Round Up of Major Breaches and Scams
Security researchers are warning players of a popular MMO game that over 1.3 million user records are being sold on dark web forums. Usernames, passwords, email addresses, phone numbers and IP addresses belonging to players of Stalker Online were found by researchers from CyberNews. The firm explained that the passwords were stored only in MD5, which is one of the less secure encryption algorithms around.
Security researchers are warning of a multi-country North Korean phishing campaign designed to capitalize on government COVID-19 bail-out measures. The operation is being undertaken by Pyongyang’s notorious Lazarus Group, and is “designed to impersonate government agencies, departments, and trade associations who are tasked to oversee the disbursement of the fiscal aid,” according to Cyfirma.
Round Up of Major Malware and Ransomware Incidents
Cisco Talos has recently discovered a new campaign distributing a multistage attack used to infect target endpoints with customized Cobalt Strike beacons. Due to the theme of the malicious documents (maldocs) employed, it is highly likely that military and government organizations in South Asia were targeted by this attack.
We have recently detected variants of two existing Linux botnet malware types targeting exposed Docker servers; these are XORDDoS malware (detected by Trend Micro as Backdoor.Linux.XORDDOS.AE) and Kaiji DDoS malware (detected by Trend Micro as DDoS.Linux.KAIJI.A).
Round Up of Major Vulnerabilities and Patches
White hat hackers earned a total of $280,000 for the exploits they demonstrated at the Zero Day Initiative’s Pwn2Own contest in January, including $80,000 for vulnerabilities found in ICONICS’s Genesis64 HMI/SCADA product. The researchers who successfully hacked the ICONICS product were Pedro Ribeiro and Radek Domanski of Flashback team.
Security solutions are designed to keep an organization safe, but those models crumble when that same software becomes a threat vector for the attackers to exploit. Such is the case with a new Bitdefender remote code execution vulnerability, dubbed CVE-2020-8102, lurking in its Safepay browser component.