Categories
APT Breach Brute-force Data leak Hacking Malware Phishing Ransomware Scam Spam Vulnerability

Ryuk targets US court with the Conti strain, Zoom adds and extra layer of security: 2FA, and more

Major cybersecurity events on 14th September 2020 (Morning Post): 3.4 million patient data breached in Blackbaud ransomware incident, states interim report. New Twitter phishing scam steals login credentials of unsuspecting users. Development Bank of Seychelles hit by ransomware attack.

Round Up of Major Breaches and Scams

Interim Report on the Blackbaud Breach: 3.4 Million Patients and Counting

The Blackbaud ransomware incident disclosed on July 16 will likely end up being the largest or one of the largest breaches of the year involving patient information. I’ve been reading disclosures from dozens of entities and have compiled a list of those Blackbaud clients whose disclosures state or suggest that Blackbaud had been storing some patient-related information as part of their files with them.

Microsoft Office 365 users will now be able to view their quarantined phishing messages

Through this new venture, users will now be able to reclaim that had been unwittingly marked as spam or phishing by EOP. EOP- a cloud-based filtering service that scans messages and restricts malicious emails like spams, phishing emails, malware attachments from reaching to the end-user. “We understand that managing false positives is important to ensuring an email is delivered appropriately, and in the past, end-users weren’t granted access to the quarantine to view messages,” Microsoft debriefs on the new feature.

Private and order details of nearly 100k Razer customers leaked online

A misconfigured Elasticsearch server is responsible for exposing the personal details of a large number of Razer customers. The IT security researchers Volodymyr “Bob” Diachenko identified a security lapse at Razer Inc., a globally operating gaming hardware manufacturer, which led to the exposure of the private data of nearly 100,000 customers of Razer. It is unclear exactly how many customers were impacted by the unfortunate configuration mishap. Diachenko claims that his assumption that roughly 100,000 customers are affected is based on the number of exposed email IDs.

New Twitter phishing scam inspired from Twitter’s latest security response

Crooks are using the July 15th’s cyberattack on Twitter to carry out phishing scam designed to steal the login credentials of unsuspected users. Twitter for the past year or so has been constantly embroiled in a range of controversies. Earlier this month Indian Prime Minister Modi’s personal yet verified Twitter account was hacked while in July, we saw how 130 accounts of high profile individuals were hacked resulting in attackers siphoning large amounts of cryptocurrencies from innocent users.

Hackers Attack Gaming Industry, Sell Player Accounts on Darkweb

The actors are using open cloud services and digital platforms to conduct their business. The hackers steal in-game inventories like skins, crates, and coupons from player accounts and sell them on the black market for a lower price. These hackers often target top gaming accounts and steal player profiles to trade them for lower prices in the underground market. Last month, experts found a game named “Fall Guys: Ultimate Knockout,” which contained malicious javascript API. It stole data from target players’ discord and browser.

APT28 Mounts Rapid, Large-Scale Theft of Office 365 Logins

The Russia-linked threat group known as APT28 has changed up its tactics to include Office 365 password-cracking and credential-harvesting. Microsoft researchers have tied APT28 (a.k.a. Strontium, Sofacy or Fancy Bear) to this newly uncovered pattern of O365 activity, which began in April and is ongoing. The attacks have been aimed mainly at U.S. and U.K. organizations directly involved in political elections.

Round Up of Major Malware and Ransomware Incidents

CIRWA Project tracks ransomware attacks on critical infrastructure

Researchers from Temple University have been tracking ransomware attacks on critical infrastructure all over the world. A team of researchers at Temple University in Philadelphia has presented a project named CIRWA (repository of critical infrastructure ransomware attacks) that aims at tracking ransomware attacks on critical infrastructure worldwide. The project was launched in September 2019 and as of August 2020, the experts collected 680 records of ransomware attacks that took place since November 2013.

Development Bank of Seychelles hit by ransomware attack

The Development Bank of Seychelles (DBS) was hit by ransomware according to a press statement published earlier today by the Central Bank of Seychelles (CBS). DBS was founded in 1977 as a joint venture by the Seychelles government and several other shareholders including the European Investment Bank, Standard Chartered Bank, Barclays Bank, Deutsche Investitions und Entwicklungsgesellschaft (DEG), and Caisse Francaise de Cooperation.

US Court Documents Published in Ransomware Attack

Cyber-criminals who launched a ransomware attack on a US court have published what they claim are stolen court documents online. Attackers claim to have successfully targeted the Fourth Judicial District Court of Louisiana with a ransomware strain known as Conti, first detected in the wild in December 2019. The malware has been observed to use the same ransom note deployed by the Ryuk crypto-malware family, and code similarities have been spotted between the two ransomware strains.

Round Up of Major Vulnerabilities and Patches

Zoom adds Two-factor authentication (2FA) as extra layer of security

Video conferencing and web communication provider Zoom has announced two-factor authentication to enhance user protection by adding an extra layer of security. Zoom reportedly facilitates over 300 million participants every day which makes it a rather lucrative target for hackers. Several have already attacked Zoom users through phishing campaigns in order to access user credentials. Zoom via a blog post, explains that the users can now enable two-factor authentication which will require them to present two or more credentials in the form of a password or pin to authenticate the ownership of their accounts.

WordPress Plugin Flaw Allows Attackers to Send Forged Emails

The high-severity flaw in the Email Subscribers & Newsletters plugin by Icegram affects more than 100,000 WordPress websites. More than 100,000 WordPress websites are affected by a high-severity flaw in a plugin that assists websites in sending out emails and newsletters to subscribers. The vulnerability exists in the Email Subscribers & Newsletters plugin by Icegram, which enables users to collect leads, send automated new blog post notification emails. A remote, unauthenticated attacker can exploit the flaw to send forged emails to all recipients from the available lists of contacts or subscribers.

Leaky server exposes users of dating site network

An online database left exposed online without a password has leaked the personal details of hundreds of thousands of users who signed up for online dating sites. The leaky database, an Elasticsearch server, was discovered at the end of August by security researchers from vpnMentor. The database was taken offline on September 3 after vpnMentor tracked down its owner in Mailfire, a company that provides online marketing tools.