Threat actors target Finnish politicians' email accounts, 21 Buttons exposes millions of users' data, and more

Originally published at: Threat actors target Finnish politicians' email accounts, 21 Buttons exposes millions of users' data, and more - CloudSEK Cyber Bulletin

Round Up of Major Breaches and Scams

Finnish Politicians’ Email Accounts Targeted by Cyber Attack

Finland’s parliament was the target of a cyber attack during the autumn that compromised the security of an unspecified number of politicians’ email accounts, parliament’s information office said Monday. The cyber attack was detected during an internal technical control, according to a press release. The attack was described by the parliament’s speaker Anu Vehvilainen as a “serious attack on our democracy and Finnish society.”

E-commerce app 21 Buttons exposes millions of users’ data

Researchers discovered that the popular e-commerce app 21 Buttons was exposing private data for 100s of influencers across Europe. Researchers from cybersecurity firm vpnMentor discovered that the e-commerce app 21 Buttons was exposing private data for 100s of influencers across Europe. 21 Buttons allows users to shares photos of their outfits with links to the brands they’re wearing, then their followers can purchase their favorite clothes directly from the relevant brands using the app.

Vietnam targeted in complex supply chain attack

A group of mysterious hackers has carried out a clever supply chain attack against Vietnamese private companies and government agencies by inserting malware inside an official government software toolkit. The attack, discovered by security firm ESET and detailed in a report named “Operation SignSight,” targeted the Vietnam Government Certification Authority (VGCA), the government organization that issues digital certificates that can be used to electronically sign official documents.

Round Up of Major Malware and Ransomware Incidents

Multi-platform card skimmer found on Shopify, BigCommerce stores

A recently discovered multi-platform credit card skimmer can harvest payment info on compromised stores powered by Shopify, BigCommerce, Zencart, and Woocommerce. While usually designed to target a single type of e-commerce platform, this new type of web skimming malware can take over the checkout process on shops using multiple online store management systems by injecting a malicious checkout page.

REvil hackers to leak photos of plastic surgery patients after massive hack

The latest victim of REvil hackers (aka Sodinokibi group) is The Hospital Group based in Manchester, England. A Manchester, England-based prominent cosmetic and weight loss specialist The Hospital Group has suffered a massive ransomware attack carried out by REvil hackers. As a result, the hackers have stolen 600 GB worth of personal, sensitive, and financial data belonging to its customers. REvil hackers are now threatening to leak the data in different phases starting from plastic surgery-related photos of patients. The group also plans to leak financial documents displaying contact and personal details of patients.

New Zero-Day, Malware Indicate Second Group May Have Targeted SolarWinds

A piece of malware named by researchers Supernova and a zero-day vulnerability exploited to deliver this malware indicate that SolarWinds may have been targeted by a second, unrelated threat actor. When FireEye disclosed details of the attack on SolarWinds in early December, in addition to the Sunburst backdoor, it mentioned a piece of malware named Supernova. However, further analysis has led researchers to believe that Supernova is not related to Sunburst.

GitHub-hosted malware calculates Cobalt Strike payload from Imgur pic

A new strand of malware uses Word files with macros to download a PowerShell script from GitHub. This PowerShell script further downloads a legitimate image file from image hosting service Imgur to decode a Cobalt Strike script on Windows systems. Multiple researchers have linked this strain to MuddyWater (aka SeedWorm and TEMP.Zagros), a government-backed advanced persistent threat (APT) group, first observed in 2017 while mainly targeting Middle Eastern entities.

Round Up of Major Vulnerabilities and Patches

Google: Microsoft Improperly Patched Exploited Windows Vulnerability

Google Project Zero has disclosed a Windows zero-day vulnerability caused by the improper fix for CVE-2020-0986, a security flaw abused in a campaign dubbed Operation PowerFall. Tracked as CVE-2020-17008, the new vulnerability was reported to Microsoft on September 24. As per Project Zero’s policy, details were made public 90 days later, on December 23, despite the fact that Microsoft missed the patch deadline.

Remote Desktop Bugs: Patches That Took Priority in a Pandemic Year

Remote Desktop flaws were a patching priority this year as Microsoft distributed fixes and businesses scrambled to protect remote employees. Microsoft patched a record number of common vulnerabilities and exposures (CVEs) in 2020, putting pressure on overwhelmed security teams to apply fixes and protect a growing number of remote employees. Many of these flaws affected Remote Desktop, a Windows service that proved critical for the newly remote workforce.

1 Like