Home
Artists
Search
Recent
Random
Posts
DMs
Tags
Random
Importer
Import
FAQ
Account
Register
Favorites
Login
Patreon Security Newsletter (Patreon)
Content
All the major security news in one place:
BREAKING NEWS
Capital One reported a data breach by a hacker in Seattle who goes by Erratic. The data breach occurred due to a faulty configuration on Capital One’s firewall which allowed Erratic to access full names, SSNs, physical addresses, bank account numbers, and more from 106 million people.
https://krebsonsecurity.com/2019/07/capital-one-data-theft-impacts-106m-people/
BREAKING NEWS
Sephora customers in New Zealand, Australia, Singapore, Malaysia, Indonesia, Thailand, Philippines, and Hong Kong SAR were affected in a data breach to their online services. Exposed information includes full name, date of birth, gender, email address, and encrypted passwords, plus beauty preferences. The company has sent out a password change email and data monitoring services are available.
Equifax has to pay $575 million as part of their settlement with the FTC and CFPB to consumers whose data was affected in the 2017 breach. To find out if you were affected, and to find out how much you can claim, see the links below:
https://thehackernews.com/2019/07/equifax-data-breach-fine.html
https://www.ftc.gov/enforcement/cases-proceedings/refunds/equifax-data-breach-settlement
https://eligibility.equifaxbreachsettlement.com/en/eligibility
https://www.equifaxbreachsettlement.com/
Marcus Hutchins, AKA MalwareTech, is done with his court case. Hutchins pleaded guilty to creating and distributing banking malware when he was much younger, and due to his recent years of service fighting against malware, the judge sentenced him to time served.
https://thehackernews.com/2019/07/marcus-hutchins-sentenced.html
https://www.vice.com/en_us/article/9kxewv/malwaretech-wannacry-ransomware-sentencing
https://www.cyberscoop.com/marcus-hutchins-sentenced-kronos-wannacry/
https://twitter.com/emptywheel/status/1154789624843329536
https://twitter.com/MalwareTechBlog/status/1154787474486517762
https://www.cyberscoop.com/teenage-hackers-police-britain-netherlands/
https://www.politie.nl/themas/hack_right.html?sid=8f4296ab-ea98-4a08-ab28-81ef1fcf8b7c
The BlueKeep flaw has been officially exploited in a penetration testing software platform called Canvas. Canvas is available for sale by an American company who contracts with the US government.
https://thehackernews.com/2019/05/bluekeep-rdp-vulnerability.html
https://www.intezer.com/blog-watching-the-watchbog-new-bluekeep-scanner-and-linux-exploits/
https://thehackernews.com/2019/07/linux-malware-windows-bluekeep.html
https://twitter.com/Immunityinc/status/1153752470130221057
https://www.immunityinc.com/products/canvas/index.html
https://www.zdnet.com/article/us-company-selling-weaponized-bluekeep-exploit/
Russian made Monokle surveillanceware has been found in the wild being used to spy on Android devices. The malware modifies the Android trusted certificate store and C&C network that communicates over TCP, emails and more. It can read calendar, WhatsApp, Instagram, SMS and more messages. It can steal the PIN code off a phone, make outgoing calls, record calls and a whole slew more. It appears it was not available in the google play store, but as a third party download.
https://thehackernews.com/2019/07/russian-android-spying-apps.html
https://www.cyberscoop.com/gru-android-surveillance-lookout/
Ransomware hit Johannesburg in South Africa last week, infecting the electricity provider which in turn created blackouts for much of the residents. City Power was infected via the company’s database, internal network, official website and web apps.
https://thehackernews.com/2019/07/cyberattack-power-outage.html
According to reports, Apple uses a team of contractors to listen to recordings that are made via Siri to improve its accuracy. So basically any device that listens to your voice may be recording those for another human to listen to.
https://www.cnet.com/news/apple-listens-to-some-siri-recordings-to-make-it-better/
LibreOffice has a vulnerability that would allow an attacker to gain access to your system with malware just by opening a malicious document. It resides in LibreLogo, which is used for vector graphics. It was fixed but was later bypassed by a security researcher. A patch is not currently available but installing LibreOffice without macros can keep you safe.
https://thehackernews.com/2019/07/libreoffice-vulnerability.html
If you use Androids native video player, you could put yourself at risk of being compromised with a remote code execution vulnerability. An attacker could send a specially crafted video to you that holds and hides malicious code, which can infect your device. Google released a patch earlier this month.
https://thehackernews.com/2019/07/android-media-framework-hack.html
Facebook has been fined $5 billion by the FTC due to it’s collection of consumer data. This fine and agreement with the FTC does nothing to protect Facebook users from further collection of data. It doesn’t stop collection or sharing, or use for targeted advertising. Facebook made 16.9 billion in sales for the second quarter alone, so a $5 billion fine is pennies in their wallet.
https://www.businessinsider.com/facebooks-privacy-agreement-ftc-does-little-to-constrain-it-2019-7
ProFTPD, an open source FTP server, is vulnerable to attackers and would allow them to copy any file from a server via the FTP server without authorization. Unfortunately ProFTPD was alerted way back in September and did nothing to fix it, so Debian was eventually contacted as well. Once that happened, a backport to 1.3.6 was made available.
https://thehackernews.com/2019/07/linux-ftp-server-security.html
Privacy advocates are worried that satellite imagery will enable 24 hour surveillance. Over 140 imaging satellites are currently in orbit, many of which are privately owned. Creepy.
https://www.cnet.com/news/satellites-are-starting-to-watch-your-every-move/
Senate Majority Leader Republican Mitch McConnell blocked some election security bills last week, calling them partisan legislation. Ironically, the voting machine hacking village at DEF CON received wide support last year for showing how most, almost all, voting machines are indeed vulnerable to ridiculously easy hacks.
https://www.cnet.com/news/moscowmitch-trends-after-mcconnell-blocks-election-security-bills/
https://krebsonsecurity.com/2019/07/the-unsexy-threat-to-election-security/
Breaking encryption
In the never ending cycle of law enforcement vs tech sector, Attorney General William Barr is arguing again against consumer encryption on devices and online systems, stating that it seriously degrades LEO ability to prevent crimes before they happen. They love the idea of “responsible backdoors”, but he didn’t mention anything about currently used tools like GrayKey, that can bypass certain encryptions. He may not have to wait too long though since the Los Alamos National Laboratory is holding a Quantum Computer Summer School which teaches talented students about the future of computing. The sooner quantum computing is with us, the faster our current encryption techniques will be broken.
https://www.vice.com/en_us/article/d3nnkm/inside-the-governments-quantum-computing-summer-school
Louisiana’s governor has declared a state of emergency due to a rash of ransomware hitting public schools.
https://threatpost.com/louisiana-gov-declares-emergency-after-cyberattacks-plague-schools/146713/
A unique steganography attack was found in the wild. An attack was implanting PHP code into JEPG file EXIF headers to get malware onto target websites. This is an old school way of hiding data inside image files, and while inherently illegal to put on websites you don’t own, is still pretty cool.
https://threatpost.com/rare-steganography-hack-can-compromise-fully-patched-websites/146701/
According to analysts at Sucuri, a cybersecurity company, typosquatting is being used to masquerade malicious card skimming domains as legitimate Google sites. Attackers are leveraging vulnerable Magento websites so admins should patch as soon as possible.
https://threatpost.com/google-sites-card-skimming-thieves/146694/
https://www.zdnet.com/article/malicious-google-domains-used-in-magento-data-skimmer/
Amazon & Police
Amazon is working with five real estate companies to offer up to $5000 in Amazon credit including free Smart Home products for new home buyers. This includes Echo devices and Ring doorbell systems. Yikes.
Alongside this we’re still seeing reports about local law enforcement agencies working closely with Amazon to offer free Ring devices. LEOs are advertising the free Ring devices if residents download the Amazon surveillance app, Neighbors, which is basically a neighborhood watch app.
Three congresswomen in the US have proposed legislation that would ban the use of facial recognition technology in public housing, after each being confronted by residents in their counties with concerns about the technology. Since facial recognition is still in it’s early stages, it has a long way to go to overcome it’s current limitations, which tend to affect people of color and gender minorities.
Comodo Antivirus software has a whole slew of vulnerabilities that could allow for sandbox escape and privilege escalation attacks on a system. A tenable research engineer released a Proof of Concept on the attack. These CVEs were resolved in a July 29th update.
https://www.zdnet.com/article/comodo-antivirus-subject-to-serious-unpatched-vulnerabilities/
Robinhood is a stock trading service an app that has admitted to storing some user passwords in cleartext. They’ve resolved the issue and reset passwords out of caution, though no abuse was reported.
https://www.zdnet.com/article/robinhood-admits-to-storing-some-passwords-in-cleartext/
https://www.cyberscoop.com/robinhood-passwords-internal-system/