Categories
APT BEC Breach Bug CVE Cyber Security Data leak Espionage Hacking Phishing Ransomware RCE Scam Vulnerability

Shopify blames support team members for data breach, HP Device Manager has a dangerous backdoor, and more

Major cybersecurity events on 30th September 2020 (Evening Post): FBI exposes $15 million business email scam campaign that uses social engineering tactics. Roskomnadzor bans Binance crypto exchange site in Russia. QNAP warns customers of recent wave of ransomware attacks.

Round Up of Major Breaches and Scams

Shopify Sufferd Data Breach Because of “Rogue” Employees

Shopify has blamed two of its support team members for stealing customer data from less than 200 merchants. The world’s leading e-commerce platform Shopify confirmed suffering a data breach. The company confirmed the breach in a blog post and revealed shocking details of who caused it. The company claims that two ‘rogue members’ of its support staff were responsible for stealing customer data from at least 200 merchants. Both employees were immediately fired for conspiring against Shopify to “obtain customer transactional records of certain merchants.”

$15 million business email scam campaign in the US exposed

The FBI is investigating a global business email compromise (BEC) campaign that has netted cybercriminals at least $15 million in illicit proceeds. On Wednesday, cybersecurity researchers from Mitiga said the campaign, which is ongoing, uses social engineering techniques to impersonate senior executives using Microsoft Office 365 email services.

Round Up of Major Malware and Ransomware Incidents

This worm phishing campaign is a game-changer in password theft, account takeovers

A phishing attack taking place against an organization has revealed a crafty method to bounce between victims in a way deemed “ingenious” by a researcher. On September 29, cybersecurity architect and bug bounty hunter Craig Hays outlined a recent phishing attempt which went far beyond the usual spray-and-pray tactics and basic attempts to compromise a network, to become “the greatest password theft he had ever seen.”

Roskomnadzor has added the site of the Binance crypto exchange to the list of banned sites in Russia

Roskomnadzor (the Federal Service for Supervision of Communications, Information Technology and Mass Media) has notified one of the largest cryptocurrency exchanges Binance about entering it into the register of prohibited sites. So far, the site in Russia is not blocked and continues to work. “On September 24, 2020, we received a notification from Roskomnadzor of the Russian Federation about the introduction of the site binance.com to the domain name registry containing information prohibited for distribution in Russia.”

QNAP warns customers of recent wave of ransomware attacks

QNAP has issued an advisory about a recent wave of ransomware attacks targeting its NAS storage devices and encrypting files. Last week, BleepingComputer broke the story of ransomware known as AgeLocker attacking publicly exposed QNAP NAS devices. The ransomware gets its name from its use of the encryption algorithm called Actually Good Encryption (AGE) when encrypting files.

Chinese APT Group Targets Media, Finance, and Electronics Sectors

Cybersecurity researchers on Tuesday uncovered a new espionage campaign targeting media, construction, engineering, electronics, and finance sectors in Japan, Taiwan, the U.S., and China. Linking the attacks to Palmerworm (aka BlackTech) — likely a China-based advanced persistent threat (APT) — Symantec’s Threat Hunter Team said the first wave of activity associated with this campaign began last year in August 2019, although their ultimate motivations still remain unclear.

Round Up of Major Vulnerabilities and Patches

HP Device Manager has a dangerous backdoor

HP Device Manager is a popular software that allows IT administrators to manage their HP Thin Client devices. However, it has a backdoor database user account which can undermine the network security. Founder of Cognitous Cyber Security, Nick Bloor, discovered that an insecure user account had been set-up by an HP Inc programmer in a database within HP Device Manager. He found that the account can be easily exploited by malicious users to achieve privilege escalation to gain unauthorized remote command execution as SYSTEM.

Researchers Warn About Authentication Vulnerabilities in Router Chipsets

A security advisory from Synopsys revealed multiple vulnerabilities in the chipsets of wireless routers manufactured by Qualcomm, MediaTek, and Realtek. Referred to as CVE-2019-18989, CVE-2019-18990, and CVE-2019-18991, the partial authentication bypass vulnerabilities could allow an attacker to exploit the authentication process by injecting packets into a WPA2-protected network without a password.