Cybersecurity Weekly: Dark web market down, FBI finds vishing scheme, hackers pose as recruiters

August 25, 2020 by Sam Fay

The dark web market Empire is down due to a multi-day DDoS attack. A new FBI alert warns of an ongoing vishing campaign. Hackers target defense contractors by posing as recruiters. All this, and more, in this week’s edition of Cybersecurity Weekly.


1. Dark web market Empire down due to a multi-day DDoS attack

The popular dark web site Empire Market has been down for at least 48 hours, with some users suspecting an exit scam and others blaming a prolonged distributed denial-of-service attack. Empire Market features numerous illicit goods including illegal drugs, chemicals, counterfeit items, jewelry and credit card numbers for sale using cryptocurrency payment methods.
Read more »


2. FBI alert warns of vishing campaign

As part of the attacks, which started in mid-July, adversaries attempted to gain access to employee tools via phishing phone calls. Once they were in possession of credentials, the attackers would access the databases of victim companies to harvest information on their customers and conduct further attacks.
Read more »


3. Hackers target defense contractors by posing as recruiters
A new in-the-wild malware has been spotted by the FBI that North Korean hackers are reportedly using to spy on key employees at government contracting companies. Dubbed BLINDINGCAN, the advanced remote access trojan acts as a backdoor when installed on compromised computers.
Read more »


4. Zoom went down and schools got a digital snow day

Zoom users around the world are unable to join meetings and video webinars using the Zoom web client and the desktop app just as students going back to school this week are relying on the  platform for online lessons. Some users also reported that they can’t open the company’s website.
Read more »


5. Experian South Africa suffers data breach affecting millions

The South African arm of Experian, one of the world’s largest credit check companies, last week announced a data breach incident that exposed personal information of millions of its customers. The suspected attacker behind this breach had already been identified and the stolen data of its customers had successfully been deleted from their computing devices.
Read more »


6. A Google Drive feature could let attackers trick you into installing malware

An unpatched security weakness in Google Drive could be exploited by malware attackers to distribute malicious files disguised as legitimate documents or images, enabling bad actors to perform spearphishing attacks comparatively with a high success rate. The flaw allows users to upload and manage different versions of a file.
Read more »


7. Experts reported security bug in IBM’s Db2 data management software

Last week, cybersecurity researchers disclosed details of a memory vulnerability in IBM’s Db2 family of data management products that could potentially allow a local attacker to access sensitive data and cause denial-of-service attacks. An attacker could also create a malicious application to overwrite the memory with rogue data dedicated to tracing data.
Read more »


8. Iranian hackers attack exposed RDP servers to deploy Dharma ransomware

Low-skilled hackers are targeting companies in Russia, India, China and Japan. They are going after easy hits, using publicly available tools and deploying Dharma ransomware. Based on forensic artifacts, this is a non-sophisticated, financially-motivated gang that is new to cybercrime.
Read more »


9. Popular Freepik site discloses data breach impacting 8.3 million users

Freepik, the popular website that provides high-quality free photos and design graphics, has disclosed a major security breach. Freepik says that hackers were able to steal emails and password hashes for 8.3 million Freepik and Flaticon users in an SQL injection attack against the company’s Flaticon website.
Read more »


10. Uber’s former CSO has been charged with covering up a hack

Last week, the U.S. Department of Justice announced that Uber’s former chief security officer Joe Sullivan has been charged with obstruction of justice. Sullivan, who led Uber’s security team, has been accused of attempting to cover up a 2016 data breach, which exposed the data of 57 million Uber customers and drivers.
Read more »

Posted: August 25, 2020
Sam Fay
View Profile