Round Up of Major Breaches and Scams
The US Federal Bureau of Investigation (FBI) warned today of hijackers who join Zoom video conferences used for online lessons and business meetings with the end goal of disrupting them or for pulling pranks that could be later shared on social media platforms.
More than 4,000 Google Play apps silently collect a list of all other installed apps in a data grab that allows developers and advertisers to build detailed profiles of users, a recently published research paper found. The apps use an Android-provided programming interface that scans a phone for details about all other apps installed on the phone.
The personal details for more than 4.9 million Georgians, including deceased citizens, has been published on a hacking forum over the weekend, on Saturday. Personal information such as full names, home addresses, dates of birth, ID numbers, and mobile phone numbers were shared online in a 1.04 GB MDB (Microsoft Access database) file.
Threat actors continue to attack the various organization, including the ones that research the COVID-19 virus. Talos observed a fraud and disinformation campaign using that takes advantage of the COVID themes. The website was advertised to sell medical masks and they also advertised as free shipping of the face mask. This website appears to be fraudulent.
Republican Aimee Winder Newton was about five minutes into the virtual event on the Zoom platform when the trouble began as all 130 state delegates on the call were unmuted, said Caroline Bena, a spokeswoman for the campaign. The call was hosted on a Utah GOP account, but hacker disabled administrative control, so the moderators were unable to stop the images when they began flashing on the screen, Bena said in an email message.
A hacker has hijacked tens of YouTube accounts, renamed them to various Microsoft brands, and is currently broadcasting a cryptocurrency Ponzi scam to tens of thousands of users, posing as a message from the company’s former CEO Bill Gates. Victims are tricked into sending a small sum of cryptocurrency to the scammer in order double their earnings but never get any funds in return.
Sophisticated state-supported actors are following cybercriminals in exploiting the coronavirus pandemic and posing an “advanced persistent threat” (APT), French defence technology giant Thales warned Monday. Hades, linked to the APT28 which is believed to be of Russian origin and behind an attack on the US Democrat party in 2016, was the first state-backed group to use the epidemic as bait, Thales’ cyber intelligence service reported.
Round Up of Major Malware and Ransomware Incidents
Sphinx is a modular malware based on the leaked source code of the infamous Zeus banking trojan, the researchers explained. Sphinx’s core capability is to harvest online account credentials for online banking sites (and some other services). When infected users land on a targeted online banking portal, Sphinx dynamically fetches web injections from its command-and-control (C2) server to modify the page that the user sees, so that the information that the user enters into the log-in fields is sent to the cybercriminals.
The source code of a major ransomware strain named Dharma has been put up for sale on two Russian hacker forums over the weekend. The FBI, in a talk at the RSA security conference this year, ranked Dharma the second most lucrative ransomware operation in recent years, having extorted more than $24 million in payments from victims between November 2016 and November 2019. Now, its source code is being sold for a price as low as $2,000 — which has security researchers on edge.
A new phishing campaign has been spotted that pretends to be from a local hospital telling the recipient that they have been exposed to the Coronavirus and that they need to be tested. In a new low, a threat actor is pretending to be from a local hospital telling the recipient that they have been in contact with a colleague, friend, or family member who has tested positive for the COVID-19 virus.
Round Up of Major Vulnerabilities and Patches
Since at least early December 2019, a mysterious hacker group has been taking over DrayTek enterprise routers to eavesdrop on FTP and email traffic inside corporate networks, Chinese security firm Qihoo 360 said today. Researchers detected two different threat actors, each exploiting a different zero-day vulnerability in DrayTek Vigor — load-balancing routers and VPN gateways typically deployed on enterprise networks.
Research into the AVN (Audio, Visual and Navigation) system in the 2017 Lexus NX300 — the same system is also used in other models, including LS and ES series — has revealed security issues with the Bluetooth and vehicular diagnosis functions on the car. According to Keen Security Lab, these flaws could be abused to compromise the AVN and internal CAN network and related electronic control units (ECUs).