Canadian banks targeted in a massive phishing scam
A phishing campaign targeting Canadian banks has been detected by Check Point engines. The campaign involves creating hundreds of lookalike domains of multiple banks including Royal Bank of Canada (RBC), Scotiabank, Wells Fargo, CIBC and TD Canada Trust. In the case of RBC, the attacks are carried out by sending legitimate looking emails with a PDF attachment that includes official bank logo and authorization code that is needed by the victims to renew their digital certificate for RBC express online banking system. Clicking on any URL in the document redirects users to a phishing page asking to enter their banking credentials. The phishing website resolved to a Ukrainian IP address.
267 Million Facebook users ID exposed online
According to a report by Comparitech and security researcher Bob Diachenko, the personal information (names and phone numbers) of over 267 Facebook users were exposed for about two weeks due to an unsecured Elasticsearch database. The data was most likely harvested through an illegal data scraping scheme, most likely by automated bots, and was carried out by cybercriminals operating out of Vietnam. Most of the affected users were from the United States.
Microsoft OAuth 2.0 flaw threatens Azure accounts
A vulnerability in the way Microsoft apps use OAuth for third-party authentication could allow an attacker to get access to the victim’s Azure cloud account. The vulnerability found by Cyberark researchers is the result of Microsoft OAuth 2.0 authorization flow, that automatically trusts certain third-party domains and subdomains that are not registered by Microsoft. Attackers can take advantage of this flaw by taking over these domains and registering them, which means they would get approved by default and can ask for access_token, allowing them to take actions using users’ permission.
“Evil Corp” cybercriminal group charged by United States
U.S prosecutors have taken legal and regulatory action against international cybercrime network Evil Corp. charging two of its suspected members in a 10 count indictment that included hacking and bank fraud. Additionally, the U.S Treasury Department have issued a $5 million bounty for information leading to the capture or conviction of Evil Corp’s leader. The masterminds behind the global banking fraud scheme that netted the group more than $100 million are Maksim Yakubets of Moscow and Igor Turashev from the Russian city Yoshkar-Ola.
Sprint contractor mistakenly exposes data of non-Sprint customers
A contractor working for Telecom giant, Sprint, reportedly stored and exposed cell phone bills of non-Sprint customers on an open server by mistake. The documents totalling to 261,300 contained names, addresses, phone numbers and call history of rival carrier services – AT&T, Verizon and T-mobile, and were collected as part of an effort to persuade the rival companies’ subscribers to switch to Sprint. All the documents were stored in an AWS storage bucket, which was not protected by any password, allowing anyone to access the data on the open server.