your pocket, Kaspersky says. A Brazil-based threat group that recently has been expanding its operations worldwide has deployed a new banking Trojan that is actively targeting Android users in multiple Latin American and European countries and could soon hit US users as well. Researchers at Kaspersky recently discovered the so-called “Ghimob” remote access Trojan (RAT) while investigating another malware campaign.

Round Up of Major Vulnerabilities and Patches

Flaws in PcVue SCADA Product Can Facilitate Attacks on Industrial Organizations

Researchers found several potentially serious vulnerabilities in the PcVue SCADA/HMI solution developed by France-based ARC Informatique, including flaws that can allow an attacker to take control of industrial processes or cause disruption. The PcVue product was analyzed by researchers from Kaspersky, who identified a total of three vulnerabilities. The vendor has patched the security holes with the release of version 12.0.17 and it has also shared some mitigations and workarounds to help customers prevent attacks.

WordPress plugin bugs can let attackers hijack up to 100K sites

Admins of WordPress sites who use the Ultimate Member plugin are urged to update it to the latest version to block attacks attempting to exploit multiple critical and easy to exploit vulnerabilities that could lead to site takeovers. Ultimate Member is an extensible WordPress plugin with more than 100,000 active installations and is designed to make the task of profile and membership management easier.

New Slipstream NAT bypass attacks to be blocked by browsers

Web browser vendors are planning to block a new attack technique that would allow attackers to bypass a victim’s NAT, firewall, or router to gain access to any TCP/UDP service hosted on their devices. The attack method, dubbed NAT Slipstreaming, was discovered by security researcher Samy Kamkar and it requires the victims to visit the threat actor’s malicious website (or a site with maliciously crafted ads).

xHunt hackers hit Microsoft Exchange with two news backdoors

While investigating a cyber attack on the Microsoft Exchange server of an organization in Kuwait, experts found two new Powershell backdoors. Security experts from Palo Alto Networks have spotted two never-before-detected Powershell backdoors while investigating an attack on Microsoft Exchange servers at an organization in Kuwait. Experts attribute the attack to a known threat actor tracked as xHunt, aka Hive0081, which was first discovered in 2018.

Microsoft working on fix for Windows apps forgetting passwords

Microsoft says that multiple Windows 10 apps including Outlook are affected by an issue causing them to forget users’ passwords after the device is upgraded to certain Windows 10, version 2004 builds. “After installing Windows 10 Version 2004 Build 19041.173 and related updates you find that Outlook and other applications do not remember your password anymore,” Microsoft explains. “A task that appears to cause the issue is the HP Customer participation utility task as described further in this Answers Forum Thread.”