Round Up of Major Breaches and Scams
Online exam proctoring solution ProctorU has confirmed a data breach after a threat actor released a stolen database of user records on a hacker forum. ProctorU is a proctoring service used by companies and colleges to monitor online tests for cheating. Using installed software, webcams, and the computer’s microphone, ProctorU will monitor a test taker’s for behavior indicative of cheating. If cheating is suspected, the proctor can ask the student to show them parts of their room with their webcam to ensure that cheating is not taking place.
Reddit got Trumped. On Friday, many users visited their favorite subreddits and found something unexpected: pro-Donald Trump Make America Great Again campaign banners and messages supporting the president. It was not a coincidence. Weeks after Twitter suffered an embarrassing hack that compromised influential accounts, attackers took aim at Reddit on Friday, specifically at a number of popular and high-profile subreddit communities, such as r/space, r/food, r/Japan, r/nfl, r/cfb and r/podcasts, among many others.
A clever phishing scam is targeting cPanel users with a fake security advisory alerting them of critical vulnerabilities in their web hosting management panel. cPanel is administrative software commonly installed on shared web hosting services that allow website owners to easily administer their site through a graphical user interface. Starting on Wednesday, cPanel and WebHost Manager (WHM) users began reporting a targeted phishing email campaign with an email subject of “cPanel Urgent Update Request” that was pretending to be a security advisory from the company.
Round Up of Major Malware and Ransomware Incidents
Researchers detailed a new evasive phishing technique that leverages modified favicons to inject e-skimmers and steal payment card data covertly. Researchers from cybersecurity firm Malwarebytes have analyzed a new evasive phishing technique used by attackers in the wild in Magecart attacks. The hackers targeted visitors of several sites using typo-squatted domain names, and modified favicons to inject software skimmers used to steal payment card information.
A reported ransomware attack suffered by Canon appears to have been confirmed by an internal memo, with Maze threat actors taking the credit. As reported by Bleeping Computer, a six-day outage beginning July 30 on the image.canon website, a service for uploading and storing photos through Canon’s mobile applications, led to suspicions that a cyberattack may have taken place.
Round Up of Major Vulnerabilities and Patches
A sequence of interconnected bugs could allow hackers to hijack devices running on macOS using little more than an infected Office document and a .zip file, an expert has warned. The vulnerability was identified by ex-NSA researcher Patrick Wardle, now working for security firm Jamf, who found that even fully-patched macOS Catalina systems were at risk. The exploit uses a rigged Office document, saved in an archaic format (.slk), to trick the target machine into allowing Office to activate macros without consent and without notifying the user.
Most people use either an app, an online platform, or a small hardware device as a wallet to store their cryptocurrency safely. The exchanges through which cryptocurrency changes hands, though, and other high stakes operations need something more like a massive digital bank vault. At the Black Hat security conference on Thursday, researchers detailed potential weaknesses in these specially secured wallet schemes, including some that affected real exchanges that have now been fixed.
A security researcher discovered vulnerabilities in an automation system for smart homes and buildings that allowed taking over accounts belonging to other users and control associated devices. In a presentation on Saturday at the IoT Village during the DEF CON hacker conference, Barak Sternberg shows how some weak spots in the HDL automation system could have been leveraged by attackers to fully compromise it.
James Pavur, the author of the research identified that hackers can target Satellites with merely a $300 device. Black Hat USA 2020 took place from 1 to 6 August and has brought rather interesting yet unnerving cybersecurity briefings from experts and professionals alike. A recent press release published, explains how threat actors can intercept internet traffic even if they are a continent away.
Popular remote access and troubleshooting app, TeamViewer has patched a vulnerability that could let attackers quietly establish a connection to your computer and further exploit the system. When successfully exploited, this bug would let an unauthenticated, remote actor execute code on your Windows PC, or obtain password hashes (e.g., for cracking via brute-force). Assigned CVE-2020-13699, the high severity bug falls under a special category of security vulnerabilities, dubbed Unquoted Search Path or Element (CWE-428).