Today: Avon suffers a massive data breach, North Korean hacking group Lazarus is changing techniques with custom ransomware and bank of Ireland gets thrown a 1.6 million euro fine and Garmin is back online.

Avon Server has massive Leak of User Info and Administrative Data

  • An unprotected server has exposed more than 7GB of data from the beauty brand including 19 million records, open and available with no authorization required.


  • The information on the server included both critical details about individuals and administrative data, such as OAuth tokens and administrative user names.

  • Between the two types of data, attackers could conduct extensive identity theft operations and gain access to significant administrative capabilities on the server.

Source: https://www.safetydetectives.com/blog/avon-leak-report/

Lazarus Group Shifts Gears with Custom Ransomware

  • The North Korea-linked APT group Lazarus, has developed its own ransomware strain to better conduct financial theft Kaspersky report.


  • Its creation and distribution of VHD ransomware indicates a shift in strategy.

  • VHD ransomware was leveraged in attacks against two organizations in March and April 2020, Kaspersky researchers report.

  • The victims, one located in France and another in Asia, are both large companies in different industry verticals

  • The malware itself "doesn't stand out of the ordinary," says Ivan Kwiatkowski, senior security researcher with Kaspersky. "During our first encounter with it, we felt like it was definitely recent and lacking in maturity."

  • The  VHD is written in C++ and crawls connected disks to encrypt files and delete folders called System Volume Information, which are linked to Windows' restore point feature.

  • Only found a few samples have been found with little public references. This indicates it's not traded in market forums, which is usually how it's monetized.

  • Lazarus Group has always focused on financial gain but has traditionally been involved with banking and fraud targeting the SWIFT financial network.

Source: securelist.com .

Bank of Ireland fined €1.66 million after being tricked by fraudster

Bank of Ireland fined
  • One of Ireland’s largest banks was fined almost €1.7 million after it was discovered it had failed to inform financial regulators and the police after a fraudster tricked them into transferring funds from a client’s account.

  • The attack happened in In September 2014.

  • A fraudster impersonated a client of Bank of Ireland’s former subsidiary  and tricked the bank into transferring a total of €106,430 (approximately US $125,000) from the client’s personal current account into a UK bank account.

  • The fraudster had hacked into the victim’s email account to request the money transfers from the bank.

  • The bank released confidential details related to the account to the fraudster without requiring them to answer any security questions.

  • Over a year later before Central Bank discovered a reference to the incident in Bank of Ireland’s logs, demanded more details.

  • According to the Central Bank of Ireland report, the problems related to third-party payments were only fixed 17 months after the incident, and even then only after the Central Bank intervened.

Source: Central Bank

Garmin staggers back online after ransomware attack

  • In a press release which – The company goes out of their way to avoid using ransomware but did say systems were encrypted.

  • Rumors circulated the attackers were requesting a ransom of $10 million.

  • The company has stated that there is no indication personal user data has been misused.

Source https://grahamcluley.com/

More on the Twitter hack

  • Over 1000 Twitter Staff and Contractors Had Access to Internal Tools that Helped Hackers Hijack Accounts
  • The European Bank for Reconstruction and Development (EBRD) is not having the best of mornings, as itself admitted

Source: https://twitter.com/EBRD/status/1288343268225417219