Round Up of Major Breaches and Scams
Britain, the United States and Canada accused Russian hackers on Thursday of trying to steal information from researchers seeking a coronavirus vaccine, warning scientists and pharmaceutical companies to be alert for suspicious activity. Intelligence agencies in the three nations alleged that the hacking group APT29, also known as Cozy Bear and said to be part of the Russian intelligence services, is attacking academic and pharmaceutical research institutions involved in COVID-19 vaccine development.
The VPN company in the discussion is a Hong Kong-based UFO VPN owned by Dreamfii HK Limited. Perhaps, the most ironic moments in the cybersecurity world occur when those who promise to protect your online privacy cannot guard their own turf. We’ve seen this happen from time to time with security firms getting hacked themselves. A similar case had emerged recently when the database of a Hong Kong-based VPN provider called UFO VPN was exposed with more than 20 million users logs.
A pair of recent campaigns aim to lift credentials and other personal information under the guise of Amazon package-delivery notices. Amazon in the era of COVID-19 has become a staple of many people’s lives, as they order everything from sourdough starter to exercise equipment. Cybercrooks have latched onto the delivery behemoth as a lure for phishing emails, knowing that plenty of legitimate delivery messages are also making it into people’s inboxes and offering cover.
CryptBB becomes more inclusive by inviting less experienced hackers to learn from expert cybercriminals and one another. A well-known private hacking forum has recently become more inclusive, introducing a new platform to help newbie threat actors flourish and hone their expertise, research has found. The discovery is unique, as private hacker forums tend to be the exclusive province of elite cybercriminals.
Round Up of Major Malware and Ransomware Incidents
A total of seven ransomware families have been found to target processes associated with operational technology (OT) software, and FireEye this week published an analysis of these pieces of malware. Many ransomware families are designed to kill certain types of running processes. They might target security products to prevent them from blocking the attack and they can also terminate critical system.
Orange has confirmed to BleepingComputer that they suffered a ransomware attack exposing the data of twenty of their enterprise customers. Orange is a French telecommunications company that offers consumer communication services and business services to the enterprise. With 266 million customers and 148,000 employees, Orange is the fourth-largest mobile operator in Europe.
ATM maker Diebold Nixdorf is warning banks of a new type of ATM “black box” attack that was recently spotted used across Europe. ATM “black box” attacks are a type of jackpotting attack — when cybercriminals make an ATM spit out cash. A jackpotting attack can be executed with malware installed on an ATM, or by using a “black box.” A black box attack is when an intruder unfastens an ATM outer case to access its ports or cuts a hole in the casing for direct access to its internal wiring or other hidden connectors.
Round Up of Major Vulnerabilities and Patches
Cisco on Wednesday released security advisories to inform customers of several critical vulnerabilities that can be exploited remotely to hack small business routers and firewalls that are no longer being sold. One of the critical flaws, which is tracked as CVE-2020-3330 and has a CVSS score of 9.8, affects Cisco Small Business RV110W Wireless-N VPN firewalls.