Breach Bug CVE Data leak DDoS Hacking Malware Ransomware Vulnerability

ShinyHunters leak 386 million user records, Hackers behind Garmin attack steals data for the first time, and more

Major cybersecurity events on 29th July 2020 (Evening Post): North Korean Lazaruz Group APT has been linked to several mac malware families in recent attacks. Critical Wordpress plugin bug lets hackers take over hosting account. Magento fixes two code execution vulnerabilities.

Round Up of Major Breaches and Scams

Hacker gang behind Garmin attack doesn’t have a history of stealing user data

Wearables and GPS tracker maker Garmin suffered a ransomware attack last week after a hacker gang breached its internal network and encrypted the company’s servers. The attack caused a five-day outage for the company, during which time, users feared that the hackers might have also stolen their personal details along with geolocation history from the Garmin’s servers.

ShinyHunters leaked over 386 million user records from 18 companies

ShinyHunters, a trusted threat actor, is offering on a hacker forum the databases stolen from eighteen companies, over 386 million user records available online. The known threat actor ShinyHunters has begun leaking for free the databases of multiple companies on a hacker forum. A couple of days ago, the popular digital banking app disclosed a security breach after ShinyHunters leaked 7,516,625 user records on a crime forum.

Round Up of Major Malware and Ransomware Incidents

Several New Mac Malware Families Attributed to North Korean Hackers

North Korean-linked threat actor Lazarus has been employing at least four new Mac-targeting malware families in recent attacks, SentinelOne security researchers reveal. Active for over a decade and also referred to as Hidden Cobra, Lazarus has started targeting Macs rather recently, mainly in financially motivated cyberattacks, some targeting cryptocurrency exchanges, such as the AppleJeus campaign.

Round Up of Major Vulnerabilities and Patches

FBI warns of disruptive DDoS amplification attacks

The Federal Bureau of Investigation (FBI) has issued an alert warning private sector organizations in the United States about a ramp-up in the use of built-in network protocols for large-scale distributed denial-of-service (DDoS) amplification attacks. “A DDoS amplification attack occurs when an attacker sends a small number of requests to a server and the server responds with more numerous responses to the victim. Typically, the attacker spoofs the source Internet Protocol (IP) address to appear as if they are the victim, resulting in traffic that overwhelms victim resources,” wrote the FBI.

Critical WordPress plugin bug lets hackers take over hosting account

Hackers can exploit a maximum severity vulnerability in the wpDiscuz plugin installed on over 70,000 WordPress sites to execute code remotely after uploading arbitrary files on servers hosting vulnerable sites. wpDiscuz is a WordPress plugin that provides an Ajax real-time comment system that will store comments within a local database. The plugin comes with support for multiple comment layouts, inline commenting and feedback, as well as a post rating system and multi-level (nested) comment threads.

Dell EMC Patches iDRAC Vulnerability

A vulnerability in the Integrated Dell Remote Access Controller (iDRAC) that could have allowed cyber-criminals to gain full control of server operations has been detected. The controller was designed for secure local and remote server management to help IT administrators deploy, update and monitor Dell EMC PowerEdge servers. Path Traversal vulnerability CVE-2020-5366 was discovered by researchers Georgy Kiguradze and Mark Ermolov at Positive Technologies. It has a score of 7.1, reflecting a high degree of danger.

Industrial Systems Can Be Hacked Remotely via VPN Vulnerabilities

Vulnerabilities discovered by researchers in VPN products primarily used for remote access to operational technology (OT) networks can allow hackers to compromise industrial control systems (ICS) and possibly cause physical damage. Researchers from industrial cybersecurity company Claroty have identified potentially serious vulnerabilities in Secomea GateManager, Moxa EDR-G902 and EDR-G903, and HMS Networks’ eWon.

Magento gets security updates for severe code execution bugs

Adobe today released security updates to fix two code execution vulnerabilities affecting Magento Commerce and Magento Open Source, rated as important and critical severity. Affected software includes Magento Commerce versions 2.3.5-p1 and earlier and Magento Open Source versions 2.3.5-p1 and earlier. Merchants running vulnerable Magento versions are advised to update their installation to the latest version (2.4.0) or to upgrade to Magento Commerce 2.3.5-p2 or Magento Open Source 2.3.5-p2 as soon as possible.