Round Up of Major Breaches and Scams
The US government on Monday formally charged six Russian intelligence officers for carrying out destructive malware attacks with an aim to disrupt and destabilize other nations and cause monetary losses. The individuals, who work for Unit 74455 of the Russian Main Intelligence Directorate (GRU), have been accused of perpetrating the “most disruptive and destructive series of computer attacks ever attributed to a single group,” according to the Justice Department (DoJ).
Irish privacy regulators have opened two investigations into Instagram over the social media site’s handling of young people’s personal data. Ireland’s Data Protection Commission said it launched the investigations in September after receiving complaints about the company. Facebook, which owns Instagram and has its European headquarters in Ireland, said it’s in “close contact” with the commission and is “cooperating with their inquiries.”
Threat intelligence team from GreatHorn uncovered a series of ongoing phishing campaigns targeting users of Microsoft’s Office 365 and Google’s Gmail. The attackers are using imposter open redirector domains and subsidiary domains of various popular brands and sending tens of thousands of emails to corporate account users globally. The comprehensive and multi-pronged attack campaign has multiple hosting services and web servers that are used to host fraudulent Office 365 login pages.
David Uberti reports that it’s been a rough school year already in terms of cybersecurity. And he wisely reached out to Doug Levin for his input. Doug created and maintains a wonderful resource — the K-12 Cybersecurity Resource Center that maps reports in k-12 from around the country. At least 289 districts across the U.S. have suffered cyber incidents such as hacks this year, according to Doug Levin, who runs Arlington, Va.-based consulting firm EdTech Strategies LLC.
Round Up of Major Malware and Ransomware Incidents
A budding ransomware group donated part of the ransom demands that it had previously extorted from its victims to two charities. On October 13, the Darkside ransomware group announced the donations in a blog post on its dark web portal. As quoted by ZDNet: As we said in the first press release – we are targeting only large profitable corporations. We think it’s fair that some of the money they’ve paid will go to charity. No matter how bad you think our work is, we are pleased to know that we helped change someone’s life.
The Nefilim ransomware operators have posted a long list of files that appear to belong to Italian eyewear and eyecare giant Luxottica. Luxottica Group S.p.A. is an Italian eyewear conglomerate and the world’s largest company in the eyewear industry. As a vertically integrated company, Luxottica designs, manufactures, distributes and retails its eyewear brands, including LensCrafters, Sunglass Hut, Apex by Sunglass Hut, Pearle Vision, Target Optical, Eyemed vision care plan, and Glasses.com.
Round Up of Major Vulnerabilities and Patches
The company already patched an API flaw that allowed a security researcher to use the app to find the real identity of drivers using it. A security researcher has discovered a vulnerability in Google’s Waze app that can allow hackers to identify people using the popular navigation app and track them by their location. Security DevOps engineer Peter Gasper discovered an API flaw in the navigation software that allowed him to track the specific movements of nearby drivers in real time and even identify exactly who they are, he revealed in a blog post on his research website, “malgregator.”
Adobe last week patched a total of nine vulnerabilities in its Magento e-commerce platform, including two critical issues. The vulnerabilities rated critical have been described as a “file upload allow list bypass” that can lead to arbitrary code execution, and an SQL injection flaw that can provide an attacker read or write access to the targeted store’s database. However, exploitation of these vulnerabilities requires admin privileges, which means they need to be chained with other weaknesses.
A security researcher says he has earned $20,000 for a high-severity GitHub Enterprise vulnerability that might have allowed an attacker to execute arbitrary commands. GitHub Enterprise, the on-premises version of GitHub.com, is designed to make it easier for large enterprise software development teams to collaborate. In June, Australia-based software developer and security researcher William Bowling informed GitHub via its bug bounty program that he had identified a potentially serious vulnerability.