Categories
Breach Bug CVE Cyber Security Data leak Hacking Malware Phishing Ransomware Scam Smishing Vulnerability

Smishing campaign masquerades as USPS, Bug in order tracking system caused Staples breach, and more

Major cybersecurity events on 16th September 2020 (Evening Post): Indian pleads guilty to his role in $600,000 malware protection scam. LockBit ransomware launches data leak site to double-extort victims. Facebook hacked by researchers exploiting MobileIron MDM flaw.

Round Up of Major Breaches and Scams

New Smishing Campaign Using USPS as Its Disguise

A new SMS-based phishing (“smishing”) campaign is using the United States Postal Service (USPS) as a disguise to target mobile users. On September 15, SlickRockWeb CEO Eric JN Eliason tweeted out two examples of the operation. Both attack SMS messages claimed to contain important information about a USPS package. Using that lure, they attempted to trick the recipient into clicking on a link containing the domain “m9sxv[.]info.”

Outbound Email Errors Cause 93% Increase in Breaches

IT leaders have suffered significantly higher numbers of data breaches as a result of outbound email in the last 12 months. According to research by Egress, 93% of 538 IT leaders surveyed reported a breach in the past year due to an email error, with 70% of those believing remote working increases the risk of sensitive data being put at risk from outbound email data breaches.

Staples data breach caused by bug in order tracking system

The reason for the recent notification from Staples to some of its customers about exposed order details was caused by insufficient protections for retrieving shopper information from current and past orders. Staples said that they found no evidence of unauthorized purchases on behalf of impacted customers and that they fixed the issue. The alert lacks any technical details that would explain the nature of the problem, leading to some speculation that it was prompted by a hacker incident.

Flaws in Philips Patient Monitoring Products Can Lead to Patient Data Exposure

Multiple vulnerabilities identified in Philips patient monitoring solutions could provide attackers with unauthorized access to patient data. A total of eight security issues were identified. Although they feature severity ratings of medium and low, even low-skilled hackers could exploit them, the Cybersecurity and Infrastructure Security Agency (CISA) warns in a security alert. “Successful exploitation of these vulnerabilities could result in unauthorized access, interrupted monitoring, and collection of access information and/or patient data,” CISA says.

Round Up of Major Malware and Ransomware Incidents

Man Pleads Guilty to Role in $600K Malware Protection Scam

A man from India has pleaded guilty to his role in a scheme that tried to embezzle about $600,000 from seven people over the age of 65 in the U.S., federal prosecutors say. Chirag Sachdeva, 30, participated in a telemarketing scheme that offered victims computer protection services after misleading them to believe that malware had been detected on their computers, according to a statement from the U.S. attorney’s office in Rhode Island.

French law enforcement deploy malware to hack into organised crime networks

French law enforcement have deployed malware to Encrochat devices in the effort to infiltrate criminal networks. Encrochat is largely used on Andriod phones using an encrypted network for communication, hence its popularity within organised crime including drug trafficking. The malware deployed has the ability to harvest all the data sorted on the phone from messages and geolocations to passwords. This hacking operation has been said to be one of the biggest in law enforcement to date with investigators gathering over a hundred million encrypted messages.

LockBit ransomware launches data leak site to double-extort victims

The LockBit ransomware gang has launched a new data leak site to be used as part of their double extortion strategy to scare victims into paying a ransom. Since the end of 2019, ransomware gangs have adopted a double extortion tactic of stealing unencrypted files before encrypting the computers on a network. The ransomware gangs then use the stolen files and the threat that they will be publicly released on data leak sites as leverage to get victims to pay a ransom.

Round Up of Major Vulnerabilities and Patches

New Microsoft 365 defaults, Application Guard beta add email protections

Microsoft is pushing out more Microsoft 365 security settings that will increase security by default. You need to assess some of these settings for their impact on your business processes. One of the new Microsoft 365 defaults has to do with email forwarding. As of September 1, Microsoft has changed the defaults on Microsoft 365 ATP external email forwarding controls. Messages that are automatically forwarded outside the organization will be blocked and a non-delivery report (NDR) will be sent to the user.

Facebook hacked by researchers exploiting MobileIron MDM flaw

The social networking site was hacked by a researcher who had identified a flaw on MobileIron’s Mobile Device Management (MDM) used by an employee. In this case, the vulnerability was not entirely Facebook’s fault as the weakness in a third-party service created a ripple effect which negatively impacted users security. However, this highlights how important it is for companies to monitor not only their own security but also the security of partnered vendors.

Adobe out-of-band patch released to tackle Media Encoder vulnerabilities

Adobe has released an out-of-band patch to resolve a trio of vulnerabilities discovered in Media Encoder. Adobe Media Encoder, software used to encode audio and video in different formats, is the sole subject of the security update issued outside of the company’s usual monthly release. On Tuesday, Adobe said that three vulnerabilities — CVE-2020-9739, CVE-2020-9744, and CVE-2020-9745 — are out-of-bound read security flaws “that could lead to information disclosure in the context of the current user.”