Reading Time: ~ 2 min.

Bank of America Breach Reveals PPP Information

After processing over 300,000 Paycheck Protection Program applications, Bank of America has revealed that a data breach occurred within the U.S. Small Business Administration’s program that allowed all other SBA-authorized lenders to view highly sensitive data. The data includes tax information and social security numbers relating to both businesses and their owners and could have extremely devastating effects in the wrong hands. Fortunately, the SBA secured the compromised data within a day of being notified and Bank of America has reached out to affected customers offering of two years of identity theft protection. null

Bank of Costa Rica Suffers Data Breach

Threat actors working for the Maze group recently claimed to have belonging to millions of Bank of Costa Rica customer accounts, a claim that was quickly refuted by the bank itself. Within a week, Maze began publishing proof of their bounty and promised to continue posting records if the bank fails to improve their current security. Maze also claimed to have accessed the bank’s systems on multiple occasions to determine if security had improved but chose not to encrypt their systems as the second breach occurred during the COVID-19 pandemic.

Old LiveJournal Breach Data Re-emerges

Researchers have been looking into a recent data dump that appears to have originated from the 2014 LiveJournal breach and contains over 33 million records up to 2017. It is hard to precisely date the breach, as LiveJournal is a Russian-owned journaling service and never reported it, though many LiveJournal users were targeted in a past spam extortion email campaign. More recently, users of Dreamwidth, which shares the LiveJournal codebase, has seen reports of compromised accounts.

Turla Hackers Grabbing Antivirus Logs to Check for Detection

One of the largest state-sponsored hacker groups, Turla, has turned their attention to accessing antivirus logs on infected systems to determine if their malicious activity has been discovered. With the use of ComRAT V1 (and later versions), Turla has been gaining highly sensitive information from major national organizations for over a decade and continues to improve on their methods. By viewing the logs created by local antivirus software, the attackers can adjust more quickly to avoid future detections.

New COVID-19 Tracker Drops [F]Unicorn Ransomware

The latest to capitalize on the public’s pandemic fears, a new fake COVID-19 tracing app has been targeting systems in Italy by dropping a new ransomware variant dubbed [F]Unicorn. The malicious payload comes disguised as a file from the Italian Pharmacist Federation. It then directs the victim to a beta version of the yet-to-be-released Immuni tracing app, showing a fake tracing dashboard as the encryption process begins. The ransomware demands a 300-Euro payment but displays an invalid email address, so users would be unable to prove payment to the attackers even if they choose to pay.

Connor Madsen

About the Author

Connor Madsen

Threat Research Analyst

As a Threat Research Analyst, Connor is tasked with discovering and identifying new malware variants, as well as testing current samples to ensure efficacy. Don’t miss the latest security news from around the world in his weekly Cyber News Rundown blog.

Share This