Round Up of Major Breaches and Scams
The recent phishing campaign leverages novel training programs that are required for employees in the workplace to comply with coronavirus regulations. The campaign, targeting Office 365 users, sends an email that includes a link to register to the training: “COVID-19 Training for Employees: A Certificate for Health Workplaces.”
Recently, Hackread.com identified a Facebook phishing scam that uses the same old tactics of tricking users into believing that they have been spotted in an X-rated video that has been leaked online. The scam spreads through Facebook Messenger like a chain reaction where once a targeted account is compromised it sends automatic messages to each and every person in the victim’s friend’s list luring them into clicking on the malicious video link.
Personal data of an estimated 100,000 social media influencers has been accessed and partially leaked following a breach at social media marketing firm Preen.Me, Risk Based Security has discovered. The same breach has also led to more than 250,000 social media users having their information fully exposed on a deep web hacking forum, leaving these individuals at risk of being targeted by scams.
Round Up of Major Malware and Ransomware Incidents
Maze ransomware operators have claimed on their website that they breached and locked the network of the South Korean multinational LG Electronics. The details of the attack have not been released but the hackers stated that they have stolen from the company proprietary information for projects that involve big U.S. Companies.
A new version of a known malware campaign aimed at installing cryptominers has changed up its tactics, adding attacks on Windows servers and a new pool of exploits to its bag of tricks. It is also swiftly evolving to position itself as a backdoor for downloading future, more damaging malware, researchers said.
Round Up of Major Vulnerabilities and Patches
Multiple vulnerabilities have been found in Tenda PA6 Wi-Fi Powerline extender, version 22.214.171.124. This device is part of Tenda’s PH5 Powerline Extender Kit and extends the wireless network through home’s existing electrical circuitry. The first two flaws we discovered could potentially allow a remote attacker to gain complete control over the device.