Table of Contents

  1. Data protection
    1. 1und1 got GDPR fines
    2. Over 750k applications for US birth certificates exposed
    3. Banner Health Breach Lawsuit Settled
  2. Crime
    1. Fake Elder Scrolls Online Devs Run PlayStation Phishing Scam
    2. $200,000 Internet Fraud: Will Anyone Investigate?
    3. Justus-Liebig-Universität Gießen is offline
    4. Pensacola city, Florida, hit by a cyberattack
    5. 'Government Imposter' Scammers Pay $1.2 Million in FTC Settlement
  3. Politics
    1. Cybercriminals Lend Tactics and Skills to Political Meddlers
  4. Malware
    1. Ransomware reboots computer into safe mode, bypassing AV
    2. TrickBot Trojan abuses Google Suite
    3. Microsoft Office 365 ATP Now Helps Analyze Phishing Attacks
    4. Ryuk ransomware bug leads to data loss
  5. Machine learning
    1. Failure modes in machine learning
  6. Vulnerabilities
    1. NVIDIA Tegra System-on-a-chip multiple vulnerabilities
  7. Social engineering
    1. Pentesters used smoking as a way to get inside government institution
  8. OSINT
    1. Hiding in plain sight
  9. Exploit development
    1. 0-day for yacht control

Data protection

1und1 got GDPR fines

1und1 was fined for mishandling user data. The regulators claimed unauthorized persons could relatively easy get personal information about the customers, just by knowing the name and the birth date of the victim. 1und1 responded saying the fine is inappropriate, and it was caused by a single situation in 2018, and they are going to appeal the decision.

Over 750k applications for US birth certificates exposed

And once again bad AWS S3 bucket configuration has exposed sensitive data online.

Banner Health Breach Lawsuit Settled

The healthcare delivery network has agreed to pay $6m for reimbursement and additional $2.9m for legal costs in the wake of the 2016 breach of healthcare and financial information.

Crime

Fake Elder Scrolls Online Devs Run PlayStation Phishing Scam

Scammers are sending PlayStation private messages saying the account will be banned if the victim doesn't send the password 15 minutes after opening the email.

$200,000 Internet Fraud: Will Anyone Investigate?

A US citizen got scammed out of $200k. The scammers have managed to create a realistic looking banking website, then convinced him to make a $100k transfers for fake CD offerings. The money was routed through Poland, then Hong Kong. The victim has filed complaints with four law enforcement agencies, but couldn't return the money yet.

Justus-Liebig-Universität Gießen is offline

The whole infrastructure of the university was shut down after a security breach. Not much information has been disclosed yet.

Pensacola city, Florida, hit by a cyberattack

After a shooting at a naval air station, the city service networks were hit by a cyberattack, but the mayor spokesperson said they don't know for sure if those two events are connected. 911 and emergency services were not impacted. It's unknown yet who is behind the attack and if it's a ransom behind the attack. It's also unclear how long will the city's systems remain down.

'Government Imposter' Scammers Pay $1.2 Million in FTC Settlement

FTC has fined three companies behind a large scale campaign that sent government imposter documents and collected more than $800k from 9000 consumers.

Politics

Cybercriminals Lend Tactics and Skills to Political Meddlers

Criminals on the "dark web" with experience in election manipulations are trying to manipulate US election outcomes.

Malware

Ransomware reboots computer into safe mode, bypassing AV

In a funny turn of events, Sophos team realized that malware is able to reboot the windows in safe mode, bypassing every AV protection, rendering AV protection as a whole pretty much useless. The criminals behind this ransomware were recruiting Russian speaking people with access to enterprise networks. By chance, Sophos Endpoint protection had matched a small signature of the ransomware executable, so it was quarantined before doing any damage. If the attackers were targeting products running Sophos, they'd probably manage to hide from it easily.

TrickBot Trojan abuses Google Suite

TrickBot Trojan used a link to legitimate Google Docs document that redirected them to a Google Drive download link, containing the malware executable. The Trojan uses process hollowing to hide from security solutions. The attack originated from compromised .edu addresses, asking the victims to review and sign the payroll. The executable files downloaded from Google Drive had the icon of a Word document, so when the file extension is not displayed it looks like a document and not an executable.

Microsoft Office 365 ATP Now Helps Analyze Phishing Attacks

Microsoft has released Office 365 Advanced Threat Protection (ATP) which is supposed to give an inside look into phishing campaigns.

Ryuk ransomware bug leads to data loss

Due to recent changes in the encryption process of the new version of Ryuk a bug was introduced that leads to data loss even if the victim gets the correct decryption key from the attackers.

Machine learning

Failure modes in machine learning

Microsoft has released a document describing the intentional and unintentional failures of machine learning systems, and how can adversaries use those failures to cause damage. Link to paper.

Vulnerabilities

NVIDIA Tegra System-on-a-chip multiple vulnerabilities

NVIDIA Tegra, which is used in infotainment systems and autonomous cars, was found to be vulnerable to multiple critical bugs, including remote code execution.

Social engineering

Pentesters used smoking as a way to get inside government institution

Employees were smoking on the fire escape staircase, which was not monitored by cameras or security personnel. They brought some cigarettes, sneaked on the 4th floor where smokers were hanging out, then waited for someone to open the door while they pretended to smoke. Once they got in, they found a printer connected to the admin network, and they were able to compromise the whole network.

OSINT

Hiding in plain sight

This guy has tracked down one of FBI's most wanted using publicly available information and social media.

Exploit development

0-day for yacht control

It's possible to control several items such as lights, power generator, solar control, airco, wipers, heating and other components of the yacht. It's possible to perform direct Operating System commands as an unauthenticated user via the "/pages/systemcall.php?command={COMMAND}"