Round Up of Major Breaches and Scams
While the world was in the midst of the COVID-19 pandemic, North Korean hackers were targeting the US defense and aerospace sectors with fake job offers in the hopes of infecting employees looking for better opportunities and gaining a foothold on their organizations’ networks. The attacks began in late March and lasted throughout May 2020, cyber-security firm McAfee said in a report published today.
The Vermont Department of Taxes today disclosed that taxpayers’ private information was exposed because of a security issue affecting its online filing site discovered on July 2, 2020. The data breach affected all Vermonters who electronically filed Property Transfer Tax returns using the tax department’s site. “Verification credentials for electronically filed property transfer tax returns available in public municipal records could be used to access previously submitted tax return information,” the breach notification says.
Major cryptocurrency hardware wallet provider Ledger has alerted customers to a data breach it faced in June and July. In an email on July 29, the company said it was made aware of the breach on July 14 when a researcher participating in its bounty program reached out with details of a potential vulnerability on their website. While they were able to fix the breach immediately, a further investigation by the team found that an authorized third party carried out a similar action on June 25.
Round Up of Major Malware and Ransomware Incidents
Attackers are targeting misconfigured cloud-based docker instances running on Linux distributions with an undetectable strand of malware. Dubbed Doki, the malware strand is part of the Ngrok Cryptominer Botnet campaign, active since at least 2018. What makes Doki particularly interesting is its dynamic behavior regarding how it connects to its command and control (C2) infrastructure. As opposed to relying on a particular domain or set of malicious IPs, Doki uses dynamic DNS services like DynDNS.
Round Up of Major Vulnerabilities and Patches
A lack of rate limiting on repeated password attempts allowed potential attackers to crack the numeric passcode used to secure Zoom private meetings as discovered by Tom Anthony, VP Product at SearchPilot. “Zoom meetings are (were) default protected by a 6 digit numeric password, meaning 1 million maximum passwords,” as Anthony discovered. The vulnerability he spotted in the Zoom web client allowed attackers to guess any meeting’s password by trying all possible combinations until finding the correct one.
A vulnerability in the wpDiscuz plug-in could let attackers remotely execute code on the servers of affected websites. A critical security flaw in wpDiscuz, a WordPress plug-in, could enable cybercriminals to remotely execute malicious code on vulnerable website servers. The bug has a CVSS score of 10.0. wpDiscuz is an Ajax real-time comment system that lets users keep their comments in their database.
Cisco today has released several security updates to address three critical authentication bypass, buffer overflow, and authorization bypass vulnerabilities found to affect Cisco Data Center Network Manager (DCNM) and multiple Cisco SD-WAN software products. The company also issued security updates to fix another eight high and medium severity vulnerability found in to affect several other Cisco DCNM Software versions.