Security Friday

Link

Wi-Fi Gateway From Airangel Affects Hundreds of Hotels

Andrew Orr ·

Security researcher Etizaz Mohsin says that the Airangel HSMX Gateway, used by many hotels to offer Wi-Fi to guests, contains hardcoded passwords that are easy to guess.

With those passwords, which we are not publishing, an attacker could remotely gain access to the gateway’s settings and databases, which store records about the guest’s using the Wi-Fi. With that access, an attacker could access and exfiltrate guest records, or reconfigure the gateway’s networking settings to unwittingly redirect guests to malicious webpages, he said.

Link

Sennheiser Leak Exposed 55GB of Data for Thousands of Customers

Andrew Orr ·

Led by Noam Rotem and Ran Locar, vpnMentor’s research team recently discovered a cache of data from audio company Sennheiser. It appears to be from an old cloud account that’s been dormant since 2018. Over 28,000 Sennheiser customers were exposed, with sensitive private data leaked.

While it’s unclear how all this data was collected, it appears to be from customers and businesses requesting samples of Sennheiser products.

Examples of entries: Full names, Email addresses, Phone numbers, Home addresses, Names of companies requesting samples, Number of the requesting company’s employees

Link

US Logistics Company 'D.W. Morgan' Leaks Data Through Amazon S3

Andrew Orr ·

A report from Website Planet reveals D.W Morgan left an Amazon S3 bucket unprotected, resulting in the exposure of over 2.5 million files.

An Amazon S3 bucket owned by D.W. Morgan was left accessible without authorization controls in place, exposing sensitive data relating to shipments and the company’s clients.

As a market leader, D.W. Morgan provides services to some of the biggest companies in the world and there are major Fortune 500 organizations with data exposed on the open bucket.

Link

Google's Project Zero Deep Dives into NSO Group 'FORCEDENTRY' Exploit

Andrew Orr ·

Google’s Project Zero security team published a deep dive into FORCEDENTRY, a zero-click exploit in iMessage used by NSO Group. Apple’s Security Engineering and Architecture (SEAR) group collaborated on the analysis.

Based on our research and findings, we assess this to be one of the most technically sophisticated exploits we’ve ever seen, further demonstrating that the capabilities NSO provides rival those previously thought to be accessible to only a handful of nation states.

The vulnerability discussed in this blog post was fixed on September 13, 2021 in iOS 14.8 as CVE-2021-30860.

Link

iCloud, Twitter, MineCraft, Cloudflare, All Vulnerable to a Powerful Bug

Andrew Orr ·

According to a report on Friday, major apps and services such as iCloud, Cloudflare, Steam, Twitter, and others are vulnerable to a bug.

On Thursday, researchers noticed that a popular Java logging library (log4j) had a bug that allows for Remote Code Execution or RCE, hacker lingo for one of the most dangerous types of vulnerabilities, one that essentially allows hackers to take control of the target. GitHub labeled the vulnerability as “critical severity,” and many researchers, as well as the Director of Cybersecurity at the NSA, are sounding the alarm.

If the NSA is publicly worried, you know it’s bad. Update: Cloudflare says they are not vulnerable, “We responded quickly to evaluate all potential areas of risk and updated our software to prevent attacks, and have not been able to replicate any external claims that we might be at risk.” The company published a blog post on the matter.

Link

Co-Founder of Swiss SMS Giant 'Mitto AG' Accused of Government Surveillance

Andrew Orr ·

Swiss tech company Mitto AG is trusted by companies such as Twitter and Google to deliver SMS security codes to users, appointment reminders, sales promotions, and more. It’s co-founder and COO Ilja Gorelik has been accused of selling access to Mitto’s networks for surveillance.

The existence of the alternate service was only known to a small number of people within the company, these former employees said. Gorelik sold the service to surveillance companies which in turn contracted with government agencies, according to the employees.

Link

Microsoft Seizes Domains From Chinese Group 'NICKEL' Used to Attack Governments

Andrew Orr ·

NICKEL is a China-based threat actor that targets governments, diplomatic entities, and NGOs around the world. Microsoft’s Digital Crimes Unit has disrupted their operation.

MSTIC has observed NICKEL actors using exploits against unpatched systems to compromise remote access services and appliances. Upon successful intrusion, they have used credential dumpers or stealers to obtain legitimate credentials, which they used to gain access to victim accounts. NICKEL actors created and deployed custom malware that allowed them to maintain persistence on victim networks over extended periods of time.

Link

Verizon Automatically Tracks Your Data in New Update

Andrew Orr ·

In a new program called Verizon Custom Experience, the company is automatically opting customers in to track their data. But you can opt out.

A new program innocuously titled the “Verizon Custom Experience” is sold to users as a way for the company to “personalize our communications with you, give you more relevant product and service recommendations, and develop plans, services and offers that are more appealing to you.” To accomplish this, all a Verizon subscriber needs to do is… allow the company access to all the websites you visit, apps you use, as well as see everyone you happen to call and text.

Link

Hundreds of Tor Servers From 'KAX17' Threaten to Deanonymize Users

Andrew Orr ·

Security researcher ‘Nusenu’ has uncovered hundreds of Tor servers belonging to an entity tracked as KAX17.

Grouping these servers under the KAX17 umbrella, Nusenu says this threat actor has constantly added servers with no contact details to the Tor network in industrial quantities, operating servers in the realm of hundreds at any given point.

KAX17’s focus on Tor entry and middle relays led Nusenu to believe that the group, which he described as “non-amateur level and persistent,” is trying to collect information on users connecting to the Tor network and attempting to map their routes inside it.

Link

Hackers Steal $119 Million From Web3 Project 'BadgerDAO'

Andrew Orr ·

BadgerDAO reported on Wednesday that it lost about 2,100 bitcoin and 151 ether in a hacking attack.

Kryptobi, who said he is on the BadgerDAO support team and has been looking into the hack, told Motherboard that it appears someone injected a malicious script into BadgerDAO’s frontend after compromising an API key for BadgerDAO’s Cloudflare account. Cloudflare is a web infrastructure, content delivery network, and website security company, which is used by millions of sites on the internet.

Link

Planned Parenthood Hack Leaked Data for 400,000 Patients

Andrew Orr ·

In October, a Planned Parenthood facility in Los Angeles suffered a data breach. It affected about 400,000 patients.

Letters from PPLA to affected patients warned that “we identified files that contained your name and one or more of the following: address, insurance information, date of birth, and clinical information, such as diagnosis, procedure, and/or prescription information.”

Link

'EWDoor' Malware Attacks Thousands of AT&T Internet Subscribers

Andrew Orr ·

Hackers are exploiting a bug from 2017 to attack the EdgeMarc Enterprise Session Border Controller. This device is used by businesses to manage phone calls and video calls.

The vulnerability being exploited to infect the devices is tracked as CVE-2017-6079, a command-injection flaw that penetration tester Spencer Davis reported in 2017 after using it to successfully hack a customer’s network. The vulnerability stemmed from an account in the device that, as Davis learned from this document, had the username and password of “root” and “default.”