Round Up of Major Breaches and Scams
Over the course of the last month, Nintendo users have been increasingly reporting that their accounts have been getting hacked and accessed from remote locations around the globe, with some users losing money as a result of the unauthorized intrusion.
The demand for streaming services has driven an increase in fraudulent streaming services and related scams, the ZeroFOX Alpha team reports. Some falsely promise free memberships in exchange for users’ account information. Many of these scams are distributed on social media, where attackers have greater visibility and a higher likelihood that someone will fall for their tricks.
Yesterday, Hackread.com reported how a Chinese lending platform named Lendf.me using a lending protocol by dForce was hacked resulting in a loss of $24.36 million worth of Ethereum, Bitcoin and USD Stablecoins. Now, in a shocking twist of events, the entire sum has been returned back by the hacker.
Brazil’s financial sector, which has long grappled with cybercrime, has a new foe. An insidious Android application is trying to steal users’ login credentials, and their money, by impersonating Brazilian banks, researchers from IBM Security said Tuesday.
Cybercriminals have been targeting U.S. military organizations with coronavirus-related spearphishing schemes, the Department of Defense Cyber Crime Center (DC3) said Monday in a release.
Cyberattackers have reached a peak of sending 1.5 million malicious emails per day related to the COVID-19 pandemic over the course of the last three months, according to new research.
Data on about 3,000 UniCredit SpA employees was put up for sale on cyber-crime forums after a hacking attack. The data went on sale on April 19 and contained what the hacker said was information on UniCredit workers, including emails, phone numbers, encrypted passwords and names, Telsy, a unit of Telecom Italia SpA, wrote on its website Monday.
As the number of cyber criminals targeting remote workers grows, the National Cyber Security Centre (NCSC) has kicked off a new effort to encourage people to report suspicious emails in an attempt to crack down on fraudsters and phishing scams.
Turns out that many organizations worldwide have unknowingly sent employees to work from home with already-infected endpoint devices during the COVID-19 crisis. New findings from security firms Arctic Security and Team Cymru show that some 50,000 US organizations had infected devices that have been moved from the relative safety of the corporate network to home networks in the rush to empty offices amid the pandemic.
A data breach in the Small Business Association‘s online application portal may have compromised personal information for nearly 8,000 businesses seeking emergency loans last month, the agency said today.
Round Up of Major Malware and Ransomware Incidents
The City of Torrance of the Los Angeles metropolitan area, California, has allegedly been attacked by the DoppelPaymer Ransomware, having unencrypted data stolen and devices encrypted. The attackers are demanding a 100 bitcoin ($689,147) ransom for a decryptor, to take down files that have been publicly leaked, and to not release more stolen files.
In one campaign, the attackers impersonated Egyptian state oil company Enppi (Engineering for Petroleum and Process Industries) to target organizations in Malaysia, the United States, Iran, South Africa, Oman and Turkey, among others.
A fake WiFi hacking program is being used to distribute a new Coronavirus-themed malware that tries to lock you out of Windows while making some very annoying sounds. Screenlockers are malware programs that display a lock screen when logging into Windows so that you cannot access the Windows desktop or interact with your installed programs and files.
In 2019, bad bots accounted for 24% of all Internet traffic seen by Imperva’s customers, 5.5 points higher than its lowest level in 2015, the company stated in its “Bad Bot Report 2020.” Bad bots are automated software programs that perform unwanted activities, such as scrape price data or availability information from websites, or conduct outright-malicious activities, such as account-takeover attempts or credit card fraud.
Round Up of Major Vulnerabilities and Patches
Four serious security vulnerabilities in the IBM Data Risk Manager (IDRM) have been identified that can lead to unauthenticated remote code execution (RCE) as root in vulnerable versions, according to analysis – and a proof-of-concept exploit is available.
The OpenSSL Project, which tracks the flaw as CVE-2020-1967, has described it as a “segmentation fault” in the SSL_check_chain function. “Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the ‘signature_algorithms_cert’ TLS extension,” reads the advisory for this vulnerability.
A DLL side-loading vulnerability related to the Microsoft Terminal Services Client (MSTSC) can be exploited to bypass security controls, but Microsoft says it will not be releasing a patch due to exploitation requiring elevated privileges.
Microsoft has released an out-of-band security update that fixes remote code execution vulnerabilities in an Autodesk FBX library integrated into Microsoft Office and Paint 3D applications. Last month, Autodesk issued security updates for their Autodesk FBX Software Development Kit that resolves remote code execution and denial of service vulnerabilities caused by specially crafted FBX files.