Charming Kitten targets international conferences, Taiwan's UMC to pay $60M for trade secret theft, and more

Originally published at:

Round Up of Major Breaches and Scams

Why the extortion of Vastaamo matters far beyond Finland — and how cyber pros are responding

Even for veterans of cybercriminal investigations, the recent extortion of a psychotherapy practice in Finland has been unusual — and disturbing. Rather than sticking only to the common tactic of trying to shake down a breached organization, the attackers who stole tens of thousands of patient records from Vastaamo also demanded ransoms from individual people. In doing so, the thieves have been leveraging some of the most sensitive medical data imaginable, and making it difficult for victims to respond collectively.

Microsoft Says Iranian Hackers Targeted Attendees of Major Global Policy Conferences

The Iran-linked state-sponsored threat group known as Charming Kitten was observed targeting potential attendees of two major international conferences, Microsoft reports. Also referred to as Phosphorous, APT35, Ajax Security Team, ITG18, NewsBeef, and NewsCaster, the threat actor is believed to have been active since at least 2011, targeting entities in the Middle East, the United States, and the United Kingdom.

Taiwan’s UMC pleads guilty, fined $60 mln in trade secret theft case

Taiwan’s UMC has pleaded guilty to trade secret theft in the United States and will pay a $60 million fine in a case where it was accused of helping a Chinese state-owned chipmaker steal secrets from Micron Technology Inc. The fine is the second-largest ever in a criminal trade secret prosecution, the U.S. Department of Justice (DOJ) said.

Education Sector Facing Disproportionate Level of Spear-Phishing Attacks

Educational institutions are being disproportionately targeted by spear-phishing attacks, according to a new study by Barracuda Networks. The security firm’s latest Threat Spotlight analysis found that in the period from June to September 2020, over 1000 schools, colleges and universities faced more than 3.5 million spear-phishing attacks. More than a quarter of these were business email compromise (BEC) attacks, a method which is over twice as likely to be used against educational institutions compared with an average organization across all sectors.

Social networking app True reveals private messages and user locations

True is a social networking app which promises to ‘protect your privacy’. However, they recently experienced a security lapse which exposed one of their serves, resulting in the leakage of users private data, available on the internet for anyone to see. The data leak happened after one of the app’s dashboards databases was exposed to the internet without a password meaning that anyone was able to read, search or browse the database at will, including users private data which the app swears to protect.

Round Up of Major Malware and Ransomware Incidents

Red Alert as US Hospitals Are Flooded with Ryuk Ransomware

The US government has been forced to issue an alert to healthcare providers of a major new ransomware campaign that may impair their ability to treat COVID-19 patients. The joint alert, issued by the FBI and Cybersecurity and Infrastructure Security Agency (CISA) and the Department of Health and Human Services (HHS), claimed that attackers using the Ryuk variant were targeting the sector with TrickBot malware.

KashmirBlack Botnet Hijacks Thousands of Sites Running On Popular CMS Platforms

An active botnet comprising hundreds of thousands of hijacked systems spread across 30 countries is exploiting “dozens of known vulnerabilities” to target widely-used content management systems (CMS). The “KashmirBlack” campaign, which is believed to have started around November 2019, aims for popular CMS platforms such as WordPress, Joomla!, PrestaShop, Magneto, Drupal, Vbulletin, OsCommerence, OpenCart, and Yeager.

Round Up of Major Vulnerabilities and Patches

Lenovo to slap ThinkShield security standard for laptop line-up on its Motorola mobiles

Motorola will push ThinkShield onto the business end of its smartphone portfolio, as an extension of the security and management programme on Lenovo’s laptop and desktop line. ThinkShield for mobile devices consists of four components, with the first being a “clean OS”. In practice, this means Motorola will avoid loading up devices with unnecessary non-stock software, from additional bloatware to UI overlays. This element feels somewhat redundant given that Motorola has historically shipped devices with a near-untouched Android experience, in stark contrast to rival vendors like Samsung and Huawei.

DoNot’s Firestarter abuses Google Firebase Cloud Messaging to spread

The newly discovered Firestarter malware uses Google Firebase Cloud Messaging to notify its authors of the final payload location. Even if the command and control (C2) is taken down, the DoNot team can still redirect the malware to another C2 using Google infrastructure. The approach in the final payload upload denotes a highly personalized targeting policy.

Critical Oracle WebLogic flaw actively targeted in attacks

Threat actors have started to hunt for servers running Oracle WebLogic instances vulnerable to a critical flaw that allows taking control of the system with little effort and no authentication. The vulnerability leveraged in the attacks is CVE-2020-14882 with a severity rating 9.8 out of 10 that allows compromising systems via a simple HTTP GET request. Oracle fixed the vulnerability in this month’s release of Critical Patch Update (CPU), crediting security researcher Voidfyoo of Chaitin Security Research Lab for finding and reporting it.

Xfinity, McAfee Brands Abused by Parked Domains in Active Campaigns

Parked domains, which act as aliases and redirect to other websites, can send visitors to malicious or unwanted landing pages or turn entirely malicious at any point in time – as evidenced by a recent Emotet campaign, a separate effort abusing Comcast and McAfee brands, and an election-themed attack. Researchers at Palo Alto Networks in an analysis on Thursday noted that domain-parking usually happens in the service of advertising. If someone is searching for “Bread Depot,” the person may end up on Bread instead of the official, because it popped up in the search results.