Cyber Security News January 2019

This posting is here to collect cyber security news in January 2019.

I post links to security vulnerability news to comments of this article.

If you are interested in cyber security trends, read my Cyber security trends 2019 posting.

You are also free to post related links.

 

412 Comments

  1. Tomi Engdahl says:

    Hackers Threaten to Dump Insurance Files Related to 9/11 Attacks
    https://motherboard.vice.com/en_us/article/yw79k5/hacker-group-threatens-dump-911-insurance-files-dark-overlord?utm_source=mbfb

    The Dark Overlord appears to be trying to capitalize on conspiracy theories about the September 11 attacks.

    The news is the latest public extortion attempt from the group known as The Dark Overlord, which has previously targeted a production studio working for Netflix, as well as a host of medical centres and private businesses across the United States.

    In its announcement published on Pastebin

    A spokesperson for the Hiscox Group confirmed to Motherboard that the hackers had breached a law firm

    Reply
  2. Tomi Engdahl says:

    Hackers are spreading Islamic State propaganda by hijacking dormant Twitter accounts
    https://techcrunch.com/2019/01/02/hackers-islamic-state-propaganda-twitter/?sr_share=facebook&utm_source=tcfbpage

    Hackers are using a decade-old flaw to target and hijack dormant Twitter accounts to spread terrorist propaganda, TechCrunch has learned.

    Many of the affected Twitter accounts appeared to be hijacked in recent days or weeks — some longer

    The recent resurgence in hijacked accounts appears to be hackers exploiting Twitter’s legacy lack of email confirmation.

    Reply
  3. Tomi Engdahl says:

    Popular Weather App Collects Too Much User Data, Security Experts Say
    China-based app asked for more data than the usual location request, including email addresses
    https://www.wsj.com/articles/popular-weather-app-collects-too-much-user-data-security-experts-say-11546428914

    A popular weather app built by a Chinese tech conglomerate has been collecting an unusual amount of data from smartphones around the world and attempting to subscribe some users to paid services without permission, according to a London-based security firm’s research.

    Reply
  4. Tomi Engdahl says:

    Chrome in Android Leaks Device Fingerprinting Info
    https://threatpost.com/chrome-in-android-leaks-device-fingerprinting-info/140480/

    Attackers could craft a campaign that makes use of the device profile in order to exploit any vulnerabilities in a targeted fashion.

    Google has issued a partial fix for an Android issue dating back to 2015 – after originally rejecting the bug report on the grounds of the mobile OS “working as intended.”

    The issue – which still doesn’t have a CVE designation despite being partially addressed as a problem – has to do with how Android uses Google’s Chrome browser. Chrome is the default browser for Android devices, and it also enables the WebView and Custom Tabs APIs, which let applications render web content within the apps themselves without opening a separate browser window. According to Nightwatch Cybersecurity, Chrome and applications that use the associated APIs leak information about the hardware model, firmware version and security patch level of the device on which they are running.

    Reply
  5. Tomi Engdahl says:

    Dark Overlord rings in New Year with threat to release 9/11-related docs pilfered from law firm
    https://www.scmagazine.com/home/security-news/cybercrime/dark-overlord-rings-in-new-year-with-threat-to-release-9-11-related-docs-pilfered-from-law-firm/

    Saying it was “welcoming 2019 with open arms and a big announcement,” the Dark Overlord hacker group Monday threatened via a Pastebin post to release files it said were nicked from a law firm – believed to have advised insurer Hiscox Syndicares Ltd. – that handled September 11-related cases.

    https://pastebin.com/4F5R8QyQ

    Reply
  6. Tomi Engdahl says:

    Microsoft Adds New Microsoft 365 Security and Compliance Bundles
    https://www.bleepingcomputer.com/news/microsoft/microsoft-adds-new-microsoft-365-security-and-compliance-bundles/

    Microsoft announced the addition of two new compliance and security offerings beginning February 1, 2019, as a response to the new requirements added by information protection regulations such as EU’s General Data Protection Regulation (GDPR) and today’s increasing cybersecurity attack threat.

    The new security and compliance packages are designed to provide business customers who aren’t ready for a Microsoft 365 E5 bundle to be able to get some of the benefits it comes with.

    the new Microsoft 365 Identity & Threat Protection package bundles together multiple advanced threat protection services, ranging from Microsoft Threat Protection (Windows Defender ATP, Azure Advanced Threat Protection (ATP), and Office 365 ATP incorporating Threat Intelligence), to Microsoft Cloud App Security and Azure Active Directory.

    Reply
  7. Tomi Engdahl says:

    Cloud Hosting Provider DataResolution.net Battling Christmas Eve Ransomware Attack
    https://krebsonsecurity.com/2019/01/cloud-hosting-provider-dataresolution-net-battling-christmas-eve-ransomware-attack/

    Cloud hosting provider Dataresolution.net is struggling to bring its systems back online after suffering a ransomware infestation on Christmas Eve, KrebsOnSecurity has learned. The company says its systems were hit by the Ryuk ransomware, the same malware strain that crippled printing and delivery operations for multiple major U.S. newspapers over the weekend.

    San Juan Capistrano, Calif. based Data Resolution LLC serves some 30,000 businesses worldwide, offering software hosting, business continuity systems, cloud computing and data center services.

    The intrusion gave the attackers control of Data Resolution’s data center domain, briefly locking the company out of its own systems.

    Reply
  8. Tomi Engdahl says:

    Vulnerability in Chrome for Android Patched Three Years After Disclosure
    https://www.securityweek.com/vulnerability-chrome-android-patched-three-years-after-disclosure

    A vulnerabilitiy recently patched by Google in Chrome for Android was an information disclosure bug that was originally reported in 2015, but not patched until the release of Chrome 70 in October 2018, security researchers say.

    Reply
  9. Tomi Engdahl says:

    Security Concerns Prompt Closing of Dividend Applications
    https://www.securityweek.com/security-concerns-prompt-closing-online-pfd-applications

    Alaska revenue officials shut down online applications for annual oil wealth checks after personal information of other users popped up on applicants’ computer screens.

    The private information from other applicants included names, addresses and Social Security numbers.

    Reply
  10. Tomi Engdahl says:

    Inside PolySwarm’s Decentralized Threat Intelligence Marketplace
    https://www.securityweek.com/inside-polyswarms-decentralized-threat-intelligence-marketplace

    New Threat Detection Marketplace Connects AV Companies and Enterprises to Improve Protection Coverage Against New Threats

    Stable version 1.0 of PolySwarm has been reached, and will be announced within the next couple of weeks. It is a new approach to suspect file threat intelligence sharing, using collective wisdom (or swarm intelligence) and blockchain to pronounce and disseminate judgement on suspicious files. In some ways it is similar to VirusTotal, but with major differences: it adds the collective wisdom of independent malware analysts — and rewards them. It has been described as VirusTotal on steroids.

    Reply
  11. Tomi Engdahl says:

    Automated System Bypasses Google reCAPTCHA Again
    https://www.securityweek.com/automated-system-bypasses-google-recaptcha-again

    The unCaptcha automated system can once again bypass Google’s reCAPTCHA challenges, despite major updates to the security service.

    The unCaptcha system was created in April 2017 to target Google’s reCAPTCHA and similar security systems that aim at protecting websites from spam and abuse, and was able to defeat those with high accuracy.

    https://www.securityweek.com/automated-system-defeats-recaptcha-high-accuracy

    Reply
  12. Tomi Engdahl says:

    Abine Blur Password Manager exposed data of 2.4M users
    https://www.hackread.com/abine-blur-password-manager-exposed-data-of-users/?fbclid=IwAR30fLvk1a-JDw95OnbgP6SIpPFmx3FEdwIpiirLEYV0QK9l-Wul9m__WRc

    The password manager exposed the data due to a misconfigured S3 bucket.
    The Blur privacy and password management service developer Abine has issued a security notice this Monday stating that a file containing important customer data was accidentally exposed to the internet.

    Reply
  13. Tomi Engdahl says:

    Hackers Say They Will Release Confidential 9/11 Documents If Blackmail Demands Are Not Met
    https://www.iflscience.com/technology/hackers-say-they-will-release-confidential-911-documents-if-blackmail-demands-are-not-met/

    Hackers are threatening to dump a bunch of confidential documents relating to the 9/11 terror attacks if the companies involved do not pay out a hefty sum.

    Reply
  14. Tomi Engdahl says:

    Dark Overlord hackers release alleged 9/11 lawsuit documents
    https://nakedsecurity.sophos.com/2019/01/03/dark-overlord-hackers-release-alleged-9-11-lawsuit-documents/

    The group announced on Pastebin (content now removed) on New Year’s Eve that it had hacked a law firm that handled cases relating to the 11 September 2001 terrorist attacks.

    It threatened to publicly release what it claimed are gigabytes of confidential, litigation-related documents

    Come and get ’em, TDO said to terrorists and enemy states:

    If you’re a terrorist organisation such as ISIS/ISIL, Al-Qaeda, or a competing nation state of the USA such as China or Russia, you’re welcome to purchase our trove of documents.

    it had released a teaser’s worth of documents to verify its claims. It presented a tiered plan to “release each layer of damaging documents that are filled with new truths, never before seen.”

    As of yesterday afternoon, the group’s bitcoin wallet had received three payments.

    TDO published images from 16 documents that involve filings from “In re Terrorist Attacks on September 11, 2001”

    Whatever actually happened, and however TDO came upon its allegedly ill-gotten data, the hacking group claimed that some law firm paid a ransom and then went to the police…

    …but going to the police was not part of the deal, so TDO said it would release the information anyway, once its bitcoin wallet was full of cash.

    Reply
  15. Tomi Engdahl says:

    https://www.hackread.com/hackers-play-pewdiepie-ad-on-hacked-chromecasts-smart-tv/

    Reply
  16. Tomi Engdahl says:

    Chromecast Hacker Calls it Quits After Hearing FBI Is Looking Into Him
    https://www.bleepingcomputer.com/news/security/chromecast-hacker-calls-it-quits-after-hearing-fbi-is-looking-into-him/

    The hacker known as TheHackerGiraffe has been promoting PewDiePie’s YouTube channel through unwanted Internet-connected printer jobs and Chromecast hacks. In an audio Periscope recording, the hacker calls it quits after being told that the FBI may be building a case against him.

    Reply
  17. Tomi Engdahl says:

    Irish Rail Operator Gets Ransom Note on Its Website
    https://www.bleepingcomputer.com/news/security/irish-rail-operator-gets-ransom-note-on-its-website/?fbclid=IwAR3eK7c2cW371DrIx-B7yk0K1XbS_ROunKheRaJE7f6-KlEV2zDsqm7Nk-c

    The website of Luas.ie, the tram rail system operator in Dublin, Ireland, has been taken offline today after someone replaced its content with a ransom note demanding one bitcoin not to publish customer data.

    The tram operator did not offer any details about the incident

    Before the website was taken down, it showed a message from a perpetrator bothered by the operator’s lack of response to their messages informing of security problems.

    Reply
  18. Tomi Engdahl says:

    Brexit freight ferry firm appears all geared up – to deliver pizzas
    https://www.theguardian.com/politics/2019/jan/03/brexit-freight-ferry-firm-appears-all-geared-up-to-deliver-pizzas

    Terms and conditions on Seaborne website seem to be intended for food company

    First, it emerged that the “startup” company hired to operate extra ferries as part of no-deal Brexit planning had no ships.

    it turned out that terms and conditions on its website appeared to be intended for a food delivery firm

    Reply
  19. Tomi Engdahl says:

    German politicians’ personal data leaked online
    https://amp-theguardian-com.cdn.ampproject.org/v/s/amp.theguardian.com/world/2019/jan/04/german-politicians-personal-data-hacked-and-posted-online?amp_js_v=a2&amp_gsa=1&usqp=mq331AQECAFYAQ%3D%3D#referrer=https%3A%2F%2Fwww.google.com&amp_tf=Julkaisija%3A%20%251%24s&ampshare=https%3A%2F%2Fwww.theguardian.com%2Fworld%2F2019%2Fjan%2F04%2Fgerman-politicians-personal-data-hacked-and-posted-online

    Huge cache of documents published daily in December but came to light only on Thursday

    Sensitive data belonging to hundreds of German politicians and celebrities has been leaked online via a Twitter account. The huge cache of documents includes personal phone numbers and addresses, internal party documents, credit card details and private chats.

    A government spokeswoman, Martina Fietz, said the leak affected politicians of all levels including the European parliament, German parliament and regional parliaments. “The German government is taking this incident very seriously,”

    Reply
  20. Tomi Engdahl says:

    Windows into the White House? Situation Room photo stirs debate over Microsoft operating system
    https://www.geekwire.com/2019/windows-white-house-situation-room-photo-stirs-debate-microsoft-operating-system/

    Reply
  21. Tomi Engdahl says:

    Hacker leaks data on Angela Merkel and hundreds of German lawmakers
    https://techcrunch.com/2019/01/04/germany-data-breach-lawmakers-leak/?utm_source=tcfbpage&sr_share=facebook

    A hacker has targeted and released private data on German chancellor Angela Merkel and other senior German lawmakers and officials.

    The data was leaked from a Twitter account, since suspended

    Reply
  22. Tomi Engdahl says:

    HackerGiraffe out. I’m sorry.
    https://pastebin.com/pfX5p4ze

    Reply
  23. Tomi Engdahl says:

    Marriott now says 5 million unencrypted passport numbers were stolen in Starwood hotel data breach
    https://techcrunch.com/2019/01/04/marriott-five-million-passport-numbers-stolen-starwood/?utm_source=tcfbpage&sr_share=facebook

    Starwood’s data breach just got both better and worse at the same time.

    Marriott, which owns hotel chain giant Starwood, said it has revised the number of customers affected by its recently disclosed data breach from 500 million to “fewer than 383 million unique guests.” That doesn’t mean all those 383 million guests are affected

    The bad news is that the company confirmed that more than five million unencrypted passport numbers were stolen, on top of the more than 20 million encrypted passport numbers.

    8.6 million unique payment card numbers were taken, but only 354,000 cards were active and unexpired

    Marriott said in its Friday update that it has “completed the phase out” of Starwood’s reservation database and now runs guest bookings through its Marriott database, which was not affected by the breach.

    https://techcrunch.com/2018/12/03/marriott-data-breach-response-risk-phishing/

    Reply
  24. Tomi Engdahl says:

    Can’t unlock an Android phone? No problem, just take a Skype call: App allows passcode bypass
    https://www.theregister.co.uk/2019/01/03/android_skype_app_unlock/

    Neat trick for spying spouses, bad bosses, other miscreants with hands on your mobe. A fix is available

    Reply
  25. Tomi Engdahl says:

    German politicians targeted in mass data attack
    https://www.bbc.com/news/world-europe-46757009#_=_

    Hundreds of German politicians, including Chancellor Angela Merkel, have had personal details stolen and published online.

    Contacts, private chats and financial details were put out on Twitter that belong to figures from every political party except the far-right AfD.

    Data from celebrities and journalists were also leaked.

    Reply
  26. Tomi Engdahl says:

    New Apple voice phishing scam looks just like a real support call
    https://techcrunch.com/2019/01/04/new-apple-voice-phishing-scam-looks-just-like-a-real-support-call/?sr_share=facebook&utm_source=tcfbpage

    A new voice phishing scam is going after iPhone users in a clever new way: by making calls seem like they are coming directly from Apple Support.

    Reply
  27. Tomi Engdahl says:

    Wall Street Journal:
    Marriott says a total of 383M records were stolen in its hack, less than the initial estimate of 500M, but 5M+ unencrypted passport numbers were accessed — Hotel chain says fewer total customers were affected than initially feared but analysts warn data could be intelligence trove

    Marriott Says Hackers Swiped Millions of Passport Numbers
    https://www.wsj.com/articles/marriott-says-hackers-swiped-millions-of-passport-numbers-11546605000?mod=e2tw

    Hotel chain says fewer total customers were affected than initially feared but analysts warn data could be intelligence trove

    Reply
  28. Tomi Engdahl says:

    Bloomberg:
    Hackers dump private info of Angela Merkel and hundreds of other German politicians including email addresses, phone numbers, and personal chat transcripts — – Leak includes emails, chat transcripts, photos, phone numbers — Hack is ‘elaborate’ social-engineering attack, IT expert says

    Hackers Dump Data on Merkel, Politicians in Giant German Leak
    https://www.bloomberg.com/news/articles/2019-01-04/hackers-release-personal-data-of-hundreds-of-german-politicians

    Reply
  29. Tomi Engdahl says:

    PSA: File your US tax return before scammers steal your refund
    https://techcrunch.com/2019/01/05/file-your-taxes-before-scammers-do/?utm_source=tcfbpage&sr_share=facebook

    It’s tax season! You know what that means? It’s scamming season, too.

    Reply
  30. Tomi Engdahl says:

    Catalin Cimpanu / ZDNet:NEW
    NSA to open source its GHIDRA reverse engineering tool that breaks down executable files into assembly code that can then be analyzed by humans — GHIDRA is written in Java and works on Windows, Mac, and Linux. — The US National Security Agency will release a free reverse engineering tool …

    NSA to release a free reverse engineering tool
    https://www.zdnet.com/article/nsa-to-release-a-free-reverse-engineering-tool/?mid=1

    GHIDRA is written in Java and works on Windows, Mac, and Linux.

    The US National Security Agency will release a free reverse engineering tool at the upcoming RSA security conference that will be held at the start of March, in San Francisco.

    The software’s name is GHIDRA and in technical terms, is a disassembler, a piece of software that breaks down executable files into assembly code that can then be analyzed by humans.

    GHIDRA is coded in Java, has a graphical user interface (GUI), and works on Windows, Mac, and Linux.

    GHIDRA can also analyze binaries for all major operating systems, such as Windows, Mac, Linux, Android, and iOS, and a modular architecture allows users to add packages in case they need extra features.

    Some people who know and used the tool and have shared opinions on social media, such as HackerNews, Reddit, and Twitter, have compared GHIDRA with IDA, a well-known reverse engineering tool -but also very expensive, with licenses priced in the range of thousands of dollars.

    Most users say that GHIDRA is slower and buggier than IDA, but by open-sourcing it, the NSA will benefit from free maintenance from the open source community, allowing GHIDRA to quickly catch up and maybe surpass IDA.

    Reply
  31. Tomi Engdahl says:

    Cybersecurity and Insurance
    https://hackaday.com/2018/12/31/cybersecurity-and-insurance/

    Reply
  32. Tomi Engdahl says:

    NSA Releasing the GHIDRA Reverse Engineering Tool at RSAConference
    https://www.bleepingcomputer.com/news/security/nsa-releasing-the-ghidra-reverse-engineering-tool-at-rsaconference/

    At the RSAConference in March, a free reverse engineering framework called GHIDRA is being released that was developed by the U.S. National Security Agency.

    Reply
  33. Tomi Engdahl says:

    Industry Reactions to Massive Data Leak in Germany
    https://www.securityweek.com/industry-reactions-massive-data-leak-germany

    German IT Security Agency Defends Response in Hacking Case
    https://www.securityweek.com/german-it-security-agency-defends-response-hacking-case

    Germany’s IT security agency on Saturday defended its response to the leaking of hundreds of politicians’ private information, after lawmakers accused it of failing to inform them quickly enough.

    Politicians from several parties questioned why the Federal Office for Information Security, or BSI, didn’t alert Parliament about the suspected hacking case when it first came to light in December.

    Reply
  34. Tomi Engdahl says:

    US Gadget Love Forecast to Grow Despite Trust Issues
    https://www.securityweek.com/us-gadget-love-forecast-grow-despite-trust-issues

    The US tech industry is weathering a crisis of confidence over data protection and a difficult geopolitical situation, with record sales expected in 2019, organizers of the Consumer Electronics Show said Sunday.

    The Consumer Technology Association (CTA) predicted that US retail revenue in the sector would climb to a record high $398 billion this year.

    The forecast was unveiled ahead of the opening of the giant fair which from January 8-11 will showcase the newest tech in mobile computing, health, sports, automobiles, agriculture and more.

    “There are so many cool things happening in the consumer electronics industry right now,” said CTA vice president of market research Steve Koenig.

    Reply
  35. Tomi Engdahl says:

    Hundreds of Thousands Download Spyware from Google Play
    https://www.securityweek.com/hundreds-thousands-download-spyware-google-play

    Hundreds of thousands of users ended up with spyware on their devices after downloading seemingly legitimate applications from Google Play, Trend Micro security researchers have discovered.

    Detected as MobSTSPY, the malware, which can gather various information from the victims, isn’t new. For distribution, its operators chose to masquerade the threat as legitimate Android applications and submit them to Google Play.

    Reply
  36. Tomi Engdahl says:

    The Latest Threats to ATM Security
    https://www.securityweek.com/latest-threats-atm-security

    The past few years have seen criminals applying their creativity to stealing money from ATMs, with considerable success. Methods of attack have included:

    • Insert skimmers—physical devices placed in card slots to capture information from swiped cards.

    • Remote cyber attacks—taking control of ATM servers to dispense cash, using malware like ATMitch.

    • Direct malware attacks—using physical access to an ATM to deploy malware variants like Ploutus-D.

    2018 saw at least two new major threats to ATM security: a “jackpotting” attack that presents a unique challenge because of its speed, efficacy, and comparative lack of resources required from attackers; and “shimming”, a simple way to steal data from chip-enabled cards.

    What Should Businesses Do to Protect ATMs?

    The current state of ATM security is far from optimal, but the unique security challenges around ATMs make improvements difficult. That said, there are short- and long-term possibilities to make these types of attacks, and others, more difficult to pull off.

    Reply
  37. Tomi Engdahl says:

    Serious DoS Flaw Impacts Several Yokogawa Products
    https://www.securityweek.com/serious-dos-flaw-impacts-several-yokogawa-products

    A serious denial-of-service (DoS) vulnerability impacts several industrial automation products from Japanese electrical engineering and software company Yokogawa Electric.

    Reply
  38. Tomi Engdahl says:

    Ransomware Attack Against Hosting Provider Confirms MSPs Are Prime Targets
    https://www.securityweek.com/ransomware-attack-against-hosting-provider-confirms-msps-are-prime-targets

    Dataresolution.net, a cloud hosting provider headquartered in San Juan Capistrano, CA and with data centers in Los Angeles CA, Reston VA, London UK, Hamilton Bermuda, and Canada, was infected with ransomware on Christmas Eve, 2018. It appears that the firm declined to pay any ransom, and is reconstituting the files manually and from backups.

    According to these notices, the ransomware concerned is Ryuk; the same ransomware that disrupted the delivery of several major U.S. newspapers in the last weekend of 2018. However, this attribution comes from Data Resolution’s notice to customers: “Christmas Eve; Ryuk ransomware attach occurred — Point of Origin North Korea.”

    Reply
  39. Tomi Engdahl says:

    HR1 Bill Includes Provisions to Improve U.S. Election Security
    https://www.securityweek.com/hr1-bill-includes-provisions-improve-us-election-security

    Reply
  40. Tomi Engdahl says:

    Marriott Provides Update on Starwood Database Security Incident
    http://news.marriott.com/2019/01/marriott-provides-update-on-starwood-database-security-incident/

    Reply
  41. Tomi Engdahl says:

    Week in Review: IoT, Security, Auto
    https://semiengineering.com/week-in-review-iot-security-auto-26/

    The drone episode last month at Gatwick Airport in the United Kingdom forced the cancellation or diversion of more than 1,000 flights over three days. While local police arrested a couple suspected of being behind the drone flights, they were quickly exonerated and released. Questions remain on how airports should respond to such episodes, which are bound to happen again and more frequently.

    Newspaper printing plants in California and Florida saw production disrupted by cyberattacks late last year. The Los Angeles Times, one of the daily papers affected, said the attacks originated from outside the United States, without naming a specific point of origin.

    The Department of Homeland Security has warned managed services providers, managed security service providers and cloud services providers to be on the lookout for advanced persistent threats specifically targeting such companies.

    Will data breaches continue to occur during 2019? Most definitely, according to Robert Ackerman Jr., founder and a managing director of AllegisCyber and a founder of DataTribe. “Look for AI-driven chatbots to go rogue, a substantial increase in crimeware-as-a-service, acceleration of the weaponization of data, a resurgence in ransomware and a significant increase in nation-stage cyberattacks. Also on a growth track is so-called cryptojacking — a quiet, more insidious avenue of profit that relies on invasive methods of initial access and drive-by scripts on websites to steal resources from unsuspecting victims,” he writes in this analysis.

    The Federal Communications Commission and other regulators are investigating an Internet outage that disrupted 911 service across the U.S.

    Reply
  42. Tomi Engdahl says:

    27% of Passwords From Town of Salem Breach Already Cracked
    https://www.bleepingcomputer.com/news/security/27-percent-of-passwords-from-town-of-salem-breach-already-cracked/

    Over the holiday, the popular browser-based game Town of Salem had a data breach that exposed the hashed passwords for approximately 7.6 million unique accounts. At the time of this writing, over 27% of the passwords have already been cracked.

    On December 28th 2018, leaked information lookup site DeHashed received an email that contained proof that a server for BlankMediaGames’ Town of Salem game was hacked and a copy of the game’s database.

    Reply
  43. Tomi Engdahl says:

    Malicious .tar Attachments
    https://isc.sans.edu/forums/diary/Malicious+tar+Attachments/24496/

    We were informed about a malicious email campaign that uses .iso and .tar attachments.

    We’ve covered .iso attachments before in diary entry “Malicious .iso Attachments”: the .iso contains a malicious executable and can be opened with vanilla Windows 8 and later.

    For .tar attachments, it’s a bit different. The .tar attachment also contains a malicious executable (tar is an Unix archive format), but it can not be opened with vanilla Windows. Archiving software like the popular WinZip has to be installed, for the user to be able to open the .tar attachment.

    Reply
  44. Tomi Engdahl says:

    Hacker Group The Dark Overlord Threatens to Leak 9/11 Documents
    https://www.pandasecurity.com/mediacenter/news/hacker-leak-9-11-documents/

    Reply
  45. Tomi Engdahl says:

    New Android Malware Combines Info-Stealing and Phishing Features
    https://www.bleepingcomputer.com/news/security/new-android-malware-combines-info-stealing-and-phishing-features/

    Android malware that combines info/data-stealing and phishing capabilities lurked in Google Play using the guise of legitimate-looking apps; one of them was installed at least 100,000 times.

    Camouflaged as utility apps or games, Mobstspy infected devices primarily in India, although its distribution was worldwide, affecting users in 196 countries.

    Reply
  46. Tomi Engdahl says:

    Security
    Germany hacked: Angela Merkel’s colleagues among mass data dump victims
    Politicians, journalists and other public figures targeted
    https://www.theregister.co.uk/2019/01/04/germany_mass_hack_merkel/

    Reply
  47. Tomi Engdahl says:

    Angela Merkel and hundreds of German politicians hacked
    https://www.dw.com/en/angela-merkel-and-hundreds-of-german-politicians-hacked/a-46955419

    German Chancellor Angela Merkel and other senior politicians were reportedly hit by a data hack, with some of their letters, contact details and party memos leaked on Twitter.

    Reply
  48. Tomi Engdahl says:

    Patrick Donahue / Bloomberg:
    Report: German authorities seek help from NSA after finding that hackers had released private data linked to Chancellor Merkel and hundreds of other politicians

    Germany Reportedly Seeks U.S. Assistance After Hacking Breach
    https://www.bloomberg.com/news/articles/2019-01-06/germany-seeks-u-s-assistance-after-hacking-breach-bild-reports

    German authorities sought help from the U.S. National Security Agency after discovering that hackers had released private data linked to Chancellor Angela Merkel and hundreds of other German politicians, Bild newspaper reported.

    Responding to the biggest data dump of its kind in the country, German investigators wanted the U.S. intelligence agency to lean on Twitter Inc. to shut down profiles with links to the data, Bild said, citing unidentified security officials. German authorities argued that U.S. citizens were among thousands of people exposed by the data dump.

    https://www.bild.de/politik/inland/politik-inland/geheimdienst-deutschland-kam-ohne-nsa-gegen-hacker-nicht-weiter-59382492.bild.html

    Reply
  49. Tomi Engdahl says:

    Two Critical Flaws Patched in Adobe Acrobat, Reader
    https://www.securityweek.com/two-critical-flaws-patched-adobe-acrobat-reader

    Adobe’s first round of security updates for 2019 resolve two critical vulnerabilities in the company’s Acrobat and Reader products, but administrators should not be too concerned about the flaws being exploited in the wild any time soon.

    Reply
  50. Tomi Engdahl says:

    Blur Exposes Information of 2.4 Million Users
    https://www.securityweek.com/blur-exposes-information-24-million-users

    Roughly 2.4 million Blur users had their information exposed online as a result of a misconfigured AWS S3 bucket, the application’s developer, online privacy company Abine, revealed this week.

    Blur is a popular application that provides password management, masked email, and private browsing capabilities.

    Reply

Leave a Comment

Your email address will not be published. Required fields are marked *

*

*