Show vulnerabilities with patch / with exploit
29 June 2020

Weekly security roundup: June 29, 2020


Weekly security roundup: June 29, 2020

This past week has brought some interesting news that drew the attention of the infosec community. For example, a hacktivist group called Distributed Denial of Secrets (DDoSecrets) has published online a trove of sensitive data belonging to more than 200 police departments, law enforcement training and support resources and fusion centers.

The 269 GB data dump, dubbed “BlueLeaks”, has been published on a searchable portal. According to the BlueLeaks portal, the leaked data contains more than one million files, such as scanned documents, videos, emails, audio files, and more.

The Evil Corp gang, which is believed to be behind the Dridex malware and the BitPaymer ransomware, has resumed its activities after a period of being dormant following the charges against several of the group’s members in December 2019.

In 2020 the group made a comeback with a new ransomware called WastedLocker designed to encrypt the files on the infected computer. The new ransomware has little in common with the BitPaymer ransomware, apart from some similarities in the ransom note.

Researchers from Trustwave uncovered a new form of malware potentially targeting foreign companies operating in China. The malware, dubbed GoldenSpy, has been distributed via tax payment software that some businesses operating in China are required to install.

On compromised systems, the GoldenSpy malware is downloaded and executed two hours after the tax software installation process is completed. GoldenSpy has been observed to install two identical versions of itself, both as persistent autostart services. If either stops running, it will respawn its counterpart. The malware uses an exeprotector module that monitors for the deletion of either iteration of itself, and if deleted, it will download and execute a new version.

A mysterious hacker group is targeting online cryptocurrency exchanges by launching spear phishing attacks against employees and executives. The group, tracked as CryptoCore, Dangerous Password or Leery Turtle, is believed to have stolen more than $200 million fr om online cryptocurrency exchanges since 2018.

While the CryptoCore group, which is believed to be operating out of Eastern Europe region, is not extremely technically advanced, it is swift and effective. The group mainly targets cryptocurrency exchanges in the United States, Japan, and the Middle East.

The malicious actors behind the Maze ransomware operation claim they have compromised the systems of the South Korean electronic goods manufacturer LG Electronics and stolen 40 GB of source code from LG, including the source code of a product developed by LG for a major telecommunications company.

While the ransomware operators did not disclosed the name of the affected company, the screenshots posted on their data leak site as a proof suggest it may be the US-based telecoms company AT&T.

The US Department of Justice has broadened its criminal case against Julian Assange in a superseding indictment unsealed Wednesday that accuses the WikiLeaks founder of conspiring with hackers affiliated with Anonymous and LulzSec hacking groups.

According to the indictment, Assange sought to recruit hackers at conferences in Europe and Asia who could provide his anti-secrecy website with classified information. The indictment alleges that in 2012 Assange provided LulzSec’s leader, who was an FBI informant at the time, with a list of target organizations to conduct attacks against, including a private U.S. intelligence contractor.

Cyber crooks are now abusing Google's Analytics service to stealthily harvest credit card information from compromised e-commerce sites. Attackers are injecting data-stealing code on the compromised websites together with tracking code generated by Google Analytics for their own account, which allows them to steal all the data entered by users even if content security policies are configured.

Researchers from Kasperski said they identified about two dozen infected websites across Europe and North and South America that specialize in selling digital equipment, cosmetics, food products, and spare parts.


Back to the list

Latest Posts

Weekly security roundup: July 13, 2020

Weekly security roundup: July 13, 2020

A short overview of last week's top stories in the world of cyber security.
13 July 2020
Hackers are attempting to exploit recent Citrix vulnerabilities

Hackers are attempting to exploit recent Citrix vulnerabilities

Citrix downplayed the impact of the vulnerabilities and said they are less likely to be exploited compared to CVE-2019-19781.
13 July 2020
Zoom patches critical bug affecting Zoom client for Windows

Zoom patches critical bug affecting Zoom client for Windows

The company has also released a planned update for Phone and Web users, which brings AES-256 bit encryption.
13 July 2020