Categories
Breach CVE Cyber Security Malware Phishing Ransomware Trojan

Santander leaks sensitive data, Office 365 phishing masquerades as a Supreme Court subpoena, and more

Major cybersecurity events on 22nd May 2020 (evening post): Cyber attack targets San Raffaele, Milan. RagnarLocker hides inside Oracle’s virtual machine to avoid detection. Cisco patches critical vulnerability in Contact Center Software. Spectra attack breaks the separation between Wi-Fi and Bluetooth technologies.

Round Up of Major Breaches and Scams

Cyber ​​attack on the San Raffaele hospital in Milan

In the midst of the COVID19 emergency, the San Raffaele hospital in Milan was the victim of a computer attack. Steal the personal data of patients, doctors, nurses and employees. Names, tax codes, email accounts and passwords stolen during a cyber attack between March and April.

Santander, one of the biggest European banks, was leaking sensitive data on their website

Our new research recently discovered a security issue with Santander, the 5th largest bank in Europe and the 16th largest in the world. This Spanish multinational bank controls approximately $1.4 trillion in total assets globally, and has a $69.9 billion total market capitalization on the Euro Stoxx 50 stock market index.

Office 365 phishing uses Supreme Court theme and working CAPTCHA

Fraudsters are trying new things to bypass security controls in Office 365 and added a CAPTCHA page in the chain of redirects that ends on a phishing template for login credentials. To lure potential victims to the malicious page, the threat actor sent them an email purporting to be from the Supreme Court and claiming to deliver a subpoena for a hearing.

Round Up of Major Malware and Ransomware Incidents

RagnarLocker Ransomware Hides in Virtual Machine to Escape Detection

Security researchers are warning of a new ransomware attack technique which deploys the malware as a virtual machine (VM) in order to evade traditional defenses. Sophos revealed that it recently detected a RagnarLocker attack in which the ransomware was hidden inside an Oracle VirtualBox Windows XP VM.

Silent Night Banking Trojan Charges Top Dollar on the Underground

A descendant of the infamous Zeus banking trojan, dubbed Silent Night by the malware’s author, has emerged on the scene, with a host of functionalities available in a spendy malware-as-a-service (MaaS) model.

Round Up of Major Vulnerabilities and Patches

Hackers tried (and failed) to install ransomware using a zero-day in Sophos firewalls

UK cyber-security vendor Sophos published today an update on its investigation into a recent series of attacks that tried to exploit a zero-day vulnerability in its XG firewall product. Sophos said that after they learned of the incident and issued a hotfix, the attackers panicked and modified their attack routine to replace their original data-stealing payload and deploy ransomware on corporate networks protected by Sophos firewalls.

New ‘Spectra’ attack breaks the separation between Wi-Fi and Bluetooth

Academics from Germany and Italy say they developed a new practical attack that breaks the separation between Wi-Fi and Bluetooth technologies running on the same device, such as laptops, smartphones, and tablets. Called Spectra, this attack works against “combo chips,” specialized chips that handle multiple types of radio wave-based wireless communications, such as Wi-Fi, Bluetooth, LTE, and others.

Cisco Patches Critical Vulnerability in Contact Center Software

Tracked as CVE-2020-3280 and assessed with a CVSS score of 9.8, the vulnerability could allow an attacker to execute arbitrary code on an affected device remotely.  The issue, Cisco explains in an advisory, exists because of the software’s insecure deserialization of user supplied content. An attacker could send a malicious serialized Java object to a specific listener to trigger the vulnerability and execute arbitrary code as the root user.