APT Botnet Breach Cyber Security Data leak Emotet Hacking Malware Phishing Ransomware Scam Vulnerability

Russian Alfa-Bank leaks client data, Hackers use stolen domain names to steal Netflix credentials, and more

Major cybersecurity events on 29th July 2020 (Morning Post): Natura leaks 19 million Avon records. Business giant Dussmann Group’s data leaked after Nefilim ransomware attack. Lazarus Group APT adds recent strain of ransomware, VHD, to its arsenal.

Round Up of Major Breaches and Scams

The data of clients of the Russian bank Alfa-Bank leaked to the Network

On June 22, a message appeared on the Darknet about the sale of a database of clients of the largest Russian banks. The seller did not specify how many records he has on hand but assured that he is ready to upload 5 thousand lines of information per week.One of the Russian Newspapers had a screenshot of a test fragment of the Alfa-Bank database, which contains 64 lines. Each of them has the full name, city of residence, mobile phone number of the citizen, as well as the account balance and document renewal date.

Cosmetic giant Natura leaks data again; this time 19 million Avon records

Avon Products, Inc. is owned Brazil’s Natura & Co. which itself leaked over 192 million records in May 2020. The cyber security researchers at SafetyDetectives’ led by Anurag Sen have discovered a misconfigured cloud database containing data of popular cosmetics brand Avon. The unprotected server has leaked 19 million records so far, which includes personal data and technical logs. Avon is owned by the Brazil-based Natura & Co., which acquired its 78% stakes in January 2020.

Researchers Foil Phishing Attempt on Netflix Customers

Hackers use two stolen domains to steal credentials from Netflix users and then send them to the real Netflix site. Researchers recently discovered a Netflix phishing campaign where attackers fashioned two legitimate domains to appear like the actual Netflix site: The hackers sent victims a billing failure email with a link that would send the unknowing victim to the two spoofed sites in order to steal their credentials, and then to the legitimate Netflix site.

US, UK Warn of Malware Targeting QNAP NAS Devices

In a joint alert this week, the United States and the United Kingdom warned that a piece of malware has infected over 62,000 QNAP network-attached storage (NAS) devices. Dubbed QSnatch, the malware was first observed last year, and QNAP in November issued a security advisory to alert users of the risks associated with it and to provide recommendations on how they can remain protected. At the time, the company revealed that QSnatch was designed to harvest confidential information from the compromised devices, including login credentials and system configuration.

Round Up of Major Malware and Ransomware Incidents

Business giant Dussmann Group’s data leaked after ransomware attack

The Nefilim ransomware operation has begun to publish unencrypted files stolen from a Dussmann Group subsidiary during a recent attack. The Dussmann Group is the largest multi-service provider in Germany with subsidiaries focusing on facility management, corporate childcare, nursing and care for the elderly, and business systems solutions, including HVAC, electrical work, and elevators. The company has confirmed one of their subsidiaries recently suffered a ransomware attack where data was stolen.

New Linux malware uses Dogecoin API to find C&C server addresses

While Linux malware was once sitting on the fringes of the malware ecosystem, today, new Linux threats are being discovered on a weekly basis. The latest finding comes from Intezer Labs. In a report shared with ZDNet this week, the company analyzed Doki, a new backdoor trojan they spotted part of the arsenal of an old threat actor known for targeting web servers for crypto-mining purposes. The threat actor, known as Ngrok, has been active since at least late 2018.

Lazarus Group Brings APT Tactics to Ransomware

Targeted ransomware attacks are on the rise, usually perpetrated by financially motivated threat gangs, which often work in concert together. However, researchers said that a recent strain of ransomware, called VHD, can be linked to an unusual source: The Lazarus Group APT. According to researchers from Kaspersky, the VHD ransomware has only been deployed in a handful of instances, with a limited number of samples showing up in the firm’s telemetry. There are also few public references.

Emotet malware now steals your email attachments to attack contacts

The Emotet malware botnet is now also using stolen attachments to increase the authenticity of spam emails used for infecting targets’ systems. This is the first time the botnet is using stolen attachments to add credibility to emails as Binary Defense threat researcher James Quinn told BleepingComputer. The attachment stealer module code was added around June 13th according to Marcus ‘MalwareTech’ Hutchins.

Round Up of Major Vulnerabilities and Patches

Researchers Warn of High-Severity Dell PowerEdge Server Flaw

Researchers have disclosed details of a recently patched, high-severity Dell PowerEdge server flaw, which if exploited could allow an attacker to fully take over and control server operations. The web vulnerability was found in the Dell EMC iDRAC remote access controller, technology embedded within the latest versions of Dell PowerEdge servers. While the vulnerability was fixed earlier in July, the researchers with Positive Technologies who discovered the flaw, published a detailed analysis, Tuesday.