Breach CVE Cyber Security DDoS Malware Ransomware Snooping Vulnerability

TikTok stops clipboard snooping after Apple exposes it, 5 million DeviceLock users’ data leaked, and more

Major cybersecurity events on 29th June 2020: CloudSEK researcher reports 40,000 Indiamart suppliers’ data. Aspire News App, domestic violence assistance app, suffers data breach. Hackers threaten to leak beverage firm Lion’s stolen files, following a ransomware attack.

Round Up of Major Breaches and Scams

Domestic violence assistance app breached placing victims at risk

Data breaches for long have been a problem for companies that store user data. At various times, this has resulted in highly confidential data being leaked harming the reputation of the firm involved. One such incident has emerged again when the “Aspire News App” for Android developed by a US-based non-profit suffered a data breach as reported by researchers from vpnMentor.

IndiaMART Probing Reports Of Data Leak Impacting 40K Vendors

Noida-headquartered B2B ecommerce company IndiaMART said it is investigating the report by cybersecurity start-up CloudSEK which claimed that sensitive information of over 40K suppliers registered on IndiaMART was being sold on hacker forums. CloudSEK researcher Ashok Krishna discovered posts on two forums advertising a database of 43,920 suppliers registered on IndiaMART.

TikTok To Stop Clipboard Snooping After Apple Privacy Feature Exposes Behavior

A new privacy feature in Apple iOS 14 sheds light on TikTok’s practice of reading iPhone users’ cut-and-paste data, even though the company said in March it would stop. Apple added a new banner alert to iOS 14 that lets users know if a mobile app is pasting from the clipboard and thus able to read to a user’s cut-and-paste data.

Experts have discovered a data leak of almost five million Russians

DeviceLock experts discovered a data leak of almost 5 million users in the Russian Federation, presumably from one of the employment portals; the database contains contact information and last names, first and middle names of users, said Ashot Hovhannisyan, founder and technical Director of DeviceLock, a developer of data leakage control systems.

The database of millions of Telegram users from Russia and Iran appeared on the Darknet

On one of the forums in the Darknet, a database appeared with information about several million users of the Telegram messenger. The data file is about 900 megabytes. The Telegram press service confirmed the existence of the database, explaining that information is collected through the built-in contact import function even when the user registers.

Unauthorized disclosure of COVID-19 patients’ identities continues

As the number of coronavirus cases in the Philippines steadily increased from mid-March to late May, the National Privacy Commission (NPC) had been investigating 22 complaints of privacy breaches involving more than 150 COVID-19 patients, as well as suspected and probable cases.

Round Up of Major Malware and Ransomware Incidents

Hackers Threaten to Leak Files Stolen From Australian Beverage Firm Lion

Lion, a major supplier of beer and milk in Australia and New Zealand, revealed earlier this month that manufacturing processes and customer service were disrupted following a ransomware attack. In an update shared on June 26, the company said it restored many key systems at breweries and dairy and juice sites.

California University Paid $1.14 Million After Ransomware Attack

The University of California, San Francisco paid criminal hackers $1.14 million this month to resolve a ransomware attack. The hackers encrypted data on servers inside the school of medicine, the university said Friday. While researchers at UCSF are among those leading coronavirus-related antibody testing, the attack didn’t impede its Covid-19 work, it said.

France Télévisions group hit by a cyber attack, its antennas were not impacted

The France Télévisions group announced Friday that it was the victim of a cyber attack that targeted one of its broadcasting sites. According to the group, the attack did not impact its antennae. The group confirmed that the broadcasting of France 3 will be transferred to the headquarters of France Televisions, the company also activated the backup site in response to the incident.

Chinese malware used in attacks against Australian orgs

The Australian government released an advisory late last week about increased cyber activity from a state actor against networks belonging to its agencies and companies in the country. Behind the attack is a “sophisticated” adversary that relies on slightly modified proof-of-concept exploit code for yesteryear vulnerabilities, the government says.

Round Up of Major Vulnerabilities and Patches

IBM Discloses Tenda Powerline Extender Flaws Apparently Ignored by Vendor

Researchers at IBM’s X-Force Red team have analyzed Tenda PA6 Wi-Fi powerline extenders, which are part of the company’s PH5 Powerline Extender Kit, and identified vulnerabilities that could allow attackers to take complete control of a device. Malicious actors could exploit the vulnerabilities to add a device to an IoT botnet and abuse it to launch DDoS attacks, move to other devices on the network, etc.

Microsoft: Patch IIS Bug Now to Protect Exchange Servers

Microsoft has warned Exchange customers to patch their servers urgently after reporting a surge in attacks exploiting an Internet Information Service (IIS) vulnerability. That flaw, CVE-2020-0688, was patched in February, but attackers are still finding victims compromised by such attacks. With access to the targeted server, hackers often deploy a web shell to steal data or perform other malicious actions in the future.