News Roundup for the 31st of July 2019

News Roundup for the 31st of July 2019

News roundup for the 31st of July 2019.

exc-5d428fced8b57900010a678c

Capital One reported a data breach by a hacker in Seattle who goes by Erratic. The data breach occurred due to a faulty configuration on Capital One’s firewall which allowed Erratic to access full names, SSNs, physical addresses, bank account numbers, and more from 106 million people.

Sephora customers in New Zealand, Australia, Singapore, Malaysia, Indonesia, Thailand, Philippines, and Hong Kong SAR were affected in a data breach to their online services. Exposed information includes full name, date of birth, gender, email address, and encrypted passwords, plus beauty preferences. The company has sent out a password change email and data monitoring services are available.

Equifax has to pay $575 million as part of their settlement with the FTC and CFPB to consumers whose data was affected in the 2017 breach. Ironically, as part of the settlement, they are offering consumers their credit monitoring service, they very service that was breached in the first place. Time I feel for Equifax, and Experian (who has had their fair share of breaches) to improve their security. To find out if you were affected, and to find out how much you can claim, see the links below:

Marcus Hutchins, AKA MalwareTech, is done with his court case. Hutchins pleaded guilty to creating and distributing banking malware when he was much younger, and due to his recent years of service fighting against malware, the judge sentenced him to time served.

The BlueKeep flaw has been officially exploited in a penetration testing software platform called Canvas. Canvas is available for sale by an American company who contracts with the US government. This is bad for those businesses out there that have Windows Server 2008 connected on the internet and run RDP. Even worse though is that there is a Metasploit module available from a number of GIT repositories.

Russian made Monokle surveillanceware has been found in the wild being used to spy on Android devices. The malware modifies the Android trusted certificate store and C&C network that communicates over TCP, emails and more. It can read calendar, WhatsApp, Instagram, SMS and more messages. It can steal the PIN code off a phone, make outgoing calls, record calls and a whole slew more. It appears it was not available in the google play store, but as a third party download.

Ransomware hit Johannesburg in South Africa last week, infecting the electricity provider which in turn created blackouts for much of the residents. City Power was infected via the company’s database, internal network, official website and web apps.

According to reports, Apple uses a team of contractors to listen to recordings that are made via Siri to improve its accuracy. So basically any device that listens to your voice may be recording those for another human to listen to.

LibreOffice has a vulnerability that would allow an attacker to gain access to your system with malware just by opening a malicious document. It resides in LibreLogo, which is used for vector graphics. It was fixed but was later bypassed by a security researcher. A patch is not currently available but installing LibreOffice without macros can keep you safe.

If you use Androids native video player, you could put yourself at risk of being compromised with a remote code execution vulnerability. An attacker could send a specially crafted video to you that holds and hides malicious code, which can infect your device. Google released a patch earlier this month.

Facebook has been fined $5 billion by the FTC due to it’s collection of consumer data. This fine and agreement with the FTC does nothing to protect Facebook users from further collection of data. It doesn’t stop collection or sharing, or use for targeted advertising. Facebook made 16.9 billion in sales for the second quarter alone, so a $5 billion fine is pennies in their wallet.

ProFTPD, an open source FTP server, is vulnerable to attackers and would allow them to copy any file from a server via the FTP server without authorization. Unfortunately ProFTPD was alerted way back in September and did nothing to fix it, so Debian was eventually contacted as well. Once that happened, a backport to 1.3.6 was made available.

Privacy advocates are worried that satellite imagery will enable 24 hour surveillance. Over 140 imaging satellites are currently in orbit, many of which are privately owned. Creepy.

Senate Majority Leader Republican Mitch McConnell blocked some election security bills last week, calling them partisan legislation. Ironically, the voting machine hacking village at DEF CON received wide support last year for showing how most, almost all, voting machines are indeed vulnerable to ridiculously easy hacks.

Breaking encryption

In the never ending cycle of law enforcement vs tech sector, Attorney General William Barr is arguing again against consumer encryption on devices and online systems, stating that it seriously degrades LEO ability to prevent crimes before they happen. They love the idea of “responsible backdoors”, but he didn’t mention anything about currently used tools like GrayKey, that can bypass certain encryptions. He may not have to wait too long though since the Los Alamos National Laboratory is holding a Quantum Computer Summer School which teaches talented students about the future of computing. The sooner quantum computing is with us, the faster our current encryption techniques will be broken.

A unique steganography attack was found in the wild. An attack was implanting PHP code into JEPG file EXIF headers to get malware onto target websites. This is an old school way of hiding data inside image files, and while inherently illegal to put on websites you don’t own, is still pretty cool.

According to analysts at Sucuri, a cybersecurity company, typosquatting is being used to masquerade malicious card skimming domains as legitimate Google sites. Attackers are leveraging vulnerable Magento websites so admins should patch as soon as possible.

Amazon & Police

Amazon is working with five real estate companies to offer up to $5000 in Amazon credit including free Smart Home products for new home buyers. This includes Echo devices and Ring doorbell systems. Yikes.

Alongside this we’re still seeing reports about local law enforcement agencies working closely with Amazon to offer free Ring devices. LEOs are advertising the free Ring devices if residents download the Amazon surveillance app, Neighbors, which is basically a neighborhood watch app.

Comodo Antivirus software has a whole slew of vulnerabilities that could allow for sandbox escape and privilege escalation attacks on a system. A tenable research engineer released a Proof of Concept on the attack. These CVEs were resolved in a July 29th update.

  • Recent Articles
Author Details
Founder & CEO at Hedgehog Security

Peter has been in the Information Security world since 1999 and in IT in general since 1996. His work history contains a unique blended balance between the development of exceptional technical capabilities and business knowledge. Peter is a proud father of twins and enjoys GT endurance racing on the weekends.

We would like to keep you informed about our services. Please tick the options below to receive occasional updates via

  • penetration testing steps
    Peter talks to FindMyUkCasino
  • Malware
    SB Tech Breach

    Last week saw SB Tech Breached by the hacking group Maze. It seems that every week the group are announcing more victims.  GameOn asked our CEO Peter Bassill, to give us some insight into the attack. The GameOn article is here.

  • Privacy
    Howto VPn

    In our “How to securely” series we asked our followers what tools they would like a simple guide on to help them stay secure online. There seemed to be a lot of confusion as to what a VPN is and why you should or should not use one. So we asked Peter to help.

  • WhatsApp
    How To Whatsapp Safely

    WhatsApp is among the fastest-growing instant messengers out there, and almost a social network in its own way. But if you are using it, there are some steps you should take to protect your security and privacy.

  • Morrisons Breach Update

    The UK’s highest court ruled that Morrisons can not be liable for a criminal act of a person seeking to harm their business. On April 1st, 2020, a panel of five justices unanimously ruled that Morrisons was not “vicariously liable”.

  • Remote Working Considerations

    With the current pandemic situation, we all need to be taking remote working considerations. While adjusting the work paradym, it is vital to keep a mind’s eye on the security and safety of the businesses information assets

  • Securing Zoom
    How To: Securing Zoom

    In this guide we are looking at how to go about securing zoom. Since the onset of the global pandemic, we have seen surge in “zoom bombing”. This is where people with malicious intent look for in-progress zoom meetings to join and cause trouble.

  • Software Security
    Dell EMC iDRAC memory corruption Vulnerability

    A critical vulnerabiltiy has been identified in Dell EMC iDRAC7, iDRAC8 and iDRAC9. Some unknown processing is affected by this issue. Manipulation with an unknown input can lead to stack based memory corruption.

  • Hiscox Sues for Failing to Disclose Data Breach

    On March 27th, Hiscox Insurance Company Inc. filed a complaint against law firm Warden Grier for concealing a data breach that occurred back in 2016.

  • Software Security
    Privilege escalation on Nginx Controller up to 3.1.x Controller API

    A critical vulnerability has been identified in Nginx Controller up to 3.1.x (web server,) affecting an unknown code block of the component Controller API.

Share on facebook
Facebook
Share on google
Google+
Share on twitter
Twitter
Share on linkedin
LinkedIn
Share on pinterest
Pinterest
Scroll to Top