Rapper Nuke Bizzle scams $1.2M in COVID-19 relief, FBI warns of new spoofed US Census Bureau domains, and more

Originally published at: https://cloudsek.com/threatintel/rapper-nuke-bizzle-scams-1-2m-in-covid-19-relief-fbi-warns-of-new-spoofed-us-census-bureau-domains-and-more/

Round Up of Major Breaches and Scams

Rapper Scams $1.2M in COVID-19 Relief, Gloats with ‘EDD’ Video

Rapper Fontrell Antonio Baines, who goes by the stage name “Nuke Bizzle,” made his first appearance in U.S. District Court in downtown Los Angeles on Friday after being charged with fraudulently applying for more than $1.2 million in jobless benefits under the Coronavirus Aid, Relief and Economic Security Act (CARES Act), according to a statement from the U.S. Attorney’s Office in the Central District of California.

FBI warns of newly registered domains spoofing US Census Bureau

The Federal Bureau of Investigation (FBI) issued a flash alert to warn of the potential use of spoofed US Census Bureau domains in future malicious campaigns including phishing and credential theft attacks. The US Census Bureau is a federal government statistical agency that collects statistical data on the US economy and population, data used by the federal government to allocate over $675B in federal funds to tribal, local, and state governments each year.

Coinbase phishing hijacks Microsoft 365 accounts via OAuth app

A new phishing campaign uses a Coinbase-themed email to install an Office 365 consent app that gives attackers access to a victim’s email. Over the past year, hackers have increasingly used Microsoft Office 365 OAuth apps, otherwise known as consent apps, as part of their attacks. Consent apps are Office 365 OAuth applications that allow third-parties access to a consenting user’s email account to perform actions on their behalf. These apps are used for legitimate purposes, such as spam filtering, antivirus scanning, or calendaring purposes.

Russian Military Officers Unmasked, Indicted for High-Profile Cyberattack Campaigns

US Department of Justice charges members of Sandworm/APT28 for BlackEnergy, NotPetya, Olympic Destroyer, and other major attacks. Six members of the pervasive yet elusive Russian military hacking operation behind some of the most destructive targeted cyberattacks in the world — the Ukraine power grid in 2015 and 2016, NotPetya, and the 2018 Winter Olympics — have been indicted by the US Department of Justice for these and other cybercrimes.

Scammers Seize on US Election, But It’s Not Votes They Want

The email from a political action committee seemed harmless: if you support Joe Biden, it urged, click here to make sure you’re registered to vote. But Harvard University graduate student Maya James did not click. Instead, she Googled the name of the soliciting PAC. It didn’t exist — a clue the email was a phishing scam from swindlers trying to exploit the U.S. presidential election as a way to steal peoples’ personal information.

Round Up of Major Malware and Ransomware Incidents

GravityRAT Spyware Targets Android & MacOS in India

The Trojan once used in attacks against Windows systems has been transformed into a multiplatform tool targeting macOS and Android. Researchers have identified GravityRAT, a spying remote access Trojan (RAT) known to target devices in India, in an attack campaign against Android and MacOS devices. The activity was still ongoing at the time their findings were published on Oct. 19.

Ryuk Ransomware Attacks Continue Following TrickBot Takedown Attempt

The threat actor behind the Ryuk ransomware continues to conduct attacks following the recent attempts to disrupt the TrickBot botnet, CrowdStrike reports. Referred to as WIZARD SPIDER, the adversary has been widely using TrickBot for the distribution of ransomware, and the recent attempts by the U.S. Cyber Command and Microsoft to disrupt the botnet were expected to put an end to such operations.

DOJ Charges 6 Sandworm APT Members in NotPetya Cyberattacks

The Department of Justice (DOJ) on Monday announced charges against six Russian nationals who are allegedly tied to the Sandworm APT. The threat group is believed to have launched several high-profile cyberattacks over the past few years – including the destructive NotPetya cyberattack that targeted hundreds of firms and hospitals worldwide in 2017. According to the DOJ complaint, the six Russian nationals are tied to a division of the Russian military intelligence service and also affiliated with the APT Sandworm, also known as TeleBots.

IBM discovers a new banking malware attached to Video Conferencing apps like Zoom

The malware spreads via spam phishing and pretends to be a video conferencing software, much in use in today’s social dispora. It spreads via spam phishing and pretends to be a video conferencing software, much in use in these times. After enlisting itself in the device, Vizome infiltrates the AppData directory by launching DLL highjacking. The malware loads it’s own DLL files and names it such that seems legitimate. Vimoze then tricks the computer into loading the malware with the video conferencing app.

Round Up of Major Vulnerabilities and Patches

Windows 10 KB4579311 update won’t install, causes Explorer crashes

Windows 10 users face numerous issues installing the latest KB4579311 cumulative update, and for those who can install, they are reporting various bugs, including performance issues. Microsoft released the Windows 10 KB4579311 cumulative update on October 13th, 2020, and since then, users have been reporting problems getting the update to install, crashes, performance issues, and boot problems. Due to the varied hardware and drivers running Windows 10, there will always be issues when a new cumulative update is released, but there appears to be an uptick in reports with this particular update.

IoT Vulnerability Disclosure Platform Launched

VulnerableThings.com is intended to help vendors meet the terms of a host of new international IoT security laws and regulations. A new online platform for IoT vendors to use in receiving, assessing, managing, and mitigating vulnerabilities and reports has been launched by the IoT Security Foundation (IoTSF). The new platform, VulnerableThings.com, is intended to help vendors trying to comply with the terms of a series of new IoT regulations and standards now coming into effect.

Ryuk Ransomware Gang Uses Zerologon Bug for Lightning-Fast Attack

Researchers said the group was able to move from initial phish to full domain-wide encryption in just five hours. The Ryuk threat actors have struck again, moving from sending a phishing email to complete encryption across the victim’s network in just five hours. That breakneck speed is partially the result of the gang using the Zerologon privilege-escalation bug (CVE-2020-1472), less than two hours after the initial phish, researchers said.

Waze Vulnerability Lets Attackers Track and Identify Users

A vulnerability has been discovered in Google’s GPS navigation software app Waze that lets hackers identify and track users. Autoevolution.com reports that the flaw was discovered by security engineer Peter Gasper. When using the app’s web interface, Gasper discovered that he could request the Waze API to display not only his coordinates, but also those of other drivers traveling nearby. The data returned by the API showed unique identification numbers for the icons on the map that represented other drivers.