Round Up of Major Breaches and Scams
Dubbed Vollgar, the campaign managed to infect roughly three thousand database machines daily, with victims in sectors such as healthcare, aviation, IT and telecommunications, and higher education. Over the past two years, the attacks remained consistently thorough, well-planned and noisy. Attacks originated from more than 120 IP addresses, most of them in China.
Those emails include business email compromise scams, phishing, malware, and spam email campaigns. At the end of last week, Proofpoint said it had seen over 500,000 messages, 300,000 malicious URLs, 200,000 malicious attachments with coronavirus themes across more than 140 campaigns, with numbers continuing to increase.
According to data from BrandShield, the number of domains containing the word ‘Zoom’ hugely increased during March. As many as 2,200 new ‘Zoom’ domains were registered in March alone, taking the total to over 3,300. Researchers note that almost a third of these new websites are attached to an email server, which points towards the possibility that they’re being used in phishing attacks to harvest login credentials from unwary users.
The phishing emails delivered by the operators behind this series of attacks use the old trick of reversing some of the text elements in the source code and rendering forward within the email displayed to the target, with a twist: this time it involves using Cascading Style Sheets (CSS).
Facebook says it removed more than 300 accounts, pages and groups last month after catching operators misrepresenting themselves in a number of ways. The social media company on Thursday announced it removed 180 Facebook accounts, 170 Instagram accounts, 160 groups and one page for violating company policies around coordinated inauthentic behaviour.
Round Up of Major Malware and Ransomware Incidents
The Bitdefender cybersecurity investigative team has uncovered a new Android spying operation specifically targeting Australian users. The company found “Mandrake” earlier this year and believe the highly sophisticated spying platform has been active for at least four years. Bitdefender said it has seen a rapid spread of attacks in Australia over the last two years, due in large part to Australia’s high mobile banking usage, which sees the country targeted by more banking trojans than any other developed country in the world.
A newly discovered piece of malware is taking advantage of the current COVID-19 pandemic to render computers unusable by overwriting the MBR (master boot record). Cybercriminals were quick to exploit the coronavirus crisis for their malicious attacks, including phishing, malware infections, and the likes, and it did not take long for state-sponsored threat actors to join the fray.
Researchers have observed a new skimmer from the prolific Magecart Group that has been actively harvesting payment-card data from 19 different victim websites, mainly belonging to small- and medium-sized businesses (SMBs), for several months.
With school closed due to the Coronavirus pandemic, some kids are creating malware to keep themselves occupied. Such is the case with a variety of new MBRLocker variants being released, including one with a Coronavirus theme. MBRLockers are programs that replace the ‘master boot record’ of a computer so that it prevents the operating system from starting and displays a ransom note or other message instead.
Round Up of Major Vulnerabilities and Patches
Security researchers discovered recently that the Zoom video conferencing app is affected by vulnerabilities that can be exploited to spy on users, escalate privileges on the system, and capture Windows credentials. The company says it’s working on patching these flaws. Several experts have shown how a UNC path injection issue can be exploited by hackers to steal a user’s credentials.
Key Ring, creator of a digital wallet app used by 14 million people across North America, has exposed 44 million IDs, charge cards, loyalty cards, gift cards and membership cards to the open internet, researchers say. The Key Ring app allows users to upload scans and photos of various physical cards into a digital folder on a user’s phone. While Key Ring is primarily designed for storing membership cards for loyalty programs, users also store more sensitive cards on the app.
Vulnerabilities patched earlier this year in Firefox and Internet Explorer have been exploited by an advanced persistent threat (APT) actor in attacks aimed at China and Japan. The Firefox vulnerability is CVE-2019-17026, which Mozilla patched in early January, and the Internet Explorer flaw is CVE-2020-0674, which Microsoft patched in February with its monthly security updates. Both vulnerabilities were exploited in attacks before patches were released.
Social networking giant Twitter disclosed today a bug on its platform that impacted users who accessed their platform using Firefox browsers. According to Twitter, its platform stored private files inside the Firefox browser’s cache — a folder where websites store information and files temporarily.
Owners of WordPress sites who use the Contact Form 7 Datepicker plugin are urged to remove or deactivate it to prevent attackers from creating rogue admins or taking over admin sessions after exploiting an authenticated stored cross-site scripting (XSS) vulnerability.
A security researcher has discovered over 25 different potential vulnerabilities in Windows, including some that could lead to elevation of privileges. The bugs impact the user interface win32 kernel (win32k) component that has been in the operating system for decades, and affect all versions of Windows, including Windows 10, because Microsoft keeps code backwards compatible.
On Thursday, Google released security patches to stomp out high-severity vulnerabilities in its Chrome browser. Patches for all the bugs Google disclosed in its security advisory roll out over the next few days. Overall, eight security bugs were addressed in Chrome browser version 80.0.3987.162 for Windows, Mac, and Linux.