ISBuzz Team

A hacker has published today a list of plaintext usernames and passwords, along with IP addresses for more than 900 Pulse Secure VPN enterprise servers. ZDNet, which obtained a copy of this list with the help of threat intelligence firm KELA, verified its authenticity with multiple sources in the cyber-security community. The list has been shared on a Russian-speaking hacker forum frequented by multiple ransomware gangs. According to a review, the list includes: IP addresses of Pulse Secure VPN servers Pulse Secure VPN server firmware version SSH keys for each server A list of all local users and their password…

Google’s Threat Analysis Group has published its bulletin outlining the coordinated influence operation campaigns that were terminated on its platform in Q2 2020.

Please find below expert commentary on th news that Canon experienced a ransomware attack, similar to LG and Xerox.

The Federal Bureau of Investigation (FBI) released information on malware variants referred to as TAIDOOR used by the  Chinese government-sponsored hackers targeting government agencies and other cooperations. Cybersecurity experts commented below.

As reported by the BBC, dentists’ bank account numbers and correspondence with a trade body are feared to have been stolen by hackers. The British Dental Association has told its members that it is still not sure exactly what was accessed in a breach on 30 July. A spokeswoman told the BBC it was possible that information about patients was exposed, but was vague about the potential context. The BDA’s website has been offline since the attack. It has urged members to be cautious of any correspondence claiming to be from a bank following the incident. The organisation is contacting those…

It has been reported that the Mirai botnet is now trying to exploit a critical RCE bug in F5 BIG-IP software. It scans for exposed BIG-IP boxes and then exploit with malicious payload, The successful exploitation will enable the attacker to ” to create or delete files, disable services, intercept information, run arbitrary system commands and Java code, completely compromise the system, and pursue further targets, such as the internal network” reported by researcher.

WhatsApp has introduced a feature allowing users to check the contents of viral messages in the latest move to root out disinformation and fake news being spread on the Facebook-owned service. The feature, which is being piloted in six countries including the UK from Tuesday, allows users to perform a Google search on content they have been forwarded to factcheck claims and information.

Brian Krebs reported that thousands of documents, emails, spreadsheets, images and the names tied to countless mobile phone numbers all could be viewed or downloaded without authentication from the domain theblacklist.click.  The directory also included all 388 Blacklist customer API keys, as well as each customer’s phone number, employer, username and password.

The operators of the Maze ransomware have published today tens of GB of internal data from the networks of enterprise business giants LG and Xerox following two failed extortion attempts. The hackers leaked 50.2 GB they claim to have stolen from LG’s internal network, and 25.8 GB of Xerox data. Both of today’s leaks have been teased since late June when the operators of the Maze ransomware created entries for each of the two companies on their “leak portal.” The Maze gang is primarily known for its eponymous ransomware string and usually operates by breaching corporate networks, stealing sensitive files first,…

As reported by Sky News, Russian hackers stole secret trade deal papers from the email account of former cabinet minister Liam Fox. Reuters report that Mr Fox’s account was broken into multiple times between 12 July and 2 October 2019 – in the run up to last year’s general election. It said a “spear phishing” message was used, which tricks the target into handing over their password and login details. Quoting unnamed sources, Reuters reported officials did not say which group was responsible but did insist the attack “bore the hallmarks of a state-backed operation”.