Botnet Breach Bug cryptominers CVE Cyber Security Data leak Malware Scam Vulnerability

Vermont Tax Department exposes taxpayer’s details, Crypto wallet firm Ledger suffers from data breach, and more

Major cybersecurity events on 30th July 2020 (Evening Post): Doki, malware strand part of the Ngrok Cryptominer Botnet campaign, infiltrates Docker cloud instances. Critical plugin flaw affects more than 70,000 WordPress sites. Zoom bug allows actors to crack meeting passwords

Round Up of Major Breaches and Scams

US defense and aerospace sectors targeted in new wave of North Korean attacks

While the world was in the midst of the COVID-19 pandemic, North Korean hackers were targeting the US defense and aerospace sectors with fake job offers in the hopes of infecting employees looking for better opportunities and gaining a foothold on their organizations’ networks. The attacks began in late March and lasted throughout May 2020, cyber-security firm McAfee said in a report published today.

Vermont Tax Department exposed 3 years worth of tax return info

The Vermont Department of Taxes today disclosed that taxpayers’ private information was exposed because of a security issue affecting its online filing site discovered on July 2, 2020. The data breach affected all Vermonters who electronically filed Property Transfer Tax returns using the tax department’s site. “Verification credentials for electronically filed property transfer tax returns available in public municipal records could be used to access previously submitted tax return information,” the breach notification says.

Data Breach at Crypto Wallet Firm Ledger Exposes User’s Personal Info

Major cryptocurrency hardware wallet provider Ledger has alerted customers to a data breach it faced in June and July. In an email on July 29, the company said it was made aware of the breach on July 14 when a researcher participating in its bounty program reached out with details of a potential vulnerability on their website. While they were able to fix the breach immediately, a further investigation by the team found that an authorized third party carried out a similar action on June 25.

Round Up of Major Malware and Ransomware Incidents

Sneaky Doki Linux malware infiltrates Docker cloud instances

Attackers are targeting misconfigured cloud-based docker instances running on Linux distributions with an undetectable strand of malware. Dubbed Doki, the malware strand is part of the Ngrok Cryptominer Botnet campaign, active since at least 2018. What makes Doki particularly interesting is its dynamic behavior regarding how it connects to its command and control (C2) infrastructure. As opposed to relying on a particular domain or set of malicious IPs, Doki uses dynamic DNS services like DynDNS.

Round Up of Major Vulnerabilities and Patches

Zoom bug allowed attackers to crack private meeting passwords

A lack of rate limiting on repeated password attempts allowed potential attackers to crack the numeric passcode used to secure Zoom private meetings as discovered by Tom Anthony, VP Product at SearchPilot. “Zoom meetings are (were) default protected by a 6 digit numeric password, meaning 1 million maximum passwords,” as Anthony discovered. The vulnerability he spotted in the Zoom web client allowed attackers to guess any meeting’s password by trying all possible combinations until finding the correct one.

70,000+ WordPress Sites Affected by Critical Plug-in Flaw

A vulnerability in the wpDiscuz plug-in could let attackers remotely execute code on the servers of affected websites. A critical security flaw in wpDiscuz, a WordPress plug-in, could enable cybercriminals to remotely execute malicious code on vulnerable website servers. The bug has a CVSS score of 10.0. wpDiscuz is an Ajax real-time comment system that lets users keep their comments in their database.

Cisco fixes severe flaws in data center management solution

Cisco today has released several security updates to address three critical authentication bypass, buffer overflow, and authorization bypass vulnerabilities found to affect Cisco Data Center Network Manager (DCNM) and multiple Cisco SD-WAN software products. The company also issued security updates to fix another eight high and medium severity vulnerability found in to affect several other Cisco DCNM Software versions.