Botnet Bug Cyber Security Fleeceware Hacking Malware Ransomware Siphoning Vulnerability Zero-day

Nigerians caught hacking, siphoning funds from bank, Weave Scope software exploited to attack cloud infrastructure, and more

Major cybersecurity events on 9th September 2020 (Evening Post): FBI alerts private and government agencies of ProLock ransomware with advanced capabilities. 6 Android apps spreading Joker malware banned by Google. Clark County schools reports computer ransomware attack.

Round Up of Major Breaches and Scams

Philippines Police Nab Four Nigerians For Allegedly Hacking, Siphoning Funds From Bank

The Philippines National Bureau of Investigation, yesterday, arrested four Nigerian nationals in Muntinlupa City of the country for alleged involvement in an international syndicate that hacks and siphons funds from banks. According to the NBI, the fraudsters’ transactions were traced when they hacked a system of one Philippine bank, where at least P100 million were transferred and funnelled into a different account.

Round Up of Major Malware and Ransomware Incidents

Weave Scope is now being exploited in attacks against cloud environments

TeamTNT has added the legitimate Weave Scope software to its attack toolkit in the quest to infiltrate cloud environments. According to new research published by cybersecurity firm Intezer and Microsoft this week, this may be the first time that Weave Scope has been included in cloud-based attacks. TeamTNT has previously been linked to attacks against Docker and Kubernetes installations. Last month, the threat actors were connected to a cryptocurrency-mining botnet that is able to steal AWS credentials from servers.

Ransomeware attacks lead to forced delays in the reopening of schools

Superintendent of Hartford public schools explained that they were able to restore the student-information system late last night, however the transportation system, which was also impacted is still being recovered. The Hartford district has just over 18,000 students and nearly 1,600 teachers, therefore it is essential that the attack is dealt with quickly.

Clark County Schools Reports Computer Ransomware Attack

The Clark County School District says its computer system was infected by a ransomware attack during the first week of school and some employee personal information may have been exposed. The district said Tuesday that a virus infected some computer systems on Aug. 27 and prohibited access to some files. The district says current and former employees may have been affected and officials are notifying those whose names and Social Security numbers were stored in the system.

FBI warns of ProLock ransomware with enhanced capabilities

This is reportedly the second alert issued by the Bureau addressing threats posed by ProLock ransomware. The Federal Bureau of Investigation (FBI) issues a second alert asking private and government entities to vary of ProLock ransomware. The conniving operators are not only encrypting files for extortion but also stealing sensitive and critical data. ProLock is a recently discovered strain of ransomware that ensues a series of destructive enhancement than its successor, PwndLocker.

6 Malware Apps from Playstore has been banned by Google: Uninstall them from your device ASAP

In July, Google had banned 11 apps containing the same malware. Joker also is known as Bread has been characterized as a fleeceware. These apps’ sole purpose is to charge huge subscriptions and other fees to clients for the features and services they could avail for free. These apps though tricks the user they however neither steal your data nor do they run any malicious code hence fundamentally they are not malwares. Simply termed fleecewear are malicious apps hiding in “sheep’s clothing”.

Round Up of Major Vulnerabilities and Patches

Critical Bugs Could Enable OT Supply Chain Attacks

Security researchers have discovered six critical vulnerabilities in third-party code which could expose countless operational technology (OT) environments to remote code execution attacks. A team at Claroty found the bugs in Wibu-Systems’ CodeMeter software license management offering, widely used by many leading vendors of industrial control system (ICS) products. They have been given a collective CVSS score by the ICS-CERT of 10.0, representing the highest level of criticality.

Researchers Uncover 89 Zero-Days in CMS Platforms

Security researchers are warning users of popular content management system (CMS) platforms that they could be exposed to a range of cyber-threats, after uncovering 89 zero-day vulnerabilities. A team at Comparitech decided to investigate a recent surge in web defacement attacks which appears to have bucked the long-term trend of a decline in such activity. Monthly attacks soared from around 300,000 in July 2019 to nearly 700,000 in May 2020. Comparitech privacy advocate Paul Bischoff claimed the rise may be due to hackers staving off boredom while in lockdown.