Stantinko Bot masqueraded as httpd targeting Linux servers, Post Breach, Peatix Data Reportedly Found on Instagram, Telegram, and more

Originally published at:

Round Up of Major Breaches and Scams

Spotify launches rolling reset on customer accounts, passwords linked to data leak

Spotify has issued a rolling password reset of some user accounts following the discovery of an open database containing user credentials. The 72GB database contained over 380 million records, “including login credentials and other user data being validated against the Spotify service,” the team said.

Floor covering provider Headlam discloses data breach

Floor coverings distributor Headlam Group said on Tuesday there had been an unauthorised access to some of its computer systems, resulting in some data being accessed. Certain back office systems were affected, including the email system, which is now restored, the company said.

PIA data hacked: Threat Actor put databases up for sale at Dark Web

Pakistan International Airlines (PIA) reportedly suffered a major security breach after its network access and database were put on sale for $4,000 on the dark web. According to a media report, an Israeli firm named KELA spotted a threat actor offering the domain admin access to the airline for $4,000.

Post Breach, Peatix Data Reportedly Found on Instagram, Telegram

Event-discovery application Peatix has disclosed a data breach, after ads for stolen user-account information were reportedly being circulated on Instagram and Telegram. Upon further investigation, the company found that user names, email addresses, salted and hashed passwords, nicknames, preferred languages, countries and time zones had been compromised.

Round Up of Major Malware and Ransomware Incidents

Blackrota Golang Backdoor Packs Heavy Obfuscation Punch

Researchers have discovered a new backdoor written in the Go programming language (Golang), which turned their heads due to its heavy level of obfuscation. The backdoor, called Blackrota, was first discovered in a honeypot owned by researchers, attempting to exploit an unauthorized-access vulnerability in the Docker Remote API.

Latest Version of TrickBot Employs Clever New Obfuscation Trick

Researchers at Huntress Labs have uncovered what they described as a really clever use of Windows batch scripting by the authors of Trickbot to try and sneak the latest version of their malware past automated detection tools.

A new Stantinko Bot masqueraded as httpd targeting Linux servers

Researchers spotted a new variant of an adware and coin-miner botnet operated by Stantinko threat actors that now targets Linux servers. Operators behind the botnet powered a massive adware campaign active since 2012, crooks mainly targeted users in Russia, Ukraine, Belarus, and Kazakhstan searching for pirated software.

Round Up of Major Vulnerabilities and Patches

UK NCSC’s alert urges orgs to fix MobileIron CVE-2020-15505 RCE

The UK National Cyber Security Centre (NCSC) issued an alert urging organizations to address the critical CVE-2020-15505 remote code execution (RCE) vulnerability in MobileIron mobile device management (MDM) systems. MDM platforms allow administrators to remotely manage a fleet of mobile devices in their organization from a central server.

1 Like