Reading Time: ~ 2 min.
Multiple Individuals Charged for Twitter Hack
Three people were charged with last month’s Twitter
hack, which generated over $100,000 in bitcoin by hijacking high-profile
accounts. Of the 130 accounts used to spread the Bitcoin scam, major names
included Elon Musk and Bill Gates, who have been portrayed in similar past scams.
The FBI was apparently able to identify the perpetrators through a known
hacking forum offering Twitter account hacking services for a fee.
Kentucky Unemployment Faces Second Breach in 2020
unemployment system suffered its second data breach of the year last week.
The breach came to light after a user reported being able to view another’s
sensitive information while attempting to review their own. Officials are still
uncertain how the breach occurred or the exact contents of the information available
to the person who reported the incident.
Canon Suffers Ransomware Attack
Several services related to Canon,
including its cloud storage systems, fell victim to a ransomware attack that knocked
them offline for nearly a week. In addition to the offline systems, more than 10TB
of customer data were allegedly stolen and a ransom note pertaining to the Maze
Ransomware variant was identified. A large number of Canon’s website domains
were also taken offline, with an internal server error being displayed to site
Havenly Interior Design Breach
A data trove containing roughly 1.4 million Havenly
user accounts were posted for sale on a Dark Web marketplace last week. It
included personally identifiable information of customers including names,
physical addresses and emails. The company’s official statement stated no
financial information was lost in the breach. While Havenly has recommended all
customers update their login credentials, the breach occurred well over a month
ago, enough time for affected customers to be subjected to identity theft or attacks
aimed at compromising further accounts.
Massive VPN Server Password Leak
The credentials for over 900 enterprise-level VPN servers
Secure recently appeared on a hacker forum known to be frequented by ransomware
groups. The plain-text information contains enough information to take full
control of the servers that are currently running a firmware with known critical
vulnerabilities identified within the past two months. The vulnerability that
allowed this breach, CVE-2019-11510, was identified and a patch was released
late last year. Many of the attack’s victims had neglected to implement the
The post Cyber News Rundown: Twitter Hack Arrests appeared first on Webroot Blog.
Reading Time: ~ 2 min.
Garmin Hit with WastedLocker Ransomware
Nearly a week after the company announced they had suffered
a system outage, Garmin
has finally admitted to falling victim to a ransomware attack, likely from the increasingly
popular WastedLocker variant. As is the norm for WastedLocker, the attack was
very specific in its targeting of the company (even mentioning Garmin by name
in the ransom note) and took many of their services offline. Though Garmin has
confirmed that no customer data was affected, they are still unsure when their
services will return to full functionality.
Israeli Marketing Firm Suffers Data Breach
More than 14 million user accounts held by the Israeli
marketing firm Promo
were compromised in a recent breach. Subsequently, at least 1.4 million
decrypted user passwords were found for sale on a Dark Web forum, along with 22
million records containing highly sensitive information. The company has since
contacted affected customers and is pushing a forced password reset.
Netwalker Ransomware Targets U.S. Government Organizations
The FBI has released a security statement concerning Netwalker
ransomware attacks, which have targeted both U.S. and foreign government
agencies in recent months. Netwalker is known for exploiting remote desktop
utilities to compromise major enterprise networks. It also offers ransomware-as-a-service
to other cybercriminals. The best methods for blocking these types of attacks
is setting up two-factor authentication (2FA) and creating offline data backups
to protect in case of a successful breach.
Lazarus Hacking Group Branches Out to Ransomware
The North Korean state-sponsored hacking group Lazarus
has added ransomware to their latest attacks. Unfortunately for the group, the
ransomware variant they’ve chosen is inefficient at encrypting data, sometimes
taking up to 10 hours to fully encrypt a single system. These attacks are
similar to those targeting Sony Pictures in 2014 and those that affected the
2018 Winter Olympic games, both of which are suspected to have been conducted
by state-backed actors.
Nefilim Ransomware Begins Publishing Dussman Groups Data
At least 14GB of data belonging to a subsidiary of Dussmann
Group, a major German MSP, is being leaked by the operators of the Nefilim
ransomware variant. The operators have confirmed they were able to obtain
roughly 200GB of data from the subsidiary after discovering a still-unknown method
for compromising the network. Customers affected by the leak have already been
The post Cyber News Rundown: WasteLocker Ransomware appeared first on Webroot Blog.
Reading Time: ~ 2 min.
ATM Jackpotting Attacks on the Rise
ATM manufacturer Diebold
Nixdorf has identified a malicious campaign that uses proprietary software to
“jackpot” the machines. The attack requires malicious actors to breach the ATM
manually and then use the software to force the machine to dispense cash at a
rapid rate, known within the industry as jackpotting. While these attacks don’t
seem to affect customer data or finances, the company is unsure how the
attackers obtained the proprietary software used in the scam.
Ransomware Locks Down Telecom Argentina
Argentina is being extorted for over $7.5 million following a ransomware
attack last week. The hacker group REvil is believed to be behind the attack,
which may mean the stolen data is set to be posted on the group’s auction site.
Officials are still unsure of how the intrusion occurred, but it’s likely to
have stemmed from a compromised remote access point.
Maryland Health Services Breach Affects Thousands
More than 40,000 individuals may have had personal
information leaked after a ransomware attack on Lorien
Health Services in Maryland. The breach was discovered in June, but after
the healthcare provider refused to pay the ransom the hackers began publishing
the stolen data, which includes Social Security Numbers and other highly
sensitive information. Lorien was quick to notify affected clients and had
begun offering credit monitoring services to those affected within two days of
the attack being confirmed.
University of York Data Breach
of York in the UK has learned of a data breach that occurred in May and
could affect a considerable number of students and staff. The breach itself was
enabled by a third-party service provider and contained personally identifiable
information on an unknown number of victims. While there is little the university
can do to contain this type of attack, it comes as another reminder of the
importance of supply chain data security and the knock-on effect of such
Meow Attacks Target Vulnerable Databases
Dozens of unsecured databases from Elasticsearch
and MongoDB were wiped in a new malicious campaign that seems to attack
indiscriminately. Discovered within the last week, the Meow
attacks as they’re known appear to use an automated script to overwrite any
data in vulnerable databases and destroy any remaining data. This string of
attacks may encourage stronger security policies among previously lax database
administrators, but the lesson is costly for affected businesses.
The post Cyber News Rundown: ATM Jackpotting Attacks Rise appeared first on Webroot Blog.
Reading Time: ~ 2 min.
Malware Discovered in Chinese Tax Software
As part of an official Chinese tax initiative, researchers
have found multiple backdoors into mandatory tax software installed on all
Chinese business systems. The new malware is called GoldenHelper,
in a nod to the command-and-control domain tax-helper.ltd, and has been in
active development and use since 2018. The latest campaign, dubbed GoldenSpy, is
adept at avoiding detection and began within months of the old
command-and-control servers going offline.
Texas Collections Company Suffers Data Breach
The Texas billing and collection company Benefits
Recovery Specialists Inc. has announced that a breach containing data on
over 250,000 customers occurred in April. The breach leaked personally
identifiable information including Social Security Numbers, birthdates and
physical addresses, that could all be used to launch additional attacks. Affected
clients began receiving notifications about the breach in June, though the
company has still not shared what malware was installed by the perpetrators.
Microsoft Fixes 17-Year-Old DNS Flaw
After nearly 17 years of being active and exploitable, Microsoft
has finally identified and resolved a major vulnerability involving a worm-like
transmission that requires no human interaction. With the help of a third-party
security firm Microsoft was able to patch the vulnerability before it caused
significant damage, though the time was certainly there for malicious actors to
use the flaw to execute any number of malicious executables onto an endless
string of compromised machines.
UK Ticket Provider Leaves 4.8 Million Logins Unsecured
A collection of roughly 4.8 million login credentials have
been found in a leaked database belonging to a major UK
ticker provider serving customers around the world. Among the credentials
were domains belonging to several government agencies along with millions of consumer
webmail users. The site has also been targeted in the past by attackers looking
to deface the website and has been called vulnerable to SQL injection should
attackers pursue that method.
Wattpad Database Compromises Millions of Users
Officials have been working over the past week to remediate
a data breach that could affect over 200 million users of Wattpad.
The compromised database was listed for $100,000 on a Dark Web sale site, but
was later re-listed with no price. Its owners claim to hold records for over
271 million users. Wattpad has stated that, though personally identifiable information
was revealed in the breach, no financial information was accessible since
Wattpad doesn’t store it directly on its servers.
The post Cyber News Rundown: GoldenSpy appeared first on Webroot Blog.
Reading Time: ~ 2 min.
Ragnar Locker Attacks Portuguese Energy Producer
It was recently confirmed that Energias
de Portugal (EDP), one of the largest energy producers in the world, has
fallen victim to the Ragnar Locker ransomware variant. The original attack took
place in April but was only discovered in May after nearly three weeks of being
active on their systems. After contacting affected customers, the company also
revealed it was subject to a Bitcoin ransom of roughly $10 million to ensure
the stolen data wasn’t publicly released.
Xchanging MSP Falls Victim to Ransomware
An MSP known as Xchanging,
which primarily serves the insurance industry, was hit with a ransomware attack
over the weekend that forced it to take many of its systems offline. Though the
attack was largely confined to Xchanging’s systems and only affected a small
number of customers, it is still unclear how long the infection was active
before discovery. In a statement, the company says it’s working to restore access
to customer operating environments as quickly as possible.
Fitness Firm Exposes Customer Info
Nearly 1.3 million customer files and photos were
compromised after the fitness firm V
Shred was breached, potentially affecting up to 100,000 clients. The data was
stored on an improperly configured Amazon S3 bucket that was discovered as a
part of a larger mapping project that had already located several similar leaks.
While V Shred confirmed much of the data was publicly available, it originally
denied that the dataset itself contained full names, addresses, and other
highly sensitive personal information that could be used maliciously.
Magecart Group Surpasses 570 Victim Sites
In the three years since Magecart Group 8’s initial foray onto
the card-skimming scene, it has successfully compromised over 570 e-commerce
sites around the world. More than 25 percent of the attacks targeted US domains
and stemmed from 64 unique attack domains that were able to distribute injected
legitimate domains. It’s believed the group has netted over $7 million from selling
stolen payment card information since April 2017.
Clubillion Casino App Leak Could Affect Millions
A database containing personally identifiable information on
millions of users of the casino app Clubillion
was compromised in late March. The breach was discovered and secured within five
days, though heavy traffic to the site may have enabled the compromise of hundreds
of thousands more individuals in that time. These types of apps are common targets
of cyberattacks because they hold such large quantities of sensitive data that
can be used for further attacks by leveraging the stolen data.
The post Cyber News Rundown: Ragnar Locker appeared first on Webroot Blog.