Technology has become so intertwined with our lives that we often overlook that cybercriminals are constantly looking to gain unauthorized access to our lives. This week was no different and saw threat actors target tech giants like Zoom and Telegram. Read on to learn all phishing-related stories for the week.
Hackers Leak San Francisco Transit Police’s Sensitive Files
Cybercriminals allegedly posted numerous sensitive files online after targeting the San Francisco BART (Bay Area Rapid Transit System) Police Department. NBC News states that the leaked information included 120,000 files, mainly containing allegations of child abuse.
It includes names and birthdates of victims and adult descriptions, including alleged abuse information. The leak also contains the contractors’ names and driver’s license numbers who worked on BART projects and hiring documents for the prospective officers. Furthermore, the leak contains police reports investigating suspects for various crimes.
While the attack did not disrupt the transit system’s services, it raises questions regarding data privacy and security, SafeBreach CISO Avishai Avivi says. “Unfortunately, public sector enterprises remain at a higher data breach risk. They face challenges when attracting cybersecurity talent and coupled with constrained budgets, and it results in a lagging cybersecurity program.”
Ed Alvarez, BART police chief, issued a public statement that says, “We are investigating the data breach and examining the posted data. To be clear, the incident did not impact any BART services or internal business systems. As for other government agencies, we are undertaking necessary precautions to respond.”
Hacker Claiming to Offer Access to Telegram’s Internal Servers For $20,000
SafetyDetectives recently reported that a dark web marketplace’s user claims to offer access to Telegram’s internal servers for $20,000. The seller, claiming permanent access, says that Telegram’s staff members are providing him access. “The SafetyDetectives research says that it is impossible to access the market through the surface web (or clear web).” reports the GBHacker website.
The seller allegedly mentions that he does not offer stolen channels or accounts and only provides remote access. The seller started the access offer with an ad on the dark web on November 16, 2022. Additionally, he is also offering an archive containing six months of correspondence.
The Guardian Confirms Threat Actors Accessed Staff Data in December Ransomware Attack
The Guardian recently confirmed that the December cyber incident it experienced was a criminal ransomware attack in which the hackers may have accessed staff data. An email detailing the cyber-attack explains that the newspaper “noticed suspicious activity on our internal networks on Tuesday, December 20, compelling us to close our offices and announce the disruption the following day.”
Subsequently, The Guardian published the details soon afterward. The newspaper asked its staff to work from home until January 23 — now postponed till early February — and contacted the data protection regulator to comply with the legal requirements around data breaches.
According to the email, the newspaper says it is “now clear that attackers planned a highly sophisticated cyber attack on us. It involved unauthorized third-party access to specific parts of our network, which we believe got triggered by a phishing attack.
” The Guardian said the attack affected many of the company’s IT network, critical systems, and “some” of its data. It described the investigation as “complex and ongoing,” and the email confirmed that hackers accessed some files containing UK staff’s personal data as part of the attack.
“Apple Tracks its iPhone Users Even if They Opt Out” – Wiretap Lawsuit
A new lawsuit that claims Apple “unlawfully recording and using customers’ personal information and activity” accuses the tech giant of tracking iPhone users’ data even when they switch off the tracking. The would-be class action lawsuit accuses the tech giant of violating Pennsylvania’s Wiretapping and Electronic Surveillance Act.
It further adds that Apple breaches Pennsylvania’s trade services and consumer protection law. It “represents that its devices enable users to apply settings that stop the defendant from tracking or collecting their private data — a feature its mobile devices do not have.”
Furthermore, the complaint accuses the iPhone maker of invasion of privacy, claiming it breached its implied contract with customers by continuing to track users who turned off these settings. Additionally, the suit alleges Apple can track user activity across apps because the data analytics share user ID numbers.
It cites a situation where the user’s private information gets shared, giving the example of the Apple Stocks app, which “shares the user’s private information like their investment activities or preferences. The device shares which stock the user is viewing or following with Apple. Furthermore, Apple collects time-stamps when the customer is viewing specific stocks and interacting with the Stocks app.”
Data Leak Exposes 10,000 French Social Security Beneficiaries’ Information
Over 10,000 beneficiaries of a local branch of CAF, the French social security agency, or Family Allowance Fund, got their data exposed for 18 months after the CAF sent a file containing personal information to a service provider. The mistake, discovered by Radio France’s news and investigation service, France Info, can hit the CAF hard before the year-end holidays.
The investigation found that the CAF in Gironde (Nouvelle-Aquitaine) mistakenly shared a file containing personal and sensitive information of over 10,204 beneficiaries with a service provider tasked with training its statisticians.
The provider denied that the CAF asked it to work with real information, and apparently, the Gironde CAF did not specify the data included information on current benefit recipients. According to the France Info inquiry, “For the file’s transmission, beneficiary first names, surnames, and postal codes got removed, but a lot of other information remained like: address (number and street name), household composition and income, date of birth, amounts, and types of received benefits (disabled adult allowance, etc.).”
Hackers Target the Websites of the Danish Central Bank and Other Banks
Threat actors recently disrupted access to Denmark’s central bank and seven private banks’ websites, said the central bank and an IT firm involved with the industry. The hackers reportedly planned distributed denials of service (DDoS), an attack method that directs traffic toward the servers to knock them offline. They targeted the Central bank’s website and a firm developing IT solutions for the Finance industry, Bankdata.
A Central Bank spokesperson said its website worked normally on Tuesday afternoon, and the cyber-attack did not impact its other systems or day-to-day operations. A Bankdata spokesperson said it briefly restricted access to the websites of seven private banks on Tuesday after the DDoS attack. The banks include two of Denmark’s most prominent, Sydbank (SYDB.CO) and Jyske Bank (JYSK.CO).
People Trying to Get ChatGPT to Write Malware
The ChatGPT AI chatbot is creating excitement among technology enthusiasts, and it seems some are enlisting it in attempts to help generate malicious code. ChatGPT, an AI-driven natural language processing tool, interacts with users in a conversational, human-like way. One can use it to help with tasks like composing essays, emails, and code.
But like any other tool, wrong people can use it for nefarious purposes. Check Point phishing protection software researchers say the users of underground hacking forums are experimenting with how they can use ChatGPT to support malicious operations and help facilitate cyber-attacks.
Sergey Shykevich, threat intelligence manager at Check Point, says, “Threat actors with low technical knowledge – up to zero tech knowledge – can create malicious tools with ChatGPT. Furthermore, it can make the day-to-day operations of cyber criminals easier and more efficient – like creating various parts of the infection chain”.
Zoom Rooms Impacted By Four “High” Severity Vulnerabilities
Zoom recently addressed four “high” severity vulnerabilities affecting its video conferencing platform – Zoom Rooms. Following are the details of the bugs Zoom addressed:
- CVE-2022-36930 (CVSS Score 8.2) – Defined as Local Privilege Escalation in Zoom Rooms for Windows Installers. The vulnerability impacts Rooms for Windows installers earlier than version 5.13.0. The company’s advisory reads, “A local low-privileged user can exploit the vulnerability in an attack chain for escalating their privileges to the SYSTEM user.”
- CVE-2022-36929 – (CVSS Score 7.8) impacts Windows Clients and is defined as Local Privilege Escalation in Zoom Rooms. The flaw impacts Zoom Rooms for Windows clients earlier than version 5.12.7. A local low-privileged user can exploit the vulnerability in an attack chain to escalate privileges to root.
- CVE-2022-36926 – CVE-2022-36927 – (CVSS Score 8.8) – Defined as Local Privilege Escalation in Zoom Rooms Impacting macOS Clients. The flaw impacts Rooms for macOS clients earlier than version 5.11.3. A local low-privileged user can exploit the issue to escalate their privileges to root. Furthermore, the communications technology firm addressed two “Medium” severity bugs:
- CVE-2022-36928 – (CVSS Score 6.1) – Android Clients – Path Traversal in Zoom.
- CVE-2022-36925 – (CVSS Score 4.4) – macOS Clients – Insecure key generation Zoom Rooms.