The U.S. Securities and Exchange Commission announced a settlement with Pearson, a company that provides software to schools, which will pay US$1 million.
Security Friday
(Update) T-Mobile Customer Data for Sale Affecting Over 100 Million People
A person in an online forum is offering data for sale that they claim comes from T-Mobile servers. The carrier says it is investigating the accuracy of this alleged breach.
The data includes social security numbers, phone numbers, names, physical addresses, unique IMEI numbers, and driver licenses information, the seller said. Motherboard has seen samples of the data, and confirmed they contained accurate information on T-Mobile customers.
Update: T-Mobile has issued a statement confirming the breach.
Security Friday: Vax Records, Actually Clearing Cookies – TMO Daily Observations 2021-08-13
Andrew Orr and Dave Hamilton join host Kelly Guimont for Security Friday news including ways to store vaccine info, and truly clearing browser history.
Researchers Propose New Way to Limit Location Tracking With ‘Pretty Good Phone Privacy’
Researchers have proposed a way to limit smartphone tracking from carriers. It’s called Pretty Good Phone Privacy.
DeFi Platform ‘Poly Network’ Hacked, $600 Million in Crypto Stolen
Poly Network is a cross-chain decentralized finance platform and operates on the Binance Smart Chain, Ethereum and Polygon blockchains. It suffered a hack recently in which approximately US$600 million in crypto was stolen.
About one hour after Poly announced the hack on Twitter, the hacker tried to move assets including USDT through the Ethereum address into liquidity pool Curve.fi, records show. The transaction was rejected. Meanwhile, close to $100 million has been moved out of the Binance Smart Chain address in the past 30 minutes and deposited into liquidity pool Ellipsis Finance.
Firefox 91 Update Lets You Fully Erase Your Browser History
Mozilla’s latest update to Firefox, version 91, offers enhanced cookie clearing when a user deletes their browser history.
When you decide to tell Firefox to forget about a website, Firefox will automatically throw away all cookies, supercookies and other data stored in that website’s “cookie jar”. This “Enhanced Cookie Clearing” makes it easy to delete all traces of a website in your browser without the possibility of sneaky third-party cookies sticking around.
Security Friday: Leaks, Phishing and Updates – TMO Daily Observations 2021-08-06
Andrew Orr joins host Kelly Guimont for Security Friday news and updates, including This Week in Data Leaks, and an update to a previous tip.
Backup Tool ‘iMazing’ Updated to Detect Pegasus Spyware
The team behind iMazing has updated their tool to detect NSO Group’s Pegasus spyware. You don’t have to buy an iMazing license to scan for it.
It would therefore be possible to relatively quickly re-implement MVT’s methodology in our toolkit, and integrate a user-friendly ‘wizard’ in iMazing’s user interface. And because iMazing can already perform iOS backups and decrypt backup files, the tool we envisaged had the potential to dramatically reduce the technical barrier of entry whilst enhancing performance and promoting backup encryption.
Malware Dubbed ‘Raccoon Stealer’ Targets Crypto Wallets
Researchers at Sophos have been tracking a piece of malware called Raccoon Stealer. A recent update means it can target cryptocurrency wallets.
Raccoon can collect passwords, cookies, and the “autofill” text for websites, including credit card data and other personal identifying information that may be stored by the browser. Thanks to a recent “clipper” update, Raccoon Stealer also now targets cryptocurrency wallets, and can retrieve or drop files on infected systems.
Raffle House Data Leak Exposes Personal Data of ‘Hundreds of Thousands’
Discovered on June 7, 2021, Raffle House suffered a data leak that leaked the personal data of hundreds of thousands of users.
Microsoft Warns Office 365 Users of New Phishing Campaign
Microsoft’s Security Intelligence team issued a warning to be on the lookout for an active phishing campaign targeting Office 365 users.
Security Friday: Prototypes, VPNs, and Social Engineering – TMO Daily Observations 2021-07-30
Andrew Orr joins host Kelly Guimont to discuss Security Friday news and dig into social engineering hacks, with tips on how to avoid them.
Hackers Increasingly Using Discord to Spread Malware
Researchers found that hackers are turning to Discord to spread malware, such as password-hijacking and Discord chat bot APIs.
But the greatest percentage of the malware we found have a focus on credential and personal information theft, a wide variety of stealer malware as well as more versatile RATs. The threat actors behind these operations employed social engineering to spread credential-stealing malware, then use the victims’ harvested Discord credentials to target additional Discord users.
Security Friday: News and Pegasus – TMO Daily Observations 2021-07-23
Andrew Orr and Bryan Chaffin talk Security Friday news with host Kelly Guimont, then dig into the Pegasus story you’ve heard about this week.
Worried if You Were Infected by Pegasus? This Tool Can Help
This week, a strain of malware known as Pegasus from NSO Group has been making headlines. It’s used by governments to target journalists, activists, and other people deemed dissidents. But there is a tool that could detect it.
MVT will let you take an entire iPhone backup (or a full system dump if you jailbreak your phone) and feed in for any indicators of compromise (IOCs) known to be used by NSO to deliver Pegasus, such as domain names used in NSO’s infrastructure that might be sent by text message or email.
Hackers Leak ‘Humana’ Data of Over 6,000 Patients
An SQL database containing what appears to be highly sensitive health insurance data of more than 6,000 patients has been leaked on a hacker forum.
The author of the post claims that the data was acquired from US insurance giant Humana and includes detailed medical records of the company’s health plan members dating back to 2019. The leaked information includes patients’ names, IDs, email addresses, password hashes, Medicare Advantage Plan listings, medical treatment data, and more.
DuckDuckGo Launches Free Email Protection Service
Privacy search engine DuckDuckGo has launched an Email Protection Service to protect against email trackers. You can get a free, personalized @duck.com address that will forward emails to your regular inbox.
We remove hidden trackers from incoming emails sent to this address, then forward them to your regular inbox for safer reading. This means if you use an email service like Gmail or Yahoo, it’s no problem! Emails sent to your Personal Duck Address will arrive there as usual so you can read your email like normal, in any app or on the web, worry-free.
China Allegedly Behind Microsoft Exchange Hack Revealed in March 2021
The White House has formally accused China of hacking Microsoft Exchange servers, a security campaign that was revealed in March 2021.
NSO Group’s ‘Pegasus’ Spyware Targets Journalists and Activists
Spyware known as Pegasus from NSO Group was used to hack 37 smartphones belonging to journalists, activists, and business executives around the world.
The phones appeared on a list of more than 50,000 numbers that are concentrated in countries known to engage in surveillance of their citizens and also known to have been clients of the Israeli firm, NSO Group, a worldwide leader in the growing and largely unregulated private spyware industry, the investigation found.
Security Friday: News Old and New, and Future Updates – TMO Daily Observations 2021-07-16
Andrew Orr joins host Kelly Guimont to discuss updates to previous Security Friday news, and a couple of items coming to Firefox and iOS.
Firefox 90 Update Introduces SmartBlock 2.0 for Tracking Protection
Mozilla released Firefox 90 recently and it comes with an improved version of its tracking protection called SmartBlock 2.0.
The newest version of Mozilla’s built-in SmartBlock privacy feature makes it easier for users to keep their tracking protection settings cranked up, without breaking individual websites. The updated version seems to especially target Facebook login, which is increasingly used around the web as a third-party authentication and login tool.
Image credit: ArsTechnica
Google Adds Tool to Quickly Delete Your Last 15 Minutes of Searches
Google is adding new protections for your search history like quick deletion, requiring verification to access the My Activity section, and more.
You can also try out a new way to quickly delete your last 15 minutes of saved Search history with the single tap of a button. This feature is available in the Google app for iOS, and is coming to the Android Google app later this year.
You could also just turn disable your search history altogether, too.
‘SolarWinds’ Hackers Used iOS Zero Day Against Government Officials
The Russian hackers behind the SolarWinds attack used an iOS zero day to steal credentials from Western European governments.
Attacks targeting CVE-2021-1879, as the zero-day is tracked, redirected users to domains that installed malicious payloads on fully updated iPhones. The attacks coincided with a campaign by the same hackers who delivered malware to Windows users, the researchers said.
Google published a blog post about zero-days here, and you can read coverage from Ars Technica at the link below.
Security Friday: News on Data Privacy and a Practical PDF Tip – TMO Daily Observations 2021-07-09
Andrew Orr joins host Kelly Guimont to discuss Security Friday news and updates, including data privacy and how to encrypt a pdf on your Mac.