Categories
APT Breach Bug Cyber Security Data leak Espionage Hacking Phishing RaaS Ransomware Scam Vulnerability Zero-day

US officials say TikTok users voluntarily gave data to China, Azure app abused in phishing campaign, and more

Major cybersecurity events on 13th August 2020 (Morning Post): Verified Twitter account masquerades as WHO official, spreads racist remarks and misinformation. ReVoLTE vulnerability allows actors to eavesdrop on conversations. Offensive espionage campaign attributed to North Korean ‘Dream Job’.

Round Up of Major Breaches and Scams

TikTok users ‘voluntarily’ giving their data to China, Justice official says

U.S. officials have repeatedly expressed concern that China could use the 2014 and 2015 hacks of the Office of Personnel Management and health care insurer Anthem to build data profiles on Americans for intelligence recruitment (allegations Beijing denies). But TikTok, the popular video-sharing application, is a different type of data collection opportunity for China because Americans are willingly handing the information over, a senior Department of Justice official alleged Wednesday.

Google App Engine, Azure App Service Abused in Phishing Campaign

A phishing campaign abused both the Google App Engine and the Azure App Service to steal victims’ Microsoft Outlook credentials. Netskope observed that the attack campaign started with a shortened link “https://bitly[.]com/33nMLkZ” distributed by a phishing email. This link redirected a recipient of the email to a Google App Engine domain https://o365apps[.]oa.r.appspot.com. A Google Cloud Platform (GCP) service used for developing and hosting web applications, Google App Engine enables customers to direct SSL-protected traffic through their appspot.com domain.

Revealed: 1,400 data breaches at HSE included patient photos and medical files

The HSE has suffered almost 1,400 separate data breaches over the past two years involving photographing of patients, infection status being disclosed to other family members, and the discovery of confidential medical files in public places. The number of breaches showed a sharp rise between 2018, when 556 incidents were recorded, and last year when there were 833.

Round Up of Major Malware and Ransomware Incidents

Operation ‘Dream Job’ Widespread North Korean Espionage Campaign

During June-August of 2020, ClearSky’s analysis team had investigated an offensive campaign attributed with high probability to North Korea, which we call “Dream Job”. This campaign has been active since the beginning of the year and it succeeded, in our assessment, to infect several dozens of companies and organizations in Israel and globally. Its main targets include defense, governmental companies, and specific employees of those companies.

Dharma ransomware created a hacking toolkit to make cybercrime easy

The Dharma Ransomware-as-a-Service (RaaS) operation makes it easy for a wannabe cyber-criminal to get into the ransomware business by offering a toolkit that does almost everything for them. A RaaS operation is a cybercrime model where the developers are in charge of managing the ransomware development and ransom payment system. At the same time, affiliates are responsible for compromising victims and deploying the ransomware.

Round Up of Major Vulnerabilities and Patches

A Vulnerability in Zoho ManageEngine ADSelfService Plus Could Allow for Remote Code Execution

A vulnerability has been discovered in Zoho ManageEngine ADSelfService Plus, which could allow for remote code execution. ManageEngine ADSelfService Plus is an integrated Active Directory self-service password management and single sign on solution by ZOHO Corporation. Successful exploitation of this vulnerability may allow an unauthenticated attacker to remotely execute commands with system level privileges on target windows host.

Windows, IE11 zero-day vulnerabilities chained in targeted attack

An advanced threat actor exploited one of the two zero-day vulnerabilities that Microsoft patched on Tuesday in a targeted attack earlier this year. The adversary chained two flaws in Windows, both unknown at the time of the attack, in an attempt to achieve remote code execution and increase their privileges on a compromised machine. The malicious endeavor occurred in May and targeted a South Korean company. Researchers from Kaspersky believe that this may be a DarkHotel operation, a hacker group likely operating in one form or another for more than a decade.

Apple releases new software updates for iPhones, iPads, and Macs

Apple has released software updates for three of its operating systems: iOS for iPhones and iPods, iPadOS for iPads, and macOS for Macs. The updates are small and focus on bug fixes rather than adding new features. The updates are labeled iOS 13.6.1, iPadOS 13.6.1, and macOS 10.15.6 Supplemental Update. Typically, iOS or iPadOS updates that have two decimal points are bug-fix updates, and releases that bring new features have just one decimal point.

Re­VoL­TE attack can decrypt 4G (LTE) calls to eavesdrop on conversations

A team of academics has detailed this week a vulnerability in the Voice over LTE (VoLTE) protocol that can be used to break the encryption on 4G voice calls. Named ReVoLTE, researchers say this attack is possible because mobile operators often use the same encryption key to secure multiple 4G voice calls that take place via the same base station (mobile cell tower).

Someone duped Twitter verification to spread racist disinformation on US coronavirus vaccine

A verified Twitter account impersonating a top World Health Organization official recently alleged that the Trump administration was going to test a coronavirus vaccine on Black Americans without their knowledge or informed consent. The disinformation scheme originated in May with an account masquerading as Dr. Jaouad Mahjour, assistant director-general of the World Health Organization (WHO), in the latest example of attackers trying to inflame existing tension in the U.S. over issues like vaccines and racism.