Cybercriminals once again made headlines this week causing service interruption, hacking into user accounts, tricking users to clicking on a fraudulent link in an email, and many more data breaches. The news was all over the place about the on-going cyber trends, including newspapers, news websites, and blogs. Hence, it is imperative for cyber-security experts, researchers, analysts, information security managers, and even to people of the public to keep themselves aware and updated with what’s going on in cyberspace. So, here is the latest news updates of the week highlighting Cybersecurity news around the globe.
- ApexSMS Firm’s MongoDB Database Leaked
A text SMS marketing company called ApexSMS Inc., which is also working under the name of Mobile Drip has suffered an enormous data leak because of an unprotected MongoDB database. Apex SMS undertook ‘SMS Bombing Campaigns’ to promote this type of cyber-warfare. The data leak has disclosed around 80,055,125 records in total, which belonged to ApexSMS Inc. Advertisements by Gland Slam Marketing, a small time advertising company of ApexSMS, also compromised users’ privacy by keeping a track on them.
What kind of data was leaked?
The leaked data from 80 million records consist of MD5-hashed emails, IP addresses, contact details, and zip codes. Reports suggest that this campaign by ApexSMS Inc. exploited users’ vulnerabilities by stealing their IP addresses, e-mail addresses, and phone numbers.
- Data Breach In Three Anti-Virus Companies by Russian Hackers
As per the report published by Advanced Intelligence, a piece of news shows that there had been a data breach in three US-based Antivirus Companies and a group of Russian Hackers have taken responsibility of the digital attack. The attack by Russian hackers brings out the vulnerabilities of the most secure companies and proves that in this digital age, none is safe from cyber warfare.
Who did it? How much data was stolen? How did all this happen?
Fxmsp, a group of hackers, involved in international phishing cyber crime, have claimed that they have stolen around 30 terabytes of data, with the help of a credential-stuffing botnet, from three AV companies. They have also advertised that anyone can purchase the networks and source code of the three firms for a price of $300,000.
- Spread of Malicious Code by Compromising the Forms of Picreel as well as Alpaca
Picreel and Alpaca Forms have been used by the hackers, as a means for spreading malicious code to thousands of websites, just by making the modifications in the JavaScript files.
The malicious code has been detected in 1,249 and 3,435 websites in the scripts of Picreel and Alpaca, respectively. The modus operandi used by the attackers is as follows: The malicious code, which is embedded in the script, collects user data from contact forms, login sections, and payment pages. This information is then forwarded to a server which is located in Panama, reports say.
What is the response?
The developer of Alpaca Forms, Cloud CMS, has removed the CDN which was used to infect the script and has claimed that no data breach has been done.
- Security Breach in FirstBank Results in Cancelling of Debit Cards
The financial industry was once again at the center of the hacker’s attention. FirstBank has suffered a small but noticeable security data breach which has resulted in the compromise of information of 50 bank account holders. Reports reveal that the hackers did not breach Bank’s online systems. Instead, merchants through which FirstBank’s customers made transactions, were compromised. The Bank says that they have conducted thorough investigations into the incident.
Counter-measures Taken
As a step to secure the account holders from any unauthorized access, the bank has decided to cancel the debit cards, effective from May 13, 2019, and the bank has also sent a notice to its customers advising to stay vigilant and notify the bank of any suspicious or fraudulent activity.
- Hackers Get Access To The Data Of Customers At Uniqlo Online Retail Chain
The data of 460,000 customers of Uniqlo retail store has been accessed by the hackers between April 23 and May 10, as per the announcement made by Fast Retailing. As a result, shares of Fast retailing have slumped by 0.6%. The investigation in the data breach is under-way.
Which data was compromised?
The customer data relating to names, address, and contact details have been compromised, along with some partial credit card information. Meanwhile, Fast Retailing has advised its customers to change their passwords to the ones which are unique and challenging to guess by hackers.
- Chinese Threat Actors access the Diplomatic Correspondence Network
A report has been published by the BlackBerry Cyclance Threat Intelligence Team, which is based on the research done by Area 1 Security. The outcome of the research was that the Chinese cyber attack groups got access to the European Union’s diplomatic correspondence network. The exciting part, highlighted by Blackberry Cyclance team, is that a single C2 server was used in these attacks. This is the latest case of cyber espionage in the digital age.
What does the report say?
As per the report, the communication between 28 European Union countries, which was facilitated by the Ministry of Foreign Affairs of Cyprus along with the COREU Diplomatic Network, has been compromised. 100s of enterprises have been targeted, which includes the trade unions as well as think tanks.
- BTP Website Security Breach
Force has reported that the newsroom section of the British Transport Police’s website has suffered a hack. The digital attack, directed the users to Tumblr blog run by force when they clicked on the ‘latest news’ section.
The outcome of the Investigation
The BTP, National Crime Agency, and the National Cyber Security Centre are investigating the breach. For now, it has been reported that a small amount of information related to the staff, has been leaked.
- Attackers Compromise Best of the Web’s Trust Seal to Deploy Key Logging Script
Willem De Groot, a security researcher, has reported that Best of the Web’s Trust Seal script has been hacked, which was hosted on Amazon’s Content Delivery Network, to inject two key loggers.
What are the impacts?
The attackers encoded the logging scripts, but the security researchers were able to decode them. The Trust Seal Script, which has been compromised, is present on several websites. Best of the web is in the process of notifying all the affected persons.
References:
- Unprotected MongoDB database leaks over 80 million records belonging to an SMS marketing firm ApexSMS (Ryan Stewart, May 10, 2019)
- Top Russian Hacking Group Breaches Three AV Companies (Kacy Zurkus, May 10, 2019)
https://www.infosecurity-magazine.com/news/top-russian-hacking-group-breaches-1/
- Attackers compromise Picreel and Alpaca forms to deploy malicious code on thousands of sites (Sidarth Trisal, May 13, 2019)
- FirstBank Cancels Debit Cards Amidst a Security Breach (Sidarth Trisal, May 13, 2019)
https://cyware.com/news/firstbank-cancels-debit-cards-amidst-a-security-breach-9640c1ea
- Hackers access data from more than 460,000 accounts at Uniqlo’s online store (Eustance Huang, May 14, 2019)
- Single server ties hacked diplomatic cables to Chinese cyberattacks worldwide (Charlie Osborne, May 14, 2019)
https://www.zdnet.com/article/single-server-linked-to-hacked-cables-worldwide-chinese-cyberattacks/
- British Transport Police website hacked (BBC News, May 15, 2019)
- Attackers compromised Best of the Web Trust Seal to inject key loggers (Ryan Stewart, May 15, 2019)