Top Breaches Reported in the Last 24 Hours
The National Republican Congressional Committee (NRCC) was hacked and thousands of sensitive emails stolen. Four of NRCC's senior aides' email accounts were surveilled for months by the attackers. GOP House leadership, including House Speaker Paul Ryan and House Majority Leader Kevin McCarthy, were not alerted of the hack until recently. The FBI was alerted of the incident and an internal investigation was launched as well.
The websites of four Montreal regional health boards (CIUSSS) were knocked offline by a cyberattack. The sites of the CIUSSS Centre-Ouest-de-l'Île-de-Montréal, Nord-de-l'Îe-de-Montréal, l'Ouest-de-l'Îe-de-Montréal, and Centre-Sud-de-l'Île-de-Montréal have been offline since November end. Fortunately, the attack did not result in compromising the personal data of patients.
A Florida-based medical marijuana provider's website accidentally leaked customer data. AltMed, which does business as MüV, discovered the breach thanks to a customer who sounded the alarm. AltMed's was taken down and remains offline as a precaution. The breach was caused by a website flaw.
Top Malware Reported in the Last 24 Hours
New Ursnif variant
A new unnamed ransomware variant struck thousands of victims in China. The ransomware infected around 20,000 Windows systems. The attackers operating the ransomware demanded $16 in bitcoins and used mainly Chinese apps to deliver the malware. The ransom payments are requested via WeChat payment service which is only available in China and adjoining region. Victims have complained to be infected with the ransomware after installing social media-themed apps. The ransomware also included an information-stealing component that harvested login credentials for several Chinese online services like Alipay, Baidu Cloud, NetEase 163, Tencent QQ, Tmall, and Jingdong.
Top Vulnerabilities Reported in the Last 24 Hours
CoAP and MQTT flaws
Researchers have discovered major design flaws and vulnerable implementations in Message Queuing Telemetry Transport (MQTT) and Constrained Application Protocol (CoAP). The researchers discovered over 200 million MQTT messages and over 19 million CoAP messages being leaked by servers. The flaws provide attackers with millions of exposed records. Researchers also identified a few vulnerabilities tracked as CVE-2017-7653, CVE-2018-11615, and CVE-2018-17614.
Top Scams Reported in the Last 24 Hours
A group of online scammers, called London Blue, has generated a list of 50,000 CFOs, which then they used to launch BEC scams. The list was discovered by the security firm Agari after the scammers targeted the firm with one of its scams. London Blue is primarily targeting mortgage companies. Such scams are believed to focus on stealing real estate purchases or lease payments. The scammers sent out phishing emails but they didn't contain any malware, which made it difficult to detect the malicious emails. London Blue is likely based in Nigeria but has members in the UK and the US as well. The group operates as a modern corporation. Its members carry out specialized functions, including business intelligence, sales management, email marketing, and more.