Rakuten sends cashback emails in error, Hacker-for-hire group targets South Asian organizations, and more

Originally published at: https://cloudsek.com/threatintel/rakuten-sends-cashback-emails-in-error-hacker-for-hire-group-targets-south-asian-organizations-and-more/

Round Up of Major Breaches and Scams

Rakuten sends cashback emails to customers in error

Japanese e-commerce giant Rakuten had sent email notifications yesterday to many of its customers congratulating them on newly earned cashback. Today, they took their words (and the cash) back, informing the customers the communication had been sent in error. Periodic cashback emails from Rakuten Rewards, formerly Ebates, are frequently sent to customers of Rakuten apps, Chrome browser extension, and credit card.

More drama on a forum, and a slew of new databases dumped

It looks like the threat actor known as ShinyHunters was active again. It also looks like there was some drama about a sale of databases that was supposed to be exclusive but wasn’t, and databases and links to databases getting dumped. What databases, you wonder? Well, BleepingComputer reports on the Animal Jam database, and there was also eatigo, Peatix, Redmart, Pluto.tv, Storybird, Homechef, and others.

Hacker-for-hire group targeting South Asian organizations, research says

There’s a new cyber mercenary group on the block, and they’re going after targets in more than a dozen countries around the globe, according to BlackBerry research published Thursday. The hack-for-hire shop, which BlackBerry is calling “CostaRicto,” has largely gone after targets in South Asia, especially in India, Bangladesh and Singapore, according to BlackBerry. Some of its targeting has also been located in Africa, the Americas, Australia and Europe, including in Austria, the Bahamas, France, Mozambique, the Netherlands and Portugal, the researchers write in a blog on the group.

KuCoin CEO says 84% of stolen cryptocurrency has been recovered

KuCoin says that 84% of cryptocurrency funds stolen during a cyberattack has now been recovered. On November 11, KuCoin chief executive and co-founder Johnny Lyu said in a Twitter thread that the majority of the impacted assets have been recovered via “judicial recovery, contract upgrades, and on-chain tracking.” However, Lyu does not intend to reveal further details until the “case is closed,” apparently upon request by law enforcement.

Round Up of Major Malware and Ransomware Incidents

Ransomware incidents in manufacturing grow as transparency, and attack options, increase

The number of publicly documented ransomware incidents at manufacturing organizations has jumped considerably in 2020 as attackers have found ways to disrupt facilities’ operations by affecting both traditional IT networks and software that supports industrial processes, according to research published Thursday. Industrial security company Dragos found that ransomware incidents in the manufacturing sector had more than “tripled” this year compared to 2019, though the company did not specify the number of incidents.

New modular ModPipe POS Malware targets restaurants and hospitality sectors

Cybersecurity researchers spotted a new modular PoS malware, dubbed ModPipe, that targets PoS restaurant management software from Oracle. ESET researchers discovered a new modular backdoor, dubbed ModPipe, that was designed to target PoS systems running ORACLE MICROS Restaurant Enterprise Series (RES) 3700, which is a management suite widely used in restaurant and hospitality sectors. The backdoor outstands for its modular structure that allows implementing advanced capabilities.

Round Up of Major Vulnerabilities and Patches

Encryption Vulnerabilities Allow Hackers to Take Control of Schneider Electric PLCs

Schneider Electric this week released advisories for vulnerabilities impacting various products, including flaws that can be exploited to take control of Modicon M221 programmable logic controllers (PLCs). A total of four vulnerabilities were discovered in Modicon M221 PLCs by researchers at industrial cybersecurity firm Claroty. Three of them were identified independently by employees of cybersecurity company Trustwave. Both Trustwave and Claroty have published blog posts detailing their findings.

Microsoft urges users to stop using phone-based multi-factor authentication

Microsoft is urging users to abandon telephone-based multi-factor authentication (MFA) solutions like one-time codes sent via SMS and voice calls and instead replace them with newer MFA technologies, like app-based authenticators and security keys. The warning comes from Alex Weinert, Director of Identity Security at Microsoft. For the past year, Weinert has been advocating on Microsoft’s behalf, urging users to embrace and enable MFA for their online accounts.

1 Like