APT Botnet Breach Bug CVE Cyber Security Data leak Emotet Hacking Malware Phishing QakBot Ransomware RAT Scam Spam TrickBot Vulnerability

QBot leverages Defender Antivirus phishing bait, Hacked security cam stolen footage sold on adult sites, and more

Major cybersecurity events on 13th October 2020 (Morning Post): Security firms ESET, Black Lotus Labs, Symantec, and financial group team up to take down Trickbot ransomware. German tech giant Software AG continues to struggle against $20M ransomware attack.

Round Up of Major Breaches and Scams

QBot uses Windows Defender Antivirus phishing bait to infect PCs

The Qbot botnet uses a new template for the distribution of their malware that uses a fake Windows Defender Antivirus theme to trick you into enabling Excel macros. Qbot, otherwise known as QakBot or QuakBot, is Windows malware that steals bank credentials, Windows domain credentials, and provides remote access to threat actors who install ransomware. Victims usually become infected with Qbot through another malware infection or via phishing campaigns using various lures.

3TB of clips from hacked home security cameras posted online

These clips were recorded from home security cameras featuring people’s daily and even personal lives. As of 2019, there were over 770 million security cameras around the world, and when it comes to the Internet of Things (IoT) devices, in total, there are over 28 billion IoT devices currently connected to the Internet. While security cameras play a vital role in remotely monitoring children, the elderly, and pets, etc., they are also a lucrative target for cybercriminals especially when a huge number of these devices are known to be vulnerable.

Home security cams hacked in Singapore, and stolen footage sold on adult websites

In Singapore it’s not at all uncommon today for people to have IP cameras all over their homes. And, of course, the more people who installed internet-connected cameras throughout their private residences the more you would be considered odd if you hadn’t jumped on the bandwagon, and put cameras in your living room, kitchen, bedroom, sometimes even with a view of even more private areas of your house.

Round Up of Major Malware and Ransomware Incidents

Security Firms & Financial Group Team Up to Take Down Trickbot

Microsoft and security firms ESET, Black Lotus Labs, and Symantec collaborated with the financial services industry to cut off the ransomware operation’s C2 infrastructure. Technology and security companies teamed up with the financial services and telecommunications industries to disrupt the command-and-control (C2) infrastructure used to manage the well-known Trickbot ransomware to infect more than a million computing devices, the firms behind the takedown said on Monday.

Software AG Continues Efforts Against $20M Ransomware Attack

The attack, which now includes extortion components, has moved into its second week. Software AG, Germany’s second-largest software company (after SAP) continues to struggle with a ransomware attack that has evolved into an extortion bid carrying a $20 million payoff demand. The attack began on October 3 as a ransomware attack in which the attackers demanded the unusually high ransom in return for a decryption key.

Malware gangs love open source offensive hacking tools

In the cyber-security field, the term OST refers to software apps, libraries, and exploits that possess offensive hacking capabilities and have been released as either free downloads or under an open source license. OST projects are usually released to provide a proof-of-concept exploit for a new vulnerability, to demonstrate a new (or old) hacking technique, or as penetration testing utilities shared with the community. Today, OST is one of the most (if not the most) controversial topics in the information security (infosec) community.

Windows 10 upgrades blocked after installing KB4577062

Microsoft says that customers who install the optional KB4577062 update for Windows 10 versions 1903 and 1909 will encounter issues upgrading to newer Windows 10 versions on some devices. KB4577062 was released on September 16, 2020, with the main highlight being that it enables an Internet Explorer 11 notification to inform users about Adobe Flash’s end of support in December 2020.

MI: City of Mt. Pleasant falls victim to remote ransomware attack

The City of Mt. Pleasant has fallen victim to a ransomware attack, that is according to city officials. According to a press release on the city site, a remote ransomware attack was detected on the city’s computer and phone systems on Saturday morning. Officials said the city’s firewall remained secure and they do not plan to pay a ransom.

Round Up of Major Vulnerabilities and Patches

Windows Update can be abused to execute malicious programs

The Windows Update client has just been added to the list of living-off-the-land binaries (LoLBins) attackers can use to execute malicious code on Windows systems. LoLBins are Microsoft-signed executables that can be abused by threat actors to evade detection while downloading, installing, or executing malicious code. They can also be used by attackers in their efforts to bypass Windows User Account Control (UAC) or Windows Defender Application Control (WDAC) and to gain persistence on already compromised systems.

Hackers used VPN flaws to access US govt elections support systems

Government-backed hackers have compromised and gained access to US elections support systems by chaining together VPN vulnerabilities and the recent Windows CVE-2020-1472 security flaw. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) says that advanced persistent threat (APT) actors used this vulnerability chaining tactic to target federal and SLTT (state, local, tribal, and territorial) government networks, as well as election organizations, and critical infrastructure.

Facebook Announces Bug Bounty Loyalty Program, Streamlined Bug Triage

Facebook has announced a series of updates for its bug bounty program, including bonus rewards for engaged researchers, as well as a faster bug triage process. Extra rewards and benefits, Facebook says, are being offered as part of Hacker Plus, a loyalty program meant for those researchers who are actively identifying vulnerabilities in its products. Researchers may also receive access to soon-to-be-released products and features, and invites to annual events.