Share Blog post
- A New York senator has introduced Senate Bill S7289 that will prohibit municipal corporations or other government entities from paying ransom in the event of a cyberattack against them.
- Lawmakers in the state of Maryland are considering to penalize anyone who is in the possession of ransomware and intends to use it to cause harm. The state also further plans to grant victims of a ransomware attack the right to sue the hacker for damages in a civil court.
- The National Institute of Standards and Technology (NIST) has released version 1.0 of its Privacy Framework to help improve organizations’ approach to using and protecting personal data.
- Mitsubishi Electric Corp. had disclosed a massive cyberattack that affected the information of government agencies and other business partners. Among the potentially leaked information were the email exchanges with the Defense Ministry and the Nuclear Regulation Authority.
- Researched noted that Microsoft had briefly exposed call center data of almost 250 million customers due to unsecured Elasticsearch servers. The incident had occurred last year and the exposed information included customer emails, IP addresses, support agent emails, and internal notes.
- Magecart-type attacks were experienced on websites belonging to Hanna Andersson and resellers of tickets for the Euro Cup and the Tokyo Summer Olympics. The attacks enabled the attackers to steal payment card details of customers.
- The main server of the Insurance company SAOG in Oman was hit in a ransomware attack, causing the loss of some data created between December 10, 2019, and January 1, 2020. The terror of Sodinokibi ransomware was also seen as the threat actors came up with a new threat of publishing 50 GB of data stolen from the GEDIA Automotive Group.
- An unsecured Amazon S3 bucket owned by THSuite had leaked Personally Identifiable Information (PII) of 30,000 individuals connected to the medical and recreational marijuana industry. In total, over 85,000 files were leaked due to the unguarded bucket.
- A data breach at the German car rental company Buchbinder had affected the personal information of over 3.1 million customers. The incident had occurred due to an unprotected database.
- A new variant of FTCode ransomware was uncovered harvesting and exfiltrating saved user credentials from email clients and web browsers. The variant steals this data before it encrypts victims’ files.
- A ransomware variant belonging to the BitPyLock family was also spotted targeting individual workstations to compromise networks and stealing files before encrypting devices. The variant used .bitpy extension to append every encrypted file.
- Various organizations were targeted with fake business emails containing a new variant of NetWire trojan. The purpose of the campaign was to steal victims’ banking credentials.
- The Muhstik botnet was evolved to include exploits for Tomato routers. The variant scanned Tomato routers on TCP port 8080 and bypassed the admin web authentication by brute-forcing with default credentials.
- Over 2000 WordPress sites were hacked to redirect victims to scam sites containing unwanted browser notification subscriptions, fake surveys, giveaways, and fake Adobe Flash downloads. The sites were hacked by exploiting vulnerabilities in plugins.
- Trickbot trojan was upgraded with a new module called ‘ADII’ to target the Active Directory database stored on compromised Windows domain controllers. The new module takes advantage of the ‘Install from Media’ command to dump the Active Directory database and various Registry hives into the Windows Temp folder.
- Researchers detected a new malware named CARROTBALL that was used as a second-stage payload to target a US government agency and non-US foreign nationals professionally affiliated with current activities in North Korea.
Posted on: January 24, 2020
Get the Weekly Threat Briefing delivered to your email!
More from Cyware
Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.