Categories
APT BEC Botnet Breach Bug CVE Cyber Security Data leak Emotet Hacking Malware Phishing Ransomware Ryuk Scam Vulnerability

REvil targets video games, claims massive revenue, Emotet uses parked domains to deliver malware, and more

Major cybersecurity events on 30th October 2020 (Morning Post): Mount Locker ransomware group leaks 18GB of leading security firm Gunnebo AB’s data. Brooklyn & Vermont hospitals are latest Ryuk ransomware victims. Threat actors continue to target Windows Zerologon flaw.

Round Up of Major Breaches and Scams

Triple Data Breach Earns Insurer $1m Fine

An American insurance company has been fined $1m over three data breaches that occurred over a six-month period in 2017. Aetna agreed to the fine and to the adoption of a corrective action plan to settle potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules. The payment will go to the Office for Civil Rights (OCR) at the US Department of Health and Human Services (HHS).

Home Depot Confirms Data Breach in Order Confirmation SNAFU

Hundreds of emailed order confirmations for random strangers were sent to Canadian customers, each containing personal information. Home Depot has exposed the private order confirmations of hundreds of Canadian consumers, containing names, physical addresses, email addresses, order details and partial credit-card information. After customers began reporting that they had received hundreds of emails from the home-improvement giant, each containing an order confirmation for a stranger, the company confirmed the issue.

Round Up of Major Malware and Ransomware Incidents

Ca: Cyber attack hits Jewish General’s IT network, but no ransomware demand

The Jewish General Hospital and its sister institutions in the west end are scrambling to contain what appears to be a computer virus that struck its information technology systems Wednesday evening. Dr. Lawrence Rosenberg, executive director of the health authority in charge of the Jewish General, denied it was a ransomware attack, since no request has been made for money.

Brooklyn & Vermont hospitals are latest Ryuk ransomware victims

Wyckoff Heights Medical Center in Brooklyn and the University of Vermont Health Network are the latest victims of the Ryuk ransomware attack spree covering the healthcare industry across the U.S. Yesterday, the U.S. government hosted an emergency call with stakeholders in the healthcare industry to alert them to an “increased and imminent cybercrime threat to U.S. hospitals and healthcare providers.”

University Email Hijacking Attacks Push Phishing, Malware

Attackers are compromising email accounts from popular universities, including Purdue and Oxford, to launch attacks that get around DMARC and SPF. Cybercriminals are hijacking legitimate email accounts from more than a dozen universities – including Purdue University, University of Oxford in the U.K. and Stanford University – and using the accounts to bypass detection and trick victims into handing over their email credentials or installing malware.

REvil Gang Promises a Big Video-Game Hit; Claims Massive Revenue

In a wide-ranging interview, a REvil leader said the gang is earning $100 million per year, and provided insights into the life of a cybercriminal. The REvil ransomware gang claims it will rake in $100 million by year’s end. That’s according to a REvil group leader in a rare Q&A with the YouTube Channel for tech blog “Russian OSINT.” During the live interview, the REvil hacker warned of a “big attack coming…linked to a very large video game developer.”

Emotet campaign used parked domains to deliver malware payloads

Researchers tracking malicious use of parked domains have spotted the Emotet botnet using such domains to deliver malware payloads as part of a large scale phishing campaign. Domain owners park their domains using parking service providers to monetize them via advertisement networks while they’re not being used to host an active website or online service. Out of 6 million newly parked domains detected as parked between March and September 2020 by Palo Alto Networks, roughly 1% started being used as part of malware or phishing campaigns.

Mount Locker ransomware group leaks 18Gb worth Gunnebo AB data

The multinational security firm is now warning its customers about the data leak. Sweden’s leading security firm Gunnebo AB suffered a ransomware attack, and the hackers have posted the stolen data on the dark web. Reportedly, the company’s servers were compromised in August 2020. The attack was highly organized in which the Mount Locker ransomware group demanded a ransom in BTC, revealed the company’s CEO Stefan Syrén. However, the company refused to pay the ransom and instead reported the incident to Säpo, Swedish Security Service.

Round Up of Major Vulnerabilities and Patches

NVIDIA Patches AMI BMC Vulnerabilities Impacting Several Major Vendors

NVIDIA on Wednesday released patches to address a total of nine vulnerabilities impacting NVIDIA DGX servers. NVIDIA’s DGX systems are designed for enterprise AI applications. All of the bugs were found in the AMI Baseboard Management Controller (BMC) firmware running on the affected devices. This means the vulnerabilities are not specific to NVIDIA and they impact the products of several other vendors as well.

Microsoft warns of ongoing attacks using Windows Zerologon flaw

Microsoft today warned that threat actors are continuing to actively exploit systems unpatched against the ZeroLogon privilege escalation vulnerability in the Netlogon Remote Protocol (MS-NRPC). “Microsoft has received a small number of reports from customers and others about continued activity exploiting a vulnerability affecting the Netlogon protocol (CVE-2020-1472) which was previously addressed in security updates starting on August 11, 2020,” MSRC VP of Engineering Aanchal Gupta said.