Round Up of Major Breaches and Scams
The US government said today that a Russian state-sponsored hacking group has targeted and successfully breached US government networks. Government officials disclosed the hacks in a joint security advisory published by the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI). US officials identified the Russian hacker group as Energetic Bear, a codename used by the cybersecurity industry.
Loyalty programs that attract consumers with free coffee, gas, airline miles, hotel stays, and more if they spend enough with their preferred brands are under full-scale assault by cyberattackers. A new report out from Akamai this week shows cybercriminals are targeting rewards programs with impunity, reaping significant profits on the Dark Web by reselling account access, points, and other rewards fraudulently siphoned from loyalty accounts.
Taiwanese chip-maker United Microelectronics Corporation (UMC) will plead guilty to theft of trade secrets from Micron Technologies and pay a $60m fine to the USA. The case was brought in 2018 when the US Department of Justice (DoJ) alleged that UMC and Chinese outfit Fujian Jinhua Integrated Circuit conspired to steal Micron’s DRAM technology, including details of manufacturing processes, in order to start their own DRAM business. It’s alleged that those documents came from three former Taiwan-based Micron staffers who went to work on the joint UMC and Fujian project.
The Dutch researcher Victor Gevers guessed the password of President Trump’s personal Twitter account as MAGA2020 and noticed he did not use two-step verification. A Dutch cyber security researcher Victor Gevers has revealed that he managed to log into the Twitter account of the President of the United States Donald Trump after guessing its password which turned out to be MAGA2020. MAGA stands for Make America Great Again which happened to be President Trump’s campaign slogan used in his successful 2016 presidential election.
Up to 50,000 Office 365 users are being targeted by a phishing campaign that purports to notify them of a “missed chat” from Microsoft Teams. Researchers are warning of a phishing campaign that pretends to be an automated message from Microsoft Teams. In reality, the attack aims to steal Office 365 recipients’ login credentials. Teams is Microsoft’s popular collaboration tool, which has particularly risen in popularity among remote workforces during the pandemic – making it an attractive brand for attackers to impersonate.
Imagine learning that you were wiretapped by law enforcement, but couldn’t get any information about why. That’s what happened to retired California Highway Patrol officer Miguel Guerrero, and EFF sued on his behalf to get more information about the surveillance. This week, a California appeals court ruled in his case that people who are targets of wiretaps are entitled to inspect the wiretap materials, including the order application and intercepted communications, if a judge finds that such access would be in the interests of justice.
The Treasury Department on Thursday announced sanctions against five Iranian organizations for allegedly trying to influence the U.S. election through disinformation campaigns and other attempts to sow discord. Those sanctioned for the activity included the Islamic Revolutionary Guard Corps, one of its alleged front companies, the IRGC’s Quds Force and media companies allegedly linked to the Quds Force. It’s part of a broader federal effort to push back on foreign influence operations less than two weeks from Election Day.
Customers of an Oregon retailer have become victims of fraud after their financial information was exposed in a sustained data breach. Data belonging to thousands of customers of Made in Oregon was compromised in a breach that lasted six months. Made in Oregon is a regional vendor with five stores in the Portland area. According to the gift retailer, an unauthorized party gained access to its e-commerce site between the first week of February 2020 and the last week of August 2020.
Round Up of Major Malware and Ransomware Incidents
KashmirBlack has been targeting popular content management systems, such as WordPress, Joomla, and Drupal, and using Dropbox and GitHub for communication to hide its presence. A botnet focused on cryptomining, spamming, and defacement has infected hundreds of thousands of websites running popular content management systems (CMSes), such as WordPress, Joomla, Magneto, and Drupal, according to online security firm Imperva.
An elaborate set of redirections and hundreds of URLs make up a wide-ranging tech-support scam. A sophisticated “browser locker” campaign is spreading via Facebook, ultimately pushing a tech-support scam. The effort is more advanced than most, because it involves exploiting a cross-site scripting (XSS) vulnerability on a popular news site, researchers said. Browser lockers are a type of redirection attack where web surfers will click on a site, only to be sent to a page warning them that their computer is infected with “a virus” or malware.
The European Union on Thursday sanctioned the head of a Russian military intelligence unit, an alleged hacker wanted by the FBI and a Russian government-linked hacking group over a 2015 cyberattack against Germany’s parliament. It’s only the second time the EU has issued cyber-related sanctions, following July sanctions against Russia, China and North Korea in connection with a string of unrelated cyberattacks. Now, as then, the General Staff Main Intelligence Directorate, commonly known as the GRU, is among the targets of the EU’s ire.
Round Up of Major Vulnerabilities and Patches
Microsoft has acknowledged a new known issue affecting some Windows 10 devices and preventing users from using ‘Reset this PC’ to reinstall Windows. The Reset this PC feature comes with all Windows 10 versions and it allows users to reinstall the OS using a local recovery image or the latest Windows 10 version on Microsoft’s servers. While resetting their PC, customers can also decide if they want to keep their files and remove apps and settings or to remove everything.
NVIDIA released a security update for the Windows NVIDIA GeForce Experience (GFE) app to address vulnerabilities that could enable attackers to execute arbitrary code, escalate privileges, gain access to sensitive info, or trigger a denial of service (DoS) state on systems running unpatched software. NVIDIA GFE is a companion utility for GeForce GTX graphics cards that “keeps your drivers up to date, automatically optimizes your game settings, and gives you the easiest way to share your greatest gaming moments with friends” according to NVIDIA.
Flaws allow attackers to manipulate URLs users see on their mobile devices, Rapid7 says. Security vendor Rapid7, in collaboration with independent researcher Rafay Baloch, this week disclosed details on new vulnerabilities in seven mobile browsers that allow attackers to spoof information showed in the browser’s address bar. The vulnerabilities are the latest examples of a common security weakness in software where the user interface can be tricked into displaying erroneous information or to make it appear as if the information comes from a trusted source.
Cisco on Wednesday announced the release of patches for 17 high-severity vulnerabilities in its security appliances as part of its Security Advisory Bundled Publication for October 2020. The vulnerabilities have been found to impact Adaptive Security Appliance (ASA), Firepower Threat Defense (FTD), and Firepower Management Center (FMC). A majority of the flaws can be exploited remotely without authentication, including to alter data between FMC and FTD devices via an MitM attack, conduct actions on behalf of a user via a CSRF attack, and bypass FMC authentication.