Categories
Breach CVE Cyber Security Malware Phishing Ransomware RAT RCE Trojan Vulnerability

Nintendo hacked to buy Fortnite currency, 1.5M COVID-themed malicious mails per day, Agent Tesla targets oil companies, and more

Major cybersecurity events on 21st April 2020: Increased number of Bad Bots scrape data and attempt logins on websites. Extremely annoying coronavirus-themed malware locks users out of Windows. DoppelPaymer targets Los Angeles. Hackers attempt to sell 3000 UniCredit employees’ details.

Round Up of Major Breaches and Scams

Nintendo accounts are getting hacked and used to buy Fortnite currency

Over the course of the last month, Nintendo users have been increasingly reporting that their accounts have been getting hacked and accessed from remote locations around the globe, with some users losing money as a result of the unauthorized intrusion.

Viral WhatsApp Scam Promises Free Streaming Services

The demand for streaming services has driven an increase in fraudulent streaming services and related scams, the ZeroFOX Alpha team reports. Some falsely promise free memberships in exchange for users’ account information. Many of these scams are distributed on social media, where attackers have greater visibility and a higher likelihood that someone will fall for their tricks.

Hacker returns $25 million after their IP address is exposed

Yesterday, Hackread.com reported how a Chinese lending platform named Lendf.me using a lending protocol by dForce was hacked resulting in a loss of $24.36 million worth of Ethereum, Bitcoin and USD Stablecoins. Now, in a shocking twist of events, the entire sum has been returned back by the hacker.

A malicious Android app is trying to scam Brazilian bank customers

Brazil’s financial sector, which has long grappled with cybercrime, has a new foe. An insidious Android application is trying to steal users’ login credentials, and their money, by impersonating Brazilian banks, researchers from IBM Security said Tuesday.

Hackers are using coronavirus-themed phishing lures to go after DOD networks

Cybercriminals have been targeting U.S. military organizations with coronavirus-related spearphishing schemes, the Department of Defense Cyber Crime Center (DC3) said Monday in a release.

Cyberattackers Ramp Up to 1.5M COVID-19 Emails Per Day

Cyberattackers have reached a peak of sending 1.5 million malicious emails per day related to the COVID-19 pandemic over the course of the last three months, according to new research.

UniCredit Hackers Try to Sell Employee Data on Cyber-Crime Forums

Data on about 3,000 UniCredit SpA employees was put up for sale on cyber-crime forums after a hacking attack. The data went on sale on April 19 and contained what the hacker said was information on UniCredit workers, including emails, phone numbers, encrypted passwords and names, Telsy, a unit of Telecom Italia SpA, wrote on its website Monday.

2,000 coronavirus scammers taken offline in major phishing crackdown

As the number of cyber criminals targeting remote workers grows, the National Cyber Security Centre (NCSC) has kicked off a new effort to encourage people to report suspicious emails in an attempt to crack down on fraudsters and phishing scams.

Work-from-Home Exposes Already-Infected Machines in 50K US Organizations

Turns out that many organizations worldwide have unknowingly sent employees to work from home with already-infected endpoint devices during the COVID-19 crisis. New findings from security firms Arctic Security and Team Cymru show that some 50,000 US organizations had infected devices that have been moved from the relative safety of the corporate network to home networks in the rush to empty offices amid the pandemic.

SBA data breach compromises business owners’ data

A data breach in the Small Business Association‘s online application portal may have compromised personal information for nearly 8,000 businesses seeking emergency loans last month, the agency said today.

Round Up of Major Malware and Ransomware Incidents

DoppelPaymer Ransomware hits Los Angeles County city, leaks files

The City of Torrance of the Los Angeles metropolitan area, California, has allegedly been attacked by the DoppelPaymer Ransomware, having unencrypted data stolen and devices encrypted. The attackers are demanding a 100 bitcoin ($689,147) ransom for a decryptor, to take down files that have been publicly leaked, and to not release more stolen files.

Oil and Gas Companies Targeted With Agent Tesla Malware

In one campaign, the attackers impersonated Egyptian state oil company Enppi (Engineering for Petroleum and Process Industries) to target organizations in Malaysia, the United States, Iran, South Africa, Oman and Turkey, among others.

New Coronavirus screenlocker malware is extremely annoying

A fake WiFi hacking program is being used to distribute a new Coronavirus-themed malware that tries to lock you out of Windows while making some very annoying sounds. Screenlockers are malware programs that display a lock screen when logging into Windows so that you cannot access the Windows desktop or interact with your installed programs and files.

Automated Bots Are Increasingly Scraping Data & Attempting Logins

In 2019, bad bots accounted for 24% of all Internet traffic seen by Imperva’s customers, 5.5 points higher than its lowest level in 2015, the company stated in its “Bad Bot Report 2020.” Bad bots are automated software programs that perform unwanted activities, such as scrape price data or availability information from websites, or conduct outright-malicious activities, such as account-takeover attempts or credit card fraud.

Round Up of Major Vulnerabilities and Patches

RCE Exploit Released for IBM Data Risk Manager

Four serious security vulnerabilities in the IBM Data Risk Manager (IDRM) have been identified that can lead to unauthenticated remote code execution (RCE) as root in vulnerable versions, according to analysis – and a proof-of-concept exploit is available.

High-Severity Vulnerability in OpenSSL Allows DoS Attacks

The OpenSSL Project, which tracks the flaw as CVE-2020-1967, has described it as a “segmentation fault” in the SSL_check_chain function. “Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the ‘signature_algorithms_cert’ TLS extension,” reads the advisory for this vulnerability.

Microsoft Will Not Patch Security Bypass Flaw Abusing MSTSC

A DLL side-loading vulnerability related to the Microsoft Terminal Services Client (MSTSC) can be exploited to bypass security controls, but Microsoft says it will not be releasing a patch due to exploitation requiring elevated privileges.

Microsoft releases OOB security updates for Microsoft Office

Microsoft has released an out-of-band security update that fixes remote code execution vulnerabilities in an Autodesk FBX library integrated into Microsoft Office and Paint 3D applications. Last month, Autodesk issued security updates for their Autodesk FBX Software Development Kit that resolves remote code execution and denial of service vulnerabilities caused by specially crafted FBX files.