Table of Contents
- HaveIBeenPwned 10 billion accounts
- DeepSource resets logins after employee falls for Sawfish phishing
- Cybersecurity Researchers Discover 5 e-learning Websites Leaking Nearly 1 Million User Records
- How BeerAdvocate Learned They'd Been Pwned
- 'Unforgivable': The privacy breach that exposed sensitive details of WA's virus fight
- Ransomware Gang Demands $7.5 Million From Argentinian ISP
- Emotet botnet is now heavily spreading QakBot malware
- Chinese APT group targets India and Hong Kong using new variant of MgBot malware
- Leading apparel brand of Europe, Regatta, allegedly struck by Netwalker
- Analysis of ransomware used in recent cyberattacks on health care institutions
- Lorien Health Services discloses ransomware attack affecting nearly 50,000
Adobe issues emergency fixes for critical vulnerabilities in Photoshop, Bridge, Prelude
Adobe has released an out-of-band emergency security update for Photoshop, Prelude, and Bridge. On Tuesday, a week after issuing the firm's standard monthly security update, Adobe published security advisories revealing a total of 13 vulnerabilities, 12 of which are deemed critical. Five vulnerabilities have now been resolved in Photoshop CC 2019 - versions 20.0.9 and earlier - and Photoshop 2020 - versions 21.2 and earlier - on Windows machines.
Windows 10 Store 'wsreset' tool lets attackers bypass antivirus
A technique that exploits Windows 10 Microsoft Store called 'wsreset.exe' can delete bypass antivirus protection on a host without being detected. Wsreset.exe is a legitimate troubleshooting tool that lets users diagnose problems with the Windows Store and reset its cache. Pentester and researcher Daniel Gebert has discovered that wsreset.exe can be abused to delete arbitrary files. As wsreset.exe runs with elevated privileges because it deals with Windows settings, this bug would allow attackers to delete files even if they would not normally have the privileges.
SharePoint and Pwn :: Remote Code Execution Against SharePoint Server Abusing DataSet
Steven Seeley broke down the CVE-2020-1147 on SharePoint Server and share details on how to leverage it to gain remote code execution as a low privileged user.
HaveIBeenPwned 10 billion accounts
Troy Hunt has collected more than 10 billion leaked accounts on his service.
DeepSource resets logins after employee falls for Sawfish phishing
GitHub notified DeepSource earlier this month of detecting malicious activity related to the startup's GitHub app after one of their employees fell victim to the Sawfish phishing campaign. DeepSource provides developers with automated static code analysis tools for GitHub, GitLab, and Bitbucket repositories that help spot and fix issues during code review. According to its website, the startup's client list includes Intel, NASA, Slack, and Uber. Sawfish's operators targeted GitHub users starting with April 2020 as part of a series of spearphishing attacks specifically planned out to steal their credentials using phishing landing pages mimicking GitHub's login page. According to a notification received by DeepSource on the morning of July 11, DeepSource users were making numerous requests from unusual IP addresses which triggered GitHub Security team's attention which started tracking the activity as potentially malicious.
Cybersecurity Researchers Discover 5 e-learning Websites Leaking Nearly 1 Million User Records
WizCase researchers have stumbled upon five leaky e-learning websites that exposed the personal information of nearly 1 million users, including minors. Each exposed database was housed on misconfigured and unsecured servers, allowing unauthorized access to sensitive information. Cybersecurity researchers noted that the platforms were predominantly used by underage people, and the exposed data included full names, email addresses, ID numbers, phone numbers, home addresses and date of birth and school or course information.
How BeerAdvocate Learned They'd Been Pwned
'Unforgivable': The privacy breach that exposed sensitive details of WA's virus fight
The most sensitive information to be hacked and posted to the public forum related to the management of the COVID-19 crisis in WA, a Nine News Perth investigation revealed on Monday. More than 400 webpages -- many containing communications and messages between health officials and doctors -- were posted to the website. They include details of people in quarantine, including phone numbers and addresses, and how their cases are being managed.
Mitre, the creepy company checking your fingerprints on Facebook for the US Government
Cybercrime reporter Thomas Brewster has written a fascinating exposé of the activities of Mitre Corporation, which has taken on some eyebrow-raising projects for the US government. Writing for Forbes, Brewster's article reveals a $500,000 project undertaken by Mitre for the FBI which saw it attempt to capture biometric information -- such as actual fingerprints -- from photographs posted on social media sites such as Facebook, Instagram, and Twitter. Former FBI science head Chris Piehota, described how the "image fingerprinting" technology could be used to examine the image of gang members who posted online, making gang signs with their hands.
British security services to get extra powers in wake of Russia report
Legislation to clamp down on foreign spying is being considered by Downing Street in the wake of a damning report laying bare the impact of Russian influence in Britain and accusing the government of "badly" underestimating the threat posed by the Kremlin. Under the new legislation, foreign agents would have to register in the UK in a move modelled on similar requirements in the US and Australia. The long-awaited Russia report by parliament's intelligence and security committee said ministers in effect turned a blind eye to allegations of Russian disruption, highlighting the failure to conduct any proper assessment of Kremlin attempts to interfere with the 2016 Brexit referendum. The government, which has rejected calls for an inquiry into Russian meddling and said it had seen no evidence of successful interference in the EU referendum, is now looking at new security legislation.
TikTok Plans To Add 10,000 Jobs in US as Trump Admin Considers Banning It
TikTok said Tuesday that it plans to create 10,000 jobs in the United States over the next three years, a substantial increase from the roughly 1,400 employees it currently has in the country. The House has voted to bar federal employees from downloading the video-sharing app TikTok on government-issued devices as part of a $741 billion defense policy bill. From a report: Lawmakers voted 336-71 to pass the proposal, offered by Rep. Ken Buck (R-Colo.), as part of a package of bipartisan amendments to the National Defense Authorization Act. The prohibition would extend to members of Congress and congressional staff. National security concerns about TikTok, owned by Chinese tech giant ByteDance, have picked up steam amid fears that U.S. users' personal information could fall into the hands of government officials in Beijing.
Twitter bans 7k QAnon accounts, limits 150k others as part of broad crackdown
Twitter announced Tuesday that it has begun taking sweeping actions to limit the reach of QAnon content, banning many of the conspiracy theory's followers because of problems with harassment and misinformation. Twitter will stop recommending accounts and content related to QAnon, including material in email and follow recommendations, and it will take steps to limit circulation of content in features like trends and search. The action will affect about 150,000 accounts, said a spokesperson, who asked to remain unnamed because of concerns about the targeted harassment of social media employees.
US indicts hackers working with China's Ministry of State Security
Two hackers working with China's Ministry of State Security were charged with hacking into computer systems of government organizations and companies in the United States and around the world, stealing terabytes of data in the process. Chinese nationals and residents LI Xiaoyu (李啸宇 aka Oro0lxy), 34, and DONG Jiazhi (董家志), 33, were allegedly involved in a hacking campaign lasting more than ten years according to the Department of Justice's Office of Public Affairs. "From at least in or about September 1, 2009, and continuing through on or about July 7, 2020, in the Eastern District of Washington and elsewhere, the Defendants did knowingly conspire and agree with each other, and with others known and unknown to the Grand Jury including officers of the MSS and MSS Officer 1," an indictment filed on July 7 and unsealed says.
'World's Most Wanted Man' Involveld In Bizarre Attempt To Buy Hacking Tools
The fugitive executive of the embattled payment startup Wirecard was mentioned in a brazen and bizarre attempt to purchase hacking tools and surveillance technology from an Italian company in 2013, an investigation by Motherboard and the German weekly Der Spiegel found. Jan Marsalek, a 40-year-old Austrian who until recently was the chief operating officer of the rising fintech company Wirecard, seems to have taken a meeting with the infamous Italian surveillance technology provider Hacking Team in 2013. At the time, Marsalek is described as an official representative of the government of Grenada, a small Caribbean island of around 100,000 people, in a letter that bears the letterhead of the Grenada government. The documents were included in a cache published after Hacking Team was hacked in 2015.
Twitter hack: Coinbase blocks $280,000 in Bitcoin theft
Coinbase says it prevented the transfer of $280,000 in Bitcoin (BTC) during a recent cryptocurrency scam on Twitter that compromised dozens of high-profile accounts. During the attack, the scammers managed to steal close to $120,000 in BTC. However, if Coinbase had not blacklisted the wallet address within minutes of the scam beginning, this could have been far worse. While 1,100 Coinbase users were prevented from sending cryptocurrency to the fraudulent wallet, within the small window of time between the scam being launched and blacklisting, 14 Coinbase users were still able to send $3,000.
Ransomware Gang Demands $7.5 Million From Argentinian ISP
A ransomware gang has infected the internal network of Telecom Argentina, one of the country's largest internet service providers, and is now demanding $7.5 million as ransom to unlock encrypted files. From a report: The incident took place over the weekend, on Saturday, July 18, and is considered one of Argentina's biggest hacks. Sources inside the ISP said hackers caused extensive damage to the company's network after they managed to gain control over an internal Domain Admin, from where they spread and installed their ransomware payload to more than 18,000 workstations. The incident did not cause internet connectivity to go down for the ISP's customers, nor did it affect fixed telephony or cable TV services; however, many of Telecom Argentina's official websites have been down since Saturday. Since the attack's onset, multiple Telecom employees have now also taken to social media to share details about the incident, and how the ISP has been managing the crisis.
Emotet botnet is now heavily spreading QakBot malware
Researchers tracking Emotet botnet noticed that the malware started to push QakBot banking trojan at an unusually high rate, replacing the longtime TrickBot payload. Last week, Emotet came back to life after a break of more than five months. Starting yesterday, the malspam operation briefly began installing TrickBot on compromised Windows systems again. Things changed when researchers noticed that Emotet was dropping QakBot. A string in the malware indicates that this trojan is now the partner of choice for Emotet botnet.
Chinese APT group targets India and Hong Kong using new variant of MgBot malware
Malwarebytes has uncovered a hacking campaign by Chinese APT group targeting India and Hong Kong with a MgBot Malware variant.
Leading apparel brand of Europe, Regatta, allegedly struck by Netwalker
A post by Netwalker ransomware operators have claimed to be in possession of confidential data of Regatta which is Britain's outdoor clothing and footwear brand with over 1700 employees; Regatta's annual revenue is around $325 million. Currently, the ransomware operators have leaked a sample of the data leak which seems to include the bank details of vendors, bank reconciliations statements, company's accounting documents, customer's details, and much more.
Analysis of ransomware used in recent cyberattacks on health care institutions
Infosec Institute has published an article with the purpose to provide a brief overview of some of the recent ransomware attacks on healthcare institutions.
Lorien Health Services discloses ransomware attack affecting nearly 50,000
Lorien Health Services in Maryland announced that it was the victim of a ransomware incident in early June. Data was stolen and then encrypted during the incident. Responsible for the attack are Netwalker ransomware operators, who leaked the information after Lorien refused to pay the ransom demand.