Botnet Breach Cryptojacking Data leak Hacking Malware Ransomware Vulnerability

Title Insurance Company exposes millions of personal information, US registers a spike in ransomware attacks, and more

Major cybersecurity events on 24th July 2020 (Evening Post): About 280,000 Instacart customer records hacked and put for sale on the dark web. Prometei uses NSA exploits to steal data and mine Monero. Twitter hackers read private messages of 36 high-profile accounts.

Round Up of Major Breaches and Scams

Instacart customer records hacked, includes order history

Some 278,531 Instacart customer records have reportedly been hacked, and are for sale on the dark web. The data includes names, email addresses, the last four digits of credit card numbers, and order histories. Instacart denies that there has been any breach, and says that if any data is real, it didn’t come from them. However, a security researcher who reviewed the data says the Instacart customer records appear genuine, and BuzzFeed was able to verify details with two customers whose data was included.

Florida Tax Office Blames Data Breach on Virus

A Florida Tax Collector’s Office has blamed malware found on an employee’s computer for a data breach that affected around 450,000 residents of Polk County. The breach occurred in June at the Tax Collector’s Office for Polk County (TCPC). Information exposed in the attack included Social Security numbers and driver’s license numbers. In a statement issued on July 15, Tax Collector for Polk County Joe Tedder said that his office was “subject to a new strain of a targeted computer virus attack not seen before.”

Title insurance company’s huge data exposure draws charges from New York state

New York regulators have charged an insurer with violating state cybersecurity law for allegedly exposing hundreds of millions of documents that included Americans’ personal data, including Social Security numbers and financial information. The New York State Department of Financial Services announced legal action Wednesday against the First American Title Insurance Company, the second-largest real estate title insurer in the U.S.

Round Up of Major Malware and Ransomware Incidents

Cryptojacking botnet Prometei uses NSA exploit to steal data, mine Monero

Cisco Talos’ threat intelligence team published a report revealing startling details of how cybercriminals are continually reinventing the way they can monetize their malicious tools and techniques. Reportedly, Cisco Talos researchers discovered a “complex” new campaign involving a multi-modular cryptojacking botnet named “Prometei.” The botnet can spread in multiple ways, such as using the Windows Server Message Block protocol (SMB) exploits, stolen credentials, WMI, and PsExec.

Sharp Spike in Ransomware in U.S. as Pandemic Inspires Attackers

The COVID-19 pandemic continues to shape the face of cybercrime in 2020, with ransomware and attacks on internet of things (IoT) devices seeing sharp increases in the U.S. for the first half of the year. According to SonicWall’s 2020 Cyber Threat Report ransomware attacks are up, particularly in the U.S., where they have more than doubled year-over-year (up 109 percent). Meanwhile, malware targeting IoT devices has risen to 20.2 million, up 50 percent from this time last year.

Garmin outage caused by confirmed WastedLocker ransomware attack

It has been updated to reflect that BleepingComputer now has confirmation from a source familiar with the ongoing investigation that the WastedLocker ransomware hit Garmin’s network. We later updated the story with further information from a Garmin employee. Wearable device maker Garmin shut down some of its connected services and call centers on Thursday following what the company called a worldwide outage, now confirmed to be caused by a WastedLocker ransomware attack.

Round Up of Major Vulnerabilities and Patches

Cisco Network Security Flaw Leaks Sensitive Data

A high-severity vulnerability in Cisco’s network security software could lay bare sensitive data – such as WebVPN configurations and web cookies – to remote, unauthenticated attackers. The flaw exists in the web services interface of Cisco’s Firepower Threat Defense (FTD) software, which is part of its suite of network security and traffic management products; and its Adaptive Security Appliance (ASA) software, the operating system for its family of ASA corporate network security devices.

Twitter hackers read private messages of 36 high-profile accounts

Twitter today admitted that the attackers behind last week’s incident read the private messages of 36 out of a total of 130 high-profile accounts targeted in the attack. Among these, the hackers also accessed the Twitter inbox of Geert Wilders, a Dutch elected official and the leader of the Party for Freedom (PVV). Twitter also said in a blog update that it found no other indications that “any other former or current elected official had their DMs accessed.”