Google’s Threat Analysis Group warned about spear phishing attacks aimed against the campaign staffs working on the U.S. presidential campaigns of Democrat Joe Biden and Republican President Donald Trump, conducted by hackers with ties to China and Iran, respectively.
Biden’s staffers were targeted by APT31, whereas APT35 was behind the attacks aimed at Trump’s campaign. The researchers said that there is no evidence the attacks were successful.
The Wordfence researchers uncovered a large-scale campaign against WordPress websites in which attackers were trying to exploit old cross-site scripting (XSS) vulnerabilities in WordPress plugins and themes in an attempt to steal database credentials.
Wordfence said that between May 29 and May 31 it blocked over 130 million attacks intended to harvest database credentials from 1.3 million sites. The attacks were launched from over 20,000 different IP addresses that previously were used in another campaign that targeted WordPress sites at the end of April.
Last week Apple released security updates that fix a vulnerability that had been used to jailbreak iPhones running iOS 13.5.
The vulnerability, tracked as CVE-2020-9859, affects the iOS kernel and could allow an application to execute arbitrary code with kernel privileges.
Japanese cryptocurrency exchange Coincheck said it suffered a cyber attack in which unknown attackers accessed emails sent to the company by its customers. The attackers gained access to DNS records for the coincheck.com domain (Oname.com) at the firm’s third-party domain registrar, and modified the records to forward incoming emails to them.
The company said that nearly 200 customers have been impacted by the security breach. The leaked data may have included email address listed in the recipient, information listed in the customer's email and personal information such as name, registered address, date of birth, phone number, ID selfie.
Operators behind the NetWalker ransomware compromised the IT network of the University of California San Francisco (UCSF). As a proof of a the successful attack, the NetWalker hackers posted four screenshots, including of two files accessed by the attackers, on their darkweb portal.
The files’ names contain possible references to the U.S. Centers for Disease Control and Prevention and departments central to the university’s coronavirus research. The hackers also threatened to publish stolen information if the ransom payment is not received by June 8, although they did not mention the value of ransom demanded.
The DopplePaymer ransomware operators claim they have successfully compromised the network of Digital Management Inc. (DMI), a US company that provides business intelligence and cybersecurity services. The hackers reportedly gained access to NASA-related files, suggesting they compromised DMI's NASA-related infrastructure.
To support their claims, the DopplePaymer gang has published 20 archive files on their dark web portal. The leaked data includes various files spanning from HR documents to project plans.
Malicious actors behind REvil ransomware have launched an auction site to sell data stolen from networks of companies they compromised. Last Tuesday, the group began the online bidding process on its dark web site "The Happy Blog", posting samples of data allegedly belonging to Canadian firm Agromart Group and a U.S. food distributor.
The auction of Agromart’s data starts at $50,000 and has a 'buy-now' price of $100,000, while the U.S. food distributor’s data has a starting price of $100,000 and it can be bought immediately for the "Blitz price" of $200,000.
