Round Up of Major Breaches and Scams
A well-organized email spoofing campaign has been seen targeting financial services, insurance, healthcare, manufacturing, utilities, and telecom. A large-scale phishing campaign is targeting 200 million Microsoft 365 users around the world, particularly within the financial services, healthcare, insurance, manufacturing, utilities, and telecom sectors, Ironscales researchers report.
On October 7, 2020, Mercy learned that on one or more prior occasions, a Mercy employee accessed medical record information that was not needed by the employee for patient care purposes. The information accessed by the employee included names, addresses, dates of birth, other demographic information, medical record number, treatment and other clinical information and/or radiological images.
Round Up of Major Malware and Ransomware Incidents
Electronics contract manufacturer Foxconn is the last victim of the DoppelPaymer ransomware operators that hit a Mexican facility. DoppelPaymer ransomware operators infected the systems at a Mexican facility of Foxconn electronics giant over the Thanksgiving weekend. The plan is located in Ciudad Juárez, Chihuahua, Mexico. The hackers also claim to have stolen unencrypted files before encrypting the targeted systems.
The developers behind the Android malware have a new variant that spies on instant messages in WhatsApp, Telegram, Skype and more. Researchers have discovered new samples of a previously discovered Android malware, which is believed to be linked to the APT39 Iranian cyberespionage threat group. The new variant comes with new surveillance capabilities – including the ability to snoop on victims’ Skype, Instagram and WhatsApp instant messages.
Round Up of Major Vulnerabilities and Patches
The NSA reckons Russian government hackers are actively abusing a critical security hole in VMWare’s software to infiltrate victims’ networks. Sysadmins are urged to deploy the necessary patch as soon as possible. “Russian state-sponsored malicious cyber actors are exploiting a vulnerability in VMware Access and VMware Identity Manager products, allowing the actors access to protected data and abusing federated authentication,” a cybersecurity notice published on Monday warns.
Security bugs found in the PlayStation Now (PS Now) cloud gaming Windows application allowed attackers to execute arbitrary code on Windows devices running vulnerable app versions. PlayStation Now reached more than 2.2 million subscribers at the end of April 2020 since the service’s launch in 2014. The vulnerabilities discovered by bug bounty hunter Parsia Hakimian affected PS Now version 11.0.2 and earlier on computers running Windows 7 SP1 or later.
Security researcher Oskars Vegeris has published documentation on a wormable, cross-platform vulnerability in Microsoft Teams that could allow invisible malicious hacker attacks. Vegeris, a security engineer at Evolution Gaming, warned that a novel cross-site scripting (XSS) vulnerability at the ‘teams.microsoft.com’ domain could be abused to trigger a remote code execution flaw in the Microsoft Teams desktop application.
Cisco has released security updates to address multiple pre-authentication vulnerabilities with public exploits affecting Cisco Security Manager that could allow for remote code execution after successful exploitation. Cisco Security Manager helps manage security policies on a large assortment of Cisco security and network devices, and it also provides summarized reports and security event troubleshooting capabilities.
Google this week announced the launch of a knowledge base with information on a class of vulnerabilities referred to as cross-site leaks, or XS-Leaks. These vulnerabilities, Google explains, are rooted in the modern web applications’ misuse of long-standing web platform behaviors, thus resulting in websites leaking information on the user or the information the user has entered in other web applications.