Categories
APT Breach Bug Cyber Security Data leak Hacking Malware Phishing Ransomware Scam Trojan Vulnerability

Ukrainian jailed for stealing $10M from Microsoft, Cadbury scammers trick social media users, and more

Major cybersecurity events on 10th November 2020 (Evening Post): Prestige reservation platform’s S3 bucket exposes millions of hotel guests. Cyber criminals scam bank customers pretending to be from bank security. Tetrade hackers target 112 financial apps with Ghimob banking Trojan.

Round Up of Major Breaches and Scams

Ukrainian Gets 9 Years in Prison for Trying to Steal $10M from Microsoft

A Ukrainian citizen received a nine-year prison sentence for a scheme in which he tried to steal $10 million from Microsoft. On November 9, the U.S. District Court in Seattle handed down the sentence to Volodymyr Kvashuk, 26, a Ukrainian citizen who was residing in Renton, Washington. According to court documents, Kvashuk used to work at Microsoft as a software engineer. He was responsible at one point in time for testing the tech giant’s online retail sales platform.

Zoom Settles with FTC After Charges it Misled Customers

The Federal Trade Commission (FTC) has announced a settlement with Zoom after arguing that the video conferencing firm gave users a false sense of security by misleading them on key encryption and other features. The original FTC complaint alleged that, since 2016, Zoom had falsely claimed it offered “end-to-end 256-bit encryption” when in fact it offered a lower level of encryption and kept hold of a cryptographic key, theoretically allowing it to access or provide access to customer meetings.

Cadbury Social Media Scammers Take Chocoholics for a Ride

A fake Facebook Group is using the lure of a free hamper of Cadbury chocolate to trick social media users into divulging their personal and financial details, it has emerged. Spotted by think tank Parliament Street, the campaign is based around “Cadbury Rewards,” which has been set up with official logos to spoof a legitimate group on the social media site. Various posts from the group claim that the chocolate-maker, now owned by multinational Mondelēz, is sending a hamper to everyone who replies before midnight, as part of a celebration of its 126 years in business.

Prestige reservation platform exposes millions of hotel guests

Millions of hotel guests worldwide were impacted by a data leak caused by a misconfigured S3 bucket used by Prestige Software’s Cloud Hospitality. Researchers at Website Planet discovered a misconfigured S3 bucket used by the Prestige Software’s Cloud Hospitality that exposed millions of hotel guests worldwide. The reservation system Prestige Software’s “Cloud Hospitality” allows operators at hotels to integrate their reservation systems with online booking websites like Booking.com.

Cyber criminals scam bank customers pretending to be from bank security

Attackers call a potential victim and offer to install an app on their phone that “reliably protects money from theft.” And then, with the help of this app, they steal the money from the card or get a loan on behalf of the victim. According to Sergey Sherstobitov, head of the Angara information security integrator, fraud is committed using a malicious program that can intercept passwords when they are activated in banking applications. Then, with their help, the attackers can easily transfer funds to another account.

Round Up of Major Malware and Ransomware Incidents

Malicious Use of SSL Increases as Attackers Deploy Hidden Attacks

There has been a 260% increase in the use of encrypted traffic to “hide” attacks. New research by Zscaler, analyzing 6.6 billion security threats, has discovered a 260% increase in attacks during the first nine months of 2020. Among the encrypted attacks was an increase of the amount of ransomware by 500%, with the most prominent variants being FileCrypt/FileCoder, followed by Sodinokibi, Maze and Ryuk.

New worming botnet Gitpaste-12 infecting IoT devices, Linux servers

Gitpaste-12 uses GitHub and Pastebin for framing the component code and has 12 different attack modules. Juniper Threat Labs has discovered a new worming botnet boasting of multiple ways of spreading itself and infecting IoT devices and Linux servers. Researchers believe that this hacking campaign may have multiple stages. The malware is dubbed Gitpaste-12 because it uses GitHub and Pastebin for framing the component code and has 12 different attack modules.

Tetrade hackers target 112 financial apps with Ghimob banking Trojan

Researchers from Kaspersky Lab spotted a new Android banking Trojan, dubbed Ghimob, that is able to steal data from 112 financial Apps Ghimob is a new Android banking Trojan discovered by Kaspersky that is able to steal data from 112 financial apps. In July, cybersecurity researchers from Kaspersky Lab have detailed four different families of Brazilian banking trojans, tracked as Tetrade, that have targeted financial institutions in Brazil, Latin America, and Europe.

Ransomware operators use fake Microsoft Teams updates to deploy Cobalt Strike

Ransomware operators use fake Microsoft Teams updates to deploy Cobalt Strike and compromise the target networks. Ransomware operators are using malicious fake Microsoft Teams updates to deliver backdoors that lead the installation of the Cobalt Strike post-exploitation tool and compromise the target network. The ongoing COVID-19 pandemic is forcing a growing number of organizations and businesses in using videoconferencing solutions, and threat actors are attempting to exploit this scenario.

Round Up of Major Vulnerabilities and Patches

Chrome to block tab-nabbing attacks

Google will deploy a new security feature in Chrome next year to prevent tab-nabbing, a type of web attack that allows newly opened tabs to hijack the original tab from where they were opened. The new feature is scheduled to go live with Chrome 88, to be released in January 2021. While the term “tab-nabbing” refers to a broad class of tab hijacking attacks [see OWASP, Wikipedia], Google is addressing a particular scenario.