Table of Contents

  1. Leaks
    1. Gamepad maker SCUF Gaming exposes 1.1 million customer records on the web without a password
    2. San Francisco Intl Airport discloses data breach after hack
    3. Maropost customer database exposes 95 million email records
    4. 115 Million Pakistani Mobile Users Data Go on Sale on Dark Web
    5. EVERSANA reports breach of protected health information that occurred in 2019
    6. Vianet’s customer data compromised with latest leaks
  2. Politics
    1. Russia Used Fake US Documents for Disinformation
    2. US wants to ban China Telecom over national cybersecurity risks
    3. Despite Infighting and Volatility, Iran Maintains Aggressive Cyber Operations Structure
  3. Zoom
    1. Zoom’s Waiting Room Vulnerability
    2. Zoom banned in many companies
    3. Zoom removes meeting IDs from client title bar to boost security
  4. Vulnerabilities
    1. Security flaws uncovered in Ford and Volkswagen cars
    2. Meet dark_nexus, quite possibly the most potent IoT botnet ever
    3. Over 3.6M users installed iOS fleeceware from Apple’s App Store
    4. Introducing our new book “Building Secure and Reliable Systems”
    5. New IRS Site Could Make it Easy for Thieves to Intercept Some Stimulus Payments
    6. Visa urges merchants to migrate e-commerce sites to Magento 2.x
    7. Fingerprint cloning: Myth or reality?
    8. RSA-250 Factored
  5. Crime
    1. Dutch police arrests suspect behind DDoS attacks on government sites
    2. Large email extortion campaign underway, DON'T PANIC!
    3. Visa urges merchants to migrate e-commerce sites to Magento 2.x
    4. COVID-19 Exploited by Malicious Cyber Actors
  6. Ransomware
    1. Travelex Reportedly Paid $2.3 Million Ransom to Restore Operations
    2. Dharma Ransomware Variant Malspam Targeting COVID-19
  7. Malware
    1. Threat Actors Migrating to the Cloud
    2. COVID-19 goes mobile: Coronavirus malicious applications discovered
    3. New IoT botnet launches stealthy DDoS attacks, spreads malware
  8. Phishing
    1. Phishers and iPhone Thieves Rolling Out Multimillion-Dollar Operations
    2. Phishing emails impersonate the White House and VP Mike Pence
    3. New Phishing Campaign Spoofs WebEx to Target Remote Workers
  9. Privacy
    1. Apple and Google team up in bid to use smartphones to track coronavirus spread
    2. Covid-19 Digital Rights Tracker
  10. Tools
    1. The Sandboxie Windows sandbox isolation tool is now open-source!

Leaks

Gamepad maker SCUF Gaming exposes 1.1 million customer records on the web without a password

A customer database of more than 1.1 million records was exposed on the web by SCUF Gaming, maker of high-end gamepads and other video game peripherals. The database included customer names, contact information, payment info, order histories, and repair tickets, among other data. Comparitech's security research team led by Bob Diachenko uncovered the data, which was accessible on the web without a password or any other authentication. The data was exposed for about two days before we discovered it and reported the incident to SCUF.

San Francisco Intl Airport discloses data breach after hack

San Francisco International Airport disclosed a data breach after two of its websites, SFOConnect.com and SFOConstruction.com, were hacked during March 2020. According to a notice of data breach sent to all SFO Airport commission employees via an internal memo, the attackers may have gained access to the login credentials of users registered on the two breached sites.

Maropost customer database exposes 95 million email records

A leaky online database belonging to marketing and email delivery provider Maropost was found lacking minimum security measures, exposing 95 million email records belonging to their customers. Researchers from Cybernews stumbled on the unprotected database on a Google Cloud server in the U.S., and noted that it contained 19,214,884 unique email IDs used in 95 million records, and email logs with timestamps and email recipient information. Big company names such as Hard Rock, New York Post and Mercedez-Benz among the 10,000+ clients using their marketing and commerce solutions.

115 Million Pakistani Mobile Users Data Go on Sale on Dark Web

Rewterz, a pioneer of specialized cybersecurity services in Pakistan, has discovered a data dump of 115 million Pakistani mobile users data that have shown up for sale on the dark web today. The cyber criminal behind this data breach is demanding 300 BTC ($2.1 million USD) for the data.

EVERSANA reports breach of protected health information that occurred in 2019

EVERSANA, a global commercial services provider to healthcare entities, has disclosed a data breach that occurred between between April 1 and July 3, 2019. The breach reportedly affected patient data stored in a legacy technology environment, which has since been updated. According to their notification, "Upon notification of unusual email activity, the firm immediately conducted a comprehensive review and confirmed that certain EVERSANA accounts were subject to unauthorized access through a legacy technology environment, which has since been updated, between April 1 and July 3, 2019."

Vianet’s customer data compromised with latest leaks

There has been a leak of more than 170,0000 (1.7 lakhs) Vianet's customer's data from hackers' Twitter account. The tweet also includes the link of the leaked data (through dark web) which consists of Name, address, mobile number and email of the Vianet subscribers. The data dump is hosted on the 'Onion network' that encrypts the user's data in onion-like layers making impossible to track.

Politics

Russia Used Fake US Documents for Disinformation

A recent disinformation campaign that apparently originated in Russia used forged U.S. diplomatic documents and social media channels to spread false stories mainly in Eastern European and Asian countries, according to the security firm Recorded Future, which warns that these same tactics could be used against the U.S. in the run-up to the fall presidential election. The disinformation campaign, which researchers call "Operation Pinball," mainly focused on the governments of Estonia and the Republic of Georgia, which have been frequent targets of Russia. The campaign spread forged diplomatic letters and documents from U.S. senators and Secretary of State Mike Pompeo, Recorded Future says in its new research report.

US wants to ban China Telecom over national cybersecurity risks

Several U.S. Executive Branch agencies are asking the Federal Communications Commission to block China Telecom Americas authorization to operate within the United States over significant cybersecurity risks. The federal agencies behind this joint recommendation include the Departments of Justice, Homeland Security, Defense, State, Commerce, and the United States Trade Representative.

Despite Infighting and Volatility, Iran Maintains Aggressive Cyber Operations Structure

Recorded Future's Insikt Group is conducting ongoing research on the organizations involved in Iran's cyber program. This report serves to provide greater insight into the major military and intelligence bodies involved in Iran's offensive cyber program. Although offensive cyber capabilities include domestic attacks, we researched those organizations with declared international missions. Due to the secretive nature of some organizations and lack of verifiable information, we incorporated competing hypotheses to adhere to industry analytic standards.

Zoom

Zoom’s Waiting Room Vulnerability

While conducting research for the report on the confidentiality of Zoom meetings, citizenlab uncovered an issue with Zoom's waiting rooms feature, which was reported to Zoom's security team on April 2. Before Zoom fixed the issue, Zoom servers would automatically send a live video stream of the meeting, as well as the meeting's decryption key, to all users in a meeting's waiting room. Because users in a Zoom waiting room are not yet approved to join the meeting, and Zoom's documentation appears to promote waiting rooms as a confidentiality feature, researchers assessed that this issue could represent a security concern. They have also published an FAQ on Zoom security, and they recommend avoiding Zoom for confidential and secret communication, also mentioning that if the meeting would have been otherwise held in a public or semi-public place, their findings shouldn't be concerning.

Zoom banned in many companies

Google, SpaceX, Smart Communications, NASA, Taiwan government, German foreign ministry, United States Senate, Australian defense force, New York City schools, Anvisa and others have banned Zoom because of security and privacy concerns. Also Zoom Video Communications Inc was slapped with a class action suit by one of its shareholders on Tuesday, accusing the video-conferencing app of overstating its privacy standards and failing to disclose that its service was not end-to-end encrypted.

Zoom removes meeting IDs from client title bar to boost security

A new update to the Zoom client has been released that removes the meeting ID from the title bar when conducting meetings to increase security and to prevent them from being exposed in screenshots. Since the Coronavirus pandemic started and people began to perform social distancing, the Zoom video conferencing software has become very popular for remote work meetings, distance learning, and family and friend get-togethers. New update increases security by not displaying meeting IDs.

Vulnerabilities

Security flaws uncovered in Ford and Volkswagen cars

Connected vehicles produced by both Ford and Volkswagen have security flaws which could allow them to be hacked, according to a Which? investigation. It found a tyre pressure sensor vulnerability and a Wi-Fi password that apparently belongs to the Ford's manufacturing plant.

Meet dark_nexus, quite possibly the most potent IoT botnet ever

A newly discovered botnet that preys on home routers, video recorders, and other network-connected devices is one of the most advanced Internet-of-things platforms ever seen, researchers said on Wednesday. Its list of advanced features includes the ability to disguise malicious traffic as benign, maintain persistence, and infect devices that run on at least 12 different CPUs.

Over 3.6M users installed iOS fleeceware from Apple’s App Store

Developers of fleeceware apps are now using the Apple App Store as a distribution platform having already successfully delivered their iOS apps onto over 3.5 million iPhone and iPad devices according to a report from Sophos. Apps categorized as 'fleeceware', as Sophos researchers dubbed them last year, don't fall in the malware and potentially unwanted app (PUA) categories since they do not exhibit any malicious or potentially dangerous behavior.

Introducing our new book “Building Secure and Reliable Systems”

Royal Hansen, VP of Security Engineering, Google has written and published a free book on how to build secure and reliable systems.

New IRS Site Could Make it Easy for Thieves to Intercept Some Stimulus Payments

The U.S. federal government is now in the process of sending Economic Impact Payments by direct deposit to millions of Americans. Most who are eligible for payments can expect to have funds direct-deposited into the same bank accounts listed on previous years' tax filings sometime next week. The Internal Revenue Service (IRS) stood up a site to collect bank account information from the many Americans who don't usually file a tax return. The question is, will those non-filers have a chance to claim their payments before fraudsters do?

Visa urges merchants to migrate e-commerce sites to Magento 2.x

Payments processor Visa is urging merchants to migrate their online stores to Magento 2.x before the Magento 1.x e-commerce platform reaches end-of-life (EoL) in June 2020 to avoid exposing their stores to Magecart attacks and to remain PCI compliant. Web stats site BuiltWith currently shows more than 179,000 live Magento installs out of which around 53,000 are Magento 2.x online shops, with the platform powering 12% of all online shopping sites per HostingTribunal's stats.

Fingerprint cloning: Myth or reality?

The researchers from Cisco Talos spent about $2,000 over several months testing fingerprint authentication offered by Apple, Microsoft, Samsung, Huawei, and three lock makers. The result: on average, fake fingerprints were able to bypass sensors at least once roughly 80 percent of the time.

RSA-250 Factored

RSA-250 has been factored. This computation was performed with the Number Field Sieve algorithm, using the open-source CADO-NFS software. The total computation time was roughly 2700 core-years, using Intel Xeon Gold 6130 CPUs as a reference (2.1GHz). The computation involved tens of thousands of machines worldwide, and was completed in a few months.

Crime

Dutch police arrests suspect behind DDoS attacks on government sites

A 19-year old man from Breda, Netherlands, was arrested for allegedly carrying out distributed denial-of-service (DDoS) attacks that caused two Dutch government websites to shut down for several hours on March 19, 2020. The investigation was led by a public prosecutor from The Hague and was carried out by a cybercrime team from Utrecht's Dutch police focused on mitigating and examining DDoS attacks.ack."

Large email extortion campaign underway, DON'T PANIC!

A large email extortion campaign is underway telling recipients that their computer was hacked and that a video was taken through the hacked computer's webcam. The attackers then demand $1,900 in bitcoins or the video will be sent to family and friends.

Visa urges merchants to migrate e-commerce sites to Magento 2.x

Payments processor Visa is urging merchants to migrate their online stores to Magento 2.x before the Magento 1.x e-commerce platform reaches end-of-life (EoL) in June 2020 to avoid exposing their stores to Magecart attacks and to remain PCI compliant.

COVID-19 Exploited by Malicious Cyber Actors

A joint alert was released from the United States Department of Homeland Security Cybersecurity and Infrastructure Security Agency and the United Kingdom's National Cyber Security Centre. This alert provides information on exploitation by cybercriminal and advanced persistent threat (APT) groups of the current coronavirus disease 2019 (COVID-19) global pandemic. It includes a non-exhaustive list of indicators of compromise (IOCs) for detection as well as mitigation advice. Both CISA and NCSC are seeing a growing use of COVID-19-related themes by malicious cyber actors. At the same time, the surge in teleworking has increased the use of potentially vulnerable services, such as virtual private networks (VPNs), amplifying the threat to individuals and organizations.

Ransomware

Travelex Reportedly Paid $2.3 Million Ransom to Restore Operations

Travelex reportedly paid a $2.3 million ransom payment to get their systems back online after being encrypted by a Sodinokibi ransomware attack. In an attack this past New Year's Eve, hackers deployed the Sodinokibi ransomware throughout Travelex's network causing them to shut down operations at 1,500 stores across the world.

Dharma Ransomware Variant Malspam Targeting COVID-19

Since the outbreak of the Novel Coronavirus pandemic, many malware have been seen trying to lure people to open malicious emails, malicious domains and run other malware, etc. Some of these malicious domains are fully functional and provide real-time mapping of COVID-19 stats across the globe. However, they deliver malware on the system of victims visiting the site who are unaware of any suspicious events. They can steal personal and financial information stored on the browser by executing malicious Javascript on the visit.

Malware

Threat Actors Migrating to the Cloud

CheckPont Research has written an article describing how threat actors use legitimate cloud services like Google Drive to distribute malware.

COVID-19 goes mobile: Coronavirus malicious applications discovered

Check Point's researchers discovered 16 different malicious apps, all masquerading as legitimate coronavirus apps, which contained a range of malware aimed at stealing users' sensitive information or generating fraudulent revenues from premium-rate services. It's important to note that none of the malicious apps were found on an official app store. They were offered from new Coronavirus-related domains, which researchers believe had been created specifically with the aim of deceiving users. As we reported recently, more than 30,103 new coronavirus-related domains were registered, of which 0.4% (131) were malicious and 9% (2,777) were suspicious and under investigation. This means over 51,000 of coronavirus-related domains in total have been registered since January 2020.

New IoT botnet launches stealthy DDoS attacks, spreads malware

A new botnet is actively targeting IoT devices using payloads compiled for a dozen CPU architectures and uses them to launch several types of DDoS and to spread various types of malware. The Dark Nexus botnet as it was named by the Bitdefender researchers who discovered it has gone through a very fast development process since it was initially spotted. Around 40 different versions (from version 4.0 to 8.6) including new features and improvements have been released between December 2019 and March 2020 per Bitdefender's report. Based on strings found in the bot binaries and the names of the bot binaries, the malware is probably created by greek.Helios, a known botnet developer who advertises and sells DDoS services and botnet code since at least 2017.

Phishing

Phishers and iPhone Thieves Rolling Out Multimillion-Dollar Operations

IBM X-Force Incident Response and Intelligence Services (IRIS) researchers recently went down the rabbit hole of a physical iPhone theft that was followed by a SMiShing campaign designed to unlock the phone for resale on the black market. As we looked into what was behind the phish, we found a thriving and large-scale operation of over 600 phishing domains designed to rob Apple users of their iCloud credentials.

Phishing emails impersonate the White House and VP Mike Pence

Phishing scammers have started to impersonate President Trump and Vice President Mike Pence in emails that distribute malware or perform extortion scams. In phishing emails discovered by email security firm Inky, threat actors try to impersonate the White House who is sending out Coronavirus guidelines on behalf of President Trump. These emails state they are the latest "Coronavirus Guidelines for America" and prompt the recipient to click on a link to download a document.

New Phishing Campaign Spoofs WebEx to Target Remote Workers

The Cofense Phishing Defense Center (PDC) has observed a new phishing campaign that aims to harvest Cisco WebEx credentials via a security warning for the application, which Cisco's own Secure Email Gateway fails to catch. In the midst of the COVID-19 pandemic, millions of people are working from home using a multitude of online platforms and software. Attackers, of course, know this and are exploiting trusted brands like WebEx to deliver malicious emails to users.

Privacy

Apple and Google team up in bid to use smartphones to track coronavirus spread

Apple and Google announced Friday an unprecedented collaboration to leverage smartphone technology to help trace and contain the spread of coronavirus. The collaboration will open up their mobile operating systems to allow for the creation of advanced "contact-tracing" apps, which will run on iPhones and Android phones alike. The apps would work by using the Bluetooth technology in mobile phones to keep track of every other phone a person comes into close contact with over the course of a day; if that person later finds out they have Covid-19, they can use the same system to alert all those people, dating back to before they would have become infectious. Moxie Marlinspike and Abe Winter have summarized their take on this technology.

Covid-19 Digital Rights Tracker

Since the outbreak of COVID-19, governments around the world have implemented a range of digital tracking, physical surveillance and censorship measures in a bid to slow the spread of the virus. Some of these may well be proportionate, necessary and legitimate during these unprecedented times. However, others have been rushed through legislative bodies and implemented without adequate scrutiny.

Tools

The Sandboxie Windows sandbox isolation tool is now open-source!

Cybersecurity firm Sophos announced today that it has open-sourced the Sandboxie Windows sandbox-based isolation utility 15 years after it was released. "We are thrilled to give the code to the community," Sophos Director of Product Marketing Seth Geftic said.