Round Up of Major Breaches and Scams
A former Microsoft worker was sentenced Monday to nine years in prison for a scheme to steal $10 million in digital currency — money authorities said he used to buy a $160,000 car and a lakefront home. Volodymyr Kvashuk, a 26-year-old Ukrainian citizen living in Renton, Washngton, was responsible for helping test Microsoft’s online retail sales platform. Prosecutors said he stole digital currency such as gift cards or codes that could be redeemed for Microsoft products or gaming subscriptions, then resold them on the internet.
A security flaw on a website set up to gather evidence of in-person voter fraud in Arizona would have opened the door for SQL injection and other attacks. The bug, found on a site set up by Trump campaign called dontpressthegreenbutton.com, was discovered by cybersecurity pro Todd Rossin, almost by accident. The researcher saw a news story about alleged voter fraud in Maricopa County, which is home to Phoenix, Scottsdale and the main bulk of Arizona’s population.
Data belonging to users of American culture and technology news website Mashable has been leaked on the internet. In a statement released Sunday, November 8, Mashable confirmed that a hacker had obtained a copy of one of its databases and published it online. The site launched an investigation after learning of the attack on November 4. Mashable has temporarily disabled access to all accounts impacted by the security breach as a cautionary measure.
Round Up of Major Malware and Ransomware Incidents
Compal, the world’s second-largest white-label laptop manufacturer, has been hit by the file-scrambling DoppelPaymer ransomware gang – and the hackers want $17m in cryptocurrency before they’ll hand over the decryption key. The Taiwanese factory giant, which builds systems for Apple, Lenovo, Dell, and HP, finally admitted malware infected its computers and encrypted its documents after first insisting it had suffered no more than an IT “abnormality” and that its staff had beaten off a cyber-attack.
Ghimob is a full-fledged spy in your pocket, Kaspersky says. A Brazil-based threat group that recently has been expanding its operations worldwide has deployed a new banking Trojan that is actively targeting Android users in multiple Latin American and European countries and could soon hit US users as well. Researchers at Kaspersky recently discovered the so-called “Ghimob” remote access Trojan (RAT) while investigating another malware campaign.
Round Up of Major Vulnerabilities and Patches
Researchers found several potentially serious vulnerabilities in the PcVue SCADA/HMI solution developed by France-based ARC Informatique, including flaws that can allow an attacker to take control of industrial processes or cause disruption. The PcVue product was analyzed by researchers from Kaspersky, who identified a total of three vulnerabilities. The vendor has patched the security holes with the release of version 12.0.17 and it has also shared some mitigations and workarounds to help customers prevent attacks.
Admins of WordPress sites who use the Ultimate Member plugin are urged to update it to the latest version to block attacks attempting to exploit multiple critical and easy to exploit vulnerabilities that could lead to site takeovers. Ultimate Member is an extensible WordPress plugin with more than 100,000 active installations and is designed to make the task of profile and membership management easier.
Web browser vendors are planning to block a new attack technique that would allow attackers to bypass a victim’s NAT, firewall, or router to gain access to any TCP/UDP service hosted on their devices. The attack method, dubbed NAT Slipstreaming, was discovered by security researcher Samy Kamkar and it requires the victims to visit the threat actor’s malicious website (or a site with maliciously crafted ads).
While investigating a cyber attack on the Microsoft Exchange server of an organization in Kuwait, experts found two new Powershell backdoors. Security experts from Palo Alto Networks have spotted two never-before-detected Powershell backdoors while investigating an attack on Microsoft Exchange servers at an organization in Kuwait. Experts attribute the attack to a known threat actor tracked as xHunt, aka Hive0081, which was first discovered in 2018.
Microsoft says that multiple Windows 10 apps including Outlook are affected by an issue causing them to forget users’ passwords after the device is upgraded to certain Windows 10, version 2004 builds. “After installing Windows 10 Version 2004 Build 19041.173 and related updates you find that Outlook and other applications do not remember your password anymore,” Microsoft explains. “A task that appears to cause the issue is the HP Customer participation utility task as described further in this Answers Forum Thread.”