Round Up of Major Breaches and Scams
The National Cyber Security Centre (NCSC) has issued refreshed guidance for online shopping ahead of this week’s Black Friday. The NCSC said that cyber-criminals are seeking to exploit an increased number of online shopping transactions in the run-up to Christmas and anticipated that consumers may slightly lower their guards during the rush to bag the best deals.
The data of thousands of patients has been exposed following a cyber-attack on Louisiana State University medical centers. LSU Health New Orleans issued a HIPAA breach notification on November 20 after detecting a cyber-intrusion into an employee’s electronic mailbox.
The FBI has issued a warning about a series of spoofed domains that are being used by cybercriminals in an attempt to steal user information. Spoofed domains typically look like real domains, only that malicious actors turn to a very simple trick: they change one letter, the Internet domain, or add more words that make sense for each target, all in an attempt to trick users into thinking they’re loading the legitimate site.
Round Up of Major Malware and Ransomware Incidents
The U.S. Federal Bureau of Investigation (FBI) issued a flash alert (MU-000140-MW) to warn private industry partners of an increase of the Ragnar Locker ransomware activity following a confirmed attack from April 2020.
A new cybercrime gang has been seen taking over vulnerable WordPress sites to install hidden e-commerce stores with the purpose of hijacking the original site’s search engine ranking and reputation and promote online scams.
An internet interruption resulting from a ransomware attack on a hosting provider has limited functionality of the Arizona state court system’s webpage for most of this week, according to the vendor and court officials.
Round Up of Major Vulnerabilities and Patches
TikTok has addressed two vulnerabilities that could have allowed attackers to take over accounts with a single click when chained together for users who signed-up via third-party apps. TikTok’s Android app currently has over 1 billion installs according to official Google Play Store stats.
VMware has released a workaround to address a critical zero-day vulnerability, tracked as CVE-2020-4006, that affects multiple VMware Workspace One components. The flaw could be exploited by attackers to execute commands on the host Linux and Windows operating systems using escalated privileges.