Weekly Digest #17
Critical zero-day RCE in Microsoft Office 365
A remote code execution (RCE) vulnerability in Microsoft Exchange Online remains unresolved after security researchers bypassed two patches for successive exploits.
The zero-day flaw impacts multiple Software as a Service (SaaS) providers and on-premise installations of Exchange Server.
Microsoft assigned the initial flaw (CVE-2020-16875) as a high-risk classification (CVSS 8.4), though marked it as having a low attack complexity.
The vulnerability was found within the New-DlpPolicy cmdlet and arose from improper “validation of user-supplied template data when creating a dlp policy”.
Microsoft rewarded researcher for his findings under their Online Services Bounty Program, which pays up to $20,000 for critical RCE flaws.
Hackers have leaked the COVID-19 vaccine data they stole in a cyberattack
This week Hackers have leaked the information they stole about the COVID-19 vaccines as part of a cyberattack targeting the European Union’s medical agency.
The agency continues to support the criminal investigation into the data breach fully. To notify any additional entities and individuals whose documents and personal data may have been subject to unauthorised access.
This group of hackers gained access to the information by breaching one undisclosed IT application – and that the attackers were explicitly targeting data related to COVID-19 medicines and vaccines.
Billions were stolen in blockchain hacks last year
For most people in the World 2020 was a challenging year, but it was such a productive year for hackers. They steal $3.8 billion in cryptocurrency in 2020 from 122 good planned attacks. They are running Bitcoin-related hacks and potentially netting “nearly $3.78 billion” in 2020.
Wallets were the most lucrative target, with $3 billion in losses in current values and an average of $112 million per wallet hacking event compared to about $10 million per attack on Ethereum apps or exchanges.
FBI Warns of Egregor Attacks on Businesses Worldwide
FBI said the malware has already compromised more than 150 organisations and provided insight into its ransomware-as-a-service behaviour.
The agency has alerted companies in the private sector to a spate of attacks using the Egregor ransomware. The malware currently is raging a warpath across businesses worldwide and has already compromised more than 150 organisations.
Egregor — the name of which refers to an occult term meant to signify the collective energy or force of a group of individuals–is indeed the work of a “large number of actors” and operates as a ransomware-as-a-service model, according to the FBI.
Telegram Bots at Heart of Classiscam Scam-as-a-Service
The cybercriminal service has scammed victims out of $6.5 million and continues to spread on Telegram. A new automated scam-as-a-service has been unearthed, which leverages Telegram bots to steal money and payment data from European victims.
The scam, which researchers call Classiscam, is being sold as a service by Russian-speaking cybercriminals and has been used by at least 40 separate cybergangs – which altogether made at least $6.5 million using the service in 2020.
Is your business effected by Cyber Crime?
If a cyber crime or cyber attack happens to you, you need to respond quickly. Cyber crime in its several formats such as online identity theft, financial fraud, stalking, bullying, hacking, e-mail fraud, email spoofing, invoice fraud, email scams, banking scam, CEO fraud. Cyber fraud can lead to major disruption and financial disasters. Contact Digitpol’s hotlines or respond to us online.
Digitpol’s Cyber Crime Investigation Unit provides investigative support to victims of cyber crimes. Digitpol is available 24/7. https://digitpol.com/cybercrime-investigation/
UK +44 20 8089 9944