Categories
Breach Cyber Security Malware Vulnerability

New phishing campaigns bypasses Office 365 MFA, Data breach affecting 23M people linked to Covve, and more

Major cybersecurity events on 20th May 2020 (evening post): WordPress malware targets WooCommerce stores with more than 5 million installations. QNAP devices vulnerable to remote takeover attacks. Multiple vulnerabilities discovered in Nitro Pro PDF Reader.

Round Up of Major Breaches and Scams

Clever Phishing Attack Bypasses MFA to Nab Microsoft Credentials

A new phishing campaign can bypass multi-factor authentication (MFA) on Office 365 to access victims’ data stored on the cloud and use it to extort a Bitcoin ransom or even find new victims to target, security researchers have found.

Internal justice documents leaked to press

The Luxemburger Wort reported on the data leak on Tuesday morning. Around one gigabyte of data is thought to have been compromised and passed to a member of the press. On Tuesday, Eippers told RTL-Journal the leak concerned internal documents from the Luxembourg justice system. Although some of the documents were public, the leak also included internal notes, reports, protocols and email exchanges.

Covve revealed as source of data breach impacting 23m individuals

Covve, the popular address book app, has been identified as the source of a data breach that exposed the details of nearly 23 million individuals. Troy Hunt, founder of Have I Been Pwned?, tweeted on Saturday (May 16) that the app had been pinpointed as the source of a publicly accessible database that he had been investigating since February.

Round Up of Major Malware and Ransomware Incidents

WordPress Malware Targets WooCommerce Stores

WooCommerce is a highly popular open-source eCommerce plugin for WordPress that allows site owners to easily set up their own online store. With more than 5 million installations, it is one of the biggest eCommerce platforms and is often targeted by cybercriminals for financial gain.

Round Up of Major Vulnerabilities and Patches

Hundreds of thousands of QNAP devices vulnerable to remote takeover attacks

A Taiwanese security researcher published details today about three vulnerabilities in the firmware of QNAP network-attached storage (NAS) devices. Henry Huang, the security researcher, said the bugs reside in Photo Station, a photo album app that comes preinstalled with all recent versions of QNAP NAS systems.

Nitro Pro PDF Reader Plagued with Multiple Vulnerabilities

Researchers Aleksandar Nikolic and Cory Duplantis from Cisco Talos discovered multiple vulnerabilities including two code execution flaws and one information disclosure flaw in Nitro Pro PDF reader. Cisco Talos reported the said vulnerabilities in accordance with their disclosure policy to Nitro PDF. Thus, these issues have now been resolved and an update is made available for its affected customers.