Categories
APT Breach Bug CVE Cyber Security Data leak Hacking Malware Misinformation Phishing Ransomware Ryuk Scam Smishing Vulnerability

Trump campaign leaks voter data amidst legal battle, Luxottica data breach exposes LensCrafters, EyeMed data, and more

Major cybersecurity events on 9th November 2020 (Morning Post): HMRC smishing tax rebate scam employs phishing domains and tactics to target UK banking customers. Mayo Clinic sued over data breach of patients’ medical records. Hackers demand $11 million in Bitcoin from gaming giant CAPCOM.

Round Up of Major Breaches and Scams

Trump lawsuit site to report rejected votes leaked voter data

No one could have ever foreseen this happening because nobody ever knew how difficult web site security could be. The DontTouchTheGreenButton.com website just launched by the Trump campaign in relation to the recently filed Arizona “rejected votes” lawsuit was discovered to be leaking voter data. The data included the voter name, address, and a unique identifier. However, reports have surfaced of users alleging the website has SQL Injection flaws that make it possible to collect a voter’s SSN and date of birth.

HMRC smishing tax scam targets UK banking customers

An advanced HM Revenue and Customs (HMRC) tax rebate scam is targeting UK residents this week via text messages (SMS). The smishing campaign is concerning as it employs multiple HMRC phishing domains and tactics, with new domains added every day as older ones get flagged by spam filters. Not only do the phishing pages mimic HMRC’s web interface meticulously, but they also have entire online banking workflows built into them, depending on who your banking provider is.

Office 365 will let admins review Microsoft Forms phishing attempts

Microsoft is working on adding a new Microsoft Forms phishing attempt review feature that will allow Office 365 admins to confirm and block forms that try to maliciously harvest sensitive data. Microsoft Forms is a web and mobile app that enables users to create surveys, quizzes, and polls designed for collecting feedback and data online. Previously it was only available to business users with Microsoft 365 Personal and Microsoft 365 Family, but it has recently been made available for personal use to anyone with a Microsoft account.

Luxottica data breach exposes info of LensCrafters and EyeMed patients

A data breach suffered by Luxottica has exposed the personal and health information of patients of LensCrafters, Target Optical, and EyeMed. Luxottica Group S.p.A. is an Italian eyewear conglomerate and the world’s largest company in the eyewear industry. As a vertically integrated company, Luxottica designs, manufactures, distributes and retails its eyewear brands, including LensCrafters, Sunglass Hut, Apex by Sunglass Hut, Pearle Vision, Target Optical, Eyemed vision care plan, and Glasses.com. Its best known brands are Ray-Ban, Persol, and Oakley.

Crypto Scam Exposed! U.S and Brazil Disrupt Cyber enabled Online Fraud

Law enforcement authorities from the U.S. and Brazil seized $24 million in cryptocurrency that was procured via online fraud. According to the Department of Justice (DoJ), federal authorities from both the countries participated in “Operation Egypto,” a Brazilian ongoing federal investigation into the suspected fraud scam. Brazilian authorities estimate that attackers have obtained more than $200 million through this scheme, defrauding tens of thousands of Brazilians.

Half of Financial Service Organizations Suffered a Cyberattack Last Year

A new research, “Cybersecurity Challenges in Financial Services,” from data security provider HelpSystems revealed that 65% of major financial services organizations have suffered a cyberattack in the last 12 months. The research, which surveyed 250 CISOs and CIOs globally, highlighted the impact of COVID-19 on the cybersecurity of financial services firms. Nearly, 45% of respondents reported an increase in cyberattacks since the pandemic began. While securing the remote workforce has become a primary objective for 42% of organizations, 47% of firms have already invested in security collaboration tools.

Mayo Clinic faces lawsuit in breach of patients’ health records

Not surprisingly, Mayo Clinic is facing a lawsuit over an insider-wrongdoing (snooping) breach that was disclosed last month. Jim Spencer reports: Patients whose medical records were improperly accessed by a former Mayo Clinic employee are attempting to mount a class-action lawsuit against the health care provider for failing to protect their sensitive personal data. The lead plaintiff, Olga Ryabchuk, was one of more than 1,600 patients, including more than 1,000 from Minnesota, who had their medical records examined by a former Mayo health care worker who had no right to look at them.

Round Up of Major Malware and Ransomware Incidents

Hackers Asked Gaming Giant CAPCOM to Pay an $11 Million in Bitcoin Ransom

Ransomware hackers reportedly breached the servers of gaming giant CAPCOM. The hackers have come out to request 11 million in Bitcoin from the Resident Evil creator or risk losing their data to the public. The ransomware attack affected access to certain systems such as file and email servers, as it encrypted 1TB of sensitive data. The Japanese video game publishers and developer has developed several multi-million selling game franchise, including Darkstalkers Street Fighter, and Resident Evil.

How Ryuk Ransomware operators made $34 million from one victim

One hacker group that is targeting high-revenue companies with Ryuk ransomware received $34 million from one victim in exchange for the decryption key that unlocked their computers. The threat actor is highly proficient at moving laterally inside a compromised network and erasing as much of their tracks as possible before detonating Ryuk ransomware. Referred to as group “one,” as per the identification received from Trickbot botnet that facilitates the network intrusions for Ryuk file-encrypting malware, this threat actor is unscrupulous when it comes to targets.

RansomExx ransomware now targets also Linux systems

The RansomExx Ransomware gang is expanding its operations by creating a new version that is able to infect Linux machines. RansomExx ransomware operators are expanding their operations by developing a Linux version of their malware. Kaspersky researchers have analyzed the Linux version of the RansomExx ransomware, also tracked as Defray777. This week the RansomExx ransomware has been involved in the attacks against Brazil’s Superior Court of Justice.

Sodinokibi/REvil ransomware gang pwns British housing biz via suspected phishing attack

A social housing provider in Norwich, England, has said it was hit with the Sodinokibi ransomware following what it assumes was a successful phishing attack. Flagship Group revealed last night that its systems were compromised by a “cyberattack” on Sunday, 1 November. “Whilst the investigation is still going on we can confirm that the incident was caused by ransomware, known as Sodinokibi, via a suspected phishing attack,” said Flagship in a statement on its partially pwned website.

Round Up of Major Vulnerabilities and Patches

Hackers Use RMS and Teamviewer To Attack Industrial Enterprises

Experts believe that the hackers have been found using fakes of legal documents that work as an instructional manual for industrial enterprises in recent attacks. The records, experts believe, were hacked in the earlier threats that hackers use to target industries. In a recent threat, hackers targeted various industries in Russia, and their primary target was the energy sector. Besides this, the hackers attacked logistics, mining, construction, engineering, metal industry, manufacturing, and oil sectors.

Ransomware operators target CVE-2020-14882 WebLogic flaw

At least one ransomware operator appears to have exploited the recently patched CVE-2020-14882 vulnerability affecting Oracle WebLogic. At least one ransomware operator appears is exploiting the recently patched CVE-2020-14882 vulnerability in Oracle WebLogic. At the end of October, threat actors have started scanning the Internet for servers running vulnerable installs of Oracle WebLogic in the attempt of exploiting the CVE-2020-14882 flaw.