Categories
APT Breach CVE Cyber Security Malware Phishing Ransomware RAT Spearphishing Trojan Vulnerability

Spearphishing campaign steals Office 365 credentials, NSO group masquerades as Facebook to deliver Pegasus, and more

Major cybersecurity events on 26th May 2020 (Morning Post): The Little Clinic notifies 10,000 patients about a glitch in the online appointment system. 40 million Wishbone users’ data leaked. Care19, North Dakota’s contact tracing app, shares user data with third parties. Malspam emails that distribute GuLoader surges.

Round Up of Major Breaches and Scams

Fake supreme court subpoena phishing scam steals Office 365 credentials

Since the advent of phishing in itself, different types of scams have existed ranging from one-fits-all emails to targeted spearphishing campaigns. One such type happens to fall into the category of subpoena themed emails in which the attacker claiming to be an authority, tries to convince the victim into falling for their trap.

TN: The Little Clinic notifies more than 10,000 patients after discovering glitch in online appointment system

The Little Clinic (TLC) announced today that patients could have had their protected health information (PHI) accessed due to a failure in TLC’s online appointment functionality. The Little Clinic made the discovery internally and found if a patient made an appointment and modified that appointment online, certain patient data could have been accessible by third party domains.

Israeli Security Company NSO Pretends to Be Facebook

As per several reports, Facebook was imitated by an Israeli security company that is known as the “NSO Group” to get the targets to install their “phone-hacking software”. Per sources, a Facebook-like doppelganger domain was engineered to distribute the NSO’s “Pegasus” hacking contrivance. Allegedly, serves within the boundaries of the USA were employed for the spreading of it.

Wishbone Breach: Hacker Leaks Personal Data of 40 Million Users

Personal data of 40 million users registered on Wishbone has been published online by hackers, it included user details like usernames, contact numbers, email addresses, Facebook and Twitter access tokens, DOBs, location, gender, and MD5 hashed passwords. Researchers have confirmed the authenticity of the data that has found to be accurate – belonging to the users who have used the app.

Personal data of 12 million Facebook users exposed online

For the last few years, Facebook has been embroiled in a range of controversies ranging from the social network’s hegemony over the internet to scandals like that of Cambridge Analytica in 2018. Not to forget just a few weeks ago a hacker was found selling personal data of 267 million Facebook users.

25 million user records leak online from popular math app Mathway

A hacker has breached Mathway, a popular math solving application, from where they have stolen more than 25 million emails and passwords, ZDNet has learned. The hack is the latest in a long line of security breaches carried out by a hacker going by the name of ShinyHunters, the threat actor also responsible for intrusions at Tokopedia, Wishbone, Zoosk, and others.

North Dakota’s Contact Tracing App Sends User Data to Third Parties

A cybersecurity company has claimed that a contact tracing app introduced by North Dakota is sending data to third parties and exposing users’ identities. Like South Dakota and Utah, North Dakota has built its own contact-tracing app, Care19, in an effort to monitor the spread of the novel coronavirus.

Data Breach Afflicts Ohio’s Unemployment Office

A data breach at the Ohio Department of Job and Family Services (ODJFS) has exposed the personal data of Pandemic Unemployment Assistance (PUA) claimants.  Personal information including names, Social Security numbers, home addresses, and claim receipts was exposed to other claimants due to a security vulnerability detected by Deloitte Consulting on May 15.

Round Up of Major Malware and Ransomware Incidents

Experts observed a spike in COVID-19 related malspam emails containing GuLoader

The discovery confirms that crooks continue to use COVID-19 lures in malspam campaigns. In the campaign monitored by Vipre Labs, attackers used spam email samples containing GuLoader. The GuLoader is a popular RAT that appeared in the threat landscape in 2019 and that was involved in other COVID-19 campaigns, it is written in VB5/6 and compressed in a .rar/.iso file.  GuLoader is usually employed in spam campaigns using bill payments, wire transfers or COVID lures.

Windows malware opens RDP ports on PCs for future remote access

Security researchers say they’ve spotted a new version of the Sarwent malware that opens RDP (Remote Desktop Protocol) ports on infected computers so hackers could gain hands-on access to infected hosts. Researchers from SentinelOne, who spotted this new version, believe the Sarwent operators are most likely preparing to sell access to these systems on the cybercrime underworld, a common method of monetizing RDP-capable hosts.

Chafer APT Hits Middle East Govs With Latest Cyber-Espionage Attacks

Researchers have uncovered new cybercrime campaigns from the known Chafer advanced persistent threat (APT) group. The attacks have hit several air transportation and government victims in hopes of data exfiltration. The Chafer APT has been active since 2014 and has previously launched cyber espionage campaigns targeting critical infrastructure in the Middle East.

Round Up of Major Vulnerabilities and Patches

Docker fixes Windows client bug letting programs run as SYSTEM

Docker fixed a security vulnerability in Docker for Windows that allowed attackers on the system to execute commands with the highest privileges. The flaw received the tracking number CVE-2020-11492 and could be exploited to impersonate Docker Desktop Service, which runs with SYSTEM permissions.

Nintendo Switch Issue Shows Quirk in Password UI [Updated]

The dialogue box actually changes when a user enters a series of characters that meet Nintendo’s minimum requirements for a password. Those are the password being 8 characters in length, and containing at least two of the following: lowercase or uppercase letters, numbers, and punctuation. The password also cannot have the same character more than twice in a row.