Cyber Victor – a leading blog on cyber security

Researchers at Awake Security told Reuters that hundreds of Chrome browser extensions were found to be malicious. Most of the free extensions purported to warn users about questionable websites, or to convert files from one format to another. Instead, these Chrome extensions sucked up browsing history and data that provided credentials for access to internal business tools.

Based on the number of downloads, it was the most far-reaching malicious Chrome store campaign to date.

Google removed over 100 Chrome browser extensions from the official Web Store.

Read more about it here.

Researchers from Cisco Talos disclosed two critical flaws in the Zoom software, that could allow a remote attacker to write files to the targeted user’s system and possibly achieve arbitrary code execution.

The first vulnerability, CVE-2020-6109, is related to the way Zoom stores GIF image files. Zoom did not check the GIF source, allowing attackers to embed GIFs from a third-party server under the control of the attackers. The software further fails to sanitize the GIF filename, potentially allowing to achieve directory traversal, allowing to potentially store malicious files disguised as GIFs to any location on the target system.

The second vulnerability, CVE-2020-6110, is related to the way Zoom Client version 4.6.10 processes messages including shared code snippets. A specially crafted chat message can cause an arbitrary binary planting. which could be abused to achieve arbitrary code execution.

Newer versions of the video conferencing app patch the flaws.

Read more about it here.

Crooks who hacked online shops in several countries are offering for sale more than two dozen SQL databases.

The crooks demand that victims pay BTC 0.06 (about $550) within 10 days, or they leak the database content.

The crooks hack into insecure servers that are reachable over the public web, copy the databases, and leave a note asking for a ransom in return for the stolen data.

The databases contain over 1.5 million rows. Exposed records include email addresses, names, hashed passwords , mailing addresses, gender, and dates of birth.

Read more about it here.

Samsung is patching this month a critical security issue affecting all its Android smartphones sold since 2014, beginning with Android 4.4.4 KitKat. A “zero-click” vulnerability, this newly discovered flaw could let a hacker wreak havoc on someone’s phone by simply sending a specific type of image, exploiting the device without any user action.

The vulnerability was discovered by Mateusz Jurczyk, a security researcher with Google’s Project Zero bug-hunting team, who discovered a way to exploit how Skia (the Android graphics library) handles Qmage image files (.qmg) sent to a device.

Jurczyk said the attack usually needs between 50 and 300 MMS messages to probe and bypass Android’s ASLR (Address Space Layout Randomization), which usually takes around 100 minutes, on average.

This flaw was patched in Samsung’s May 2020 Security Update for Android, so if you own a Samsung device from 2014 or later, make sure to install the update when you get it.

Read more about it here.

Microsoft warns of a spike in malware spreading via pirate streaming services and movie piracy sites during the COVID-19 pandemic.

Cybercriminals are attempting to take advantage of the COVID-19 pandemic, spreading malware via pirate streaming services and movie piracy sites during the COVID-19 outbreak, Microsoft warns.

With lockdown still in place in many parts of the world, attackers are paying attention to the increase in use of pirate streaming services and torrent downloads. We saw an active coin miner campaign that inserts a malicious VBScript into ZIP files posing as movie downloads.

— Microsoft Security Intelligence (@MsftSecIntel) April 28, 2020

“We saw an active coin miner campaign that inserts a malicious VBScript into ZIP files posing as movie downloads,” the company’s security intelligence team says in a tweet.

“The campaign, primarily observed in Spain but has also shown up in some South American countries, aims to launch a coin-mining shellcode directly in memory. We’re seeing the campaign affecting a wide range of customers, from home users to enterprises.”

The movies concerned include John Wick: Chapter 3 – Parabellum, along with Spanish-language titles including Punales Por La Espalda, La Hija de un Ladrón and Lo Dejo Cuando Quiera – as well as Contagio, the Spanish-dubbed version of Contagion.

Read more about it here.

Hackers are offering for sale over 267 million Facebook profiles for 500 Euros ($540) on dark web sites and hacker forums.

In early March 2020, security expert Bob Diachenko uncovered an Elasticsearch cluster containing more than 267 million Facebook user IDs, phone numbers, and names. The archive was left exposed online for anyone to access without authentication. According to Diachenko, the data is the result of an illegal scraping activity by hackers in Vietnam, abusing Facebook API to collect the huge trove of data. A few days later, a second server was exposed by the same criminal group. The data on this server is identical to the data on the first server, but the data includes 42 million additional records. The records did not include passwords.

Read more about it here.

Tech giant Google said the COVID-19 (Coronavirus) pandemic has led to an explosion of phishing attacks, where cybercriminals lure users into revealing personal data.

Google said it is blocking almost 100 million phishing emails per day. Over the past week, 18 million of them were COVID-19 related.

Many of the emails impersonate as if they are coming from the World Health Organization.

So far in 2020, Americans lost $12 million to cybercriminals capitalizing on COVID-19.

Google’s gmail is used by 1.5 billion people.

Read more about it here.

The town of Jupiter, Florida, was hit on March 21, 2020 by ransomware REvil/Sodinokibi.

The town announced on March 23 that serveral online services, including utility payments, plan submission systems and all town email accounts, were down as a result.

The town decided not to pay the ransom. Instead, it is restoring its files from backups.

At least four Florida cities reported 2019 ransomware attacks:

• Pensacola suffered a Dec. 7 attack that disabled its phone systems, email system, 311 customer service line and online payments for Pensacola Energy and the city’s sanitation services;
• Lake City, a city of about 13,000 residents 65 miles west of Jacksonville, paid 42 Bitcoins, between $460,000 and $480,000, to end a June cyber-attack;
• The village of Key Biscayne, a community of 13,000 east of Miami, reported a ransomware “security event” in June;
• Riviera Beach, a city of 35,000 in Palm Beach County, paid 65 Bitcoins – approximately $600,000 – in May to regain access to its computer systems.

Read more about it here.

In a data-breach notice filed with the State of California, General Electric Company (GE) noted that it contracts with Canon to process various documents related to human resources matters.

“We are aware of a data security incident experienced by one of GE’s suppliers, Canon Business Process Services, Inc. We understand certain personal information on Canon’s systems may have been accessed by an unauthorized individual.” reads the statement sent by GE to BleepingComputer. “Protection of personal information is a top priority for GE, and we are taking steps to notify the affected employees and former employees.”

Breached data included divorce, death and marriage certificates; benefits information (beneficiary designation forms and applications for benefits such as retirement, severance and death benefits); and even medical child support orders. Other hacked info includes direct-deposit forms, driver’s licenses, passports, tax withholding forms, names, addresses, Social Security numbers, bank-account numbers, dates of birth and more.

The security breach did not impacted systems at GE or records of GE customers.

Read more about it here.

As Coronavirus-related attacks continue to increase, thousands of COVID-19 scam and malicious domains are being registered.

The web sites use a variety of attacks, such as phishing attacks, frauds, and malware-based attacks. The domains typically contain keywords such as Coronavirus, COVID, COVID19, pandemic, vaccine, and virus.

A security researcher who goes online by the name of DustyFresh published a list containing thousands of COVID19-related domains created between March 14 and March 23, 2020

Read more about it here.