Minecraft-related apps defraud millions of gamers, The North Face suffers a credential stuffing attack, and more

Originally published at: https://cloudsek.com/threatintel/minecraft-related-apps-defraud-millions-of-gamers-the-north-face-suffers-a-credential-stuffing-attack-and-more/

Round Up of Major Breaches and Scams

Malicious Minecraft-Related Apps Defraud Millions of Gamers

Avast, a provider of digital security and privacy products, disclosed a wave of malicious mobile applications in the Google Play Store targeting mobile gamers. These malicious apps, dubbed as “Fleeceware applications,” lure users with various offerings like new skins, colorful wallpapers, or modifications for the game, but excessively charge users after the free trial. In particular, the attackers target gamers of the popular Minecraft video game.

Hungry for data, ModPipe backdoor hits POS software used in hospitality sector

Backdoor authors show deep knowledge of the targeted POS software, decrypting database passwords from Windows registry values. ESET researchers have discovered ModPipe, a modular backdoor that gives its operators access to sensitive information stored in devices running ORACLE MICROS Restaurant Enterprise Series (RES) 3700 POS – a management software suite used by hundreds of thousands of bars, restaurants, hotels and other hospitality establishments worldwide.

The North Face resets passwords after credential stuffing attack

Outdoor retail giant The North Face has reset the passwords of an undisclosed number of customers following a successful credential stuffing attack that took place last month, on October 9th. Credential stuffing is a type of attack where threat actors make use of large collections of username/password combinations that were leaked in previous security breaches to gain access to user accounts on other online platforms.

Popular stock photo service hit by data breach, 8.3M records for sale

Stock photo site 123RF has suffered a data breach after a hacker began selling a database containing 8.3 million user records on a hacker forum. 123RF is a popular stock photo and vector site that sells royalty-free images, videos, and audio to be used on websites, printed content, and videos. According to SimilarWeb, 123RF receives over 26 million visitors per month. Over the past weekend, a known data breach broker began selling a database containing 8.3 million user records stolen from 123RF.com during a data breach.

YouTube and YouTube TV suffered a two-hour global outage last night

Last night between 7:10pm and 9:13pm Eastern Time, YouTube was unavailable to its users. The outage does not appear to have been limited to any particular market or region. YouTube’s team acknowledged the issue within 10 minutes or so of the spike on DownDetector, and YouTubeTV chimed in an hour later to acknowledge that the unexplained issue brought it down as well.

Round Up of Major Malware and Ransomware Incidents

Australian government warns of possible ransomware attacks on health sector

The Australian government has issued a security alert today urging local health sector organizations to check their cyber-security defenses, and especially their controls for detecting and stopping ransomware attacks. The Australian Cyber Security Center said it “observed increased targeting activity against the Australian Health sector by actors using the SDBBot Remote Access Tool (RAT).” While the ACSC has not provided any details about what the “targeting activity” means, the SDBBot RAT has been almost exclusively distributed by a cybercrime group known as TA505.

Manufacturing Sees Rising Ransomware Threat

Crypto-ransomware groups are increasingly adopting malware and tools that can probe and attack operational technology, such as industrial control systems, according to an assessment of current threats. Ransomware groups are increasingly adopting techniques that could be used to hurt the operations of manufacturing companies, such as incorporating code that looks for and exploits industrial control systems (ICSes) and can spread from IT networks to OT networks, according to ICS security firm Dragos.

Round Up of Major Vulnerabilities and Patches

Bugs in Critical Infrastructure Gear Allow Sophisticated Cyberattacks

Two security vulnerabilities in Schneider Electric’s programmable logic controllers (PLCs) could allow attackers to compromise a PLC and move on to more sophisticated critical infrastructure attacks. PLCs are key pieces of equipment in environments such as electric utilities and factories. They control the physical machinery footprint in factory assembly lines and other industrial environments, and are a key part of operational technology (OT) networks.

Google fixes more Chrome zero-days exploited in the wild

Google has released Chrome 86.0.4240.198 for Windows, Mac, and Linux to address two zero-day vulnerabilities exploited in the wild. Google Chrome 86.0.4240.198 will roll out over the coming days. To upgrade, you have to go to Settings -> Help -> ‘About Google Chrome’ to allow the browser to automatically check for the new update and install it when available. The two security flaws were reported to Google by anonymous researchers, but the company did not provide any information regarding the attacks that abused them or the threat actors behind them.

1 Like