Cybersecurity is a dynamic field of information and digital technology world and witnesses important events every single day of the year. These might either be the actions of hackers that are in the news or the anti-phishing or information security control measures adopted by the organizations trying to protect their information assets from those adversaries.
To bring you up to speed, here are some of the most relevant cybersecurity-related news updates of this week:
1. Forescout Technologies, the torchbearer in device visibility and control, launches its SilentDefence4.0
Estimates indicate that this year shall witness a growth in connected devices by 900 million, of which 85% shall be IoT and OT devices. A device explosion of this sort expands the visibility gap between cybersecurity stakeholders and their network. However, cybersecurity stakeholders (CISOs and SOC managers) cannot consistently manage the resources required to audit their ever-growing network and cyber security infrastructure.
What does SilentDefence4.0 do?
With SilentDefence4.0, Forescout Technologies will provide Organizations with faster mitigation of threats and lower their risk profiles, thus enabling them to bridge the visibility gap.
2. The UK to invest 22 million pounds for new army cyber operations centers
The United Kingdom is all set to invest 22 million pounds in opening new Cyber Operation Centers. The proposed cybersecurity centers shall keep the British Army updated 24/7 about cyber threats and shall provide the British military and its allies information about oncoming threats.
The proposal envisions combining artificial intelligence with military analysts, which shall enhance their knowledge on threats and aid in exploiting opportunities to get the truth out quickly from adversaries. It is expected that the construction work for these facilities shall begin next year and operations are to commence in the early 2020s.
3. Employee Data Compromised In The Shubert Organization
Shubert Organization, the owner of 17 Broadway theatres as well as one of the popular ticketing service Telecharge, has reported some suspicious activities in the email accounts of the employees in February.
What came out in the investigation?
In the investigation, it was found that some adversaries got access to the e-mail accounts of several employees and stole the employee details relating to their names and numbers of the credit cards, along with the expiry dates.
4. Perceptics Suffers A Data Breach
The famous license plate recognition technology provider, Perceptics, has suffered a break in its network by cyber-criminals, which resulted in the compromise of some sensitive data. The stolen data was made accessible for free on the dark web.
What data was stolen?
The stolen data includes:
- Details regarding border security data acquisition.
- Information related to commercial vehicle inspection.
- Some information regarding electronic toll collection as well as road monitoring.
5. Snapchat denies allegations that employees have been spying users’ data
A news report by Motherboard alleges the social media platform Snapchat on having been involved in spying on the private details of users such as their location, saved snaps, phone numbers, e-mail addresses, etc. by some of its employees.
What does Snapchat say?
Although the existence of an internal tool called SnapLion was unrevealed hitherto, the authorities at Snapchat denied all allegations. They said that their employees remained too busy in their work to think about intruding into the private details of users.
6. Client’s Data Of Redtail Technology Exposed Publicly
Redtail Technology recently discovered that its logging systems have accidentally gained control on some of the sensitive user information and saved it in a file, which could be accessed publicly. As soon as the organization discovered this incident, the access to the publicly available file was restricted.
The information which was exposed was relating to:
- Names of the clients.
- Client’s Addresses.
- Birth Dates.
- Social Security Numbers.
7. Fake missed call alerts for Android users: a new social engineering
Off late, the Notifications and Push APIs, and Google Chrome on Android devices are being misused by scammers to push spam alerts that are customized to look like a missed phone call.
How does the scam work?
To disguise their origin, the scammers changed the browser icon to display “missed call” as if it were a missed call notification. The message says that the user has won an iPhone XS. They send lucratively framed alluring messages that manage to claim a few victims.
However, this message only appears if the victim accepts notifications from the spam domain, implying that trustworthy sites can be used for this type of phishing campaign.
8. A Flaw In Security Results in Exposure of Millions of Mortgage Documents
There was a flaw in the security systems of First American Financial Corporation, a reputed title insurance provider, as reported by a cybersecurity writer named Brian Krebs.
The Organization announced that the security failure, which caused the exposure of around 885 million records relating to mortgage deals of the past 16 years, has been fixed. Because of this exposure, anyone could have accessed the client’s details such as the social security numbers, details of bank accounts, information of driver’s license, mortgage, as well as tax records.
9. Google Safe Browsing mobile users vulnerable to malware
Equipped with the most secure network that promises to protect users from outside threats, Google was recently found to have a fatal flaw in its Google Safe Browsing that has been safeguarding the interest of its visitors for over a decade now.
According to research, Google failed to check the browser’s iOS and Android variants for Safe Browsing compatibility, which was ineffective for mobile browsers.
What does this mean?
This means that the users were exposed to malicious sites as the Google Safe Browsing was broken under the mobile browser variants. However, 2019 saw new versions of mobile Firefox, Safari, and Chrome/Chromium with a Google Safe Browsing system that works. Necessary adjustments were made by browser vendors on the implementation of the safe browsing system within their products on the mobile platform.
10. Graphic Design Service Provider, Canva, Suffers A Break By Hackers
A tip was given to ZDNet by the hacker named GnosticPlayers, according to which, this hacker has breached into the security system of Canva and has stolen the sensitive details of about 189 million users.
The hacker has hacked, until now, into the servers of around 44 companies compromising about 932 million user data since February. The stolen user data is sold on the dark network.
11. Ransomware Virus Puts City Of Laredo On Its Feet
The whole of the working of the City of Laredo was hampered by a ransomware virus which encoded the document management system which was operated by the City Secretary’s office. All the PCs of the employees were shut down to deal with the virus infection. The first ones to be targeted by the virus were the departments of essential public services, i.e., fire, police, utilities, and healthcare. As confirmed by Rosario Cabello, Co-Interim City Manager, there was no exposure or compromise of any personal or employee information under this attack.
12. Researcher “Sandbox Escaper” conducts Windows 10 zero-day exploit
A researcher by the name of “Sandbox Escaper” who releases Windows zero-days online (without notifying Microsoft of the same) recently released a demo exploit code on GitHub for Windows 10 zero-day vulnerability.
What is the discovered flaw?
Sandbox Escaper demonstrated the zero-day exploit on the GitHub page. The flaw residing in (Windows Task Scheduler process) includes a bug that allows attackers to take control of the vulnerable Windows 10 computers without the slightest knowledge of the user. Microsoft is yet to fix the bug pointed out by Sandbox Escaper. Users can expect the fix by June 11, 2019.
13. Security Definition Failure in Amadeus’s Database Puts 15 Million Passenger Information At Stake
A failure in the security definition of Amadeus’s database was reported. Amadeus, a renowned Israeli booking service, suffered vulnerability in the configuration of one of its database which exposed a lot of passenger information which includes:
- 36 million flight booking info.
- 15 million passenger info.
- Information on more than one million hotel bookings.
- Details of 700,000 applications of visa.
- The vital information about travel plans of Israeli diplomats, including the travel plans of the Prime Minister, Benjamin Netanyahu.
14. Life at a halt in Baltimore as the city gets attacked by ransomware
The U.S city of Baltimore was attacked by relatively new ransomware called RobbinHood on 7th May 2019. Life in the city is majorly disrupted till date as 10,000 city government computers lay frozen and about 200-300 closings remain delayed. Other distresses include severe impacts on several essential services, such as health alerts, water bills, real estate sales, etc.
What’s next?
Adversaries have demanded an enormous amount of ransom for freeing all systems in the city. However, the government hasn’t given in to their demands as yet — the F.B.I. Has been notified and all systems have been taken offline to prevent the ransomware from spreading any further.
15. Australia’s Tech Giant “Canva” Undergoes Data Breach
A hacker called GnosticPlayers on May 24th, 2019 attacked the system of Sydney-based start-up Canva and data belonging to about 139 million users was breached. The hacker is proficient in his field and has put up the data of 932 million users for sale on the dark web since February. This data was stolen from 44 companies across the globe.
What are the losses?
The breached data comprised customers’ real names and user names, e-mail addresses, city and country information, etc. The silver lining here is that Canva customers shall not face significant consequences in the long run since it’s not Canva’s fault that the hacker targeted it.
16. A Breach Of Data Has Been Notified To The Patients by Medford
A notification was sent to the patients by Medford, Oregon-based healthcare firm, in which it is said that there was a breach of data last year. According to the firm, hackers accessed the employee e-mail accounts for about two months, i.e. from 18th of December, 2018 to 28th of February 2019. Read more here.
As a result of the investigation, it was found that the potential data which could have accessed by the hackers was relating to
- Name of the patients.
- Social Security Number.
- Driver’s License Number.
- Health Insurance Number.
- Birth Dates.
- Numbers of Financial Accounts.
- Information relating to Payment Cards.
17. Australian Company’s Unprotected Elasticsearch Database exposed 212,220 User Records
AmazingCO, an Australian Company, which is known for its services relating to hosting children’s party, date nights as well as social experiences, has exposed 212,220 user data due to a vulnerable elasticsearch database.
This incident was reported by a security researcher named Jeremiah Fowler, according to whom most of the data was relating to children’s entertainment as well as wine tours. The data which was exposed also includes username details, e-mail addresses, contact details, private notes, and other related information.
18. Years Old CI matter Comes In Light Due To Exposure Of Company’s Information By CI Build Logs
The primary purpose for which CI services are used is that these services help in finding out bugs in the coding process at the initial point only. Logs are being kept by these services, which contain the data about the company’s projects. The CI logs even contain the records of interactions with several remote servers along with API’s, various passwords, SSH keys, as well as API tokens. One of the renowned names in CI Services is Travis CI. This name came into light a few years back due to exposure of its log information relating to API keys, GitHub access tokens, and other related company secrets.
Now, years later, the researchers have again discovered that there are chances that the build logs can still contain the company’s secret information.
19. Flipboard’s Data Breached For Nine Months
Flipboard, a news aggregator site, has revealed that there was a breach of user data by an unauthorized person for over nine months, i.e., between 2nd of June 2018 and 23rd of March 2018 and 21-22 days of April 2019.
The database which was attacked contained the information of users relating to:
- Names of Users.
- Usernames of Flipboard.
- Passwords which were protected cryptographically.
- E-mail Addresses.
The good news is that the passwords were protected using the salted hashing, which is very difficult to crack.
20. Vulnerabilities in British Government Public Sector Organizations revealed
In a recent Freedom of Information (FOI) request, a company named SolarWinds announced its result which showed that the number of cyber-attacks in the public sector rose in the UK in 2018 with 18% of all public areas experiencing either a ransomware or a phishing attack.
Main points of the report
- Since only 73% of all public sectors have a reliable log management system in place, they lack the potential to perform a post-audit process when a cyber-attack is successfully launched on them.
- About 9% of all organizations lack the amenities and resources to train their employees on cybersecurity and countermeasures for cyber threats.
As many as 15% of the organizations have taken a backseat in securing their systems with anti phishing solution or anti-malware measures.