Round Up of Major Breaches and Scams
An IT contractor has been found guilty of pinching his employer’s supercomputer to mine cryptocurrency. The un-named man was employed at Australia’s Commonwealth Scientific and Industrial Research Organisation (CSIRO), an outfit that made critical contributions to WiFi and operates the Parkes Radio Telescope that received the first images and video from Apollo 11 when it touched down on the moon.
A UK national pleaded guilty today to extorting tens of companies across the world as a member of an infamous hacking group known as The Dark Overlord (TDO). Nathan Francis Wyatt, 39, was sentenced to five years in prison and ordered to pay $1,467,048 in restitution to victims. According to court documents, Wyatt was part of the TDO hacker group since 2016. The group operated by hacking into large companies, stealing their sensitive data, and then asking for huge ransoms.
Scammers have tried to rip off computer equipment suppliers with a targeted email that impersonated the Commissioner of the Texas Department of State Health Services (DSHS). They did their homework and crafted a credible message with details that would check out at a cursory search. In a short email sent to a company’s sales department, the fraudsters requested a price quote for 20 touchscreen laptops and 200 portable hard drives.
Popular running and cycling app Strava can expose your information to nearby strangers, which has sparked privacy concerns among its users. After learning of this information sharing feature, some fear this functionality can be abused for stalking and “predatory” motives. Previously, Strava had published heatmaps generated from 13 trillion GPS coordinates from joggers’ data, which inadvertently exposed the locations of military bases around the world, including those in the U.S.
Hundreds of thousands of Minnesotans are receiving letters warning them that their data may have been exposed in the second-largest healthcare data breach in state history. The letters were sent to individuals who had donated to or been a patient of Allina Health hospitals and clinics or Children’s Minnesota, a two-hospital pediatric health system in the Twin Cities. Breach notifications warned that personal data may have been exposed following a ransomware attack on third-party vendor Blackbaud in May 2020.
Over 500,000 Activision accounts may have been hacked in a new data breach that the gaming firm suffered on September 20. More than 500,000 Activision accounts may have compromised as a result of a data breach suffered by the gaming firm on September 20, reported the eSports site Dexerto. According to Dexerto, the login for Activision accounts been publicly leaked and threat actors also changed accounts’ details to prevent easy recovery by the legitimate owners.
Round Up of Major Malware and Ransomware Incidents
Italy-based eyewear and eyecare giant Luxottica has reportedly suffered a cyberattack that has led to the shutdown of operations in Italy and China. Luxottica is the world’s largest eyewear company that employs over 80,000 people and generated 9.4 billion in revenue for 2019. The company portfolio of eyeglasses brands contains well-known brands, including Ray-Ban, Oakley, Oliver Peoples, Ferrari, Michael Kors, Bulgari, Armani, Prada, Chanel, and Coach.
When it comes to endpoint security, a handful of threats make up the bulk of the most serious attack tools and tactics. In the first half of 2020, the most common critical-severity cybersecurity threat to endpoints was fileless malware, according to a recent analysis of telemetry data from Cisco. Fileless threats consist of malicious code that runs in memory after initial infection, instead of files being stored on the hard drive. Cisco flagged threats like Kovter, Poweliks, Divergent and LemonDuck as the most common fileless malware.
A company that provides software for sports leagues to manage referees and game officials has disclosed a security incident that impacted around 540,000 of its registered members — consisting of referees, league officials, and school representatives. ArbiterSports, the official software provider for the NCAA (National Collegiate Athletic Association) and many other leagues, said it fended off a ransomware attack in July this year.
German prosecutors last week opened a homicide investigation into a deadly ransomware incident on a university hospital, according to multiple German media reports. If confirmed, it would be the first documented case of a death stemming, directly or indirectly, from a cyberattack, analysts say. Christoph Hebbecker, a cybercrime prosecutor in the German city of Cologne, said Friday that his office had opened an investigation into the ransomware attack as a “negligent homicide,” the Germany news agency DPA reported.
A new Android malware strain has been uncovered, part of the Rampant Kitten threat group’s widespread surveillance campaign that targets Telegram credentials and more. Researchers have uncovered a threat group launching surveillance campaigns that target victims’ personal device data, browser credentials and Telegram messaging application files. One notable tool in the group’s arsenal is an Android malware that collects all two-factor authentication (2FA) security codes sent to devices, sniffs out Telegram credentials and launches Google account phishing attacks.
Round Up of Major Vulnerabilities and Patches
An unsecured database has exposed sensitive data for users of Microsoft’s Bing search engine mobile application – including their location coordinates, search terms in clear text and more. While no personal information, like names, were exposed, researchers with Wizcase argued that enough data was available that it would be possible to link these search queries and locations to user identities — giving bad actors information ripe for blackmail attacks, phishing scams and more.
The deadline looms for U.S. Cybersecurity and Infrastructure Security Agency’s emergency directive for federal agencies to patch against the so-called ‘Zerologon’ vulnerability. Federal agencies that haven’t patched their Windows Servers against the ‘Zerologon’ vulnerability by Monday Sept. 21 at 11:59 pm EDT are in violation of a rare emergency directive issued by the Secretary of Homeland Security.
The Samba Team has released a security update to address a critical vulnerability—CVE-2020-1472—in multiple versions of Samba. This vulnerability could allow a remote attacker to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Samba Security Announcement for CVE-2020-1472 and apply the necessary updates or workaround.
Cloudflare is one of the top web security companies out there with a sizeable clientele requiring it to takes its security practices very seriously which it does. However, regardless of this, there are times when vulnerabilities are found by external actors and brought to their notice. An example of one such case has surfaced recently when cybersecurity researcher George Skouroupathis uncovered a flaw in their Web Application Firewall (WAF) SQL injection protection mechanism.