Hackers Launch Hack-of-the-Month Club, Target DocuSign Users and Food Ordering Service

In case you missed our coverage this week in ThreatWatch, Nextgov’s regularly updated index of cyber breaches:

Phishing Campaign Targets Electronic Signature Service DocuSign Users

DocuSign, an electronic signature service, warned of a convincing phishing campaign targeting its users.

Since May 9, DocuSign had been tracking an increase in phishing emails that ask users to download a Word document with embedded malware. The company announced Monday a third party accessed a “non-core system” that allowed it to get users’ email addresses but not other information such as names, addresses or the documents being shared.

So the phishing campaign is targeting people who expect to click on links in DocuSign emails.

The company urged users to send suspicious emails to spam@docusign.com and delete any messages from unfamiliar or unexpected senders, that contain attachments or include misspelled domain names.

“We took immediate action to prohibit unauthorized access to this system, we have put further security controls in place, and are working with law enforcement agencies,” the company said.

Shadow Brokers Announce Hack-of-the-Month Club

The Shadow Brokers hacking group is exploring a subscription-based model for selling network vulnerabilities and other exploits to whoever is willing to pay for whatever purpose.

“Is being like wine of month club,” the group’s blog post said. “What members doing with data after is up to members.”

The group previously released the vulnerability that allowed the WannaCry ransomware to spread across the globe and last year held an unsuccessful auction for National Security Agency tools before trying other methods of selling them.

The “warez” the group is peddling for its subscription include exploits for web browsers, routers, mobile phones and Windows 10 operating system and compromised network data from SWIFT banking services and various countries’ missile programs, according to the blog post.

Food Ordering Service Zomato Announces Bug Bounty After Breach

After 17 million user accounts for the restaurant ordering service Zomato appeared for sale on the dark web, the company decided to work with the hacker and launch a bug bounty program.

“The hacker has been very cooperative with us,” the Zomato blog said. “He/she wanted us to acknowledge security vulnerabilities in our system and work with the ethical hacker community to plug the gaps. His/her key request was that we run a healthy bug bounty program for security researchers.”

The hacker nabbed 17 million user accounts, including names, usernames, user IDs, email addresses and password hashes with salt, which are difficult to convert into plain text. Zomato confirmed the breach May 18 and said no payment information was compromised. Users who reuse passwords should change them, the company said.

Zomato also announced it will begin a bug bounty program with HackerOne “very soon.” Over the last year, HackerOne has set up bug bounties for several federal agencies, including the Defense Department, individual military services and the General Services Administration.