Round Up of Major Breaches and Scams
Shopify has blamed two of its support team members for stealing customer data from less than 200 merchants. The world’s leading e-commerce platform Shopify confirmed suffering a data breach. The company confirmed the breach in a blog post and revealed shocking details of who caused it. The company claims that two ‘rogue members’ of its support staff were responsible for stealing customer data from at least 200 merchants. Both employees were immediately fired for conspiring against Shopify to “obtain customer transactional records of certain merchants.”
The FBI is investigating a global business email compromise (BEC) campaign that has netted cybercriminals at least $15 million in illicit proceeds. On Wednesday, cybersecurity researchers from Mitiga said the campaign, which is ongoing, uses social engineering techniques to impersonate senior executives using Microsoft Office 365 email services.
Round Up of Major Malware and Ransomware Incidents
A phishing attack taking place against an organization has revealed a crafty method to bounce between victims in a way deemed “ingenious” by a researcher. On September 29, cybersecurity architect and bug bounty hunter Craig Hays outlined a recent phishing attempt which went far beyond the usual spray-and-pray tactics and basic attempts to compromise a network, to become “the greatest password theft he had ever seen.”
Roskomnadzor (the Federal Service for Supervision of Communications, Information Technology and Mass Media) has notified one of the largest cryptocurrency exchanges Binance about entering it into the register of prohibited sites. So far, the site in Russia is not blocked and continues to work. “On September 24, 2020, we received a notification from Roskomnadzor of the Russian Federation about the introduction of the site binance.com to the domain name registry containing information prohibited for distribution in Russia.”
QNAP has issued an advisory about a recent wave of ransomware attacks targeting its NAS storage devices and encrypting files. Last week, BleepingComputer broke the story of ransomware known as AgeLocker attacking publicly exposed QNAP NAS devices. The ransomware gets its name from its use of the encryption algorithm called Actually Good Encryption (AGE) when encrypting files.
Cybersecurity researchers on Tuesday uncovered a new espionage campaign targeting media, construction, engineering, electronics, and finance sectors in Japan, Taiwan, the U.S., and China. Linking the attacks to Palmerworm (aka BlackTech) — likely a China-based advanced persistent threat (APT) — Symantec’s Threat Hunter Team said the first wave of activity associated with this campaign began last year in August 2019, although their ultimate motivations still remain unclear.
Round Up of Major Vulnerabilities and Patches
HP Device Manager is a popular software that allows IT administrators to manage their HP Thin Client devices. However, it has a backdoor database user account which can undermine the network security. Founder of Cognitous Cyber Security, Nick Bloor, discovered that an insecure user account had been set-up by an HP Inc programmer in a database within HP Device Manager. He found that the account can be easily exploited by malicious users to achieve privilege escalation to gain unauthorized remote command execution as SYSTEM.
A security advisory from Synopsys revealed multiple vulnerabilities in the chipsets of wireless routers manufactured by Qualcomm, MediaTek, and Realtek. Referred to as CVE-2019-18989, CVE-2019-18990, and CVE-2019-18991, the partial authentication bypass vulnerabilities could allow an attacker to exploit the authentication process by injecting packets into a WPA2-protected network without a password.