PC PORTAL

Experienced. Trusted. Solutions.

data breach

By

Cyber News Rundown: Bank of America Breach Reveals PPP Info

Reading Time: ~ 2 min.

Bank of America Breach Reveals PPP Information

After processing over 300,000 Paycheck Protection Program applications, Bank of America has revealed that a data breach occurred within the U.S. Small Business Administration’s program that allowed all other SBA-authorized lenders to view highly sensitive data. The data includes tax information and social security numbers relating to both businesses and their owners and could have extremely devastating effects in the wrong hands. Fortunately, the SBA secured the compromised data within a day of being notified and Bank of America has reached out to affected customers offering of two years of identity theft protection. null

Bank of Costa Rica Suffers Data Breach

Threat actors working for the Maze group recently claimed to have belonging to millions of Bank of Costa Rica customer accounts, a claim that was quickly refuted by the bank itself. Within a week, Maze began publishing proof of their bounty and promised to continue posting records if the bank fails to improve their current security. Maze also claimed to have accessed the bank’s systems on multiple occasions to determine if security had improved but chose not to encrypt their systems as the second breach occurred during the COVID-19 pandemic.

Old LiveJournal Breach Data Re-emerges

Researchers have been looking into a recent data dump that appears to have originated from the 2014 LiveJournal breach and contains over 33 million records up to 2017. It is hard to precisely date the breach, as LiveJournal is a Russian-owned journaling service and never reported it, though many LiveJournal users were targeted in a past spam extortion email campaign. More recently, users of Dreamwidth, which shares the LiveJournal codebase, has seen reports of compromised accounts.

Turla Hackers Grabbing Antivirus Logs to Check for Detection

One of the largest state-sponsored hacker groups, Turla, has turned their attention to accessing antivirus logs on infected systems to determine if their malicious activity has been discovered. With the use of ComRAT V1 (and later versions), Turla has been gaining highly sensitive information from major national organizations for over a decade and continues to improve on their methods. By viewing the logs created by local antivirus software, the attackers can adjust more quickly to avoid future detections.

New COVID-19 Tracker Drops [F]Unicorn Ransomware

The latest to capitalize on the public’s pandemic fears, a new fake COVID-19 tracing app has been targeting systems in Italy by dropping a new ransomware variant dubbed [F]Unicorn. The malicious payload comes disguised as a file from the Italian Pharmacist Federation. It then directs the victim to a beta version of the yet-to-be-released Immuni tracing app, showing a fake tracing dashboard as the encryption process begins. The ransomware demands a 300-Euro payment but displays an invalid email address, so users would be unable to prove payment to the attackers even if they choose to pay.

The post Cyber News Rundown: Bank of America Breach Reveals PPP Info appeared first on Webroot Blog.

By

Cyber News Rundown: WHO Under Cyberattack

Reading Time: ~ 2 min.

World Health Organization Sees Rise in Cyberattacks

Officials for the World Health Organization (WHO) have announced that many of their sites and servers have been under attack by unsuccessful hackers trying to capitalize on the latest health scare. The attack stemmed from the use of several malicious domains that attempted to gain sensitive information and credentials from WHO employees. Thousands of other malicious domains have been created over the last few weeks to exploit the uninformed victims of the Coronavirus outbreak.

TrickBot Sidesteps 2FA on Mobile Banking Apps

The creators of TrickBot have developed a new mobile app called TrickMo, that can silently circumvent two-factor authentication that is used by various mobile banking apps. The malicious app is used mainly to intercept authentication tokens, once it is installed on the victim’s device. Currently, the TrickMo app is targeting German individuals and using the name “Security Control” to disguise any ulterior motives, and even sets itself as the default SMS app, in order to steal additional information.

Google Play Finds 56 New Malicious Apps

Over 56 new malicious apps have been spotted on the Google Play store, with a combined 1.7 million installations on devices across the globe. To make matters worse, a large portion of the apps were targeted specifically at children and used native Android functionality to imitate typical user actions to boost ad revenue. Many of the apps took extreme measures to avoid being uninstalled by the users, though Google itself has since removed all of the related apps from the Play Store.

Fake Coronavirus Vaccine Sites Shutdown

A website offering fake Coronavirus vaccine kits that were claiming to be approved by the WHO has been shutdown following a ruling by a federal court. The operator of the site has been accused of committing fraud and the hosting service has received a restraining order to stop public access to the site. The site in question, “coronavirusmedicalkit.com” offered the fake kits with users only paying for shipping and entering their payment card data.

Tupperware Website Breached

The main website for Tupperware was recently hacked and used to host Magecart code to steal payment card information. The malicious code was first discovered at the end of last week, but was still active nearly a week later, even after multiple attempts to contact the company. Magecart has been a wide-spread issue for online retailers over the last couple years, and still maintains a large presence due to their ease of use and continuing success.

The post Cyber News Rundown: WHO Under Cyberattack appeared first on Webroot Blog.

By

Cyber News Rundown: DDoS Strikes U.S. Health Department

Reading Time: ~ 2 min.

DDoS Attack Strikes U.S. Health Department

Amidst the panic caused by the novel coronavirus, millions of people began navigating to the U.S. Department of Health’s website to find more information on the illness, but instead found the site to be offline after a DDoS attack overwhelmed its servers. This comes as only one of many unfortunate attacks that are being used to spread disinformation and panic, as well as delay healthcare workers from assisting patients or working towards slowing the overall spread of the illness.

Netfilim Ransomware Uses Old Code but New Tactics

Researchers have been tracking the spread of a new ransomware variant known as ‘Netfilim,’ which has been on a steady rise since February. By utilizing a large portion of code from another ransomware variant, Nemty, it has a quick distribution rate and keeps with the promised threat of releasing all stolen data within a week of encryption. It does differ from Nemty in its payment process, however, relying solely on email communication rather than directing the victim to a payment site that is only accessible through a Tor browser, leaving .NETFILIM as the appended extension for all encrypted files.

US Loan Database Exposed

A database containing millions of financial documents and other highly sensitive information was found freely accessible through an unsecured Amazon web service bucket. Contained within the 425GB of data were credit reports, Social Security numbers, and personally identifiable information for thousands of individuals and small businesses. The database itself is connected with a loan app that was developed by two major New York funding firms, Advantage Capital and Argus Capital.  

Malicious Coronavirus Mapping Apps Spreading More than Misinformation

Many malware authors have been capitalizing on the recent coronavirus (COVID-19) epidemic by way of phishing campaigns and newly renamed ransomware variants. Their latest endeavor is an app used to reportedly “track” the spread of coronavirus across the globe, but has instead been dropping malicious payloads on unsuspecting victims’ devices. Some of these apps can lock devices and demand a ransom to unlock it, while others deliver full ransomware payloads that can encrypt and upload any files to another remote server. Fortunately, researchers worked quickly to engineer up a decryption key for victims.

Magecart Group Targets NutriBullet Website

Following a network breach in late February, Magecart scripts were found to be actively stealing payment card information from NutriBullet websites up to present. The specific organization, known as Group 8, has been using similar Magecart scripts for over two years and have claimed over 200 unique victim domains. Despite several contact attempts from the researchers who found the skimmers, no changes have been made to the affected sites, leaving current and new customers vulnerable.

The post Cyber News Rundown: DDoS Strikes U.S. Health Department appeared first on Webroot Blog.

By

Cyber News Rundown: Paradise Ransomware

Reading Time: ~ 2 min.

Paradise Ransomware Spreading Through Unusual Attachments

While Paradise ransomware isn’t new to the scene, the latest methods it’s using to spread are a bit surprising. Though it sticks to using email for transmission, it now offers up an IQY attachment instead of a typical word document or excel spreadsheet. These can make a quick connection to a malicious URL prompting the download of the actual ransomware payload. What makes these especially dangerous is that they appear to be simple text files with no internal malicious code, just commands for retrieving it, so it isn’t typically picked up by most security services.

Entercom Data Breach

One of the world’s largest radio broadcasters, Entercom, recently revealed it had fallen victim to a data breach. It was initiated through a third-party service that stored login credentials for Radio.com users and could affect up to 170 million customers. This breach would be the third security incident targeting Entercom in just the last six months. The company has already fallen victim to two separate cyberattacks that caused their systems to be disrupted. Entercom has since implemented several additional security measures and prompted all users to change their passwords, especially if reused on other sites.

Western Union Begins Fraud Payback

Western Union has started paying back roughly $153 million to victims of fraudulent transactions processed by the firm’s payment systems. According to the U.S. Department of Justice, several employees and owners of Western Union locations were involved with allowing these fraudulent payments to be made and failing to properly discipline those individuals. The payback terms have started with 109,000 victims worldwide and will eventually total $586 million in reimbursements.

Whisper App Exposes User Data and Messages

The anonymous messaging app Whisper was recently revealed to own an unsecured database containing a large amount of personal customer records. Two independent researchers first discovered the database, containing over 900 million records and reaching back nearly eight years, and quickly contacted Whisper. The company then locked down the unrestricted access. Though financial or personally identifiable information were not included in the database, the app does track location data that could be used to narrow down a specific user’s location to a home or place of work.

Online Shopper Records Leaked

Up to 8 million sales records were discovered in an unsecured MongoDB database that has been misconfigured for an undetermined amount of time. The researcher who found the database quickly contacted the third-party servicing company that managed the database and it was secured five days later. The database contained roughly four million records pertaining to Amazon UK and eBay alone, comprised mainly of payment and contact information for online shoppers.

The post Cyber News Rundown: Paradise Ransomware appeared first on Webroot Blog.

By

Cyber News Rundown: Estée Lauder Data Exposed

Reading Time: ~ 2 min.

Estée Lauder Leaves Massive Database Unprotected

Earlier this week researchers discovered an unsecured database containing over 440 million records belonging to Estee Lauder, a major make-up manufacturer. Though the company has confirmed that no customer data was stored in that database, they are still unsure on how long it was left exposed for and it did contain sensitive company information. Estée Lauder was able to properly secure the database on the same day the initial researcher contacted them.

SoundCloud Account Vulnerabilities Fixed

Researchers have contacted SoundCloud about vulnerabilities in their platform API that could allow attackers to illicitly access user accounts. While officials quickly resolved the security flaws, two additional API flaws had the potential to initiate DDoS attacks or create fraudulent song statistics by exploiting a specific set of track IDs. Attackers would have been able to exploit the user ID authentication to test previously leaked username/password combinations in hopes some victims were using the same credentials on multiple sites.

Danish Data Leak Exposes 1.3 Million Citizens

Over a period of five years from 2015 to 2020, a bug in the country’s tax systems has leaked sensitive ID numbers for nearly 1.3 million Danish citizens. The bug itself displayed the user’s ID number in the URL after the user made changes in their tax portal, which were then analyzed by both Google and Adobe. Fortunately, no additional tax or other personal information was divulged in the leak, which the government was quick to resolve.

Study Reveals Top Brands Used in Phishing Campaigns

After gathering data from nearly 600 million email boxes over the last year, researchers once again determined that PayPal was the most impersonated company for phishing attacks in 2019. The data also revealed that phishing campaigns disguised as PayPal were using an average of 124 unique URLs daily to propagate the malicious content. Many other top companies used in phishing campaigns in 2019 were financial institutions, as they are easy troves of consumer information.

Australia Debates Retention Period for Consumer Data

The Australian government has just begun debating changes to their current data retention period, which is currently two years (or significantly longer than any comparable nation’s policy). Storing data for that length of time can be extremely dangerous, especially given the rise in data breaches in recent years. While Australia believes it’s two-year limit to be a good balance, there is currently no management of who actually has access to the data and several amendments are introduced to improve the privacy of Australian citizens.

The post Cyber News Rundown: Estée Lauder Data Exposed appeared first on Webroot Blog.