Table of Contents
PropTiger - 2,156,921 breached accounts
In January 2018, the Indian property website PropTiger suffered a data breach which resulted in a 3.46 GB database file being exposed and subsequently shared extensively on a popular hacking forum 2 years later. The exposed data contained both user records and login histories with over 2M unique customer email addresses. Exposed data also included additional personal attributes such as names, dates of birth, genders, IP addresses and passwords stored as MD5 hashes. PropTiger advised they believe the usability of the data is "limited" due to how certain data attributes were generated and stored.
Tamodo - 494,945 breached accounts
In February 2020, the affiliate marketing network Tamodo suffered a data breach which was subsequently shared on a popular hacking forum. The incident exposed almost 500k accounts including names, email addresses, dates of birth and passwords stored as bcrypt hashes.
Tech Giant GE Discloses Data Breach After Service Provider Hack
Fortune 500 technology giant General Electric (GE) disclosed that personally identifiable information of current and former employees, as well as beneficiaries, was exposed in a security incident experienced by one of GE's service providers.
I got my file from Clearview AI
Thomas Smith has written a blog post detailing his findings from requesting his data from Clearview AI.
Locked-Down Lawyers Warned Alexa Is Hearing Confidential Calls
As law firms urge attorneys to work from home during the global pandemic, their employees' confidential phone calls with clients run the risk of being heard by Amazon and Google. Mishcon de Reya LLP, the U.K. law firm that famously advised Princess Diana on her divorce and also does corporate law, issued advice to staff to mute or shut off listening devices like Amazon's Alexa or Google's voice assistant when they talk about client matters at home, according to a partner at the firm. It suggested not to have any of the devices near their work space at all.
Using Zoom? Here are the privacy issues you need to be aware of
ProtonMail wrote a blog post detailing privacy issues with Zoom since it's seen a spike in users amid COVID-19.
TrickBot Bypasses Online Banking 2FA Protection via Mobile App
The TrickBot gang is using a malicious Android application they developed to bypass Two-Factor Authentication (2FA) protection used by various banks after stealing transaction authentication numbers. The Android app dubbed TrickMo by IBM X-Force researchers is actively being updated and it is currently being pushed via the infected desktops of German victims with the help of web injects in online banking sessions. TrickBot's operators have designed TrickMo to intercept a wide range of Transaction Authentication Numbers (TANs) including One-Time Password (OTP), mobile TAN (mTAN), and pushTAN authentication codes after victims install it on their Android devices.
Fake “Corona Antivirus” distributes BlackNET remote administration tool
Malwarebytes has discovered BlackNET RAT being distributed as Corona Antivirus, claiming a Windows application can protect you against the real life COVID-19 virus.
WildPressure targets industrial-related entities in the Middle East
In August 2019, Kaspersky discovered a malicious campaign distributing a fully fledged C++ Trojan that we call Milum. All the victims we registered were organizations from the Middle East. The researchers could not find clues that could help them attribute Milum to a certain adversary, not even with low confidence.
Hackers target WHO as coronavirus cyberattacks spike
WHO Chief Information Security Officer Flavio Aggio said the identity of the hackers was unclear and the effort was unsuccessful. But he warned that hacking attempts against the agency and its partners have soared as they battle to contain the coronavirus, which has killed more than 15,000 worldwide. The attempted break-in at the WHO was first flagged to Reuters by Alexander Urbelis, a cybersecurity expert and attorney with the New York-based Blackstone Law Group, which tracks suspicious internet domain registration activity. Urbelis said he picked up on the activity around March 13, when a group of hackers he'd been following activated a malicious site mimicking the WHO's internal email system. Urbelis said he didn't know who was responsible, but two other sources briefed on the matter said they suspected an advanced group of hackers known as DarkHotel, which has been conducting cyber-espionage operations since at least 2007.
Windows code-execution zeroday is under active exploit, Microsoft warns
Attackers are actively exploiting a Windows zero-day vulnerability that can execute malicious code on fully updated systems, Microsoft warned on Monday. The font-parsing remote code-execution vulnerability is being used in "limited targeted attacks," against Windows 7 systems, the software maker said in an advisory published on Monday morning. The security flaw exists in the Adobe Type Manager Library, a Windows DLL file that a wide variety of apps use to manage and render fonts available from Adobe Systems. The vulnerability consists of two code-execution flaws that can be triggered by the improper handling of maliciously crafted master fonts in the Adobe Type 1 Postscript format. Attackers can exploit them by convincing a target to open a booby-trapped document or viewing it in the Windows preview pane.
Critical RCE Bug Affects Millions of OpenWrt-based Network Devices
A bug in the package list parse logic of OpenWrt's opkg fork caused the package manager to ignore SHA-256 checksums embedded in the signed repository index, effectively bypassing integrity checking of downloaded .ipk artifacts. In order to exploit this vulnerability, a malicious actor needs to pose as MITM, serving a valid and signed package index - e.g. one obtained from downloads.openwrt.org - and one or more forged .ipk packages having the same size as specified in the repository index while an `opkg install` command is invoked on the victim system.
Fintech Firm Finastra Recovering From Ransomware Attack
Finastra, a large financial services software provider based in London, continues to recover from a ransomware attack that forced the company to take its IT operations offline Friday to prevent further damage to its corporate network, according to the company's CEO.