Round Up of Major Breaches and Scams
Twitter has offered further explanation of the celebrity account hijack hack that saw 130 users’ timelines polluted with a Bitcoin scam. “The social engineering that occurred on July 15, 2020, targeted a small number of employees through a phone spear phishing attack,” says a July 30 update to Twitter’s incident report. Miscreants launched “a significant and concerted attempt to mislead certain employees and exploit human vulnerabilities to gain access to our internal systems” to get the job done.
An Office 365 phishing campaign abused Google Ads to bypass secure email gateways (SEGs), redirecting employees of targeted organizations to phishing landing pages and stealing their Microsoft credentials. The attackers behind these attacks took advantage of the fact that the domains used by Google’s Ads platform are overlooked by SEGs, which allows them to deliver their phishing messages to their targets’ inboxes bypassing email filters.
Startups have begun to disclose data breaches after a massive leak of stolen databases was published on a hacker forum this month. This week, BleepingComputer was the first to report that ShinyHunters, a threat actor known for data breaches, began to leak the stolen databases of eighteen web sites for free on a hacker forum. Most of the companies targeted by these attacks appear to be startups, with the full list of the 18 data breaches and their updated disclosure status.
The students of Gujarat Technological University have complained of massive data leaks during online pre-check trial/mock tests. The test was conducted by the university on July 28. Students allege that their personal details including ID proofs were leaked on the university’s website. “It was the PreTrial online MCQ test held on 28th July of around 28k students. The data breach has captured all the students’ ids which includes our college ids or government ids like PAN or Aadhar cards, maybe linked to their bank accounts too,” a student told India TV Digital.
Round Up of Major Malware and Ransomware Incidents
TrickBot’s Anchor malware platform has been ported to infect Linux devices and compromise further high-impact and high-value targets using covert channels. TrickBot is a multi-purpose Windows malware platform that uses different modules to perform various malicious activities, including information stealing, password stealing, Windows domain infiltration, and malware delivery.
Athens ISD Board of Trustees has agreed to pay a $50,000 ransom for school data that was taken in a criminal ransomware attack. The attack targeted data stored on district servers, backup systems, and hundreds of computers. As a result, access to data has been blocked including teacher communications, student schedules, grades, and assignments. Further investigation revealed that no information has been taken, only encrypted to prevent access until a ransom was paid.
We discovered a spam campaign distributing GuLoader in the aftermath of the service’s relaunch. They say any publicity is good publicity. But perhaps this isn’t true for CloudEye, an Italian firm that claims to provide “the next generation of Windows executables’ protection”. First described by Proofpoint security researchers in March 2020, GuLoader is a downloader used by threat actors to distribute malware on a large scale. In June, CloudEye was exposed by CheckPoint as the entity behind GuLoader.
Round Up of Major Vulnerabilities and Patches
A security researcher published the details about two Tor zero-day vulnerabilities and plans to release three more flaws. The security researcher Dr. Neal Krawetz has published technical details about two Tor zero-day vulnerabilities over the past week and promises to release three more. Oppressive regimes could exploit these Tor zero-day flaws to prevent users from accessing the popular anonymizing network.
Companies affected by the recently disclosed GRUB2 bootloader vulnerability dubbed BootHole have started releasing advisories to inform customers about the impact of the issue on their products. Firmware security company Eclypsium revealed on Wednesday that billions of Windows and Linux devices are affected by a potentially serious vulnerability that can be exploited to install stealthy and persistent malware. The firm says the weakness affects devices that use Secure Boot.