iCloud outage causes account activation failure, GoDaddy apologizes for insensitive phishing email, and more

Originally published at: iCloud outage causes account activation failure, GoDaddy apologizes for insensitive phishing email, and more - CloudSEK Cyber Bulletin

Round Up of Major Breaches and Scams

Apple iCloud Outage Caused Setup Issues and Account Activation Failures

Seemingly, due to the ongoing COVID-19 pandemic, the year’s wrap and the holiday season is busier than usual for Apple, which delayed the release of its newest iPhone 12 series by a month. While explaining the issue in-depth, BeatCrazy further told, “I’m able to start the pairing process using my iPhone, sign into their Apple IDs with their passwords, but I keep getting hung when Apple wants me to enter the passcode of another device.”

Data breach discovered in Jerusalem Municipality website

A breach granting access to documents containing the personal information of hundreds of thousands of residents was found and repaired in the Jerusalem Municipality’s website, the tech website Geektime reported on Wednesday. The breach was discovered by Hezkiyahu Raful, a programmer, while he was trying to help his uncle file an appeal to a parking ticket. When they attempted to look at photos taken by the municipal inspector who issued the ticket, there was no download button, so Raful pressed F12 to show the source code of the page.

GoDaddy apologized for insensitive phishing email sent to its employees offering a fake bonus

GoDaddy made the headlines for an initiative that is dividing cybersecurity community, it sent phishing messages offering bonuses to its employees. GoDaddy sent an email to its employee that promised a Christmas bonus to help them to face economic problems caused by the ongoing COVID-19 pandemic. The web provider apologized Thursday for the cyber security test aimed at verifying the response of its personnel to a phishing campaign.

Misconfigured AWS Bucket Exposes Hundreds of Social Influencers

A misconfigured cloud storage bucket has exposed the personal details of hundreds of social media influencers, potentially putting them at risk of fraud and harassment, according to researchers. A team at vpnMentor discovered the AWS S3 bucket wide open with no encryption or password protection, back in early November. Action has apparently yet to be taken by the company responsible, Barcelona-based “social commerce” company 21 Buttons.

NetGalley discloses data breach after website was hacked

The NetGalley book promotion site has suffered a data breach that allowed threat actors to access a database with members’ personal information. NetGalley is a website that allows authors and publishers to promote digital review copies of their books (galleys) to book advocates, influential readers, and industry professionals in the hopes that they will recommend the books to their audience. On Monday, December 21st, NetGalley’s website was hacked and defaced. After further investigations, it was determined that the threat actors also accessed a backup for the site’s database containing members’ data.

Round Up of Major Malware and Ransomware Incidents

Kaspersky Lab and Yandex have detected malicious browser extensions

Kaspersky Lab and Yandex experts have identified potentially malicious code that pulls more than twenty browser extensions, including Frigate Light, Frigate CDN and SaveFrom. Through extensions, cybercriminals could, unnoticed by the user, gain access to his VKontakte account, and increase video views on various sites. Extensions received tasks from their own server, generated fraud traffic by playing videos in hidden tabs, and intercepted a token for access to the social network.

The Emotet botnet is back and hits 100K recipients per day

Emotet is back on Christmas Eve, cybercrime operators are sending out spam messages to deliver the infamous Trickbot Trojan. Emotet is back on Christmas Eve, after two months of silence, cybercrime operators are sending out spam messages to deliver the infamous Trickbot Trojan. The recent Emotet campaign uses updated payloads and is targeting over 100,000 recipients per day.

REvil gang threatens to release intimate pictures of celebs who are customers of The Hospital Group

REvil ransomware gang, aka Sodinokibi, hacked The Hospital Group and threatens to release before-and-after pictures of celebrity clients. The Hospital Group has 11 clinics and has a celebrity clientele, but it made the headlines because the REvil ransomware gang, aka Sodinokibi, claims to have hacked its systems and threatens to release before-and-after pictures of celebrity clients. Its clinics specializing in bariatric weight loss surgery, breast enlargements, nipple corrections, and nose adjustments.

Fake Amazon gift card emails deliver the Dridex malware

The Dridex malware gang is delivering a nasty gift for the holidays using a spam campaign pretending to be Amazon Gift Cards. Dridex is a modular banking trojan that can perform various malicious activities, including stealing login information, logging keystrokes, taking screenshots, and downloading and installing further malware. Dridex is particularly dangerous because it is known to give the DoppelPaymer and BitPaymer threat actors access to compromised networks to deploy their ransomware.

North Korea-linked Lazarus APT targets the COVID-19 research

The North Korea-linked Lazarus APT group has recently launched cyberattacks against at least two organizations involved in COVID-19 research. The North Korea-linked APT group Lazarus has recently launched cyberattacks against two entities involved in COVID-19 research. The activity of the Lazarus APT group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks. This threat actor has been active since at least 2009, possibly as early as 2007, and it was involved in both cyber espionage campaigns and sabotage activities aimed to destroy data and disrupt systems.

Round Up of Major Vulnerabilities and Patches

Windows Zero-Day Still Circulating After Faulty Fix

The LPE bug could allow an attacker to install programs; view, change, or delete data; or create new accounts with full user rights. A high-severity Windows zero-day that could lead to complete desktop takeover remains dangerous after a “fix” from Microsoft failed to adequately patch it. The local privilege-escalation bug in Windows 8.1 and Windows 10 (CVE-2020-0986) exists in the Print Spooler API. It could allow a local attacker to elevate privileges and execute code in the context of the current user, according to Microsoft’s advisory issued in June.

Google reveals unpatched 0day vulnerability in Microsoft’s API

Apparently, Microsoft released a patch to fix the vulnerability in June but it did not work the way it was supposed to and remains unpatched to date. While we expect large companies to effectively deal with bugs and patch them in time, sometimes they too can disappoint especially in Microsoft’s case which is something not surprising. In the latest, it has been found that Google has publicly released the details of a zero-day vulnerability that Microsoft did not patch in time.

1 Like