Connect with us

Overview of security incidents from 28 August to 3 September 2021

Published

on

A brief overview of the main events in the world of information security over the past week.

New vulnerabilities in Microsoft Azure and the Bluetooth protocol, cyberattacks on cryptocurrency exchanges Bilaxy and Cream Finance, innovative hacking techniques and data leaks – read more about this and other events in our weekly review.

Microsoft has warned its customers, including the world’s largest companies, about the vulnerability found in the Azure cloud platform. Thanks to it, attackers could view, modify and delete confidential databases.

The problem stems from a series of code errors that allowed an attacker to gain access to the service architecture.

A team of scientists from the Singapore University of Technology and Design discloses details of more than a dozen vulnerabilities in the Bluetooth Classic protocol [BR/EDR]that can be used to perform various malicious actions – from initiating a device failure to executing arbitrary code and taking over control of a vulnerable system.

The vulnerabilities, collectively known as BrakTooth, affect SoCs from a number of manufacturers, including Intel, Qualcomm, Texas Instruments, Infineon (Cypress), and Silicon Labs.

This week, two cryptocurrency platforms were subjected to cyberattacks at once – Bilax and Cream Finance. In the first case, hackers hacked into a number of wallets in which cryptocurrency was stored in the amount of approximately $ 450 million, and in the second, the attacker managed to steal 418 million Flexa Network (AMP) tokens and 1,308 ETH for a total amount of over $ 18 million.

Cryptocurrency exchange Coinbase has caused panic among its customers by accidentally sending 125,000 users erroneous notifications about changes in two-factor authentication settings. As a result, some users rushed to sell cryptocurrency, suspecting a hack.

LockBit ransomware has released more than 200 GB of data allegedly stolen from one of Thailand’s largest airlines, Bangkok Airways, after it refused to pay the ransom. The company acknowledged the data breach and said that the stolen information could include personal data of some customers, including names, phone numbers, email addresses and partially credit card information.

Due to an error in the Francetest website for transmitting test results for COVID-19, the personal data of 700 thousand French people were in the public domain. The leaked information also included last names, first names, dates of birth, addresses, phone numbers, social security numbers and email addresses.

Operators of the Phorpiex malware shut down the botnet and put its source code up for sale on one of the cybercriminal forums for $ 9,000.

As indicated in the seller’s message, the reason for the sale is that none of the original authors of the malicious code is participating in the project anymore.

Cybercriminals are tirelessly developing new methods of earning money from malware. In particular, according to the specialists of the Cisco Talos team, a tactic that involves the use of proxyware – legitimate services that allows users to share part of their Internet connection for other devices – has recently become popular on the Internet.

According to experts, proxyware is used for malicious purposes in the same way as legitimate cryptocurrency mining software. Hackers try to unnoticeably install software on the victim’s device and hide its presence.

Hackers have developed a method for placing and storing malicious code in the memory of the video card, which makes it possible to avoid its detection by antiviruses. How exactly the exploit works is not yet clear. The hacker who developed it only said that it allows you to put malware in video memory, and then execute the code directly from there. He also added that the exploit only works with Windows operating systems that support the OpenCL framework version 2.0 and higher.

The computer systems of two UK VoIP operators went down due to DDoS attacks. Voip Unlimited reported that the ransomware demanded a “colossal ransom”. According to company representatives, the attack was carried out by the cybercriminal group REvil. The exact amount of the ransom was not disclosed.

Cybersecurity experts warned of an increase in the number of scans and attempts to exploit a recently discovered vulnerability (CVE-2021-26084) on corporate servers with the Atlassian Confluence wiki engine installed. Given the popularity of Confluence software and the ease of use of CVE-2021-26084, experts expect the number of attacks using this problem to increase significantly in the coming days.

A notorious attack on the SolarWinds supply chain, in which hackers spread malware through the SolarWinds Orion platform, also affected 3D design and graphics solutions company Autodesk. Attackers infected one of the Autodesk servers with Sunburst malware (Solorigate). The compromised server was discovered on December 13, 2020 and immediately isolated from the network, according to an Autodesk spokesperson. The analysis showed that the server contained only a backdoor, no other malware was found.

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Security

Vice Society ransomware attacked a network of medical facilities in California

Published

on

The ransomware said that they do not care who to attack, and they will not make exceptions for hospitals.

United Health Centers, a California-based network of medical facilities, was subjected to a ransomware cyberattack that disrupted all of its centers and leaked patient data.

United Health Centers has 21 public health centers in California counties such as Fresno, Kings and Tulare.

On August 31 of this year, BleepingComputer learned from an informed source from the information security community that United Health Centers’ medical facilities suffered from an attack by the Vice Society cyber ransomware group, as a result of which they had to turn off their entire network and IT systems and start restoring files from backup copies. However, representatives of United Health Centers did not comment on this information in any way.

This week, the Vice Society released files allegedly stolen in the August attack on United Health Centers. They contain sensitive information, including about beneficiary patients, financial records, test results and examinations. However, the organization remains silent.

The Vice Society is a relatively new cyber ransomware group that began operations in June this year. 20% of the companies published on its leak sites are related to the healthcare industry.

When asked by BleepingComputer why the group allows them to attack hospitals, the Vice Society responded as follows:

“Why not?

They always keep our confidential data clear. You, me and everyone else go to hospitals, give them our passports, talk about health problems, etc., and they don’t even try to protect our data. They receive millions from the state. Are they stealing this money?

The US President has given large sums of money to protect government networks, and where is this protection? Where is our defense?

If the IT department doesn’t want to do their job, we’ll do ours, and we don’t care if it’s a hospital or a university. “

Continue Reading

Security

The data of those wishing to take out a loan from Sovcombank got into the public domain

Published

on

The announcement of the sale of the Sovcombank customer database appeared on the darknet on September 20.

The questionnaires contain the full name, phone number, passport data, type of loan, address, marital status, contacts of relatives, place of work, position and income. The database also includes the responses of citizens to a call from a bank specialist. The bank said that in 2020 they identified an employee of an external call center who illegally copied loan applications. He was found guilty of divulging bank secrets and was sentenced to two years probation. During the investigation, the ex-employee of Sovcombank published an advertisement for the sale of data in his telegram channel, according to the organization. After that, Sovcombank again turned to the police: the department of the Ministry of Internal Affairs in Dagestan opened a criminal case on disclosing bank secrets and illegal access to protected computer information, and then transferred it to the regional department of the FSB. The case has now been sent to court. Now the stolen base is publicly available. …

Continue Reading

Security

Chinese authorities ordered to cleanse cartoons of “unhealthy” content

Published

on

The Chinese authorities are confident that cartoons should support “truth, goodness and beauty.”

The Chinese television regulator demanded that producers not allow scenes of violence, vulgar and pornographic content to appear in cartoons. At the same time, the authorities will encourage “healthy” cartoons that carry “truth, goodness and beauty.”

The National Radio and Television Administration of China issued a notice to cartoon creators on September 24. The regulator recalled that mainly children and young people watch cartoons. Therefore, producers and artists should fill the paintings with content that carries “truth, goodness and beauty,” the agency said.

The regulator promised to encourage the creators of “healthy” cartoons, but did not specify how exactly.

In recent months, the Chinese authorities have introduced several measures aimed at the younger generation. At the end of July, the country banned streaming with the participation of children under the age of 16. A local regulator expressed concern over the display of “capitalist values” and “extravagant pleasures” in the videos of young Chinese people.

In August, the Chinese authorities also limited the time children and teenagers can spend playing online. Minors are only allowed to play between 8:00 pm and 9:00 pm on Friday, Saturday, Sunday and public holidays.

Continue Reading

Most Popular