Categories
APT Breach Cyber Security Data leak DDoS Espionage Hacking Maze Ransomware Scam Vulnerability Zero-day

TikTok to launch legal action against Trump admin., $3.86m is the average cost of data breach in 2020, and more

Major cybersecurity events on 24th August 2020 (Evening Post): US military personnel lost $379 million to fraudulent schemes in last 5 years. Travel site exposed 37 million records before Meow attack. Group of unskilled Iranian hackers behind recent attacks with Dharma ransomware.

Round Up of Major Breaches and Scams

TikTok to Launch Legal Action Against Trump Administration

As predicted, TikTok is taking the Trump administration to court over the President’s Executive Order which will effectively ban the app in the US. The order, which was issued on August 6, alleged that the social firm’s data collection on large numbers of US citizens exposes them to Communist Party efforts to build “dossiers of personal information for blackmail, and conduct corporate espionage.”

Average Cost of a Data Breach in 2020: $3.86M

A recent survey of 3,200 people in 524 organizations that suffered data breaches is a bit of a mixed bag. Ponemon’s “Cost of a Data Breach Report 2020” (commissioned by IBM) reveals that despite an apparent decline in the average cost of a data breach — from $3.92 million in 2019 to $3.86 million this year — the price tag was much less for mature companies and industries and far higher for firms that had lackluster security automation and incident response processes. In the same vein, Ponemon’s examination of the average cost per record varied widely according to the kind of data that was exposed or stolen.

U.S. Military Personnel Lost $379 Mn to Fraudulent Schemes in Last 5 Years

An investigation from AtlasVPN revealed that the U.S Military personnel have lost around $379.6 million to a range of fraudulent schemes from 2015 to June 30, 2020. According to the report, military staff have reported more than 680,000 complaints about fraud, identity theft, or other consumer issues to the Federal Trade Commission (FTC).

Travel Site Exposed 37 Million Records Before Meow Attack

The company behind one of India’s most popular travel booking sites exposed 43GB of customer and corporate data before it was deleted by the infamous “Meow” attacker, according to researchers. A team at SafetyDetectives led by Anurag Sen discovered an Elasticsearch server without password protection or encryption on August 10. It failed to get a response from the company in question, government-backed travel marketplace RailYatri, but the database was eventually secured after contact was made with India’s national CERT (CERT-In).

Round Up of Major Malware and Ransomware Incidents

Group of unskilled Iranian hackers behind recent attacks with Dharma ransomware

Cyber-security firm Group-IB says it identified a group of low-skilled hackers operating out of Iran that has been launching attacks against companies in Asia and attempting to encrypt their networks with a version of the Dharma ransomware. The attacks have targeted companies located in Russia, Japan, China, and India, according to a report Group-IB researchers published today.

Lifting the veil on DeathStalker, a mercenary triumvirate

State-sponsored threat actors and sophisticated attacks are often in the spotlight. Indeed, their innovative techniques, advanced malware platforms and 0-day exploit chains capture our collective imagination. Yet these groups still aren’t likely to be a part of the risk model at most companies, nor should they be. Businesses today are faced with an array of much more immediate threats, from ransomware and customer information leaks, to competitors engaging in unethical business practices.

Darknet Empire Market Potentially Victim of DDoS Attack

For over 36 hours, the popular darknet market – Empire Market – has remained offline. This is according to a range of sources, not least the researcher and analyst Dark.fail who has been tweeting about this blackout. Moreover, this subject has been attracting significant attention in various online forums, including the Reddit threat r/darknet and its deep web equivalent, Dread. According to Dark.fail, the blackout is a result of a distributed denial-of-service (DDoS) attack. In other words, the server was bombarded with artificial traffic.

Canadian shipping company Canpar gets an unwanted delivery – ransomware

In brief It has not been a good week for major Canadian shipping company Canpar Express. The Canuck parcel-mover’s website fell offline for days as it tackled a ransomware outbreak on its internal systems. We are also told by readers who reside in America’s Hat that deliveries have been negatively affected – things like package tracking and scheduling pickups are not possible right now, for instance.

Round Up of Major Vulnerabilities and Patches

Mobile security failings putting enterprises at risk

Nearly every enterprise these days has a critical component of their work environment powered by mobile devices. Indeed, we estimate that well in excess of 50% of workers employed mobile apps as part of their work before the current pandemic hit, and we estimate that has now increased to greater than 85% of users who work from home at least part time. With the critical nature of mobile in not only large businesses but smaller organizations as well, it’s imperative that companies maintain a secure posture for their devices and user apps.

You are not alone; video conferencing app Zoom is down for many

The popular video conferencing app Zoom is currently suffering a service outage where users are unable to join or attend Zoom meetings. According to DownDetecter, a platform that reports on online platforms going through service disrupting, the scale of this outage can be seen affecting users all over the United States, some parts of the United Kingdom, and Germany. It is worth noting that due to the COVID-19 pandemic there has been a sudden increase in video conferencing apps including Zoom, Google Meet, and Microsoft Teams.

70% of ICS Flaws Unveiled in First Half of 2020 Can be Exploited Remotely

A research from industrial cybersecurity firm Claroty revealed that around 70% of the industrial control system (ICS) vulnerabilities discovered in the first half of 2020 can be exploited remotely. In its report titled “Biannual ICS Risk & Vulnerability Report,” Claroty evaluated over 365 ICS flaws that were added to the National Vulnerability Database (NVD) and 139 ICS advisories issued by the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT).