Round Up of Major Breaches and Scams
Spotify has issued a rolling password reset of some user accounts following the discovery of an open database containing user credentials. The 72GB database contained over 380 million records, “including login credentials and other user data being validated against the Spotify service,” the team said.
Floor coverings distributor Headlam Group said on Tuesday there had been an unauthorised access to some of its computer systems, resulting in some data being accessed. Certain back office systems were affected, including the email system, which is now restored, the company said.
Pakistan International Airlines (PIA) reportedly suffered a major security breach after its network access and database were put on sale for $4,000 on the dark web. According to a media report, an Israeli firm named KELA spotted a threat actor offering the domain admin access to the airline for $4,000.
Event-discovery application Peatix has disclosed a data breach, after ads for stolen user-account information were reportedly being circulated on Instagram and Telegram. Upon further investigation, the company found that user names, email addresses, salted and hashed passwords, nicknames, preferred languages, countries and time zones had been compromised.
Round Up of Major Malware and Ransomware Incidents
Researchers have discovered a new backdoor written in the Go programming language (Golang), which turned their heads due to its heavy level of obfuscation. The backdoor, called Blackrota, was first discovered in a honeypot owned by researchers, attempting to exploit an unauthorized-access vulnerability in the Docker Remote API.
Researchers at Huntress Labs have uncovered what they described as a really clever use of Windows batch scripting by the authors of Trickbot to try and sneak the latest version of their malware past automated detection tools.
Researchers spotted a new variant of an adware and coin-miner botnet operated by Stantinko threat actors that now targets Linux servers. Operators behind the botnet powered a massive adware campaign active since 2012, crooks mainly targeted users in Russia, Ukraine, Belarus, and Kazakhstan searching for pirated software.
Round Up of Major Vulnerabilities and Patches
The UK National Cyber Security Centre (NCSC) issued an alert urging organizations to address the critical CVE-2020-15505 remote code execution (RCE) vulnerability in MobileIron mobile device management (MDM) systems. MDM platforms allow administrators to remotely manage a fleet of mobile devices in their organization from a central server.