Round Up of Major Breaches and Scams
The personal information of Ohioans receiving pandemic unemployment assistance was recently exposed to a data breach, according to Ohio Department of Jobs and Family Services. The information reportedly included names, Social Security numbers and street addresses.
A series of phishing campaigns using Google Firebase storage URLs have surfaced, showing that cybercriminals continue to leverage the reputation of Google’s cloud infrastructure to dupe victims and skate by secure email gateways.
Cryptocurrency trading platform BlockFi disclosed this week a security incident during which a hacker attempted and failed to steal funds from the company’s users. The attack took place last week, on May 14, BlockFi said in a post-mortem report [PDF] published on Tuesday.
Round Up of Major Malware and Ransomware Incidents
Researchers from ESET have discovered a new modular backdoor used by the Winnti Group to target several video game companies that develop MMO (massively multiplayer online) games. As explained in a blog post, the malware, dubbed ‘PipeMon’ by ESET, targeted companies in South Korea and Taiwan.
Cybersecurity researchers from Bitdefender published a detailed report on an Iranian cyber espionage campaign directed against critical infrastructures in Kuwait and Saudi Arabia. The cyber espionage campaigns were carried out by Iran-linked Chafer APT (also known as APT39 or Remix Kitten).
Round Up of Major Vulnerabilities and Patches
Drupal 7.70 fixes an open redirect vulnerability related to “insufficient validation of the destination query parameter in the drupal_goto() function.” An attacker can exploit the flaw to redirect users to an arbitrary URL by getting them to click on a specially crafted link, Drupal said in its advisory.
Thousands of Israeli websites have been defaced earlier today to show an anti-Israeli message and with malicious code seeking permission to access visitors’ webcams. More than 2,000 websites are believed to have been defaced. Most of the websites were hosted on uPress, a local Israeli WordPress hosting service.