Round Up of Major Breaches and Scams
The US Department of Justice has seized two domain names used to impersonate the official websites of biotechnology companies Moderna and Regeneron involved in the development of COVID-19 vaccines. While almost perfectly cloning the contents of the real sites, the website seized by the federal government were instead used for various malicious purposes including running scams, infecting visitors with malware, and collecting sensitive info in phishing attacks.
Microsoft revealed that a second hacking group had deployed malicious code that affects software made by SolarWinds, the federal contractor at the center of a suspected Russian espionage campaign against multiple U.S. government agencies. “[T]he investigation of the whole SolarWinds compromise led to the discovery of an additional malware that also affects the SolarWinds Orion product but has been determined to be likely unrelated to this compromise and used by a different threat actor,” a Microsoft research team said in a blog post on Friday.
Customer data from a June attack against cryptocurrency wallet firm Ledger is now public and actively being used in attacks. On Monday a hacker dumped sensitive data stolen earlier this year from the Ledger cryptocurrency wallet’s website. The data was put up for grabs on sites frequented by criminals. And in a twist that surprised no one, the data is now actively being exploited in phishing campaigns.
VMware is the latest company to confirm that it had its systems breached in the recent SolarWinds attacks but denied further exploitation attempts. The company said that the hackers did not make any efforts to further exploiting their access after deploying the backdoor now tracked as Sunburst or Solarigate. “[W]hile we have identified limited instances of the vulnerable SolarWinds Orion software in our own internal environment, our own internal investigation has not revealed any indication of exploitation,” the company said in a statement.
Round Up of Major Malware and Ransomware Incidents
Hackers suspected to work for the governments of Saudi Arabia and the United Arab Emirates breached 36 devices belonging to Al Jazeera journalists in recent months by using a zero-click iPhone exploit and NSO Group spyware, according to new Citizen Lab research published Sunday. The suspected government hackers behind the operations had a particularly pernicious tactic for accessing their targets — an iPhone iMessage that requires zero interaction from the target to work, according to the researchers.
The past few days have not been great ones for k-12 districts. As this site reported, DoppelPaymer ransomware threat actors recently dumped data from both Pascagoula-Gautier School District in Mississippi and Gardiner Public Schools in Montana. Now a third school district has also had some of their data dumped. On December 14, this site had noted a report that Weslaco ISD in Texas had been the victim of a cyberattack.
Round Up of Major Vulnerabilities and Patches
The bugs rate 10 out of 10 on the vulnerability-severity scale, thanks to the ease of exploitation. Dell has patched two critical security vulnerabilities in its Dell Wyse Thin Client Devices, which are small form-factor computers optimized for connecting to a remote desktop. The bugs allow arbitrary code execution and the ability to access files and credentials, researchers said. Thin clients contain none of the typical processing power or intelligence on board that normal PCs would have; instead, they act as less-smart terminals that connect to applications hosted on a remote computer.