Round Up of Major Breaches and Scams
Since the advent of phishing in itself, different types of scams have existed ranging from one-fits-all emails to targeted spearphishing campaigns. One such type happens to fall into the category of subpoena themed emails in which the attacker claiming to be an authority, tries to convince the victim into falling for their trap.
The Little Clinic (TLC) announced today that patients could have had their protected health information (PHI) accessed due to a failure in TLC’s online appointment functionality. The Little Clinic made the discovery internally and found if a patient made an appointment and modified that appointment online, certain patient data could have been accessible by third party domains.
As per several reports, Facebook was imitated by an Israeli security company that is known as the “NSO Group” to get the targets to install their “phone-hacking software”. Per sources, a Facebook-like doppelganger domain was engineered to distribute the NSO’s “Pegasus” hacking contrivance. Allegedly, serves within the boundaries of the USA were employed for the spreading of it.
Personal data of 40 million users registered on Wishbone has been published online by hackers, it included user details like usernames, contact numbers, email addresses, Facebook and Twitter access tokens, DOBs, location, gender, and MD5 hashed passwords. Researchers have confirmed the authenticity of the data that has found to be accurate – belonging to the users who have used the app.
For the last few years, Facebook has been embroiled in a range of controversies ranging from the social network’s hegemony over the internet to scandals like that of Cambridge Analytica in 2018. Not to forget just a few weeks ago a hacker was found selling personal data of 267 million Facebook users.
A hacker has breached Mathway, a popular math solving application, from where they have stolen more than 25 million emails and passwords, ZDNet has learned. The hack is the latest in a long line of security breaches carried out by a hacker going by the name of ShinyHunters, the threat actor also responsible for intrusions at Tokopedia, Wishbone, Zoosk, and others.
A cybersecurity company has claimed that a contact tracing app introduced by North Dakota is sending data to third parties and exposing users’ identities. Like South Dakota and Utah, North Dakota has built its own contact-tracing app, Care19, in an effort to monitor the spread of the novel coronavirus.
A data breach at the Ohio Department of Job and Family Services (ODJFS) has exposed the personal data of Pandemic Unemployment Assistance (PUA) claimants. Personal information including names, Social Security numbers, home addresses, and claim receipts was exposed to other claimants due to a security vulnerability detected by Deloitte Consulting on May 15.
Round Up of Major Malware and Ransomware Incidents
The discovery confirms that crooks continue to use COVID-19 lures in malspam campaigns. In the campaign monitored by Vipre Labs, attackers used spam email samples containing GuLoader. The GuLoader is a popular RAT that appeared in the threat landscape in 2019 and that was involved in other COVID-19 campaigns, it is written in VB5/6 and compressed in a .rar/.iso file. GuLoader is usually employed in spam campaigns using bill payments, wire transfers or COVID lures.
Security researchers say they’ve spotted a new version of the Sarwent malware that opens RDP (Remote Desktop Protocol) ports on infected computers so hackers could gain hands-on access to infected hosts. Researchers from SentinelOne, who spotted this new version, believe the Sarwent operators are most likely preparing to sell access to these systems on the cybercrime underworld, a common method of monetizing RDP-capable hosts.
Researchers have uncovered new cybercrime campaigns from the known Chafer advanced persistent threat (APT) group. The attacks have hit several air transportation and government victims in hopes of data exfiltration. The Chafer APT has been active since 2014 and has previously launched cyber espionage campaigns targeting critical infrastructure in the Middle East.
Round Up of Major Vulnerabilities and Patches
Docker fixed a security vulnerability in Docker for Windows that allowed attackers on the system to execute commands with the highest privileges. The flaw received the tracking number CVE-2020-11492 and could be exploited to impersonate Docker Desktop Service, which runs with SYSTEM permissions.
The dialogue box actually changes when a user enters a series of characters that meet Nintendo’s minimum requirements for a password. Those are the password being 8 characters in length, and containing at least two of the following: lowercase or uppercase letters, numbers, and punctuation. The password also cannot have the same character more than twice in a row.