Table of Contents

  1. Privacy
    1. Customer Tracking at Ralphs Grocery Store
  2. Scams
    1. FBI Warns of Rise in Social Security Scams Spoofing Its Phone Number
    2. Google Temporarily Suspends Developers' Ability To Publish or Update Their Extensions On Chrome Web Store
  3. Politics
    1. Seehofer wanted to start the digital counterattack
    2. Leaked confidential report states United Nations has been hacked
    3. Apple Has a Putin Problem
  4. Ransomware
    1. US Govn contractor Electronic Warfare Associates infected with Ryuk ransomware
  5. Vulnerabilities
    1. Dell, HP Memory-Access Bugs Open Attacker Path to Kernel Privileges
    2. State of Cybersecurity at Airports
    3. Why Public Wi-Fi Is a Lot Safer Than You Think
    4. Remote Cloud Execution – Critical Vulnerabilities in Azure Cloud Infrastructure
  6. Malware
    1. Malware Tries to Trump Security Software With POTUS Impeachment
    2. Emotet Uses Coronavirus Scare to Infect Japanese Targets
  7. Crime
    1. AlphaBay Dark Web Market Mod Faces 20 Years After Pleading Guilty
  8. Leaks
    1. Sprint Exposed Customer Support Site to Web
  9. Phishing
    1. New 'I Got Phished' Service Alerts Companies of Phished Employees

Privacy

Customer Tracking at Ralphs Grocery Store

To comply with California's new data privacy law, companies that collect information on consumers and users are forced to be more transparent about it. Sometimes the results are creepy. Here's an article about Ralphs, a California supermarket chain owned by Kroger:...the form proceeds to state that as part of signing up for a rewards card, Ralphs "may collect" information such as "your level of education, type of employment, information about your health and information about insurance coverage you might carry."

Scams

FBI Warns of Rise in Social Security Scams Spoofing Its Phone Number

The U.S. Federal Bureau of Investigation (FBI) [has issued a warning] on Tuesday (https://www.fbi.gov/contact-us/field-offices/washingtondc/news/press-releases/fbi-warns-of-scammers-spoofing-fbi-phone-number-in-government-impersonation-fraud) about a spike in its phone number being used for Social Security fraud. Scammers have always used services that spoof the real phone number of a government agency or service to show them the recipient's caller ID. With the right social engineering skills, fraudsters can easily trick a victim into sending them money in various forms. Most of the time, the payment is not via a normal channel, which is an opportunity for the victim to catch on to the scam.

Google Temporarily Suspends Developers' Ability To Publish or Update Their Extensions On Chrome Web Store

The Google security team has indefinitely suspended the publishing or updating of any commercial Chrome extensions on the official Chrome Web Store following a spike in the number of paid extensions engaging in fraudulent transactions. Google said the wave of fraudulent transactions began earlier this month. Google engineers described the fraudulent transactions as happening "at scale." The ban on publishing or updating impacts all paid extensions. This includes Chrome extensions that require paying a fee before installing, extensions that work based on monthly subscriptions, or Chrome extensions that use one-time in-app purchases to get access to various features.

Politics

Seehofer wanted to start the digital counterattack

If IT systems are attacked the German federal police should hack back and, in extreme cases, shut down other systems. This was planned by Horst Seehofer's interior ministry according to a draft for the new federal police law. In the meantime, the proposal is apparently off the table. Hackbacks have long been on the wish list of German government officials. Former President of the Office for the Protection of the Constitution, Hans-Georg Maassen wanted to be allowed to hack back, the former Interior Minister Thomas de Maizière as well and for months the media have reported that a concrete draft law should be in the drawers of the Federal Ministry of the Interior, now Seehofer. Corresponding passages can be found in an earlier draft for a new federal police law.

Leaked confidential report states United Nations has been hacked

A leaked confidential report from the United Nations revealed that dozens of servers belonging to the United Nations were "compromised" at offices in Geneva and Vienna. An internal confidential report from the United Nations that was leaked to The New Humanitarian revealed this fact. One of the offices that were hit by a sophisticated cyberattack is the U.N. human rights office. The hackers were able to compromise active directory and access a staff list and details like e-mail addresses. The level of sophistication of the attack and the specific nature of the target suggests the involvement of a nation-state actor.

Apple Has a Putin Problem

The "law against Apple" is an example of how trillion-dollar tech companies are running up against the prerogatives of the nations in which they operate, but that hasn't stopped Apple from trying to find a compromise. This only happens when users open these Apple applications inside Russia, but it represents a major break with international consensus. Since 2014, Putin has aimed to reshape Europe's geopolitics through tactics that depend on a high degree of digital control and coordination. Russia's current struggle with Apple is merely the latest in what's proven to be a long-term bid for digital control. Apple may not be asking for that role, but in this fraught age of global technology the company may find itself occupying it regardless.

Ransomware

US Govn contractor Electronic Warfare Associates infected with Ryuk ransomware

The popular US government contractor Electronic Warfare Associates has suffered a ransomware attack, the news was reported by ZDNet. Electronic Warfare Associates provides electronic equipment to the US government. The list of customers includes the Department of Defense, the Department of Homeland Security, and the Department of Justice. Evidence of the hack is still visible online because Google has cashed the ransom notes and encrypted files. The encrypted files and ransom note are associated with a Ryuk ransomware infection. At the time, Electronic Warfare Associates has yet to disclose the security breach and it is not clear if attackers have exfiltrated data from the company.

Vulnerabilities

Dell, HP Memory-Access Bugs Open Attacker Path to Kernel Privileges

Vulnerabilities in the Dell and HP laptops could allow an attacker to access information and gain kernel privileges via the devices' Direct Memory Access (DMA) capability. It can also allow attackers to bypass hardware-based root-of-trust and chain-of-trust protections such as UEFI Secure Boot, Intel Boot Guard, HP Sure Start and Microsoft Virtualization-Based Security, Eclypsium found in its research. If successful in a compromise attempt "an attacker can extend control over the execution of the kernel itself," according to the report. The second flaw was found in the HP ProBook 640 G4, which includes the HP Sure Start Gen4. However, the team found that an open-chassis pre-boot DMA attack (where the computer is cracked open) was still possible. "The FPGA was then connected to our attacking machine and tested the system against a well-known, public DMA attack technique. "In the case of HP while the machine was not susceptible to a closed-case attack, the version of HP Sure Start in the mode we tested was insufficient to protect against our type of attack.

State of Cybersecurity at Airports

New research from web security company ImmuniWeb finds that 97 out of 100 the world's largest airports have security risks related to vulnerable web and mobile applications, misconfigured public cloud, Dark Web exposure or code repositories leaks.

Why Public Wi-Fi Is a Lot Safer Than You Think

If you follow security on the Internet, you may have seen articles warning you to "beware of public Wi-Fi networks" in cafés, airports, hotels, and other public places. But now, due to the widespread deployment of HTTPS encryption on most popular websites the advice to avoid public Wi-Fi is mostly out of date and applicable to a lot fewer people than it once was. Sites that used HTTPS on all pages were safe, but such sites were vanishingly rare. So when you visit HTTPS sites, anyone along the communication path---from your ISP to the Internet backbone provider to the site's hosting provider---can see their domain names (e.g. They can see the sizes of pages you visit and the sizes of files you download or upload. When you use a public Wi-Fi network, people within range of it could choose to listen in. If this is an acceptable risk for you, then you shouldn't worry about using public Wi-Fi. What about the risk of governments scooping up signals from "open" public Wi-Fi that has no password? In general, using public Wi-Fi is a lot safer than it was in the early days of the Internet.

Remote Cloud Execution – Critical Vulnerabilities in Azure Cloud Infrastructure

Check Point Research has published two blog posts detailing critical vulnerabilities they have found in the Azure Cloud Infrastructure.

Malware

Malware Tries to Trump Security Software With POTUS Impeachment

The TrickBot malware has been spotted using text from articles about President Trump's impeachment to bypass the scanning engines of security software. Before distributing malware, developers commonly use a crypter to encrypt or obfuscate the malware's code to make it FUD (Fully UnDetectable) by antivirus software. One common technique used by crypters is to take harmless text from books or news articles and inject it into the malware in the hopes that these strings will be whitelisted by security software. This exact technique was discovered by researchers in the past that allowed them to bypass Cylance's AI-driven scanning engine by adding strings from the Rocket League executable to malware. The TrickBot Trojan appears to be using a similar bypass by using article text from popular news sites.

Emotet Uses Coronavirus Scare to Infect Japanese Targets

A malspam campaign is actively distributing Emotet payloads via emails that warn the targets of Coronavirus infection reports in various prefectures from Japan, including Gifu, Osaka, and Tottori. To scare the potential victims into opening malicious attachments, the spam emails - camouflaged as official notifications from disability welfare service provider and public health centers promise to provide more details on preventative measures against Coronavirus infections within the attachments. We expect to see more malicious email traffic based on the coronavirus in the future, as the infection spreads. The end goal of such spam emails is to trick their recipient into opening an attached Word document designed to attempt to download and install the Emotet malware.

Crime

AlphaBay Dark Web Market Mod Faces 20 Years After Pleading Guilty

Bryan Connor Herrell, a 25-year-old from Fresno, California, pleaded guilty this week in the US to racketeering charges related to the now defunct dark web marketplace AlphaBay. Before AlphaBay was shut down by law enforcement in July 2017, Herrell was a marketplace moderator known under the Penissmith and Botah nicknames. Herrell confirmed that as an AlphaBay moderator he was paid in Bitcoins for his services as he "settled disputes between vendors and purchasers and settled over 20,000 disputes."

Leaks

Sprint Exposed Customer Support Site to Web

Mobile provider Sprint has addressed a mix-up in which posts to a private customer support community were exposed to the Web. KrebsOnSecurity recently contacted Sprint to let the company know that an internal customer support forum called "Social Care" was being indexed by search engines, and that several months worth of postings about customer complaints and other issues were viewable without authentication to anyone with a Web browser. A Sprint spokesperson responded that the forum was indeed intended to be a private section of its support community, but that an error caused the section to become public.

Phishing

New 'I Got Phished' Service Alerts Companies of Phished Employees

A new service called 'I Got Phished' has launched. It will alert domain and security administrators when an employee in their organization falls for a phishing attack. Phishing attacks are a common vector for a variety of other attacks such as BEC scams, network intrusions, and even ransomware attacks. Therefore, organizations must be notified as early as possible about an employee's login credentials being exposed to prevent even more severe attacks.