Social Network For Security Executives: Network, Learn & Collaborate
This report summarises the top breaches between mid-August till 15th September 2020. The report will help you to keep track of the latest hacks and add insights to safeguard your organization by looking at the trends.
As per Twitter, a certain vulnerability may have exposed the direct messages of Android users.
“This vulnerability could allow an attacker, through a malicious app installed on your device, to access private Twitter data on your device (like Direct Messages) by working around Android system permissions that protect against this,” the company said in a blog post.
They also stated that there is no evidence that Android vulnerability has been exploited by hackers.
Source – Twitter Blog
Public-facing profiles of over 235 million users are compromised because of misconfigured online databases. Comparitech teamed up with Bob Diachenko to uncover three identical copies of the data on August 1, left online with no password or other authentication required to access it.
In total, 192 million profiles were scraped from Instagram, 42 million from TikTok, and 4 million from YouTube.
Source – Infosecurity Magazine
The eCommerce arm of Paytm has suffered a massive data breach according to US-based research firm Cyble. The hackers have demanded a ransom of 10 ETH amounting to $4000.
Hacker group John Wick is behind the breach, according to Cyble. According to experts, the group hacks databases of companies under the guise of offering help to fix bugs in their systems. “This (breach) was tipped off to us from an “alleged” ex-cartel member of a credible hacking group “John Wick“, the company said in a blog post.
Source – Economic Times
Crypto bases are an absolute favorite for Hackers, because of the amount of money one can steal. This time ETERBASE, a Bratislava, Slovakian based cryptocurrency exchange was attacked and more than $5 Million were stolen.
Eterbase confirmed the news on its Telegram and Twitter channels on Tuesday, stating that six hot wallets of the exchange containing ether (ETH), ERC-20 tokens, bitcoin (BTC), XRP, Algorand (ALGO), and Tezos (XTZ) were compromised.
Source – Hackeread.com
Hundreds of Emails from an internal account were forwarded to an unknown third party. Over 28000 records are compromised.
The global cybersecurity training and certifications organization said in a statement that the incident came to light on August 6 after a regular review of email configuration identified a “suspicious forwarding rule.”
“This rule was found to have forwarded a number of emails from a specific individual’s e-mail account to an unknown external email address,” it continued.
Source – Infosecurity magazine
A new ransomware operation has been found, dubbed Darkside. It launches customized attacks and asks for millions of dollars as a payout. A similarity in source code implies these threat actors could be following in the footsteps of GandCrab and REvil ransomware.
Ransomware attacks have been on a boom for several months. New Ransomware like
VHD, Ensiko, and several others have surfaced in the market, while on the other hand, almost all major law enforcement agencies like Interpol and FBI have been busy alerting users about the sharp increase in ransomware related activities.
Source – Cyware.com
We have seen increased cases of phishing attacks in the last month, few steps can be taken to curb the same :
There has been a 300% increase in Ransomware Attacks in 2020. 27% of Malware incidents happening were Ransomware Attacks (According to Verizon Data Breach report 2020). Ransomware attacks are increased due to COVID lockdown and can be traced to the following reasons :