Table of Contents

  1. Privacy
    1. Leaked documents expose Avast antivirus subsidiary selling Web browsing data
    2. Clearview’s Face Surveillance Shows Why We Need a Strong Federal Consumer Privacy Law
    3. Ring doorbell app packed with third-party trackers
    4. Grindr and OKCupid Sell Your Data, but Twitter’s MoPub Is the Real Problem
    5. German privacy watchdog investigates clothing retailer H&M
  2. Ransomware
    1. Maryland Bill Would Outlaw Ransomware, Keep Researchers From Reporting Bugs
  3. Crime
    1. Hackers Target NFL Teams On Twitter Ahead of Super Bowl
    2. Bitcoin Gold hit by 51% attacks, $72K in cryptocurrency double-spent
  4. Politics
    1. Hackers Acting in Turkey's Interests Believed To Be Behind Recent Cyberattacks
    2. FBI Releases Alert on Iranian Hackers' Defacement Techniques
  5. Leaks
    1. Health Data Breach Not Reported for Seven Months
  6. Vulnerabilities
    1. Intel is patching its Zombieload CPU security flaw for the third time
    2. CacheOut: Leaking Data on Intel CPUs via Cache Evictions
    3. Zoom Fixes Flaw Opening Meetings to Hackers
  7. Microsoft
    1. Microsoft Asked to Unshackle Windows 7 From Proprietary Tyranny
  8. Malware
    1. Aggah: How to run a botnet without renting a Server (for more than a year)
    2. Phorpiex Arsenal: Part I

Privacy

Leaked documents expose Avast antivirus subsidiary selling Web browsing data

An antivirus program used by hundreds of millions of people around the world is selling highly sensitive web browsing data to many of the world's biggest companies, a joint investigation by Motherboard and PCMag has found. Our report relies on leaked user data, contracts, and other company documents that show the sale of this data is both highly sensitive and is in many cases supposed to remain confidential between the company selling the data and the clients purchasing it. The documents, from a subsidiary of the antivirus giant Avast called Jumpshot, shine new light on the secretive sale and supply chain of peoples' internet browsing histories. They show that the Avast antivirus program installed on a person's computer collects data, and that Jumpshot repackages it into various different products that are then sold to many of the largest companies in the world. Some past, present, and potential clients include Google, Yelp, Microsoft, McKinsey, Pepsi, Sephora, Home Depot, Condé Nast, Intuit, and many others. Some clients paid millions of dollars for products that include a so-called "All Clicks Feed," which can track user behavior, clicks, and movement across websites in highly precise detail.

Clearview’s Face Surveillance Shows Why We Need a Strong Federal Consumer Privacy Law

The New York Times' recent story on Clearview AI, maker of a secretive facial recognition app that markets its product to law enforcement, has raised critical questions about what can be done to protect our privacy online. Clearview claims to have amassed a dataset of over three billion face images by scraping websites like Facebook, YouTube, and Venmo. The solution to the Clearview problem is clear: comprehensive federal privacy legislation that gives consumers real power over their data and real power to fight back. To ensure that companies like Clearview don't collect consumers' personal data without their knowledge or consent, and to provide effective recourse against companies that do, we need comprehensive federal consumer data privacy legislation. We need to require private companies that collect, use, retain, or share information about us---including our face prints or other biometric information---to get informed opt-in consent before doing so. And we need to give consumers the right to bring their own lawsuits against the companies that fail to do so.

Ring doorbell app packed with third-party trackers

Ring isn't just a product that allows users to surveil their neighbors. The company also uses it to surveil its customers. An investigation by EFF of the Ring doorbell app for Android found it to be packed with third-party trackers sending out a plethora of customers' personally identifiable information (PII). Four main analytics and marketing companies were discovered to be receiving information such as the names, private IP addresses, mobile network carriers, persistent identifiers, and sensor data on the devices of paying customers.

Grindr and OKCupid Sell Your Data, but Twitter’s MoPub Is the Real Problem

On January 15, a Norwegian Consumer Council (NCC) investigative report exposed the ways that Grindr, OKCupid, and eight other apps are collecting and sharing extremely sensitive personal data. Grindr in particular was sharing users' age and location tied to a device ID that would allow trackers to match that information to a real identity. A third-party advertising company called MoPub, owned by Twitter, was responsible for much of the technology that Grindr used to collect and share data. In response to the NCC report, Twitter announced that it was suspending Grindr's ad account pending an investigation into "the sufficiency of Grindr's consent mechanism."

German privacy watchdog investigates clothing retailer H&M

A German privacy watchdog says it has opened an investigation into clothing retailer H&M amid evidence that the Swedish retailer had committed "massive data protection breaches" by spying on its customer service representatives in Germany. Hamburg's data protection commissioner said in a statement Monday that a hard drive containing about 60 gigabytes of data revealed that superiors at the site in Nuremberg kept "detailed and systematic" records about employees' health, from bladder weakness to cancer, and about their private lives, such as family disputes or holiday experiences.

Ransomware

Maryland Bill Would Outlaw Ransomware, Keep Researchers From Reporting Bugs

A proposed law introduced in Maryland's state senate last week would criminalize the possession of ransomware and other criminal activities with a computer. But while it makes an attempt to protect actual researchers from prosecution, the language of the bill doesn't exactly do much to protect the general public from ransomware or make it easier for researchers to prevent attacks. The bill, Senate Bill 3, covers a lot of ground already covered by US Federal law. But it classifies the mere possession of ransomware as a misdemeanor punishable by up to 10 years of imprisonment and a fine of up to $10,000. The bill also states (in all capital letters in the draft) that "THIS PARAGRAPH DOES NOT APPLY TO THE USE OF RANSOMWARE FOR RESEARCH PURPOSES."

Crime

Hackers Target NFL Teams On Twitter Ahead of Super Bowl

The Twitter accounts of several NFL teams were hacked on Monday ahead of this weekend's Super Bowl game. Around 15 teams, including the Green Bay Packers, Chicago Bears, Dallas Cowboys and San Francisco 49ers, were all targeted. The accounts had their profile images removed and some included messages from OurMine, the Saudi Arabia-based hacker group that appears to be responsible.

Bitcoin Gold hit by 51% attacks, $72K in cryptocurrency double-spent

Malicious cryptocurrency miners took control of Bitcoin BTC Gold's blockchain recently to double-spend $72,000 worth of BTG. Bad actors assumed a majority of the network's processing power (hash rate) to re-organize the blockchain twice between Thursday and Friday last week: the first netted attackers 1,900 BTG ($19,000), and the second roughly 5,267 BTG ($53,000). Cryptocurrency developer James Lovejoy estimates the miners spent just $1,200 to perform each of the attacks, based on prices from hash rate marketplace NiceHash.

Politics

Hackers Acting in Turkey's Interests Believed To Be Behind Recent Cyberattacks

Sweeping cyberattacks targeting governments and other organizations in Europe and the Middle East are believed to be the work of hackers acting in the interests of the Turkish government, three senior Western security officials said. The hackers have attacked at least 30 organizations, including government ministries, embassies and security services as well as companies and other groups, according to a Reuters review of public internet records. Victims have included Cypriot and Greek government email services and the Iraqi government's national security advisor, the records show.

FBI Releases Alert on Iranian Hackers' Defacement Techniques

The FBI Cyber Division issued a flash security alert earlier this month with additional indicators of compromise from recent defacement attacks operated by Iranian threat actors and info on attackers' TTPs to help administrators and users to protect their websites. The Cybersecurity and Information Security Agency (CISA) also published a reminder on the same day to provide cybersecurity best practices on safeguarding websites from cyberattacks that could lead to defacement or data breaches.

Leaks

Health Data Breach Not Reported for Seven Months

PIH Health, which includes two hospitals and several other facilities, says a phishing incident impacted 200,000 patients. "We don't yet know why PIH Health took four months to understand the June attack was a breach of unsecured PHI, or took almost two more months to report the breach to OCR," notes independent HIPAA attorney Paul Hales. "But we do know PIH Health is in trouble. OCR automatically investigates breaches of this size."

Vulnerabilities

Intel is patching its Zombieload CPU security flaw for the third time

For the third time in less than a year, Intel has disclosed a new set of vulnerabilities related to the speculative functionality of its processors. On Monday, the company said it will issue a software update "in the coming weeks" that will fix two more microarchitectural data sampling (MDS) or Zombieload flaws. This latest update comes after the company released two separate patches in May and November of last year.

CacheOut: Leaking Data on Intel CPUs via Cache Evictions

Another speculative vulnerability in Intel CPUs called CacheOut, that is capable of leaking data from Intel CPUs across many security boundaries. Researchers show that despite Intel's attempts to address previous generations of speculative execution attacks, CPUs are still vulnerable, allowing attackers to exploit these vulnerabilities to leak sensitive data.

Zoom Fixes Flaw Opening Meetings to Hackers

Enterprise video conferencing firm Zoom has issued a bevy of security fixes after researchers said the company's platform used weak authentication that made it possible for adversaries to join active meetings. The issue stems from Zoom's conference meetings not requiring a "meeting password" by default, which is a password assigned to Zoom attendees for what is calls a meeting room. If meeting creators do not enable a "meeting password," the only thing securing the meetings are Meeting IDs, which are 9, 10 or 11 digit meeting identifying numbers. Research unveiled the research Tuesday here at CPX 360, a security event hosted by Check Point Security. The report revealed that it's possible to correctly predict valid meeting IDs, due to Zoom identifying meeting IDs as "valid" or "invalid" when they are input into the meeting URL. This could open the door to third-party actors eventually being able to guess a meeting ID and enter a conferencing session, said researchers with Check Point Software that presented the research.

Microsoft

Microsoft Asked to Unshackle Windows 7 From Proprietary Tyranny

The Free Software Foundation (FSF) is asking Microsoft to 'upcycle' Windows 7 and allow the community to continue to improve it after its end of life. "On January 14th, Windows 7 reached its official 'end-of-life' bringing an end to its updates as well as its ten years of poisoning education, invading privacy, and threatening user security," says the FSF in a petition published on its website. The end of Windows 7's lifecycle gives Microsoft the perfect opportunity to undo past wrongs, and to upcycle it instead."

Malware

Aggah: How to run a botnet without renting a Server (for more than a year)

In March 2019, Unit 42 began looking into an attack campaign that appeared to be primarily focused on organizations within a Middle Eastern country. During the time it built a custom stager implant based on legit third parties services, such as Pastebin and BlogSpot, abused by the actor to manage the infected hosts and to run its botnet without renting a server. During the last year we contributed to the joint effort to track its activities, along with PaloAlto's Unit42, and after a year we can confirm it is still active and dangerous. At the moment it is not clear if this actor is just selling its hacking services or running its own campaigns, or both. In conclusion, there is no hard evidence confirming or denying its potential relationships with the Gorgon APT, and factors like the different nationalities and the small amount of victims connected to December Aggah activities, does not help to exclude it.

Phorpiex Arsenal: Part I

The Phorpiex botnet currently consists of more than 1,000,000 infected Windows computers. CheckPoint research has done an in-depth analysis of the botnet.