Breach Data leak Hacking Malspam Malware Phishing Ransomware Spearphishing TrickBot Vulnerability Zero-day

Office 365 phishing targets Google Ads, Startups suffer data breach, 386M records leaks, and more

Major cybersecurity events on 31st July 2020 (Morning Post): Twitter celebrity accounts hijacked after actors hooked staff with spearphishing tactics. Gujarat Technological University students complain about massive data leak following mock test. TrickBot Anchor malware targets Linux devices.

Round Up of Major Breaches and Scams

Twitter says spear-phishing attack hooked its staff and led to celebrity account hijack

Twitter has offered further explanation of the celebrity account hijack hack that saw 130 users’ timelines polluted with a Bitcoin scam. “The social engineering that occurred on July 15, 2020, targeted a small number of employees through a phone spear phishing attack,” says a July 30 update to Twitter’s incident report. Miscreants launched “a significant and concerted attempt to mislead certain employees and exploit human vulnerabilities to gain access to our internal systems” to get the job done.

Office 365 phishing abuses Google Ads to bypass email filters

An Office 365 phishing campaign abused Google Ads to bypass secure email gateways (SEGs), redirecting employees of targeted organizations to phishing landing pages and stealing their Microsoft credentials. The attackers behind these attacks took advantage of the fact that the domains used by Google’s Ads platform are overlooked by SEGs, which allows them to deliver their phishing messages to their targets’ inboxes bypassing email filters.

Startups disclose data breaches after massive 386M records leak

Startups have begun to disclose data breaches after a massive leak of stolen databases was published on a hacker forum this month. This week, BleepingComputer was the first to report that ShinyHunters, a threat actor known for data breaches, began to leak the stolen databases of eighteen web sites for free on a hacker forum. Most of the companies targeted by these attacks appear to be startups, with the full list of the 18 data breaches and their updated disclosure status.

#GTUDataLeak: GTU students complain of massive data leak after mock test

The students of Gujarat Technological University have complained of massive data leaks during online pre-check trial/mock tests. The test was conducted by the university on July 28. Students allege that their personal details including ID proofs were leaked on the university’s website. “It was the PreTrial online MCQ test held on 28th July of around 28k students. The data breach has captured all the students’ ids which includes our college ids or government ids like PAN or Aadhar cards, maybe linked to their bank accounts too,” a student told India TV Digital.

Round Up of Major Malware and Ransomware Incidents

Linux warning: TrickBot malware is now infecting your systems

TrickBot’s Anchor malware platform has been ported to infect Linux devices and compromise further high-impact and high-value targets using covert channels. TrickBot is a multi-purpose Windows malware platform that uses different modules to perform various malicious activities, including information stealing, password stealing, Windows domain infiltration, and malware delivery.

Athens ISD pays $50K for release of data in ransomware attack

Athens ISD Board of Trustees has agreed to pay a $50,000 ransom for school data that was taken in a criminal ransomware attack. The attack targeted data stored on district servers, backup systems, and hundreds of computers. As a result, access to data has been blocked including teacher communications, student schedules, grades, and assignments. Further investigation revealed that no information has been taken, only encrypted to prevent access until a ransom was paid.

Malspam campaign caught using GuLoader after service relaunch

We discovered a spam campaign distributing GuLoader in the aftermath of the service’s relaunch. They say any publicity is good publicity. But perhaps this isn’t true for CloudEye, an Italian firm that claims to provide “the next generation of Windows executables’ protection”. First described by Proofpoint security researchers in March 2020, GuLoader is a downloader used by threat actors to distribute malware on a large scale. In June, CloudEye was exposed by CheckPoint as the entity behind GuLoader.

Round Up of Major Vulnerabilities and Patches

Expert discloses details of 3 Tor zero-day flaws … new ones to come

A security researcher published the details about two Tor zero-day vulnerabilities and plans to release three more flaws. The security researcher Dr. Neal Krawetz has published technical details about two Tor zero-day vulnerabilities over the past week and promises to release three more. Oppressive regimes could exploit these Tor zero-day flaws to prevent users from accessing the popular anonymizing network.

Companies Respond to ‘BootHole’ Vulnerability

Companies affected by the recently disclosed GRUB2 bootloader vulnerability dubbed BootHole have started releasing advisories to inform customers about the impact of the issue on their products. Firmware security company Eclypsium revealed on Wednesday that billions of Windows and Linux devices are affected by a potentially serious vulnerability that can be exploited to install stealthy and persistent malware. The firm says the weakness affects devices that use Secure Boot.