Breach Cyber Security Malware Phishing Ransomware SIM swapping Vulnerability

New phishing campaign targets victims using Firebase, Failed security incident at BlockFi, and more

Major cybersecurity events on 22nd May 2020 (morning post): Winnti targets MMO games with PipeMon malware. Iran-linked APT groups target Kuwait, Saudi Arabia governments. Personal information, names, Social Security numbers, and street addresses of Ohioans exposed in data breach.

Round Up of Major Breaches and Scams

Ohioans’ personal info exposed in pandemic unemployment data breach, ODJFS says

The personal information of Ohioans receiving pandemic unemployment assistance was recently exposed to a data breach, according to Ohio Department of Jobs and Family Services. The information reportedly included names, Social Security numbers and street addresses.

Crooks Tap Google Firebase in Fresh Phishing Tactic

A series of phishing campaigns using Google Firebase storage URLs have surfaced, showing that cybercriminals continue to leverage the reputation of Google’s cloud infrastructure to dupe victims and skate by secure email gateways.

BlockFi discloses failed hack attempt after SIM swapping incident

Cryptocurrency trading platform BlockFi disclosed this week a security incident during which a hacker attempted and failed to steal funds from the company’s users. The attack took place last week, on May 14, BlockFi said in a post-mortem report [PDF] published on Tuesday.

Round Up of Major Malware and Ransomware Incidents

Winnti Group Targets Video Game Developers with New Backdoor Malware

Researchers from ESET have discovered a new modular backdoor used by the Winnti Group to target several video game companies that develop MMO (massively multiplayer online) games. As explained in a blog post, the malware, dubbed ‘PipeMon’ by ESET, targeted companies in South Korea and Taiwan.

Iran-linked Chafer APT group targets governments in Kuwait and Saudi Arabia

Cybersecurity researchers from Bitdefender published a detailed report on an Iranian cyber espionage campaign directed against critical infrastructures in Kuwait and Saudi Arabia. The cyber espionage campaigns were carried out by Iran-linked Chafer APT (also known as APT39 or Remix Kitten).

Round Up of Major Vulnerabilities and Patches

XSS, Open Redirect Vulnerabilities Patched in Drupal

Drupal 7.70 fixes an open redirect vulnerability related to “insufficient validation of the destination query parameter in the drupal_goto() function.” An attacker can exploit the flaw to redirect users to an arbitrary URL by getting them to click on a specially crafted link, Drupal said in its advisory.

Thousands of Israeli sites defaced with code seeking permission to access users’ webcams

Thousands of Israeli websites have been defaced earlier today to show an anti-Israeli message and with malicious code seeking permission to access visitors’ webcams. More than 2,000 websites are believed to have been defaced. Most of the websites were hosted on uPress, a local Israeli WordPress hosting service.