Table of Contents

  1. Breaches
    1. Stolen YouTube Credentials Growing in Popularity on Dark Web Forums
    2. Over 460 million records exposed in breach incidents reported in May
    3. After a breach, users rarely change their passwords, study finds
    4. 500 Million Accounts of Weibo Leaked for Pennies in Darkweb
    5. Analysing the (Alleged) Minneapolis Police Department "Hack"
    6. Privacy breach at Manitoba Agricultural Services Corporation
  2. Vulnerabilities
    1. IP-in-IP protocol routes arbitrary traffic by default
    2. Setting This Image As Wallpaper Could Soft-Brick Your Phone
    3. Apple patches CVE-2020-9859 (unc0ver)
    4. Web Browsers still allow drive-by-downloads in 2020
  3. Ransomware
    1. DoppelPaymer Ransomware Breached Siegel Egg Company
    2. Time’s Up for Agromart Group and their Data Got Leaked by REvil Ransomware Operators
    3. Smith Group’s Database Has Been Breached by The Maze Ransomware Operators
    4. Several Well-Known Organisations Being Targeted by MAze Ransomware Operators
    5. Ransomware locks down the Nipissing First Nation
    6. Sekhmet ransomware team claims to have hit international IT firm “very hard”
    7. Systems returning after computer hack in Bernards Township
    8. Internal Data Stolen, Leaked, in REvil Attack on Electricity Market’s Elexon
  4. Politics
    1. White House says security incidents at US federal agencies went down in 2019
  5. Crime
    1. Canadian hospitals ‘overwhelmed’ by cyberattacks fuelled by booming black market
    2. Hackers have access to data from Nigerian and Kenyan universities
  6. Misc
    1. macOS/x64 zsh RickRolling Shellcode

Breaches

Stolen YouTube Credentials Growing in Popularity on Dark Web Forums

Over the past few weeks, IntSights researchers have observed yet another new trend in black markets and cybercrime forums that has rapidly growing demand: stolen credentials for prominent YouTube accounts.

Over 460 million records exposed in breach incidents reported in May

At least 460 million records were exposed in data breach incidents that were reported in May. The figure is a very conservative estimate as it reflects only publicly reported events. In many cases, the amount of data exposed to unauthorized users was not provided, so the number is likely much higher. While not all the records represent sensitive or personally identifiable information and it is a highly cautious count, it is a worrying result. IT Governance, a provider of cyber risk and privacy management solutions, compiled a list of publicly disclosed cyber incidents that impacted data records from various services around the world.

After a breach, users rarely change their passwords, study finds

Only around a third of users usually change their passwords following a data breach announcement, according to a recent study published by academics from the Carnegie Mellon University's Security and Privacy Institute (CyLab). The study, presented earlier this month at the IEEE 2020 Workshop on Technology and Consumer Protection, was not based on survey data, but on actual browser traffic. Academics analyzed real-world web traffic collected with the help of the university's Security Behavior Observatory (SBO), an opt-in research group where users sign up and share their full browser history for the sole purpose of academic research. Furthermore, since the SBO data also captured password data, the CyLab team was also able to analyze the complexity of the users' new passwords. The research team said that of the users who changed passwords (21), only a third (9) changed it to a stronger password, based on the password's log10-transformed strength.

500 Million Accounts of Weibo Leaked for Pennies in Darkweb

Just 3 months back in March 2020 the Chinese site Sina Weibo had faced a data breach exposing over 500 million Weibo user records on darkweb. Typically, these leaked records included personal details of users such as their real names, site usernames, gender, location, and --- for 172 million users --- phone numbers. Cyble Research Team identified a credible actor in one of the darkweb markets who was selling the full database of Sina Weibo

Analysing the (Alleged) Minneapolis Police Department "Hack"

Troy Hunt has analysed the data leak attributed to the Minneapolis Police Department, and has found out that it's most likely fake data.

Privacy breach at Manitoba Agricultural Services Corporation

The Manitoba Agricultural Services Corporation is notifying clients of a privacy breach of personal data that occurred on May 26. An attachment containing the name and contact information of AgriInsurance clients was attached in error to an email sent to 134 producers in Manitoba, the corporation said in a news release. The information that was sent did not include clients' social insurance numbers or financial information. "Immediately following the error, MASC implemented additional process controls and contacted the Manitoba ombudsman to report the incident.

Vulnerabilities

IP-in-IP protocol routes arbitrary traffic by default

IP Encapsulation within IP (RFC2003 IP-in-IP) can be abused by an unauthenticated attacker to unexpectedly route arbitrary network traffic through a vulnerable device. An unauthenticated attacker can route network traffic through a vulnerable device, which may lead to reflective DDoS, information leak and bypass of network access controls.

Setting This Image As Wallpaper Could Soft-Brick Your Phone

Well-known leaker Universe Ice on Twitter, along with dozens of other users, have discovered that simply setting an image as wallpaper on your phone could cause it to crash and become unable to boot. Android Authority reports: Based on user reports, many models from Samsung and Google are affected, while we've also seen some reports from users of OnePlus, Nokia, and Xiaomi devices (it's not clear if these latter devices ran stock software or custom ROMs). From our own testing and looking at user reports, Huawei devices seem to be less exposed to the wallpaper crash issue. There are a few solutions, depending on how hard the phone is hit. Some users were able to change the wallpaper in the short interval between crashes. Others had success deleting the wallpaper using the recovery tool TWRP. But in most cases, the only solution was to reset the phone to factory settings, losing any data that's not backed up.

Apple patches CVE-2020-9859 (unc0ver)

Apple has issued a fix for the last jailbreak named unc0ver.

Web Browsers still allow drive-by-downloads in 2020

It's 2020, and numerous browsers still allow drive-by-downloads from what is meant to be secure contexts such as sandboxed iframes. This technique can be used to distribute unwanted software and malicious programs in the hopes that users will accidentally or mistakenly execute the downloads and get infected. New research from ad security firm Confiant shows that secure contexts such as sandboxed iframes can be abused to allow drive-by-downloads when visiting a website. As most advertisements are displayed on a web page via iframes, malicious advertisers can use them to deliver unwanted applications that infect your computer.

Ransomware

DoppelPaymer Ransomware Breached Siegel Egg Company

As usual DopplePaymer ransomware operators add another data breach to their name. In this instance, they breached Siegel Egg Company, one of the well-established Dairy company. Founded by Harry Siegel in 1924, Siegel Egg began doing business in a horse-drawn carriage out of Faneuil Hall Marketplace. After World War II, Harry's two sons, Hy and Sid joined the business. They began operating out of a new building in Faneuil Hall and the business expanded. Since then, Siegel Egg has grown dramatically and is now being run by the third generation. The company under the leadership of Ken Siegel for the past 30 years has grown into a market leader. Siegel Egg remains committed to meeting the needs of our customers.

Time’s Up for Agromart Group and their Data Got Leaked by REvil Ransomware Operators

Here come REvil ransomware operators with another massive data leak. In this instance, they leaked the confidential data of Agromart Group, well-known crop production partners. The Agromart Group provides crop nutrients, seed, crop protection products, custom application and associated services to agricultural producers across Eastern Canada.

Smith Group’s Database Has Been Breached by The Maze Ransomware Operators

The Maze ransomware operators have been on a roll in leaking databases. Recently they, leaked confidential data of around five organisations. Now they have come up with leaking data of another well-established organisation. In this instance, they breached Smith Group, which is one of the leading architecture companies around the globe.

Several Well-Known Organisations Being Targeted by MAze Ransomware Operators

Recently Maze ransomware operators, who are one of the well-known ransomware groups targeted a bunch of well-established organisations and leaked their confidential data on their website. Previously the Cyble Research Team verified and reported the data leak of Kerr Controls Limitedbeing made by the Maze ransomware group. But in this instance, the ransomware group leaked highly sensitive data and documents of GCL System Integration Technology Co., Ltd, Faxon Machining Inc, and Bossini Enterprises Limited.

Ransomware locks down the Nipissing First Nation

The Nipissing First Nation administration stopped a ransomware attack in its tracks but not soon enough to prevent disruption of communications. The attack was discovered on May 8 and affected all departments of the administration but most of the network remained unaffected. First Nations is a term for describing people that are original inhabitants of the land that is now Canada. Nipissing First Nation (NFN) is an urban reserve with 11 communities spread on the shore of Lake Nipissing. NFN appears to have countered this strike. In its monthly newsletter Enkamgak for June, the administration says that despite every department being affected, the staff was able to stop the attack.

Sekhmet ransomware team claims to have hit international IT firm “very hard”

Sekhmet ransomware operators claim to have hit an international IT firm, Excis, "very hard." The attack reportedly occurred on May 30, and the threat actors are pressing hard to get the firm to pay an undisclosed amount of ransom.

Systems returning after computer hack in Bernards Township

Most computer operations have been restored, including the township's website, after the May 11 "ransomeware attack'' on municipal computers by unknown hackers. The mayor noted that the township did not pay out anything to the hackers. Additional information on the investigation is pending. He also said he was told that no information was lost.

Internal Data Stolen, Leaked, in REvil Attack on Electricity Market’s Elexon

Cyber criminals using the REvil/Sodinokibi ransomware stole internal data during a May 11 attack on Elexon --- the organisation that helps balance and settle the UK's electricity market --- and have now posted it online in a bid to pressure the organisation into paying a ransom. The documents include a cyber insurance policy and passports.

Politics

White House says security incidents at US federal agencies went down in 2019

In a report filed with Congress last week, the White House says the number of cyber-security incidents recorded at US federal agencies in 2019 went down by 8%. The report was compiled by the White House's Office of Management and Budget (OMB) and included data about security incidents that took place at tens of government agencies.. According to this year's FISMA report, US federal agencies said they suffered 28,581 cyber-security incidents in 2019, a number that went down by 8% from 31,107 incidents reported in 2018. The reduction in cyber-security incidents came after US federal agencies saw fewer incidents stemming from successful phishing attacks, website/web app compromises, and loss of devices -- three major categories that accounted for a large amount of all incidents reported each year. On the other hand, US federal agencies saw a rise in brute-force attacks, attacks executed with removable media (USB devices, external hard drives), and incidents caused by the improper use of a federal agency service or device.

Crime

Canadian hospitals ‘overwhelmed’ by cyberattacks fuelled by booming black market

Canada's health system is under siege from unrelenting cybercriminals trying to access patient information and other data, according to health-care professionals and cybersecurity experts who say hospitals and clinics are unable to cope with the growing threats. The problem has become so big that some are calling for Ottawa to impose national cybersecurity standards on the health-care sector and for an influx of cash from the federal government to deal with the issue.

Hackers have access to data from Nigerian and Kenyan universities

Techpoint can confirm that the websites and databases of two Nigerian universities --- Ahmadu Bello University, Zaria and the University of Benin, Benin City --- and Mount Kenya University, Thika, Kenya are porous, vulnerable and in urgent need of attention. Also, these data which include admission lists, course registration details, and personal data of students and staff are being shared in some exclusive hacker forums, leaving students, lecturers, and administrators, at the complete mercy of unknown cybercriminals.

Misc

macOS/x64 zsh RickRolling Shellcode

198 bytes small macOS/x64 RickRolling shellcode.