The world transforms overnight, tables turn in a minute. Everything is always on the verge of taking a new form. Likewise, there are many developments taking place, daily, in the world of cybersecurity. As responsible adults, it is imperative that we keep ourselves updated on the happenings around the world, notably those about cybersecurity. Being aware helps us to be better prepared to tackle any threat in the cyberspace. So here is a list of all significant news updates from the past week:
Renowned organizational service provider Evernote was recently found a severe defect in its Chrome extension that leaves the floor open for hackers to attack, and steal sensitive information from any website accessed by a user. With a user base of over 4,610,000 users at the time when cybersecurity researchers identified the flaw, the vulnerability in Evernote’s Chrome extension could give hackers access to user data from accounts on other third-party websites which includes authentication, financials, private conversations on social media, personal e-mails, and more such vital and, sensitive information.
What is the present situation?
However, upon receiving the report about this loophole from the Guardio team, Evernote authorities took the matter very seriously and immediately released an updated, patched version of its Evernote Web Clipper extension for Chrome users.
The matter stands resolved at the moment, and users are safe to use their Chrome extension by merely ensuring that they are using the patched version of Evernote’s Web Clipper Chrome extension. This can be done by visiting the Evernote Chrome extension page and checking if the version installed by the user is 7.11.1 or higher.
Telegram the messaging app, which is known for its acclaimed security, was recently a victim of a Distributed Denial of Service attack, abbreviated as DDoS, which mostly targeted users in the United States, Hong Kong, and in some other countries. The losses caused by this attack mainly include connection issues for the users. A typical DDoS attack consists of an infinite amount of traffic from networks of bots, to an extent where the actual users of the online services get frozen out.
It is claimed by the founder of Telegram – Pavel Durov that the Chinese government is responsible for the DDoS attack on Telegram. Durov further added that the attack came from IP addresses located mainly in China. Coincidently, the attack happened when protests were going on in Hong Kong. As the protestors were using Telegram to evade detection, Durov believed that the Chinese government might have done it to disrupt the ongoing protests in Hong Kong.
The continually evolving techniques of the spammers and attackers find a new means of getting private data breached in the way of Google Calendar notification e-mails. Kaspersky – a threat intelligence and cybersecurity firm found that Gmail users received many unwanted pop-up calendar notifications from cybercriminals, which is but a part of a sophisticated phishing attack. The automatic addition and notification of calendar invitations, a feature that exists for the convenience of Gmail users, gets misused by these attackers who send calendar phishing e-mails.
How does the scam work?
This new calendar phishing scheme sends an irrelevant, yet convincing calendar invitation to the Gmail user, which carries a link to a phishing URL leading to a fraudulent website. This website appears as a genuine one and features a questionnaire, that bait users with a prize if they successfully fill in all the answers asked in the survey. Personal details such as name, phone number, residential address, and bank details are asked which are later used by the cybercriminals to rob victims of their money and identity. Presently, the prime target of these calendar phishing e-mails are the employees at financial services firms in the United States and the United Kingdom.
Online invitation company Evite has been exposed to the heroes of the dark world for exploitation since February 22, 2019. Though the data that has been compromised doesn’t belong to users from 2013 and onwards, a considerable amount of sensitive data has been compromised because of the company’s carelessness in making data retention policies inclusive of investigation and removal of older backups, which are no longer required.
The adversaries gained access to one the inactive data storage file associated with Evite’s user accounts and stole data belonging to as many as ten million Evite users. The security breach was reported in April 2019 when the attacker put up details of the customers of 6 companies for sale on the dark web. Evite being one of these six companies, sprang into action immediately, informing the authorities and bringing in an external forensics team to analyze and address the issue.
What are the losses?
As a result of this data breach, names, usernames, e-mail addresses, passwords, dates of birth, phone numbers, and mailing addresses of about ten million users before 2013, have been lost. However, the silver lining is that no financial data and Social Security Numbers were lost in this breach.
The company advised all those who have been a victim of this data breach, to change their password and other shared credentials and review their accounts for any suspicious activity. Users need to be on guard and watch out for irrelevant communications that pop up out randomly and ask for personal data.
Three renowned Universities of the United States recently revealed that they had been victims of data breach incidents, that exposed information as sensitive as social security numbers of students and some of the faculty members. These universities are – Graceland University, Oregon State University, and Missouri Southern State University. They are unable to trace the identity of the attackers but are taking measures at their levels, to minimize the repercussions.
The missing data includes the full name of students, their social security number, date of birth, address, telephone number, e-mail address, parents/children, salary information, and financial aid information for enrollment. Notifications of the same have been extended to the affected students and staff.
What has been done?
- Oregon State University: The University announced that attackers have probably accessed 636 student records and their family details. While the investigations in this regard continue, the university has extended free of cost credit monitoring services, for a period 12 months to the affected students.
- Graceland University: The University got to know about this data breach by attackers where the hackers gained access to the e-mail accounts of current employees, including the contents and attachments related to these accounts. According to them, the individual accounts were hacked on March 29, 2019, and from April 1-30 and April 12-May 1, 2019, respectively.
- Missouri Southern State University (MSSU): Upon discovering the data breach, the University immediately sought the help of the Office of the Vermont Attorney General. The attack on their university is speculated to have launched on January 9, 2019, through a phishing e-mail.
A week after it experienced a ransomware attack, aircraft parts, and aviation equipment maker ASCO announced that the news of a large-scale ransomware attack on the company was indeed accurate. Consequently, production activities in Belgium, Canada, the United States, and Germany have been stopped immediately.
It is speculated that the attack took place through a US-based Company Spirit Aero Systems which was approved by the European Commission to acquire ASCO, two months ago.
What are the losses?
ASCO became a victim of a massive ransomware attack, that has severely damaged all its systems and communication mediums. The company has invited external forensic experts who are working to restore its operations in a phased manner. ASCO aspires to bring its systems back online in the coming days if all goes well.
Though ASCO is unsure whether any data has been misused as yet, it is very serious about the issue and has adopted a very cautious approach to deal with it.
The American healthcare billing vendor American Medical Collection Agency (AMCA) experienced a prolonged data breach that went unnoticed for a long period of eight months. Upon being questioned, they admitted that the data breach began from August 1, 2018, and continued till to March 30, 2019, before it was finally discovered. The ones who had their data stolen include Americans who paid using AMCA’s billing portal, for laboratory work at various blood testing and clinical labs across the US.
The laboratories associated with AMCA include:
- Quest Diagnostics with 11.9 million patients
- LabCorp with 7.7 million patients
- BioReference Laboratories with 422,600 patients
- Carecentrix with 500,000 patients
- Sunrise Laboratories whose patient details have been kept confidential
The patients and people whose personal details (name, home address, phone number, date of birth, Social Security number, payment card details, and bank account information) are at stake, number way more than 20 million – a figure initially claimed by AMCA. Not only did AMCA’s negligence lead to an 8-month long data breach, but it also continues another blunder, together with its five laboratories – that of not informing the affected users of the data breach. Serious legal actions against AMCA have been initiated, and there is a dark and uncertain future that awaits them.
The ‘Shot on OnePlus’ app that enables users to upload their photos from the phone or a website and set these photos as their wallpaper, is affected by a severe vulnerability, ever since its launch. This flaw in OnePlus device’s wallpaper application leads to a leak, loss, and misuse of the e-mail address and other information of hundreds of its users. The flaw exists in the Application Programming Interface (API) which is used by OnePlus for hosting photos in the device. The company claims to have successfully resolved the issue.
What are the losses?
- This security flaw in OnePlus exposes the photo details (including photo code, author, e-mail addresses, focal-length, photo topic, uploaded location, and the uploaded time)
- In addition to leaking e-mail addresses of users, the app also leaks alphanumeric codes called “gids” that OnePlus uses to identify individual users. The purpose of these codes is to find out whether a user is from China (CN) or any other country (EN) and also includes a unique numerical ID. This ID is used by OnePlus’s API to find photos uploaded by a particular user and delete them if required. Sadly, this same ID could be used by attackers to get information about a user (name, e-mail, country), for malicious reasons.
Though the issue stands resolved as claimed by the company, personal details of all those users, who have been using Shot on OnePlus for several years, still stand at the risk of being abused by adversaries.
To ensure the safety of its users from the malicious attacks of adversaries, Google Chrome launched two new security features on June 18, 2019 (Tuesday). These features shall warn the user about website addresses with suspiciously substituted characters and shall allow users to report suspicious websites so that other users can be saved from these fraudulent websites. This augmentation in Google Safe Browsing aims to stop users from opening fake websites and is incorporated into Chrome, Android, Gmail, and other services.
Google Chrome is a widely used browser, and therefore, these minor changes go a long way in ensuring the overall security of its users. As many as 4 billion devices received anti threat protection with Google Safe Browsing as of 2019. The two newly introduced features are:
Character Substitution Detector: With this feature, the problem of getting fooled because of expanded character sets, gets solved as it allows the user to compare the exact text in a website link with the text of similar websites visited in the past. This feature shall be incorporated in the newly released version 75 of Google’s browser.
Suspicious Site Reporter: This feature allows the provision of reporting sites, that a user feels are dangerous to Google. This will function similar to the feature of reporting spam in Gmail, where the user input doesn’t immediately reflect any change, but becomes a part of the useful crowdsourced data eventually, which helps Google in keeping its users safe.
As reported by security researchers at IBM, renowned router company TP-Link has serious vulnerabilities in its Wi-Fi extenders that place users in dangerous circumstances of being attacked by hackers, if they extend their Wi-Fi range. This flaw allows a potential attacker to get control of the extender, which can then be used to redirect the victim’s traffic and lead them to malware infused pages.
How does it work?
The affected extenders include the RE365, the RE650, the RE350, and RE500. The attacker doesn’t necessarily have to be within the extender’s Wi-Fi range, and a simple malicious HTTP request is all that needs to be sent to the Wi-Fi extender, to allow attackers to execute commands from the offer. The only requirement for this is the knowledge of the extender’s IP address, and there are thousands of exposed devices on IoT search engines like Shodan, that attackers can use for the same.