Phishing campaign targets 200M 365 accounts, Mercy Health fires employee over insider breach, and more

Originally published at:

Round Up of Major Breaches and Scams

Phishing Campaign Targets 200M Microsoft 365 Accounts

A well-organized email spoofing campaign has been seen targeting financial services, insurance, healthcare, manufacturing, utilities, and telecom. A large-scale phishing campaign is targeting 200 million Microsoft 365 users around the world, particularly within the financial services, healthcare, insurance, manufacturing, utilities, and telecom sectors, Ironscales researchers report.

Mercy Health discloses an insider breach, fires the employee

On October 7, 2020, Mercy learned that on one or more prior occasions, a Mercy employee accessed medical record information that was not needed by the employee for patient care purposes. The information accessed by the employee included names, addresses, dates of birth, other demographic information, medical record number, treatment and other clinical information and/or radiological images.

Round Up of Major Malware and Ransomware Incidents

DoppelPaymer ransomware gang hit Foxconn electronics giant

Electronics contract manufacturer Foxconn is the last victim of the DoppelPaymer ransomware operators that hit a Mexican facility. DoppelPaymer ransomware operators infected the systems at a Mexican facility of Foxconn electronics giant over the Thanksgiving weekend. The plan is located in Ciudad Juárez, Chihuahua, Mexico. The hackers also claim to have stolen unencrypted files before encrypting the targeted systems.

Rana Android Malware Updates Allow WhatsApp, Telegram IM Snooping

The developers behind the Android malware have a new variant that spies on instant messages in WhatsApp, Telegram, Skype and more. Researchers have discovered new samples of a previously discovered Android malware, which is believed to be linked to the APT39 Iranian cyberespionage threat group. The new variant comes with new surveillance capabilities – including the ability to snoop on victims’ Skype, Instagram and WhatsApp instant messages.

Round Up of Major Vulnerabilities and Patches

Kremlin hackers are right now exploiting security hole in VMware software to hijack systems, NSA warns

The NSA reckons Russian government hackers are actively abusing a critical security hole in VMWare’s software to infiltrate victims’ networks. Sysadmins are urged to deploy the necessary patch as soon as possible. “Russian state-sponsored malicious cyber actors are exploiting a vulnerability in VMware Access and VMware Identity Manager products, allowing the actors access to protected data and abusing federated authentication,” a cybersecurity notice published on Monday warns.

PlayStation Now bugs let sites run malicious code on Windows PCs

Security bugs found in the PlayStation Now (PS Now) cloud gaming Windows application allowed attackers to execute arbitrary code on Windows devices running vulnerable app versions. PlayStation Now reached more than 2.2 million subscribers at the end of April 2020 since the service’s launch in 2014. The vulnerabilities discovered by bug bounty hunter Parsia Hakimian affected PS Now version 11.0.2 and earlier on computers running Windows 7 SP1 or later.

Wormable, Zero-Click Vulnerability in Microsoft Teams

Security researcher Oskars Vegeris has published documentation on a wormable, cross-platform vulnerability in Microsoft Teams that could allow invisible malicious hacker attacks. Vegeris, a security engineer at Evolution Gaming, warned that a novel cross-site scripting (XSS) vulnerability at the ‘’ domain could be abused to trigger a remote code execution flaw in the Microsoft Teams desktop application.

Cisco fixes Security Manager vulnerabilities with public exploits

Cisco has released security updates to address multiple pre-authentication vulnerabilities with public exploits affecting Cisco Security Manager that could allow for remote code execution after successful exploitation. Cisco Security Manager helps manage security policies on a large assortment of Cisco security and network devices, and it also provides summarized reports and security event troubleshooting capabilities.

Google Launches XS-Leaks Vulnerability Knowledge Base

Google this week announced the launch of a knowledge base with information on a class of vulnerabilities referred to as cross-site leaks, or XS-Leaks. These vulnerabilities, Google explains, are rooted in the modern web applications’ misuse of long-standing web platform behaviors, thus resulting in websites leaking information on the user or the information the user has entered in other web applications.