Round Up of Major Breaches and Scams
It started when Green discovered discarded infotainment components available for sale on eBay, which is nothing out of the ordinary. But, what makes this rather concerning is that Tesla didn’t delete the stored user data from the components.
The official handle of Aarogya Setu, the contact-tracing app developed by the National Informatics Centre (NIC) under the Ministry of Electronics and Information Technology, asserted late on Tuesday that “no data or security breach had been identified” in the app.
The details of 44 million Pakistani mobile subscribers have leaked online this week, ZDNet has learned. The leak comes after a hacker tried to sell a package containing 115 million Pakistani mobile user records last month for a price of $2.1 million in bitcoin.
A hacker claims to have stolen over 500GB of data from Microsoft’s private GitHub repositories, BleepingComputer has learned. This evening, a hacker going by the name Shiny Hunters contacted BleepingComputer to tell us they had hacked into the Microsoft GitHub account, gaining full access to the software giant’s ‘Private’ repositories.
A highly convincing series of phishing attacks are using fake certificate error warnings with graphics and formatting lifted from Cisco Webex emails to steal users’ account credentials. Cisco Webex is a video and team collaboration solution that helps users set up video conferences, webinars, online meetings, and share their screens with their colleagues and friends. The platform is currently facing an influx of new users due to the unusual remote working increase caused by the COVID-19 pandemic.
Online learning platform Unacademy has suffered a data breach after a hacker gained access to their database and started selling the account information for close to 22 million users. Unacademy is one of India’s largest online learning platforms boasting 14K teachers, over a million video lessons, and over 20 million registered users (learners).
A new phishing campaign is targeting investment brokers with fraudulent emails aimed at stealing their Microsoft SharePoint and Office credentials, by invoking the identity of a credible financial regulatory organization.
Round Up of Major Malware and Ransomware Incidents
Europe’s largest private hospital operator and a major provider of dialysis products and services that are in such high demand thanks to the COVID-19 pandemic, has been hit in a ransomware cyber attack on its technology systems. The company said the incident has limited some of its operations, but that patient care continues.
The North Korea-linked cyberthreat group known as Lazarus Group has added a new variant of the Dacls remote-access trojan (RAT) to its arsenal of spy gear, designed specifically for the Mac operating system.
The operators of the Snake Ransomware have launched a worldwide campaign of cyberattacks that have infected numerous businesses and at least one health care organization over the last few days. This past January, BleepingComputer reported on the new Snake ransomware that was targeting enterprise networks.
Since at least February 2019, the hackers, who have begun impersonating CEOs and banks in their lure documents, have introduced at least seven updates to the malicious software known as EVILNUM, which enables attackers to upload and download files, harvest tracking cookies, and run arbitrary commands.
Round Up of Major Vulnerabilities and Patches
South Korean smartphone vendor Samsung released this week a security update to fix a critical vulnerability impacting all smartphones sold since 2014. The security flaw resides in how the Android OS flavor running on Samsung devices handles the custom Qmage image format (.qmg), which Samsung smartphones started supporting on all devices released since late 2014.
Search service Algolia said it suffered a security breach over the weekend after hackers exploited a well-known vulnerability in the Salt server configuration software to gain access to its infrastructure. The company said the hackers installed a backdoor and a cryptocurrency miner on a small number of its servers, but that the incident did not impact its operations in any significant way.
Mozilla this week released Firefox 76 to the stable channel with an updated password manager, alerts for breached passwords, and patches for 11 vulnerabilities. Starting with the new release, the browser aims to help users better keep their accounts secure and easily generate strong passwords, courtesy of the new Firefox Lockwise password manager.
VPNpro, a company that specializes in analyzing and comparing VPN services, analyzed the 20 most popular VPNs to see which of them allow attackers to intercept communications and push fake updates.