Categories
Botnet Breach CVE Cyber Security DDoS Malware Phishing Trojan Vulnerability

Stalker Online steals 1.3M user records, IndogoDrop campaign targets South Asian military and govt., and more

Major cybersecurity events on 23rd June 2020 (Evening Post): North Korean COVID-19 phishing campaign by Lazarus Group impersonates government agencies, departments, etc. Variants of the Kaiji, XORDDoS malware target dock servers. Mitsubishi patches vulnerabilities in ICONICS.

Round Up of Major Breaches and Scams

Stalker Online Breach: 1.3 Million User Records Stolen

Security researchers are warning players of a popular MMO game that over 1.3 million user records are being sold on dark web forums. Usernames, passwords, email addresses, phone numbers and IP addresses belonging to players of Stalker Online were found by researchers from CyberNews. The firm explained that the passwords were stored only in MD5, which is one of the less secure encryption algorithms around.

North Korean #COVID19 Phishing Campaign Targets Six Countries

Security researchers are warning of a multi-country North Korean phishing campaign designed to capitalize on government COVID-19 bail-out measures. The operation is being undertaken by Pyongyang’s notorious Lazarus Group, and is “designed to impersonate government agencies, departments, and trade associations who are tasked to oversee the disbursement of the fiscal aid,” according to Cyfirma.

Round Up of Major Malware and Ransomware Incidents

IndigoDrop spreads via military-themed lures to deliver Cobalt Strike

Cisco Talos has recently discovered a new campaign distributing a multistage attack used to infect target endpoints with customized Cobalt Strike beacons. Due to the theme of the malicious documents (maldocs) employed, it is highly likely that military and government organizations in South Asia were targeted by this attack.

XORDDoS, Kaiji Botnet Malware Variants Target Exposed Docker Servers 

We have recently detected variants of two existing Linux botnet malware types targeting exposed Docker servers; these are XORDDoS malware (detected by Trend Micro as Backdoor.Linux.XORDDOS.AE) and Kaiji DDoS malware (detected by Trend Micro as DDoS.Linux.KAIJI.A).

Round Up of Major Vulnerabilities and Patches

Mitsubishi Patches Vulnerabilities Disclosed at ICS Hacking Contest

White hat hackers earned a total of $280,000 for the exploits they demonstrated at the Zero Day Initiative’s Pwn2Own contest in January, including $80,000 for vulnerabilities found in ICONICS’s Genesis64 HMI/SCADA product. The researchers who successfully hacked the ICONICS product were Pedro Ribeiro and Radek Domanski of Flashback team.

BitDefender fixes bug allowing attackers to run commands remotely

Security solutions are designed to keep an organization safe, but those models crumble when that same software becomes a threat vector for the attackers to exploit. Such is the case with a new Bitdefender remote code execution vulnerability, dubbed CVE-2020-8102, lurking in its Safepay browser component.