Security daily (19-05-2020)

'Greenbug' hacking group hits three telecom firms in Pakistan

For the past several months, suspected Iranian hackers have been rooting around the IT systems of at least three telecommunications companies in Pakistan, accessing data servers when it suits them, according to cybersecurity company Symantec. The report, published Tuesday, points the finger at a group called Greenbug, which used virtual “tunnels” to quietly stay connected to victim machines. The telecom data offered a trove of information to spy on targets in Pakistan, and the hackers were determined to access the companies’ networks. “As we would close one door, they would attempt to come back through another,” said Jon DiMaggio, senior cyberthreat analyst at the Symantec Enterprise Division, recalling Greenbug’s drive to stay on the Pakistani telecom companies’ networks after being discovered. Analysts told CyberScoop that the report is another example of the challenges some telecom providers have in keeping spies out of their networks. Eighteen different hacking groups linked to various governments went after telecom […] The post 'Greenbug' hacking group hits three telecom firms in Pakistan appeared first on CyberScoop. (CyberScoop)

EasyJet announces breach impacting 9 million people

Hackers accessed travel details about roughly 9 million people amid a data breach at EasyJet, the largest airline in the United Kingdom. In a statement Tuesday, EasyJet said thieves had walked off with customer emails and travel information in what the company described as a “highly sophisticated cyber-attack,” without providing any details. Credit card information belonging to 2,208 customers also was compromised in the incident, the company said. Exactly when the breach occurred remains unclear, though the airline first learned of the incident in January, according to the BBC. EasyJet alerted the U.K. Information Commissioner’s Office to the incident, as required under European data protection law. The General Data Protection Regulation requires breach victims to alert regulators within 72 hours under some conditions, such as when personal information is involved. “There is no evidence that any personal information of any nature has been misused, however, on the recommendation of the […] The post EasyJet announces breach impacting 9 million people appeared first on CyberScoop. (CyberScoop)

Tool targeting Android users in Thailand looks to be work of sloppy spyware startup

A software surveillance tool that appears to be linked to a spyware company notorious for shoddy exploits has been spying on WhatsApp and Facebook messages of Android users in Thailand, according to new Cisco Talos research published Tuesday. The malware, which Talos dubs “WolfRAT,” searches for activity on the victims’ chat applications so it can record activity on the screen, according to Talos. The surveillance tool is also capable of intercepting SMS messages, collecting contact information and browser history, taking photos, recording audio, and stealing users’ pictures, Talos researchers told CyberScoop. The tool, which Talos observed being used as recently as April, is believed to be attached to Wolf Research, a startup that was shut down once its work was exposed in a talk at the 2018 VirusBulletin Conference. Targets may be downloading WolfRAT after visiting websites with domain names linked to popular Thai cuisine, according to Talos. Victims may also have downloaded the […] The post Tool targeting Android users in Thailand looks to be work of sloppy spyware startup appeared first on CyberScoop. (CyberScoop)

US will try Joshua Schulte again for allegedly leaking CIA hacking tools

U.S. prosecutors will retry ex-CIA employee Joshua Schulte on espionage-related charges after a jury couldn’t come to a decision in his first trial. Assistant U.S. Attorney David Denton on Monday told a judge in the Southern District of New York that the Department of Justice “does intend to retry Mr. Schulte on the espionage charges.” The update comes more than two months after a jury found Schulte, 31, guilty of lying to the FBI and contempt of court, though they remained deadlocked on eight counts, including the illegal transmission of national defense information. Prosecutors will “clarify” the charges, Denton said, but not add any new criminal counts. While a trial date remains unclear, Judge Paul Crotty said jury selection would not begin before September, amid ongoing concerns connected to the coronavirus pandemic. “It’s difficult to predict when things are going to approach normal again,” he said. The teleconference came after […] The post US will try Joshua Schulte again for allegedly leaking CIA hacking tools appeared first on CyberScoop. (CyberScoop)

Money is still the main motivating factor for hackers, Verizon report finds

It’s a fact that seems obvious at first, but jarring when put into context: cybercrime is a lucrative business that continues to grow at a remarkable rate, according to the authors of a sweeping overview of major security incidents over the past year. Eighty-six percent of the data breaches in 2019 were motivated by money, according to Verizon’s annual Data Breach Investigation Report, which was released Tuesday. While the techniques have shifted, the figure is a significant uptick from the 71% of breaches that were financially motivated in 2018. “Attackers are going to look anywhere they can to generate revenue,” said Gabriel Bassett, senior information security data scientist at Verizon, adding that scammers are going about this tactic by re-using stolen usernames and passwords, and experimenting with email scams. Verizon’s DBIR has emerged as a reliable benchmark in assessing corporate cybersecurity threats and defenses. This year’s iteration analyzed roughly 157,000 […] The post Money is still the main motivating factor for hackers, Verizon report finds appeared first on CyberScoop. (CyberScoop)

EasyJet hack impacts nine million passengers

The personal details of nine million customers of budget airline EasyJet have been accessed by hackers in what the budget airline is describing as a “highly sophisticated attack.” (Graham Cluley)

FBI warns hackers are planting card skimmers on online stores running a vulnerable Magento plugin

The FBI has issued a “flash alert” warning that hackers are planting Magecart-style credit card-skimming code on Magento-powered online stores running an out-of-date plugin. (Graham Cluley)

Apple “MagicPairing” for AirPods – the magic isn’t perfect yet

Apple's efforts to overcome the limitations of Bluetooth is a proprietary system called MagicPairing, but there are flaws in the magic. (Naked Security)

Cash-flashing rapper charged with money laundering for BTC-e

The FBI nabbed "Plinofficial" when he arrived at Miami airport carrying $20K cash, allegedly made off of the defunct, fraud-fav exchange. (Naked Security)

Firefox to tell you if sites are shortening your passwords

Mozilla is fixing a longstanding password problem to alert users when their password exceeds the maximum length allowed. (Naked Security)

Take Control of Your iOS Data with This All-in-One Management App

We know our Null Byte readers would like to see some iPhone-hacking scenarios on the site soon, but until we get some of those up, we understand that some of you actually use an iPhone as your primary phone. If that's you, and you would like an easier way to get information from point A (your iPhone) to point B (your computer) and vice versa, there's an all-in-one tool that can help.

Overall, there's a reason why tech enthusiasts and coding fanatics tend to have a love-hate relationship with Apple products. Although undeniably powerful and pleasing to the eye, best-selling gadgets like the... more (Null Byte « WonderHowTo)

Hundreds Of Thousands Of QNAP Devices Vulnerable To Takeover

(News ≈ Packet Storm)

Ransomware Gang Arrested For Spreading Locky To Hospitals

(News ≈ Packet Storm)

Arkansas, Illinois COVID-19 Unemployment Sites Leak Data

(News ≈ Packet Storm)

EasyJet Admits Nine Million Customers Hacked

(News ≈ Packet Storm)

Brazil's Biggest Cosmetic Brand Natura Exposes Personal Details of Its Users

Brazil's biggest cosmetics company Natura accidentally left hundreds of gigabytes of its customers' personal and payment-related information publicly accessible online that could have been accessed by anyone without authentication.

SafetyDetective researcher Anurag Sen last month discovered two unprotected Amazon-hosted servers—with 272GB and 1.3TB in size—belonging to Natura that consisted of (The Hacker News)

British Airline EasyJet Suffers Data Breach Exposing 9 Million Customers' Data

British low-cost airline EasyJet today admitted that the company has fallen victim to a cyber-attack, which it labeled "highly sophisticated," exposing email addresses and travel details of around 9 million of its customers.

In an official statement released today, EasyJet confirmed that of the 9 million affected users, a small subset of customers, i.e., 2,208 customers, have also had their (The Hacker News)

New Bluetooth Vulnerability Exposes Billions of Devices to Hackers

Academics from École Polytechnique Fédérale de Lausanne (EPFL) disclosed a security vulnerability in Bluetooth that could potentially allow an attacker to spoof a remotely paired device, exposing over a billion of modern devices to hackers.

The attacks, dubbed Bluetooth Impersonation AttackS or BIAS, concerns Bluetooth Classic, which supports Basic Rate (BR) and Enhanced Data Rate (EDR) for (The Hacker News)

The Windows 7 Postmortem: What’s at Stake

Nearly a quarter of endpoints still run Windows 7, even though support and security patches have ended. (Threatpost)

EasyJet Hackers Take Off with Travel Details for 9M Customers

The vacation-centric airline is warning victims about social-engineering attacks. (Threatpost)

WolfRAT Android Malware Targets WhatsApp, Facebook Messenger

Researchers link the malware to Wolf Research operators with "high confidence" after it was spotted in campaigns targeting Thai users. (Threatpost)

Bluetooth Bugs Allow Impersonation Attacks on Legions of Devices

A host of unpatched security bugs that allow BIAS attacks affects Bluetooth chips from Apple, Intel, Qualcomm, Samsung and others. (Threatpost)

Adobe Patches Critical RCE Flaw in Character Animator App

A critical remote code execution flaw in Adobe Character Animator was fixed in an out-of-band Tuesday patch. (Threatpost)

Clever Phishing Attack Bypasses MFA to Nab Microsoft Office 365 Credentials

The attack discovered by Cofense can steal sensitive user data stored on the cloud as well as find other victims to target. (Threatpost)


/security-daily/ 20-05-2020 23:44:22