Share Blog post
- The U.S. administration has requested an allocation of $9.8 billion towards cybersecurity operations for the Department of Defense (DoD) for the fiscal year 2021. The budget once approved, will be used to enhance the Cyberspace Science & Technology and cloud security of DoD.
- A U.S senator for New York has proposed a Data Protection Act (DPA) with an aim to give consumers more control over their data. The bill will focus on the establishment of an independent data protection agency that will solely take care of data privacy across both the public and private sectors.
- Singapore has set aside $1 billion over the next three years to build up the government’s cyber and data security capabilities. This is to safeguard citizen’s data and critical information infrastructure systems.
- MITRE Engenuity has announced plans to evaluate the effectiveness of firms in detecting and protecting against threats from a hacker gang known as the Carbanak group. Also referred to as Fin7, the group is associated with attempts to infiltrate banks and ATMs.
- Over 10.6 million guest records stolen from MGM Resorts were posted on an online hacking forum this week. The compromised records included data of regular tourists, celebrities, tech CEOs, government officials, reporters, and professionals from tech firms.
- A popular photo app PhotoSquared had leaked around 94.7 GB data containing over one million records due to a misconfigured S3 database. The records dated back from November 2016 to January 2020. The exposed data included user photos, order records, receipts and shipping labels.
- Just like PhotoSquared, NextMotion, a medical imaging firm, also suffered a data breach due to an unprotected S3 bucket. The leaky bucket contained approximately 900,000 files including sensitive patient images and videos and consultation documents.
- The popular OurMine hacker group again made headlines this week for hacking the official Twitter accounts of the FC Barcelona and the International Olympic Committee. Last week, the group had hacked Twitter and Instagram accounts for both Facebook and Messenger to highlight the security lapses on social networking platforms.
- Public Services and Procurement Canada had inadvertently shared the data of more than 69,000 public servants with the wrong people. The data included full names, personal record identifier numbers, home addresses, and overpayment amounts of employees.
- A newly discovered Chinese hacker group called DRopBox Control (DRBControl) had hacked gambling websites in Southeast Asia to steal the target company’s database and source code. Researchers indicate that the group’s operational tactics overlap with tools & tactics used by Winnti and Emissary Panda.
- Some IT and email systems at the Denmark-based facilities management company ISS World were crippled due to a ransomware attack on February 17, 2020. The firm had immediately disabled access to shared IT services across its sites and countries to contain the infection.
- A three-year-old cyber espionage campaign called Fox Kitten was found now exploiting 1-day vulnerabilities in VPN & RDP services to launch attacks against the critical infrastructure sector. Researchers claimed the attacks to be the work of three Iranian groups, namely APT33 (Elfin, Shamoon), APT34 (Oilrig), and APT39 (Chafer).
- Adwind 3.0 that came with additional obfuscation techniques, had targeted more than 80 Turkish companies via phishing emails. The malware variant stole sensitive information from the infected computers and later sent it to the attackers’ C2 server.
- A new report has revealed that BlueKeep flaw continues to plague more than 55% of medical imaging devices. The flaw tracked as CVE-2019-0708 affects RDP service running on outdated Windows versions.
- Over 20,000 WordPress sites were detected running trojanized versions of premium WordPress themes and plugins designed to distribute WP-VCD botnet. The purpose of the attackers was to generate more revenues by misleading visitors with fraudulent ads.
- Emotet was observed in a SMiShing attack that mimicked the bank’s mobile banking page. The SMS message sent to recipients appeared to come from local U.S. numbers and alerted them about a locked account.
- AZORult trojan also made a comeback in a campaign disguising itself as fake ProtonVPN installers. Once installed, the trojan collected the infected machine’s environment data and sent it back to an attacker’s C2 server located in Russia.
Posted on: February 21, 2020
Get the Weekly Threat Briefing delivered to your email!
More from Cyware
Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.