Table of Contents

  1. Breaches
    1. Thousands of CRA accounts breached following pair of cyberattacks
    2. NSW Police Leak Private Information of Complainants
    3. NC: Lawsuit: ‘Alarming’ data breach at Coastal Prep Academy exposed sensitive personal data
    4. 202 Websites Breached, Cyble’s Data Breach Alerts As of August 17, 2020
    5. Ritz London suspects data breach, fraudsters pose as staff in credit card data scam
    6. Report: “No Need to Hack When It’s Leaking:” GitHub Leaks of Protected Health Information
    7. 2.5M Medical Records Leaked by AI Company
    8. Canon's cloud platform has lost users' files – and it CAN'T restore them
  2. Ransomware
    1. Business technology giant Konica Minolta hit by new ransomware
    2. Interstate Restoration Got Allegedly Breached by Maze Ransomware Operators
    3. One of the Largest Steel Sheet Companies in Southeast Asia Got Allegedly Breached by Maze
    4. Maze Ransomware Operators Allegedly Targeted Arabian Industries LLC
    5. World's largest cruise line operator discloses ransomware attack
  3. Malware
    1. Mekotio banking trojan imitates update alerts to steal Bitcoin
  4. Crime
    1. Canada suffers cyberattack used to steal COVID-19 relief payments
    2. RCSD reopening forum hacked on Zoom
    3. Town of Hollywood Park attempting to recover nearly $200,000 stolen in 2019 cyber theft
  5. Privacy
    1. Google giving far-right users’ data to law enforcement, documents reveal
  6. Vulnerabilities
    1. Microsoft Put Off Fixing Zero Day for 2 Years
  7. Misc
    1. Picking Locks with Audio Technology
    2. Tesla is finally fixing this major security flaw
    3. Google Chrome will warn users when submitting insecure forms
  8. Politics
    1. US Army report says many North Korean hackers operate from abroad
    2. Oracle is in talks to acquire TikTok’s U.S. operations, sources say
    3. Popular Notepad++ text editor banned in China

Breaches

Thousands of CRA accounts breached following pair of cyberattacks

The federal government has revealed that the Canada Revenue Agency was recently hit by two cyberattacks, compromising thousands of accounts linked to the agency's services. The agency confirmed on Saturday that as of Aug. 14, about 5,500 accounts had been affected by the separate attacks but that the breaches are now contained. The CRA's My Account, My Business Account and Represent a Client services were affected in the incidents.

NSW Police Leak Private Information of Complainants

The NSW Police have leaked the emails of over 150 complainants who contacted them in order to raise concerns regarding officer's use of force following the Sydney Black Lives Matter protest on Saturday, 6 June. It contained the original letter, with an additional page which contained text beginning "Please note; outcome letter was sent to all of the following complainants via email (Bcc recipients not shown above):" with the email addresses of 150 complainants listed below. "So, the NSW Police just forwarded me, accidentally I assume, the names and emails of every person who complained about the Central Station incident. Felt like a significant data breach, so I called up to suggest an OAIC [Office of the Australian Information Commissioner] report, and they hung up on me." said Mr Leighton-Dore.

NC: Lawsuit: ‘Alarming’ data breach at Coastal Prep Academy exposed sensitive personal data

According to a letter sent to parents by Coastal Preparatory Academy and a lawsuit filed in Superior Court, a former employee obtained extremely sensitive personal information about parents and students, including social security numbers, health and financial information, and employment records. The charter school has filed several civil actions to recover passwords, personal data, and control of its computer systems.

202 Websites Breached, Cyble’s Data Breach Alerts As of August 17, 2020

CybleInc has detected 202 data breaches on various websites and companies. Due to these data breaches, supposedly 2.5 million user accounts are at risk. Recently, Cyble has been reporting many big data leaks which included details of over 21,000 Indian students, around 570K user records of Devire Recruitment Agency, the SPIE Group been breached, Bridgford Foods been breached.

Ritz London suspects data breach, fraudsters pose as staff in credit card data scam

In a series of messages posted to Twitter dated August 15, the luxury hotel chain said that on August 12, the company was made aware of a "potential data breach within our food and beverage reservation system." While the hotel said that the security incident did not include any credit card details or payment information, the leaked data may have been used in a social engineering scam designed to steal more valuable financial information - straight from the source. As reported by the BBC, scammers have phoned Ritz restaurant reservation holders with the "exact" details of their bookings, while requesting the confirmation of their payment card details. The fraudsters, pretending to be Ritz employees, used call ID spoofing to appear to be from the hotel. One guest speaking to the publication said a scammer called her a day before she was due to visit the Ritz for afternoon tea. After requesting that she "confirm" her details, the fraudster said her card had been declined and then requested a second payment card.

Report: “No Need to Hack When It’s Leaking:” GitHub Leaks of Protected Health Information

Jelle Ursem, an ethical hacker from the Netherlands, together with Databreaches.net, have released a joint report detailing nine data leak incidents at various healthcare providers, one health plan, as well as business associates or in third-party relationships, all serving the medical sector.

2.5M Medical Records Leaked by AI Company

Secure Thoughts collaborated with Security Expert Jeremiah Fowler to expose a leak of millions of personal medical records by an Artificial Intelligence company. Here are his findings: 2.5 million records were discovered that appeared to contain sensitive medical data and PII (Personally Identifiable Information). The records included names, insurance records, medical diagnosis notes, and much more. Upon further research, there were multiple references to an artificial intelligence company called Cense. The records were labeled as staging data and we can only speculate that this was a storage repository intended to hold the data temporarily while it is loaded into the AI Bot or Cense's management system.

Canon's cloud platform has lost users' files – and it CAN'T restore them

Canon has announced the results of its investigation into the loss of image data on the image.canon cloud platform. According to Canon, when the company switched over to a new version of the image.canon software on 30 July, the code to control the short-term storage operated on both the short-term storage and the long-term storage functions, causing the loss of some images stored for more than 30 days. On 4 August, Canon was able to identify the code causing the incident and corrected it. Canon has now reported that it found no unauthorized access to image.canon and the incident caused no leakage of images. Canon has said that there is no technical measure to restore lost video files, but that photo files can be restored -- albeit not at their original resolution. This means that if the affected users have not backed up their files, then they will have lost them forever. Canon has said: "We will contact affected users shortly and offer our deepest apologies".

Ransomware

Business technology giant Konica Minolta hit by new ransomware

Business technology giant Konica Minolta was hit with a ransomware attack at the end of July that impacted services for almost a week, BleepingComputer has learned. Konica Minolta is a Japanese multinational business technology giant with almost 44,000 employees and over $9 billion in revenue for 2019. The company offers a wide variety of services and products ranging from printing solutions, healthcare technology, to providing managed IT services to businesses.

Interstate Restoration Got Allegedly Breached by Maze Ransomware Operators

CybleInc researchers came across the leak disclosure post in which the Maze ransomware operators claim to have breached Interstate Restoration and claimed to be in possession of the company's sensitive data. Established in the year 1998, Interstate Restoration one of the leading full-service emergency response restoration and reconstruction companies based in the United States of America. With over 450 employees the company has been earning annual revenue of around $127 million.

One of the Largest Steel Sheet Companies in Southeast Asia Got Allegedly Breached by Maze

CybleInc researchers came across the leak disclosure post in which the Maze ransomware operators allegedly breached Hoa Sen Group and claimed to be in possession of the company's sensitive data. Founded in the year 2001, Hoa Sen Group (HSG) based in Ho Chi Minh city is one of the private largest steel sheet companies in Southeast Asia. Hoa Sen Group has 7,100 employees across all its 343 companies and has been earning annual revenue of around $1.18 billion.

Maze Ransomware Operators Allegedly Targeted Arabian Industries LLC

Recently, the Cyble Research Team came identified a leak post in which the Maze ransomware operators claimed to have breached Arabian Industries LLC and in possession of their sensitive data files and documents. Founded in the year 1991, Arabian Industries LLC is a leading EPC Contracting, Manufacturing and Maintenance Company specialized in design, engineering, project construction, fabrication, painting, and testing & maintenance activities across Oil & Gas, Refineries, Petrochemicals, and Power Industries. Currently, the company is been operating with over 3000 employees.

World's largest cruise line operator discloses ransomware attack

Carnival Corporation, the world's largest cruise ship operator, has disclosed a security breach, admitting to suffering a ransomware attack over the weekend. In an 8-K filing with the US Securities Exchange Commission (SEC), the company said the incident took place on Saturday, August 15. Carnival said the attackers "accessed and encrypted a portion of one brand's information technology systems," and that the intruders also downloaded files from the company's network. The cruise line operator said it already started an investigation into the breach, notified law enforcement, and engaged with legal counsel and incident response professionals.

Malware

Mekotio banking trojan imitates update alerts to steal Bitcoin

A versatile banking trojan targeting users in Latin America has been circulating in multiple countries including Mexico, Brazil, Chile, Spain, Peru, and Portugal. The malware ensures persistence on infected systems and has advanced capabilities such as planting backdoors, stealing bitcoins, and exfiltrating credentials. Dubbed Mekotio, the trojan collects sensitive information from victim hosts, such as firewall configuration, operating system information, if admin privileges are enabled, and the status of any antivirus products installed.

Crime

Canada suffers cyberattack used to steal COVID-19 relief payments

Canadian government sites used to provide access to crucial services for immigration, taxes, pension, and benefits have been breached in a coordinated attack to steal COVID-19 relief payments. The online portal referred to as GCKey is acritical single sign-on (SSO) system used by the public to access multiple Canadian government services. Over the weekend, the Office of the Chief Information Office of Government of Canada released a statement advising the public of the cyberattack the GCKey system had experienced. Using the "credential stuffing" technique, attackers managed to get into some 9,041 GCKey accounts of the total 12 million.

RCSD reopening forum hacked on Zoom

With districts planning to use virtual learning, you'd hope that they would have Zoom configured to prevent zoom-bombing that results in pornography or racist comments or other inappropriate content being disrupting programs. On Saturday, an urban New York school district found out it wasn't adequately secured. The Rochester City School District's first parent forum on the 2020-2021 school year was hacked Saturday afternoon. The forum was held on Zoom and more than 100 families in the RCSD joined the meeting. Superintendent Dr. Lesli Myers-Small terminated the forum when she saw racist comments and hurtful symbols appear on the screen during the forum.

Town of Hollywood Park attempting to recover nearly $200,000 stolen in 2019 cyber theft

On March 5, 2019 someone attempted to steal nearly half a million dollars from the sleepy San Antonio suburb of Hollywood Park. The thieves were likely international cyber-criminals, but 17-months later, no one has been arrested for the crime. With the help of the United States Secret Service, the town managed to recover nearly $300,000 of the missing money, but there's still a dispute over who should be held responsible for the nearly $200,000 that ended up in a bank in Turkey.

Privacy

Google giving far-right users’ data to law enforcement, documents reveal

A little-known investigative unit inside search giant Google regularly forwarded detailed personal information on the company's users to members of a counter-terrorist fusion center in California's Bay Area, according to leaked documents reviewed by the Guardian. But checking the documents against Google's platforms reveals that in some cases Google did not necessarily ban the users they reported to the authorities, and some still have accounts on YouTube, Gmail and other services.

Vulnerabilities

Microsoft Put Off Fixing Zero Day for 2 Years

A security flaw in the way Microsoft Windows guards users against malicious files was actively exploited in malware attacks for two years before last week, when Microsoft finally issued a software update to correct the problem. One of the 120 security holes Microsoft fixed on Aug. 11's Patch Tuesday was CVE-2020-1464, a problem with the way every supported version of Windows validates digital signatures for computer programs. Code signing is the method of using a certificate-based digital signature to sign executable files and scripts in order to verify the author's identity and ensure that the code has not been changed or corrupted since it was signed by the author. Microsoft said an attacker could use this "spoofing vulnerability" to bypass security features intended to prevent improperly signed files from being loaded. Microsoft's advisory makes no mention of security researchers having told the company about the flaw, which Microsoft acknowledged was actively being exploited. In fact, CVE-2020-1464 was first spotted in attacks used in the wild back in August 1. And several researchers informed Microsoft about the weakness over the past 18 months.

Misc

Picking Locks with Audio Technology

The sound of your key being inserted into the lock gives attackers all they need to make a working copy of your front door key. The next time you unlock your front door, it might be worth trying to insert your key as quietly as possible; researchers have discovered that the sound of your key being inserted into the lock gives attackers all they need to make a working copy of your front door key. It sounds unlikely, but security researchers say they have proven that the series of audible, metallic clicks made as a key penetrates a lock can now be deciphered by signal processing software to reveal the precise shape of the sequence of ridges on the key's shaft. Knowing this (the actual cut of your key), a working copy of it can then be three-dimensionally (3D) printed.

Tesla is finally fixing this major security flaw

Tesla is finally adding a much-needed security feature to its mobile app in a bid to try and protect its vehicles. The carmaker is introducing two-factor authentication (2FA) into its mobile app, meaning users will need to combine login information with a code or identifier linked to their personal device in order to gain access, hopefully boosting security protection for owners. The move was "embarrassingly late", admitted Tesla CEO Elon Musk. "Sorry, this is embarrassingly late. Two factor authentication via sms or authenticator app is going through final validation right now," Musk wrote in a Twitter response to a question from one of his followers.

Google Chrome will warn users when submitting insecure forms

Google Chrome will warn users when submitting insecure forms that deliver information via HTTP connections on HTTPS websites starting with version 86. These forms (also known as mixed forms) are both privacy and security risks for users since they can allow attackers to read or modify the submitted data. To address this issue, the Chrome team plans to make a number of changes to the way the web browser deals with the risks associated with such insecure forms.

Politics

US Army report says many North Korean hackers operate from abroad

North Korea has at least 6,000 hackers and electronic warfare specialists working in its ranks, and many of these are operating abroad in countries such as Belarus, China, India, Malaysia, and Russia, the US Army said in a report published last month. Named "North Korean Tactics," the report a tactical manual that the US Army uses to train troops and military leaders, and which the Army has made public for the first time last month. The 332-page report contains a treasure trove of information about the Korean People's Army (KPA), such as military tactics, weapons arsenal, leadership structure, troop types, logistics, and electronic warfare capabilities.

Oracle is in talks to acquire TikTok’s U.S. operations, sources say

Oracle is working with U.S. venture capital firms to acquire TikTok's U.S., Canadian, Australian and New Zealand operations. Oracle's talks are ongoing and have progressed in recent days. Oracle's interest challenges Microsoft, which has been in talks to acquire the same TikTok assets for more than a month.

Popular Notepad++ text editor banned in China

China has banned the popular Notepad replacement software called Notepad++ due to the developer's protests against the political unrest in Hong Kong and China's human rights violations of the Uyghur people. The Notepad++ twitter account states that this block is likely being done due to the release of their 'Stand with Hong Kong' and 'Free Uyghur' editions,' which were named in this way to show the plight of the Hong Kong and Uyghur people. "I reject the idea that our given free speech rights are restrained by an authoritarian country. Notepad++ stands with the people of Hong Kong," the Stand with Hong Kong blog post stated.