Breach Cyber Security DDoS Malware Ransomware Vulnerability

Twitter removes 32K accounts pushing political agendas, Ransomware hits In Sport, leaks data, and more

Major cybersecurity events on 12th June 2020 (Morning Post): MU Health Care suffers data breach, SSNs compromised. Tor2Mine re-emerges deploying new malware. Hack-for-hire group Dark Basin’s operations, targeting journalists, advocates, government officials, uncovered.

Round Up of Major Breaches and Scams

Twitter bans 32k accounts pushing Chinese, Russian, and Turkish propaganda

Social networking giant Twitter disclosed today three new state-linked information operations that have been taken place on its platform this year. As a result of its investigation, Twitter said it banned and removed 32,242 accounts that were part of networks operated out of China, Russia, and Turkey, all three pushing local political agendas and narratives, and associated with state-sponsored entities.

MU Health Care experienced data breach, some social security numbers compromised

There is no indication patients’ information has been misused, according to MU Health Care. It is providing complementary credit monitoring services to those whose Social Security numbers were compromised, and is implementing additional security measures to its email protocol, the release states.

Dark Basin, a hack-for-hire group that remained under the radar for 7 years

Researchers from Citizen Lab uncovered the operations of a hack-for-hire group tracked as Dark Basin that targeted thousands of journalists, elected and senior government officials, advocacy groups, and hedge funds worldwide over 7 years. Dark Basin is a group of cyber mercenaries that conducted commercial espionage for its customers.

Round Up of Major Malware and Ransomware Incidents

Tor2Mine is up to their old tricks — and adds a few new ones

Cisco Talos has identified a resurgence of activity by Tor2Mine, a cryptocurrency mining group that was likely last active in 2018. Tor2Mine is deploying additional malware to harvest credentials and steal more money, including AZORult, an information-stealing malware; the remote access tool Remcos; the DarkVNC backdoor trojan; and a clipboard cryptocurrency stealer.

Activewear retailer hacked, data now on the dark web

Activewear retailer In Sport had its head office server and computers ransomwared in May, as cyber crime during COVID-19 escalates. In a letter to customers, it revealed the attack was detected on May 16 but it was unknown what files hackers accessed. On discovering the virus, In Sport immediately took its head office system offline.

Round Up of Major Vulnerabilities and Patches

A Bug in Facebook Messenger for Windows Could’ve Helped Malware Gain Persistence

Cybersecurity researchers at Reason Labs today disclosed details of a vulnerability they recently discovered in the Facebook Messenger application for Windows. The vulnerability, which resides in Messenger version 460.16, could allow attackers to leverage the app to potentially execute malicious files already present on a compromised system in an attempt to help malware gain extended access.

Protocol Vulnerability Threatens Mobile Networks

A protocol that allows millions of customers to use their mobile phones for data applications can also allow criminals to launch denial-of-service (DoS), user impersonation, and fraud cyberattacks. And according to a new report, the protocol, GTP, is as much a vulnerability for certain 5G networks as it is for 2G, 3G, and 4G cellular infrastructures.

Flaw in property inventory website exposed thousands of users’ home contents

A vulnerability in the website of Inventory Hive was leaking members’ personal information, including their name and address, along with internal and external property images. The vulnerability offered would-be burglars not only a blueprint to “hundreds of thousands” of users’ homes, but also a readymade ‘shopping list’ of items the properties contained.

Researcher Demonstrates Android App Hacking via Intents

The issue, Trustwave’s Therese Mendoza explains, isn’t widespread, but it does exist and attackers could abuse it to cause Android apps to leak critical information that could then be abused for further compromise. Activities, one of the three primary components of Android apps, are called using Intents, which are messaging objects that applications use to communicate with their different components.