The cyberspace withstands serious threats every instant. These cyber-attacks are manageable with the right phishing prevention measures. However, along with an appropriate anti-phishing service, one must also have a profound knowledge of recent cyberattacks to have a better idea about what really is going on out there. Therefore we bring you the latest security headlines as nothing can be as informative as firsthand accounts of cyber attack survivors.
Coincheck Email Hacked
The domain of the Japanese cryptocurrency exchange Coincheck underwent a hack recently, which has probably compromised the details of over 200 of its customers. The hack happened earlier this week, where the adversaries accessed the DNS records for the coincheck.com domain and changed the files to redirect incoming emails to the hackers’ inbox.
All emails received by Coincheck between 31st May and 1st June are vulnerable. The details compromised in the attack include the sender’s email address, name, registered address, date of birth, phone number, ID Selfie, among other information. Coincheck is taking measures to prevent phishing attacks and has already changed the domain records since the attack.
DopplePaymer breaches NASA files
Defying phishing protection measures of even NASA, the notorious ransomware DopplePaymer recently announced that it had infected the network of NASA’s IT contractor – Digital Management Inc. (DMI). DMI provides IT services to many Fortune 100 companies and government agencies.
The ransomware could exfiltrate files from DMI’S NASA-related infrastructure and have posted 20 archive files on the dark web to extort NASA into paying them a ransom. It has also published a list of 2,583 servers and workstations that are part of DMI’s internal network.
Over 100,000 Indian IDs For Sale On Dark Web
Attackers have recently released over 100,000 scanned copies of IDs belonging to Indians in the dark market. These documents include their Aadhaar, PAN card and Passport. Researchers found that no government system is responsible for this breach. They assume that it’s some third party asking people to update their KYC whose network has been compromised.
The hacker claims to possess IDs belonging to Indians from different parts of the country. People are advised to monitor their bank accounts and protect themselves from phishing strictly.
Seven-Year-Old LG Vulnerability
The smartphone manufacturer has finally released a patch (LVE-SMP-200006) in his May 2020 security update for a vulnerability (CVE-2020-12753) that has been present in its Android smartphones for seven years now.
CVE-2020-12753 affected the bootloader (a firmware specific to each smartphone vendor) of LG smartphones. It was discovered by US software engineer Max Thomas in March 2020.
All LG smartphones utilizing QSEE (Qualcomm Secure Execution Environment) chips and running Android 7.2 and the later versions are advised to take phishing attack prevention measures and immediately get the patch updated.
Sodinokibi’s auction site for stolen data
To add to the woes of ransomware attacks and extortion campaigns, REvil (Sodinokibi) has recently launched an eBay-like auction site to trade in stolen data. The data that was previously released for free as revenge against companies that refuse to pay a ransom shall now be auctioned.
REvil has already put up the details of a recently hacked Canadian agricultural company for sale at a starting price of $50,000 in Monero cryptocurrency. Protection from phishing is no longer the only concern for firms with evil actors like Sodinokibi in the picture.
Lawsuit Filed Against Aveanna Healthcare
A lawsuit has been filed against the Atlanta-based pediatric home healthcare provider – Aveanna Healthcare for mishandling a data breach that took place between 9th July 2019 and 24th August 2019. This attack compromised the details of over 166,000 individuals.
Aveanna Healthcare notified about the attack only on 18th February 2020 and took inadequate email phishing prevention measures, which infuriated its customers. Compromised details include social security numbers, dates of births, bank account and credit card details, passport numbers, driver’s license numbers, medical record numbers, patient account numbers, diagnosis information, and treatment type of individuals. People are now demanding compensation for their losses.
Data breach at 8Belts
Spanish e-Learning platform 8Belts underwent a data breach recently which has compromised the details of over 100,000 e-learners. The affected data includes users’ national identity numbers, full names, email IDs, among other information. Researchers say that the breach initiated because 8Belts stored its data on a misconfigured Amazon Web Services (AWS) S3 bucket.
All e-learners using 8Belts are advised to take measures to ensure protection from phishing attacks, particularly those in Spanish-speaking countries.
Ransomware Hits NFN
The Nipissing First Nation underwent a ransomware attack recently, which affected all its departments. But the breach was well managed by NFN, and it couldn’t change their network much.
NFN’s staff took the right measures for protection against phishing and could successfully stop the attack. They collaborated with an independent security firm and found that no personal or confidential information has been released in the attack.
India’s BHIM App Undergoes Breach
A significant data breach recently compromised 7.26 million records from an Indian e-Governance website. The breach happened through a misconfigured Amazon Web Services (AWS) S3 storage bucket. The details compromised belonged to users of the BHIM app.
The app notified people that it takes all anti-phishing protection measures and that they have nothing to be afraid of because the app hasn’t been breached. Users should remain vigilant and adopt phishing prevention best practices.
Data Breach at Joomla
In yet another breach through Amazon Web Services S3 bucket, Joomla open source content management system risked the privacy of over 2,700 of its users. The data left online included the full name, business address, business email address, business phone number, company URL, password (hashed), IP address of users.
Joomla team is adopting anti-phishing solutions and asking JRD users to change their passwords and to look out for any unusual activity in their accounts. Although the risk factor is low for this attack and Joomla authorities claim that the exposed information was already public, nothing justifies the careless act of leaving hashed passwords and IP addresses open.
In its defense, Joomla said that they conducted a full security audit of the JRD portal immediately after discovering the breach.