Originally published at: https://cloudsek.com/threatintel/manchester-united-football-club-discloses-security-breach-october-mumbai-power-outage-may-be-due-to-a-cyber-attack-threat-actor-selling-list-of-49k-systems-vulnerable-to-fortinet-ssl-vpn-vulnerabil/
Round Up of Major Breaches and Scams
European football club Manchester United disclosed on late Friday a cyber-security incident that impacted its internal systems. The football club said it’s still investigating the incident and couldn’t say if the breach allowed the intruders to access data associated with fans or store customers.
Dutch journalist Daniel Verlaan of RTL Nieuws broke into a secret video conference of EU defence ministers after the Dutch defence minister Ank Bijleveld posted on Twitter an image of the call that accidentally exposed login details. The tech journalist caught the login credential in the image and used it to join the meeting, the photo contained the login address and part of the PIN code.
Online retail operator, Lazada, insisted on Friday it was not responsible for leaking any online shoppers’ data following a report claiming that about 13 million records from Lazada Thailand were being offered for sale on an underground trading forum.
Attackers exploiting an array of Google Services, including Forms, Firebase, Docs and more to boost phishing and BEC campaigns. A spike in recent phishing and business email compromise (BEC) attacks can be traced back to criminals learning how to exploit Google Services, according to research from Armorblox.
Authorities in India believe that a major power outage that occurred in October in Mumbai may have been caused by hackers. On October 13, a major power outage occurred in the metropolitan area of Mumbai causing the partial disruption of the traffic management systems and the paralysis of the rail traffic and also impacted work at the stock exchange.
Round Up of Major Malware and Ransomware Incidents
South Korean fashion and retail conglomerate E-Land Group said it has suspended operations at nearly half of its stores in the country due to a ransomware attack. The group said its corporate network system was attacked by ransomware early in the morning. Such a malware attack has forced 23 of its 50 branches of NC Department Store and NewCore Outlet to halt their operations, E-Land added.
The Qbot banking trojan has dropped the ProLock ransomware in favour of the Egregor ransomware who burst into activity in September. Qbot, otherwise known as QakBot or QuakBot, is Windows malware that steals bank credentials, Windows domain credentials, and provides remote access to threat actors who install ransomware.
Romanian police forces have arrested this week two individuals suspected of running two malware crypter services called CyberSeal and DataProtector, and a malware testing service called CyberScan.
Round Up of Major Vulnerabilities and Patches
CloudSEK Threat Intel has detected a threat actor selling a list of 49,577 systems on that are vulnerable to CVE-2018-13379, which is a Fortinet SSL VPN path traversal vulnerability. CVE-2018-13379 allows unauthenticated attackers to download FortiOS system files by means of specially crafted HTTP request. Vulnerability exists only if SSL VPN service (web mode/tunnel mode) is enabled.
VMware has released patches for two serious ESXi vulnerabilities that were disclosed during the 2020 Tianfu Cup International PWN Contest. The Tianfu Cup is the most important hacking contest held in China, the total bonus of the contest this year was up to 1 million US dollars.