Table of Contents

  1. Privacy
    1. The Secretive Company That Might End Privacy as We Know It
    2. Bruce Schneier: Banning Facial Recognition Isn’t Enough
    3. EU calls for five year ban on facial recognition
  2. Leaks
    1. Mitsubishi Electric discloses data breach, media blame China-linked APT
  3. Vulnerabilities
    1. Citrix Patches CVE-2019-19781 Flaw in Citrix ADC 11.1 and 12.0
    2. The Bug That Exposed Your PayPal Password
    3. Netgear Signed TLS Cert Private Key Disclosure
  4. Malware
    1. Linux Rekoobe Operating with New, Undetected Malware Samples
    2. Emotet Malware Dabbles in Extortion With New Spam Template
    3. New NetWire RAT Campaigns Use IMG Attachments to Deliver Malware Targeting Enterprise Users
  5. Ransomware
    1. FTCode Ransomware Now Steals Saved Login Credentials
    2. Ransomware Gangs Target Fresh Victims: Patients
  6. Crime
    1. DDoS Mitigation Firm Founder Admits to DDoS
    2. US Retailer Hanna Andersson Hacked to Steal Credit Cards
  7. Password managers
    1. LastPass stores passwords so securely, not even its users can access them

Privacy

The Secretive Company That Might End Privacy as We Know It

This is one of the reasons why I don't do social media: Mr. Ton-That --- an Australian techie and onetime model --- did something momentous: He invented a tool that could end your ability to walk down the street anonymously, and provided it to hundreds of law enforcement agencies ranging from local cops in Florida to the F.B.I. and the Department of Homeland Security. His tiny company, Clearview AI, devised a groundbreaking facial recognition app. You take a picture of a person, upload it and get to see public photos of that person, along with links to where those photos appeared. The system --- whose backbone is a database of more than three billion images that Clearview claims to have scraped from Facebook, YouTube, Venmo and millions of other websites --- goes far beyond anything ever constructed by the United States government or Silicon Valley giants.

Bruce Schneier: Banning Facial Recognition Isn’t Enough

Communities across the United States are starting to ban facial recognition technologies. In May of last year, San Francisco banned facial recognition; the neighboring city of Oakland soon followed, as did Somerville and Brookline in Massachusetts (a statewide ban may follow). In December, San Diego suspended a facial recognition program in advance of a new statewide law, which declared it illegal, coming into effect. Forty major music festivals pledged not to use the technology, and activists are calling for a nationwide ban. Many Democratic presidential candidates support at least a partial ban on the technology. These efforts are well-intentioned, but facial recognition bans are the wrong way to fight against modern surveillance. Focusing on one particular identification method misconstrues the nature of the surveillance society we're in the process of building. Ubiquitous mass surveillance is increasingly the norm. In countries like China, a surveillance infrastructure is being built by the government for social control. In countries like the United States, it's being built by corporations in order to influence our buying behavior, and is incidentally used by the government.

EU calls for five year ban on facial recognition

A leaked draft of a white paper has revealed that the European Commission is considering a temporary ban on the use of facial recognition technologies in public areas for up to five years. A temporary ban would give regulators the time they need to figure out how to prevent facial recognition from being abused by both governments and businesses. The white paper proposes imposing obligations on both the developers and users of facial recognition while also calling on EU countries to create an authority to monitor the new rules surrounding this controversial technology. The white paper also features five regulatory options for AI across the EU which include voluntary labeling, sectorial requirements for public administration and facial recognition, mandatory risk-based requirements for high-risk applications, safety and liability and governance. Facial recognition has a high potential for misuse which is why the European Commission's plan to impose a temporary ban while it weighs all the options makes a great deal of sense.

Leaks

Mitsubishi Electric discloses data breach, media blame China-linked APT

Mitsubishi Electric disclosed a security breach that might have exposed personal and confidential corporate information. They disclosed the security incident only after two local newspapers, the Asahi Shimbun and Nikkei, reported the security breach. "According to people involved, Chinese hackers Tick may have been involved. According to Mitsubishi Electric, "logs (to check for leaks) have been deleted and it is not possible to confirm whether they actually leaked." reported the Nikkei.

Vulnerabilities

Citrix Patches CVE-2019-19781 Flaw in Citrix ADC 11.1 and 12.0

Citrix released permanent fixes for the actively exploited CVE-2019-19781 vulnerability impacting Citrix Application Delivery Controller (ADC), Citrix Gateway, and Citrix SD-WAN WANOP appliances and allowing unauthenticated attackers to perform arbitrary code execution. It is necessary to upgrade all Citrix ADC and Citrix Gateway 11.1 instances (MPX or VPX) to build 11.1.63.15 to install the security vulnerability fixes. It is necessary to upgrade all Citrix ADC and Citrix Gateway 12.0 instances (MPX or VPX) to build 12.0.63.13 to install the security vulnerability fixes."

The Bug That Exposed Your PayPal Password

This is the story of a high-severity bug affecting what is probably one of PayPal's most visited pages: the login form.

Netgear Signed TLS Cert Private Key Disclosure

Netgear publishes their own private keys inside the firmware image of the router completely unprotected.

Malware

Linux Rekoobe Operating with New, Undetected Malware Samples

Intezer team has identified new versions of an old Linux malware known as Rekoobe, a minimalistic Trojan with a complex CNC authentication protocol originally targeting SPARC and Intel x86, x86-64 systems back in 2015. The new malware samples have lower detection rates than their predecessors.

Emotet Malware Dabbles in Extortion With New Spam Template

The Emotet malware has started using a spam template that pretends to be an extortion demand from a "Hacker" who states that they hacked the recipient's computer and stole their data. Emotet is spread through spam emails that commonly use templates based around a particular theme such as shipping information, voice mails, scanned documents, reports, and invoices. Emotet will then use the infected computer to send further malicious spam and to download and install other malware onto the device. In a new template shared with BleepingComputer by security researcher ExecuteMalware, the Emotet operators have started to use a similar extortion template that states "YOUR COMPUTER HACKED!" Emotet malicious document template. Once the document is opened, a PowerShell command will be executed that downloads and installs the Emotet Trojan on the computer.

New NetWire RAT Campaigns Use IMG Attachments to Deliver Malware Targeting Enterprise Users

The NetWire RAT is a malicious tool that emerged in the wild in 2012. The actual file was an executable that installed the NetWire RAT as soon as the file was clicked. Researchers have tried to figure out what was the NetWire RAT campaign they detected was after this time. Recent campaigns in the wild show that the NetWire RAT is not the only malware being delivered via disk imaging file extensions. The RAT is hidden inside an IMG file, which is a file extension used by disk imaging software. Since many attachments can be automatically blocked by email security controls, spammers often carefully choose the type of file extensions they use in malspam messages.

Ransomware

FTCode Ransomware Now Steals Saved Login Credentials

FTCode ransomware victims now have one more thing to worry about with the malware having been upgraded to also steal saved user credentials from email clients and web browsers. The 'new and improved' FTCode ransomware added info stealer functionality allows FTCode to harvest and exfiltrate the stored credentials before encrypting its victims' files. An FTCode Decryptor for those who can capture the encryption keys while having their computers encrypted is available from Certego. Right before starting to encrypt the files, FTCode will check for the C:\Users\Public\OracleKit\w00log03.tmp file that acts as a killswitch. Next, FTCode starts encrypting files adding the .FTCODE extension to all locked files and READ~MENOW~.htm ransom notes to every folder.

Ransomware Gangs Target Fresh Victims: Patients

Ransomware Gangs Target Fresh Victims: Patients. Could the Attack on a Florida Clinic be the start of a disturbing trend? The hackers claimed to have 'the complete patient's data' for TCFFR that 'can be publicly exposed or traded to third parties," the statement notes. The FBI has instructed patients receiving ransom demands to file independent cybercrime complaints online with the bureau, the statement notes. Some experts note that more ransomware gangs are now exfiltrating data from victims before leaving systems crypto-locked (see Alarming Trend: More Ransomware Gangs Exfiltrating Data). Weiss suggests that patients should ask their healthcare providers what they are doing to keep personal healthcare data safe from cyberattacks.

Crime

DDoS Mitigation Firm Founder Admits to DDoS

A Georgia man who co-founded a service designed to protect companies from crippling distributed denial-of-service (DDoS) attacks has pleaded to paying a DDoS-for-hire service to launch attacks against others. Tucker Preston, 22, of Macon, Ga., pleaded guilty last week in a New Jersey court to one count of damaging protected computers by transmission of a program, code or command. DDoS attacks involve flooding a target website with so much junk Internet traffic that it can no longer accommodate legitimate visitors. Preston's guilty plea agreement (PDF) doesn't specify who he admitted attacking, and refers to the target only as "Victim 1." Preston declined to comment for this story.

US Retailer Hanna Andersson Hacked to Steal Credit Cards

US children's apparel maker and online retailer Hanna Andersson disclosed that its online purchasing platform was hacked and malicious code was deployed to steal customers' payment info for almost two months. In this type of attack dubbed Magecart, threat actors are hacking into vulnerable e-commerce platforms used by online stores and inject malicious JavaScript-based scripts into checkout pages. The scripts known as web skimmers or e-skimmers are then used to collect the customers' payment info and send it to attacker- controlled remote sites. The following investigation confirmed that Hanna Andersson's "third-party e-commerce platform, Salesforce Commerce Cloud, was infected with malware that may have scraped information entered by customers into the platform during the purchase process. Demandware is now known as Salesforce Commerce Cloud after the enterprise cloud commerce platform was acquired by Salesforce back in 2016. The Salesforce Commerce Cloud platform is currently used by over 2,800 currently live websites according to BuiltWith stats.

Password managers

LastPass stores passwords so securely, not even its users can access them

Social media is awash with customers unable to connect to the service either via the company's website or through its various apps. For some, the problem has been going on for days. This is exactly why I prefer to store my secrets locally and not use a cloud provider for this kind of stuff.