InForce Cyber

Threat Report May 2020

The month of May was rich of ransomware attacks and multiple data breaches. Here are some topics to support this statement:

Data Breach in an Indian E-Governance Website Leaks Data of 7.26 Million Users.

On Sunday, May 31, 2020, a few security researchers reported a major data breach related to a government website in India.

  • Security researchers Noam Rotem and Ran Locar from vpnMentor published a report detailing a breach of approximately 7.26 million records related to India’s e-Governance website.
  • The researchers stated that the data was exposed through a misconfigured Amazon Web Services (AWS) S3 storage bucket containing 409 GB of data, including sensitive profile information and financial data related to the BHIM app users.

Details of 44m Pakistani mobile users leaked online, part of bigger 115m cacheThe data includes names, addresses, ID card details and phone numbers and appears to be from the electoral register. It is no longer accessible online.

The details of 44 million Pakistani mobile subscribers have leaked online this week.

The leak comes after a hacker tried to sell a package containing 115 million Pakistani mobile user records last month for a price of $2.1 million in bitcoin.

Now we know what the P really stands for in PwC: X-rated ads plastered over derelict corner of accountants’ website

A forgotten subdomain on PricewaterhouseCoopers’ dot-com has been hijacked to host ads for porno websites and apps, neatly demonstrating why you should not neglect your corporate DNS records.

Developer and security researcher Vitali Fedulov told The Register this week he has twice now found the pwc.com subdomain hosting a roster of X-rated adverts to lure netizens to online smut emporiums, X-rated apps, blogs, and adult-only chat rooms. The material also shows up in web searches.

The subdomain, amyca-devapi.pwc.com, has since been taken offline – it no longer resolves to an IP address – though its entries in Google remain for now

Microsoft’s GitHub account hacked, private repositories stolen

A hacker claims to have stolen over 500GB of data from Microsoft’s private GitHub repositories.

Based on the file stamps in full directory listing of the leaked files, the breach may have occurred on March 28th, 2020.

Russian hackers accessed emails from Merkel’s constituency office: Der Spiegel

BERLIN (Reuters) – Russia’s GRU military intelligence service appears to have got hold of many emails from Chancellor Angela Merkel’s constituency office in a 2015 hack attack on Germany’s parliament, Der Spiegel magazine reported on Friday 8th of May, without citing its sources.

A spokesman for the German government had no immediate comment. There was also no immediate comment from Moscow, which has denied previous allegations of hacking abroad.

Der Spiegel said federal criminal police and the federal cyber agency had been able to partially reconstruct the attack and found that two email inboxes from Merkel’s office had been targeted.

DigitalOcean Data Leak Incident Exposed Some of Its Customers Data

DigitalOcean, one of the biggest modern web hosting platforms, recently hit with a concerning data leak incident that exposed some of its customers’ data to unknown and unauthorized third parties.

Though the hosting company has not yet publicly released a statement, it did has started warning affected customers of the scope of the breach via an email.

According to the breach notification email that affected customers [1, 2] received, the data leak happened due to negligence where DigitalOcean ‘unintentionally’ left an internal document accessible to the Internet without requiring any password.

REvil attackers who threatened celebrity law firm, Trump, strike food distributor

The REvil/Sodinokibi ransomware hackers that struck celebrity law firm Grubman, Shire, Meiselas and Sacks and threatened to release information on clients like Lady Gaga and Madonna as well as President Trump likely exploited an unpatched Citrix vulnerability, and have now turned their sights to a major food company, Sherwood Forest and Harvest Distributors.

Edison Mail iOS Bug Exposes Emails to Strangers

A bug introduced in an iOS software update on the Edison Mail app allowed emails to be viewed by strangers.

Edison Mail, a popular third-party email app, has warned thousands of iOS users that their emails may have been compromised after a security flaw exposed emails to complete strangers.

Edison Mail, owned by Edison Software Inc., is in the top 100 productivity apps on the Apple app store, and touts itself as “lightning fast and secure mail.” According to Edison Mail, a recent iOS update caused a temporary bug in the app. This flaw potentially allowed the unauthorized email account access of 6,480 iOS Edison Mail users to other users.

Hacker sells 129 million sensitive records of Russian car owners

A database with 129 million records of car owners in Moscow is being offered for sale on a dark web forum.

The seller leaked some data for potential buyers to verify its accuracy. This is anonymized and contains all the car details present in the traffic police registry the vendor claims.

Looking at the response of the Vice-President of the European Parliament’s IT policy, it seems like GDPR only applies to others but not the lawmakers itself.

Data breaches in the European Union are subject to a law named the General Data Protection Regulation (GDPR). Recently, ShadowMapTech, an Indian cyberintelligence company discovered a data breach at the European Parliament. Its founder took to Twitter to reveal their findings in a series of tweets.

Data Breaches

Hacker leaks 2.3 million Indonesian citizenship data for download
Last month Hackread.com exclusively reported how the Indonesian e-commerce giant Tokopedia was hacked by dark web hackers and personal details of 92 million of its customers were being traded and sold on dark web marketplaces and several hacker forums.Now, a threat actor has leaked a trove of personal and electoral data claiming it belongs to 2.3 million Indonesian citizens. According to the sample data seen by Hackread.com, the data appears to date back to 2013 and seems to be stolen from the official website of The General Elections Commission or Komisi Pemilihan Umum (KPU) in Indonesian.The 2.36 GB of data has been divided into several folders all containing the data in PDF files including full names, addresses, registration numbers, family card numbers, date of birth and place of birth, etc.
Mathway investigates data breach after 25M records sold on dark web
A data breach broker is selling a database that allegedly contains 25 million Mathway user records on a dark web marketplace.Mathway is a calculator that allows users to type in math questions and receive an answer for free through their website or via Android and iOS apps.The Mathway app is top-rated, with over 10 million installs on Android and ranked as #4 under education in the Apple Store.Earlier this month, cyber intelligence firm Cyble, were tracking a potential data breach of Mathway after a purported database was being sold in private sales.This week, a data breach seller known as Shiny Hunters began to publicly sell an alleged Mathway database on a dark web marketplace for $4,000.
Cyber criminals leak personal data of 2.9 cr Indians on dark web for free
New Delhi, May 22 (PTI) Cyber criminals have posted personal data of 2.9 crore job-seeking Indians on dark web for free in one of the hacking forums, according to online intelligence firm Cyble.The company had recently revealed hacking of Facebook and Sequoia-funded Indian education technology firm Unacademy.’29.1 million Indian jobseekers’ personal details leaked in deepweb for free. We usually see this sort of leaks all the time, but this time, the message header got our attention as it included a lot of personal details – where most of the things are generally static such as education, address etc,’ Cyble said in a blog on Friday.
Data of 3.5 million Zoomcar customers up for sale
The data includes names, email ids, passwords, mobile numbers and IP addresses. The hacker is offering to sell data of 9 million Zoomcar users for $300.
Personal data of around 3.5 million Zoomcar users has been up for sale on what is known as the Dark Web since Thursday, according to a cybersecurity consultant.Dark Web refers to that area of cyberspace where content cannot be searched using normal search engines because it is encrypted.The data includes names, email ids, passwords, mobile numbers and IP addresses. The hacker is offering to sell data of 9 million Zoomcar users for $300
A massive database of 8 billion Thai internet records leaks
Thailand’s largest cell network AIS has pulled a database offline that was spilling billions of real-time internet records on millions of Thai internet users.
Security researcher Justin Paine said in a blog post that he found the database, containing DNS queries and Netflow data, on the internet without a password. With access to this database, Paine said that anyone could “quickly paint a picture” about what an internet user (or their household) does in real-time.

Security Threats By Trend

Vulnerability Summary May 2020

Following vulnerabilities, were rated “CRITICAL” by Microsoft


  1. Following Microsoft critical vulnerabilities, update all vulnerable services
  2. Only allow traffic to necessary and well secured ports
  3. Update AV solutions
  4. Phishing training for the employees.
  5. Regular pentests would identify possible weak points
  6. Encrypt data in transit and in rest