Round Up of Major Breaches and Scams
Two Malaysian men who are wanted by the US Justice Department for alleged money laundering and cybercrimes in the country will remain in prison until their extradition application is heard by the Sessions Court next week. This followed the decision of the High Court here Tuesday (Dec 15) to deny bail to businessman Wong Ong Hua, 46, and computer analyst Ling Yang Ching, 32, who will be charged in the United States with 23 counts.
The website for a yeshiva high school in Great Neck was down Monday evening following an apparent hack in which anti-Semitic propaganda and racial slurs were reportedly published. Multiple accounts tweeted out what appeared to be images and video of anti-Semitic material that were published to the page. The school promotes itself as a modern Orthodox yeshiva high school in the heart of Great Neck.
Officials said a hunt was on to determine if other parts of the government had been affected by what looked to be one of the most sophisticated, and perhaps among the largest, attacks on federal systems in the past five years. Several said national security-related agencies were also targeted, though it was not clear whether the systems contained highly classified material. The motive for the attack on the agency and the Treasury Department remains elusive, two people familiar with the matter said.
CybelAngel, a world leader in digital risk protection, discovered over 45 million medical imaging files – such as CT scans and X-rays– which were accessible online on unprotected servers. These findings were released in CybelAngels’s report “Full Body Exposure”, which is the result of a six-month research investigation into Digital Imaging and Communications in Medicine (DICOM) and Network Attached Storage (NAS), which are the industry standard ways in which medical data is sent and received by healthcare professionals.
Ireland’s Data Protection Commission fined Twitter €450,000 for failing to notify the DPC of a breach within the 72-hour timeframe imposed by required by European Union’s General Data Protection Regulation (GDPR) and to adequately document it. The GDPR is a user and data privacy regulation that came into effect in the EU on May 25, 2018, and was quickly put to use following four separate complaints against Google, Facebook, Instagram, and WhatsApp on the same day over their use of “forced consent.”
Round Up of Major Malware and Ransomware Incidents
On Monday WhatsApp denied allegations in the U.S Supreme Court that it’s encrypted data can be hacked by Pegasus, an Israeli spyware. These allegations led to controversy in 2019, as it was thought that WhatsApp experienced a privacy breach after there were global claims by Indian journalists and human rights activists that they had been spied on by unnamed entities.
On Monday the cybersecurity firms ReversingLabs and Sophos joined forces in order to release the first-ever production-scale dataset of malware research to be available to the public. They released the dataset in a bid to drive industry-wide improvements in security detection, as well as build defences against attacks. The dataset is called SoReL-20M, which is short for Sophos-ReversingLabs – 20 Million. The dataset contains labels, metadata, and features for 20 million Windows Portable Executable files- this also includes 10 million disarmed malware samples.
A new wormable botnet that spreads via GitHub and Pastebin to install cryptocurrency miners and backdoors on target systems has returned with expanded capabilities to compromise web applications, IP cameras, and routers. Early last month, researchers from Juniper Threat Labs documented a crypto-mining campaign called “Gitpaste-12,” which used GitHub to host malicious code containing as many as 12 known attack modules that are executed via commands downloaded from a Pastebin URL.
Palo Alto Networks security researchers have discovered a Linux-based cryptocurrency-mining botnet that being delivered via PostgreSQL. Dubbed PGMiner, the botnet exploits a remote code execution (RCE) vulnerability in PostgreSQL to compromise database servers and then abuse them for mining for the Monero cryptocurrency. However, the malware attempts to connect to a mining pool that is no longer active.
Round Up of Major Vulnerabilities and Patches
A vast majority of operational technology (OT) devices affected by the Urgent/11 vulnerabilities and many devices impacted by the CDPwn flaws remain unpatched, IoT security firm Armis reported on Tuesday. According to the company, 97% of industrial devices affected by the Urgent/11 vulnerabilities have not been patched. As for the CDPwn bugs, 80% of impacted devices are still vulnerable to attacks.
“This means anyone on the same network as user running a vulnerable version of WinZip can use techniques like DNS poisoning to trick the application to fetch “update” files from malicious web server instead of legitimate WinZip update host. As a result, unsuspecting user can launch arbitrary code as if it is a valid update,” the researchers further added. “The application sends out potentially sensitive information like the registered username, registration code and some other information in query string as a part of the update request.”