Adware APT BEC Breach Bug CVE Cyber Security Data leak Hacking Phishing Ransomware RCE Scam Skimming Vulnerability

Samsung leaks details of 980 Pro NVMe SSD, Paytm Mall suffers data breach, actors demand ransom, and more

Major cybersecurity events on 1st September 2020 (Evening Post): Hackers sell compromised Fortnite accounts on underground forums, earning millions every year. Iranian hacking group Pioneer Kitten sells access to stolen corporate networks. Apple accidentally approves Mac Shlayer malware.

Round Up of Major Breaches and Scams

Average BEC attempts are now $80k, but one group is aiming for $1.27m per attack

BEC scammer groups are growing more brazen. The average sum that a BEC group will try to steal from a targeted company is now around $80,000 per attack, according to an industry report published on Monday. The number is up from $54,000, the average sum that BEC groups tried to obtain from victims in Q1 2020, as reported by the Anti-Phishing Working Group (APWG), an industry coalition made up of more than 2,200 organizations from the cyber-security industry, government, law enforcement, and NGOs sector.

Robinhood, Vanguard, TD Ameritrade affected by stock trading outages

Customers are reporting performance issues trying to trade on Vanguard, Schwab, TD Ameritrade, Robinhood, and Merril Lynch this morning. Starting at approximately 9 AM EST, just as the regular trading hours are about to start, users began reporting on Twitter that they could not use the company’s trading sites and mobile apps. Other users are reporting errors when attempting to connect to the trading sites.

Samsung accidentally leaks details of its upcoming 980 Pro NVMe SSD

Everybody makes mistakes sometimes, and it looks like Samsung made one yesterday: the product page for its upcoming 980 Pro NVMe SSD went briefly online before being discovered by TechPowerUp and then getting yanked offline again. The 980 Pro is a particularly interesting product, since it shakes up Samsung’s lineup in several ways. We’ve known since CES 2020 that it would be the company’s first consumer-available PCIe 4.0 SSD.

American Payroll Association notifies people of cyberattack on site

The APA experienced a skimming cyberattack in which personal information was accessed by unauthorized individuals. The source of the cyberattack is thought to have been a vulnerability in APA’s content management system, which allowed a “skimmer” to be installed on both the login webpage of the APA website, as well as the checkout section of the APA’s online store. APA’s IT team uncovered unusual activity on the site dating back to May 13, 2020 at approximately 7:30 pm CT.

Paytm Mall Suffers Data Breach, Hackers Demanded Ransom

Paytm has allegedly suffered a huge data breach after a hacker group targeted the company’s PayTM Mall database and demanded a ransom in return for the data. The hacker group, dubbed as ‘John Wick’ and has been known for hacking the database of companies under the pretense of helping them fix bugs in their frameworks. Cyble stated that the John Wick hacker group had ‘unhindered’ access to Paytm Mall’s whole production database through indirect access, which potentially influences all accounts and related info at Paytm Mall.

Stolen Fortnite Accounts Earn Hackers Millions Per Year

Hackers are scoring more than a million dollars annually selling compromised accounts for the popular Fortnite video game in underground forums. With Fortnite’s immense popularity skyrocketing over the past few years – it currently has more than 350 million global players – the game is a lucrative target for cybercriminals. So lucrative, in fact, that 2 billion breached accounts have gone up for sale in underground forums so far in 2020 alone, according to a new report.

Fake wallet update steals 1400 Bitcoin ($16 million) from Electrum user

There are 3 types of regrets in Bitcoin. One is of those who brought it early on but then sold it only to watch it skyrocket, or the individual who threw away his hard disk with $121 million worth of Bitcoin. And then we have those who through one simple mistake lost all of their holdings. In a case of the latter, recently, we came across someone who alleges that they lost 1400 BTC, also known as FOURTEEN HUNDRED BITCOINS, in a scam.

Iranian hackers are selling access to compromised companies on an underground forum

One of Iran’s state-sponsored hacking groups has been spotted selling access to compromised corporate networks on an underground hacking forum, cyber-security firm Crowdstrike said in a report today. The company identified the group using the codename Pioneer Kitten, which is an alternative designation for the group, also known as Fox Kitten or Parisite.

Round Up of Major Malware and Ransomware Incidents

Rocky Mount hit by ransomware, investigating and trying to recover

Rocky Mount leaders are trying to get the city’s network back on track after facing a cyber attack. The city is in the process of confirming what impact the attack may have had on information on the network. Leaders say they know Rocky Mount was the victim of a cyber attack that involved the encryption of certain city systems, and say the investigation will determine if personal information was stolen.

Apple Accidentally Notarizes Shlayer Malware Used in Adware Campaign

Apple accidentally approved one of the most popular Mac malware threats – OSX.Shlayer – as part of its security notarization process. The Apple notary service is an automated system on recent macOS versions that scans software (ranging from macOS apps, kernel extensions, disk images and installer packages) for malicious content and checks for code-signing issues. Then, when a macOS user installs the software, Apple’s Gatekeeper security feature notifies them about whether any malicious code was detected before they open it.

Round Up of Major Vulnerabilities and Patches

Cisco Releases Security Advisory for DVMRP Vulnerability in IOS XR Software

Cisco has released a security advisory on a vulnerability—CVE-2020-3566—in the Distance Vector Multicast Routing Protocol (DVMRP) feature of Cisco IOS XR software. This vulnerability affects Cisco devices running IOS XR software that have an active interface configured under multicast routing. A remote attacker could exploit this vulnerability to exhaust process memory of an affected device. This vulnerability was detected in exploits in the wild.

Hackers can clone your lock keys by recording clicks from smartphone

Ensuring physical security in the information age has always been an issue of great concern. The latest research from the National University of Singapore’s computer science department further intensifies the debate by exposing the risks associated with smart locks. Reportedly, a group of researchers, including Harini Ramprasad, Soundarya Ramesh, and Jun Han, have discovered a way to clone your lock keys using their designed software and a smartphone’s microphone.

Hackers are backdooring QNAP NAS devices with 3-year old RCE bug

Hackers are scanning for vulnerable network-attached storage (NAS) devices running multiple QNAP firmware versions, trying to exploit a remote code execution (RCE) vulnerability addressed by QNAP in a previous release. According to a report published today by researchers at Qihoo 360’s Network Security Research Lab (360 Netlab), unknown threat actors are currently exploiting a remote command execution vulnerability due to a command injection weakness in QNAP NAS devices’ firmware.

Windows 10 2004 now blocked on devices with LTE cellular modems

Microsoft has acknowledged another known issue affecting Windows 10 devices with WWAN LTE cellular modems and is now blocking Windows 10, version 2004 from being installed on them until a solution will be available. Some devices with WWAN LTE modems might be unable to connect to the internet and may show no internet connection in the Network Connectivity Status Indicator (NCSI) within Windows 10’s notification area according to Microsoft.