Government
US Gov’t Payment Service Leaks 14M Records, OilRig APT Group Updates BONDUPDATER Trojan
11 - 18 September 2018
Government Payment Service Inc., a US credit card payment processing company that serves the government sector, leaked more than 14 million customer records due to a technical issue on its website.

Government Payment Service Inc., a US credit card payment processing company that serves the government sector, leaked more than 14 million customer records due to a technical issue on its website that allowed users to view millions of customer records simply by modifying digits in the web address displayed by online receipts, which were shown by the website when citizens used it to pay fees and fines. The leaked records dated back to at least six years ago and included names, addresses, phone numbers, and the last four digits of credit cards. The company has updated its system to ensure that only authorised users are able to view their individual receipts.
The OilRig APT group continues to target Middle Eastern governments and businesses using an updated version of the BONDUPDATER Trojan, which is delivered via spear phishing emails containing a macros-laden Microsoft Word document. The BONDUPDATER Trojan performs fundamental backdoor capabilities, such as uploading and downloading files and executing commands. It also uses TXT records within its DNS tunnelling protocol to communicate with the command and control server. The OilRig APT group appears to be very resourceful, using a trove of methods and tools to compromise targets. It was reported in early September that OilRig was using a new variant of the OopsIE Trojan against government entities in the Middle East.
References:
[1] GovPayNow.com Leaks 14M+ Records
[2] OilRig Uses Updated BONDUPDATER to Target Middle Eastern Government
The OilRig APT group continues to target Middle Eastern governments and businesses using an updated version of the BONDUPDATER Trojan, which is delivered via spear phishing emails containing a macros-laden Microsoft Word document. The BONDUPDATER Trojan performs fundamental backdoor capabilities, such as uploading and downloading files and executing commands. It also uses TXT records within its DNS tunnelling protocol to communicate with the command and control server. The OilRig APT group appears to be very resourceful, using a trove of methods and tools to compromise targets. It was reported in early September that OilRig was using a new variant of the OopsIE Trojan against government entities in the Middle East.
References:
[1] GovPayNow.com Leaks 14M+ Records
[2] OilRig Uses Updated BONDUPDATER to Target Middle Eastern Government
More Weekly Cyber Newsanalysis and insights

New Zealand Veterinary Company Hit By Ransomware Attack
The Gisborne branch of the Veterinary Enterprises Group, New Zealand’s largest vet company, suffered a ransomware attack last Saturday night that affected all affiliated clinics across the country.

Weekly Comments
Microsoft’s Patch Tuesday for September issued security updates to address 61 vulnerabilities, of which 17 have been rated critical.

Iranian Hackers Sell Stolen Essays From UK Universities, Edinburgh University Suffers DDoS Attack
Iranian hackers had hacked into top universities in the United Kingdom and stolen millions of essays, which were subsequently sold to customers in Iran for cash over Telegram and WhatsApp, as well as in the dark web.

Chinese APT Group Targets Japanese Media Sector, Turkish Hacker Group Hacks Egypt’s State-Run News Agency
Chinese cyber espionage group APT10 has been targeting the Japanese media sector by sending spear phishing emails with macros-laden Microsoft Word documents that download a newer version of the UPPERCUT backdoor.

Bristol Airport Suffers Ransomware Attack, British Airways Breach Caused By MageCart Skimmer
Bristol Airport in Bristol, UK, suffered a ransomware attack last Friday morning.

Amazon Investigates Employees Leaking Data, Perth Mint Suffers Data Breach
Amazon is investigating allegations that some of its employees have been leaking internal data to third party merchants in China to help them increase their sales on the e-commerce website.
Government
US Gov’t Payment Service Leaks 14M Records, OilRig APT Group Updates BONDUPDATER Trojan
11 - 18 September 2018
Government Payment Service Inc., a US credit card payment processing company that serves the government sector, leaked more than 14 million customer records due to a technical issue on its website.

Government Payment Service Inc., a US credit card payment processing company that serves the government sector, leaked more than 14 million customer records due to a technical issue on its website that allowed users to view millions of customer records simply by modifying digits in the web address displayed by online receipts, which were shown by the website when citizens used it to pay fees and fines. The leaked records dated back to at least six years ago and included names, addresses, phone numbers, and the last four digits of credit cards. The company has updated its system to ensure that only authorised users are able to view their individual receipts.
The OilRig APT group continues to target Middle Eastern governments and businesses using an updated version of the BONDUPDATER Trojan, which is delivered via spear phishing emails containing a macros-laden Microsoft Word document. The BONDUPDATER Trojan performs fundamental backdoor capabilities, such as uploading and downloading files and executing commands. It also uses TXT records within its DNS tunnelling protocol to communicate with the command and control server. The OilRig APT group appears to be very resourceful, using a trove of methods and tools to compromise targets. It was reported in early September that OilRig was using a new variant of the OopsIE Trojan against government entities in the Middle East.
References:
[1] GovPayNow.com Leaks 14M+ Records
[2] OilRig Uses Updated BONDUPDATER to Target Middle Eastern Government
The OilRig APT group continues to target Middle Eastern governments and businesses using an updated version of the BONDUPDATER Trojan, which is delivered via spear phishing emails containing a macros-laden Microsoft Word document. The BONDUPDATER Trojan performs fundamental backdoor capabilities, such as uploading and downloading files and executing commands. It also uses TXT records within its DNS tunnelling protocol to communicate with the command and control server. The OilRig APT group appears to be very resourceful, using a trove of methods and tools to compromise targets. It was reported in early September that OilRig was using a new variant of the OopsIE Trojan against government entities in the Middle East.
References:
[1] GovPayNow.com Leaks 14M+ Records
[2] OilRig Uses Updated BONDUPDATER to Target Middle Eastern Government
More Weekly Cyber Newsanalysis and insights

New Zealand Veterinary Company Hit By Ransomware Attack
The Gisborne branch of the Veterinary Enterprises Group, New Zealand’s largest vet company, suffered a ransomware attack last Saturday night that affected all affiliated clinics across the country.

Weekly Comments
Microsoft’s Patch Tuesday for September issued security updates to address 61 vulnerabilities, of which 17 have been rated critical.

Iranian Hackers Sell Stolen Essays From UK Universities, Edinburgh University Suffers DDoS Attack
Iranian hackers had hacked into top universities in the United Kingdom and stolen millions of essays, which were subsequently sold to customers in Iran for cash over Telegram and WhatsApp, as well as in the dark web.

Chinese APT Group Targets Japanese Media Sector, Turkish Hacker Group Hacks Egypt’s State-Run News Agency
Chinese cyber espionage group APT10 has been targeting the Japanese media sector by sending spear phishing emails with macros-laden Microsoft Word documents that download a newer version of the UPPERCUT backdoor.

Bristol Airport Suffers Ransomware Attack, British Airways Breach Caused By MageCart Skimmer
Bristol Airport in Bristol, UK, suffered a ransomware attack last Friday morning.

Amazon Investigates Employees Leaking Data, Perth Mint Suffers Data Breach
Amazon is investigating allegations that some of its employees have been leaking internal data to third party merchants in China to help them increase their sales on the e-commerce website.