Originally published at: https://cloudsek.com/threatintel/indian-job-portal-iimjobs-hacked-database-leaked-online-malicious-npm-packages-used-to-install-njrat-remote-access-trojan-and-more/

Round Up of Major Breaches and Scams

Indian job portal IIMJobs hacked; database leaked online

Another day, another Indian job site targeted by hackers. This time, the database of Indian job board IIMJobs was leaked on a prominent hacking forum after the website suffered a data breach. The database was leaked on November 23rd, 2020 containing up to 46GB of data belonging to jobseekers and recruiters registered with IIMJobs.

Hackers breach Israeli insurance company, steal client data

In a joint statement Tuesday, the Capital Markets Authority and the Israel National Cyber Directorate confirmed that there had been a cyberattack on the Shirbit insurance company and that information had been leaked in the breach.

French pharmaceuticals distribution platform Apodis Pharma leaking 1.7+ TB of confidential data

The CyberNews investigation team discovered an unsecured, publicly accessible Kibana dashboard of an ElasticSearch database containing confidential data belonging to French pharmaceuticals distribution platform Apodis Pharma, leaking 1.7+ TB of confidential data.

Round Up of Major Malware and Ransomware Incidents

Malicious NPM packages used to install njRAT remote access trojan

New malicious NPM packages have been discovered that install the njRAT remote access trojan that allows hackers to gain control over a computer. NPM is a JavaScript package manager that allows developers and users to download packages and integrate them into their projects.

Misconfigured Docker Servers Under Attack by Xanthe Malware

Researchers have discovered a Monero cryptomining botnet they call Xanthe, which has been exploiting incorrectly configured Docker API installations in order to infect Linux systems.

Round Up of Major Vulnerabilities and Patches

Flaws in Rockwell Automation Product Expose Engineering Workstations to Attacks

Vulnerabilities discovered by researchers in Rockwell Automation’s FactoryTalk Linx product can allow attackers to compromise engineering workstations in industrial environments.

DarkIRC botnet is targeting the critical Oracle WebLogic CVE-2020-14882

The critical remote code execution (RCE) vulnerability CVE-2020-14882 in Oracle WebLogic is actively exploited by operators behind the DarkIRC botnet. The CVE-2020-14882 can be exploited by unauthenticated attackers to take over the system by sending a simple HTTP GET request.

Google Hacker Details Zero-Click ‘Wormable’ Wi-Fi Exploit to Hack iPhones

Google Project Zero whitehat hacker Ian Beer on Tuesday disclosed details of a now-patched critical “wormable” iOS bug that could have made it possible for a remote attacker to gain complete control of any device in the vicinity over Wi-Fi.

Android Messenger App Still Leaking Photos, Videos

The GO SMS Pro Android app has published two new versions on Google Play since a major security weakness was disclosed in November but neither fixes the original issue, leaving 100 million users at risk for privacy violations, researchers said. Meanwhile, a raft of exploitation tools has been released in the wild for the bug.