Categories
APT Breach Bug Cyber Security Data leak DoppelPaymer Espionage Hacking Malware Phishing Ransomware Scam Vulnerability

PayPal phishing campaign steals user credentials, Microsoft’s Windows Core Polaris OS leaks online, and more

Major cybersecurity events on 04 January 2021 (Morning Post): Hacker sells 368 million users’ records stolen from 26 companies including Sitepoint. 6.15 lakh Facebook users’ account compromised by Facebook ad phishing campaign. Backdoor discovered in over 100,000 Zyxel firewalls.

Round Up of Major Breaches and Scams

Beware: PayPal phishing texts state your account is ‘limited’

A PayPal text message phishing campaign is underway that attempts to steal your account credentials and other sensitive information that can be used for identity theft. When PayPal detects suspicious or fraudulent activity on an account, the account will have its status set to “limited,” which will put temporary restrictions on withdrawing, sending, or receiving money. A new SMS text phishing (smishing) campaign pretends to be from PayPal, stating that your account has been permanently limited unless you verify your account by clicking on a link.

Microsoft’s unreleased Windows Core Polaris OS leaks online

A development build of Windows Core Polaris was leaked online yesterday, proving that Microsoft was actively developing the operating system designed for low-performance devices. For those unaware, Microsoft has been secretly working on a modular version of the Windows platform codenamed “Windows Core OS.” With Windows Core OS, Microsoft planned to offer different flavors/SKUs of Windows for various form factors, such as phones, 2-in-1s, dual-screen PCs, and collaboration devices.

Hacker selling 368m users records stolen from 26 companies

These websites include some notable ones such as Sitepoint. In 2020, we saw hundreds of data breaches across different sectors with the most being done particularly by a threat actor named Shiny Hunter. With 2021 just starting, we have the news of another one albeit by a different actor this time. The breach in question concerns the data of 26 companies and is being sold on an infamous blackhat forum.

6.15 Lakh Facebook Users’ Account Compromised by Facebook Ad Phishing Campaign

According to cybersecurity firm ThreatNix, they are working in unison with other authorities to “bring down the phishing infrastructure by reserving the information related to the domain”. The attackers were using Bitly link’s which pointed towards a benign page and when the Facebook ad was approved it was getting converted to point to the phishing domain, they used Bitly’s link because now Facebook takes all necessary steps to ensure that such phishing pages are not approved for ads.

Russian hackers gained access to the source codes of Microsoft programs and systems

The organization assured that there is no reason to believe that hackers gained access to services for maintenance of its products or to customer data. Microsoft believes that hackers who previously attacked US government departments and businesses have gained access to internal information about its software code. Microsoft is among the clients of the US firm SolarWinds, whose systems were hacked earlier this year. On December 17, Microsoft representatives admitted that “malicious SolarWinds code was detected in its ecosystem, it was isolated and removed.

T-Mobile confirms another data breach exposing user call records, phone numbers

T-Mobile revealed attackers accessed its Customer proprietary network information (CPNI), putting the private data of hundreds of thousands of customers at risk. The year 2020 was devastating for the entire world, but it was twice as problematic for renowned mobile telecom company T-Mobile. Reportedly, the company suffered two massive data breaches within one year. The company has started notifying affected subscribers about the recent attack.

IndiGo Says Some Data May be Compromised in Server Breach

IndiGo, India’s biggest airline, said some segments of its data servers were breached in a hacking incident in December, which may compromise some data. “There is a possibility that some internal documents may get uploaded by the hackers on public websites and platforms,” IndiGo said in a statement Thursday. “We realise the seriousness of the issue, and are continuing to engage with all relevant experts and law enforcement to ensure that the incident is investigated in detail.”

Round Up of Major Malware and Ransomware Incidents

Espionage Attacks Increasingly Concentrated on the Covid-19 Vaccine Supply Network

According to the intelligence, cyber espionage has a keen eye on the COVID-19 vaccine supply network, the malware with the name ‘Zebrocy’ is being used by threat actors in vaccine-related cyberattacks. Earlier this month, reports have shown that documentation of Pfizer and BioNtech vaccine were accessed by threat actors that were submitted to the EU regulators. Recent cyber-attacks on firms are not new but threat actors have recently zeroed in on the Covid-19 vaccine chain, capitalizing on the fear of contagion amid the masses.

Apex Laboratory confirms ransomware attack; only recently discovered data theft

DataBreaches.net recently reported that Apex Laboratory Inc. had apparently been attacked by DoppelPaymer ransomware threat actors. Apex was added to their leak site on December 15. As proof of claims, the threat actors uploaded approximately 10,000 files containing protected health information of patients (PHI) and personally identifiable information of employees (PII). The 10,000 estimate is not an estimate of unique patients, as many patients had more than one report on them in the files.

Round Up of Major Vulnerabilities and Patches

Google Chrome fixes antivirus ‘file locking’ bug on Windows 10

Google Chrome has fixed a bug that enabled antivirus programs on Windows 10 to lock newly created files. The patching of the bug means antivirus programs running on Windows would no longer block new files generated by the Chrome web browser, such as bookmarks. As a safety precaution, oftentimes antivirus programs temporarily lock newly generated files on a system until these can be scanned and ruled out for malicious activity.

Backdoor account discovered in more than 100,000 Zyxel firewalls, VPN gateways

With profound apologies to Catalin Cimpanu for previously posting a plagiarized copy of his reporting, here is his report: More than 100,000 Zyxel firewalls, VPN gateways, and access point controllers contain a hardcoded admin-level backdoor account that can grant attackers root access to devices via either the SSH interface or the web administration panel. The backdoor account, discovered by a team of Dutch security researchers from Eye Control, is considered as bad as it gets in terms of vulnerabilities.

Nashville Bombing Spotlights Vulnerable Voice, Data Networks

The Christmas Day bombing in downtown Nashville led to phone and data service outages and disruptions over hundreds of miles in the southern U.S., raising new concerns about the vulnerability of U.S. communications. The blast seriously damaged a key AT&T network facility, an important hub that provides local wireless, internet and video service and connects to regional networks. Backup generators went down, which took service out hours after the blast. A fire broke out and forced an evacuation.