A recent report shows that Android has a cryptocurrency scam problem. These apps claim to help you mine Bitcoin “in the cloud.”
The apps work by offering a virtual dashboard that lets you monitor the cryptocurrency mining rate. The same dashboard shows you how much virtual coin has been generated. However, Lookout examined the computer code in the apps along with the network traffic, and found the coin balance displayed was actually fictitious.
Kaspersky Password Manager was caught creating weak passwords that were easy to brute force attack.
We will first see an example of a good password generation method, to explain after why the method used by Kaspersky was flawed, and how we exploited it. As we will see, passwords generated by this tool can be bruteforced in seconds.
After a bit less than two years, this vulnerability has been patched on all versions of KPM. Vulnerability has been assigned CVE-2020-27020.
Andrew Orr joins host Kelly Guimont to discuss Security Friday news, discuss data privacy, and talk about some public betas available for testing.
Hackers are selling the personal information of over 700 million LinkedIn users. Here are the data types that were leaked:
Email Addresses; Full names; Phone numbers; Physical addresses; Geolocation records; LinkedIn username and profile URL; Personal and professional experience/background; Genders; Other social media accounts and usernames
On June 22nd, a user of a popular hacker forum advertised data from 700 Million LinkedIn users for sale. The user of the forum posted a sample of the data that includes 1 million LinkedIn users.
Neeva is the new search engine on the block. It launches today and promises private, ad-free search with a subscription of US$4.95 per month.
Andrew Orr joins host Kelly Guimont for Security Friday news and updates, including a massive data breach, and how to import/export passwords.
A database owned by Dreamhost was found unsecured and publicly accessible online. It contained 814 million entries of exposed usernames, display names, and emails for WordPress accounts.
The exposed log files contained what appears to be 3 years of records that range from 3/24/2018 to 4/16/2021 and each contained information about WordPress accounts hosted or installed on DreamHost’s server and their users. On May 4th a DreamHost representative acknowledged the discovery and informed us that the finding was being passed on to their legal team.
Update: DreamHost reached out to say that none of those records contain data that would have allowed access to DreamHost accounts. They consist entirely of entries that include object update records, error reports, and log entries. Data from just 21 individual websites were involved. More information can be found on its website.
Instructions for iPhone cracking tool GrayKey have surfaced online and it appears they were written by the San Diego Police Department.
Andrew Orr joins host Kelly Guimont to discuss Security Friday news and updates, including a way to obliterate that iPhone data once and for all.
Andrew Brandt reports on a new malware campaign that isn’t like your typical malware. This one blocks people from accessing many popular pirating websites.
We weren’t able to discern a provenance for this malware, but its motivation seemed pretty clear: It prevents people from visiting software piracy websites (if only temporarily), and sends the name of the pirated software the user was hoping to use to a website, which also delivers a secondary payload.
Looks like this is aimed more towards Windows users. The malware takes the form of .EXE executables, and may display a message saying the victim is missing an important .DLL file.
CVS Health recently leaked approximately one billion user records that include email addresses, user IDs, and metadata. The information was discovered in a non-password protected database.
CVS Health acted fast and professionally to secure the data and a member of their Information Security Team contacted me the following day and confirmed my findings and that the data was indeed theirs. I was informed that this was a contractor or vendor who managed this dataset on behalf of CVS Health, but it was confidential as to who the vendor was.
Over the weekend, Nikita Mazurov for The Intercept reminds us that a good way to wipe our iDevices is to drill a hole through it.
If you can’t access your device, the most careful approach to wiping it is to destroy the flash memory chip that houses your data. This way you don’t have to lose sleep if you didn’t use a strong passcode, or worry about a forensics vendor being able to recover any of your personal information.
The team behind the SolarMarker malware have been loading it into PDFs and using web search to trick people into downloading them.
Fujifilm was hit by a ransomware attack last week but refuses to pay the ransom. Instead, it’s working to restore its servers with backups.
On 4 June it confirmed a ransomware attack was affecting a “specific network” in Japan and that it shut down “all networks and server systems” while it investigated the “extent and scale” of the attack.
Fujifilm said it would not comment on the amount demanded by the ransomware gang. The company has started bringing its network, servers, and computers in Japan “back into operation” and is aiming to be fully up and running “this week”. It has also restarted some product deliveries, which were particularly hard hit by the cyberattack.
Someone posted a 100GB text file to a hacking forum recently. It contains 8.4 billion entries of passwords from data leaks and breaches.
Considering the fact that only about 4.7 billion people are online, numbers-wise the RockYou2021 compilation potentially includes the passwords of the entire global online population almost two times over. For that reason, users are recommended to immediately check if their passwords were included in the leak.
“Two times over” sounds like it’s a combination of old and new passwords alike. It’s also good to point out that no usernames or email addresses were included, so an attacker wouldn’t be able to do much with this password list.
The U.S. Department of Justice seized about US$2.3 million in bitcoin ransom paid to the hackers behind the attack on Colonial Pipeline.
An affidavit filed on Monday said the FBI was in possession of a private key to unlock a bitcoin wallet that had received most of the funds. It was unclear how the FBI gained access to the key.
“unclear how the FBI gained access.” From other sources it sounds like the FBI used a subpoena and gained control over the rented cloud server the hackers were using. Private key sitting on the server, it seems.
Amazon Sidewalk is the company’s network mesh service that shares your internet bandwidth with Amazon devices. You must opt out by June 8 if you don’t want this because the setting is turned on by default.
The new wireless mesh service will share a small slice of your Internet bandwidth with nearby neighbors who don’t have connectivity and help you to their bandwidth when you don’t have a connection.
By default, Amazon devices including Alexa, Echo, Ring, security cams, outdoor lights, motion sensors, and Tile trackers will enroll in the system.
Postal workers returning to the office after COVID-19 restrictions may find themselves targeted by a new phishing campaign.
The email-based campaign, observed by Cofense, is targeting employees with emails purporting to come from their CIO welcoming them back into offices.
The email looks legitimate enough, sporting the company’s official logo in the header, as well as being signed spoofing the CIO. The bulk of the message outlines the new precautions and changes to business operations the company is taking relative to the pandemic.
JBS SA shut down its computer networks for its operations in Australia and North America due to a cyberattack.
Backup servers were not affected, and the company is actively working to restore systems as soon as possible, according to a statement from JBS USA Monday. The processor said it’s not aware of any customer, supplier or employee data being compromised or misused.
Andrew Orr joins host Kelly Guimont for Security Friday news/updates, including a reminder about metadata and where it can show up (Facebook).
The popular service Have I Been Pwned has made its code open source, and it’s also partnering with the FBI. The agency will send compromised passwords discovered during investigations.
Why is the FBI getting involved? Because Bryan A. Vorndran, the FBI’s Assistant Director, Cyber Division, said, “We are excited to be partnering with HIBP on this important project to protect victims of online credential theft. It is another example of how important public/private partnerships are in the fight against cybercrime.”
Today, the Department of Homeland Security’s Transportation Security Administration (TSA) announced a Security Directive for critical pipeline companies.
The Security Directive will require critical pipeline owners and operators to report confirmed and potential cybersecurity incidents to the DHS Cybersecurity and Infrastructure Security Agency (CISA) and to designate a Cybersecurity Coordinator, to be available 24 hours a day, seven days a week.
It will also require critical pipeline owners and operators to review their current practices as well as to identify any gaps and related remediation measures to address cyber-related risks and report the results to TSA and CISA within 30 days.
iOS users can limit their location exposure to apps that ask for it, but your location is leaking in another area: Your photo metadata.
I took a photo with my iPhone and then uploaded that to my Facebook account. I used Facebook’s app on my iPhone, the same app that has been told “never” to access my location, the same account that knows I have this switched off. But Facebook still collects the location tag from that photo, along with my IP address.
It’s important to note that Facebook and other companies have had this ability for years. This is not, as the Forbes article implies, a response to iOS 14.5 App Tracking Transparency. The app I use to view and edit metadata is Metapho.
A WebKit flaw on iOS and macOS can cause Safari to crash and could lead to further malicious attacks.
The vulnerability stems from what security researchers call a type confusion bug in the WebKit implementation of AudioWorklet, an interface that allows developers to control, manipulate, render, and output audio and decrease latency. Exploiting the vulnerability gives an attacker the basic building blocks to remotely execute malicious code on affected devices.
