Categories
Breach Bug COVID cryptominers Cyber Security Hacking Malware Phishing Scam Vulnerability

Phishing scam hijacks Facebook accounts, LG Electronics allegedly hit by Maze ransomware attack, and more

Major cybersecurity events on 26th June 2020 (Evening Post): Golang Worm Widens Scope to Windows. Hackers hide credit card stealing scripts in favicon EXIF data. LG Electronics allegedly hit by Maze ransomware attack.

Round Up of Major Breaches and Scams

Office 365 Users Targeted By ‘Coronavirus Employee Training’ Phish

The recent phishing campaign leverages novel training programs that are required for employees in the workplace to comply with coronavirus regulations. The campaign, targeting Office 365 users, sends an email that includes a link to register to the training: “COVID-19 Training for Employees: A Certificate for Health Workplaces.”

“I think you appear in this video” phishing scam hijacks Facebook accounts

Recently, Hackread.com identified a Facebook phishing scam that uses the same old tactics of tricking users into believing that they have been spotted in an X-rated video that has been leaked online. The scam spreads through Facebook Messenger like a chain reaction where once a targeted account is compromised it sends automatic messages to each and every person in the victim’s friend’s list luring them into clicking on the malicious video link.

350,000 Social Media Influencers and Users at Risk Following Data Breach

Personal data of an estimated 100,000 social media influencers has been accessed and partially leaked following a breach at social media marketing firm Preen.Me, Risk Based Security has discovered. The same breach has also led to more than 250,000 social media users having their information fully exposed on a deep web hacking forum, leaving these individuals at risk of being targeted by scams.

Round Up of Major Malware and Ransomware Incidents

LG Electronics allegedly hit by Maze ransomware attack

Maze ransomware operators have claimed on their website that they breached and locked the network of the South Korean multinational LG Electronics. The details of the attack have not been released but the hackers stated that they have stolen from the company proprietary information for projects that involve big U.S. Companies.

Hackers hide credit card stealing scripts in favicon EXIF data

Hackers hide malicious credit card stealing scripts in the EXIF data of a favicon image to evade detection. A common attack used to steal credit cards is to hack the website and inject malicious JavaScript scripts that steal submitted payment information when a customer makes a purchase. These stolen credit cards are then sent back to a server under the control of the threat actors where they are collected and used for fraudulent purchases or to sell on dark web criminal markets.

Golang Worm Widens Scope to Windows, Adds Payload Capacity

A new version of a known malware campaign aimed at installing cryptominers has changed up its tactics, adding attacks on Windows servers and a new pool of exploits to its bag of tricks. It is also swiftly evolving to position itself as a backdoor for downloading future, more damaging malware, researchers said.

Round Up of Major Vulnerabilities and Patches

Vulnerable Powerline Extenders Underline Lax IoT Security

Multiple vulnerabilities have been found in Tenda PA6 Wi-Fi Powerline extender, version 1.0.1.21. This device is part of Tenda’s PH5 Powerline Extender Kit and extends the wireless network through home’s existing electrical circuitry. The first two flaws we discovered could potentially allow a remote attacker to gain complete control over the device.